DE102005045118A1 - Registration procedure between participants of a communication system and participants - Google Patents

Abstract

The invention relates to a registration method between participants in a wireless communication system (10), in particular a communication system that works according to the Bluetooth standard, in which high-frequency electromagnetic key establishment signals (Xa1, Xa1, Xa2) are exchanged according to the RFID standard, which have a lower range compared to the data signals (Xd1, Xd2) of the data communication (Xd1, Xd2). The invention also relates to a corresponding participant, in particular a Bluetooth participant.

Description

The The invention relates to a registration process between participants of a wireless communication system, in particular one according to the Bluetooth standard working communication system. The invention further relates to a corresponding participant, in particular one Bluetooth users.

In the younger ones In the past, more efforts were made to improve communication between devices by radio waves over comparatively to standardize short distances. A result of these efforts is the term known as "Bluetooth" and used Default. Although in principle with any wireless working Communication systems applicable, the invention and its underlying problem with reference to the Bluetooth standard working communication systems and their participants explained, without however, to limit the invention to that effect.

Of the Bluetooth standard is a short-range wireless standard that comes with carrier frequencies from the world's unlicensed Industrial, Scientific, Medical 2.4 GHz band, short 2.4 GHz ISM band, works and on the valid radio regulations for Europe, Japan and North America based. The information relevant to the standard are available in the specification of the Bluetooth system under the Internet address "www.bluetooth.com".

One essential feature of the Bluetooth standard is the way the data transmission between its individual participants. It can operate up to eight according to the Bluetooth standard Participants in one - too referred to as pico cell - radio cell into a so-called pico network and together communicate. Every participant in a pico network can use this pico network initialize. A participant who initializes a Pico network has, controls the remaining participants of the Pico network and synchronizes their timers and is therefore also referred to as "master", while the remaining participants of the pico network who are using this master are in communicative communication, referred to as "slaves". In addition to these to eight participants of a Pico network can be a virtually any Many other participants in the pico network will be present, not communicate with the eight participants. These are in one passive, so-called park mode.

For the construction A communication connection must be a respective participant first log on to the communication system. The registration process serves the Purpose, first one allowed to establish connection and typically includes one Initialization phase and a subsequent so called link-key generation, where a key for subsequent data communication the wireless connection is generated. This logon process will in Bluetooth standard usually also referred to as "pairing". For the registration process it is necessary to ensure a clear registration, to avoid that unauthorized participants also at the Participate in data communication.

Of the conventional Registration and connection process of Bluetooth subscribers is relatively complicated. As part of a login attempt of a Bluetooth participant finds generally initially a query of a given identifier (PIN, password, etc.) instead. Only after successful inquiry of this identification becomes this Bluetooth participant considered as an entrusted device, whereupon he fully with the rest Communicate with Bluetooth subscribers of the Pico network can. The registration process depends on Essentially of the characteristics of the data communication participating Bluetooth participants.

at many Bluetooth communication systems, the registration process takes place by a specially for it provided input device, for example by a keyboard on the a respective identification is made by a user, from one opposite Bluetooth device is checked according to its validity. A corresponding method is described in US 2004/0192206 A1.

at Modern Bluetooth communication systems can use the logon process also automatically, without immediate keyboard input done.

An increasingly important requirement is the security of the filing process, to prevent unintentional subscribers from being able to log into the Pico network, aware or unconscious. For this reason, it is first checked for security in the registration process, whether this is an authorized participant. For this purpose, the Bluetooth registration method is typically constructed in two phases, the initialization phase and the phase for generating a connection key. The goal in the initialization phase is to generate an initialization key, which to some extent forms a shared secret of the two Bluetooth subscribers, which therefore only knows these subscribers. To create this initialization There are various methods that do not need to be explained here. Subsequently, the connection key, the so-called link key, is generated, which is exchanged and checked between the participants. The quality of the connection key depends essentially on the security requirements imposed on the communication system.

Depending on The security strategy involves exchanging a password between the participants of a Bluetooth communication system over a Radio link, where for the password depends from the security strategy a more or less large bit width a digital password is provided. Because the exchange of this password radio-based, there is a risk that this password bugged by an unauthorized party in a registration process and by this in turn for an unauthorized logon process is used. In this case, could be the unauthorized subscriber unwanted access to the Communication system, which should be avoided, however. In order to avoid this, there are various possibilities the security of a login procedure between Bluetooth subscribers to ensure.

One first method provides, for example, one-time passwords or Use PINs that are valid only for a single login. However, the problem here is that with a large number of participants a communication system a corresponding complexity of the award the different passwords would have to be provided which may be very expensive could be. About that In addition, this procedure is also memory-consuming and requires a high evaluation effort.

A another possibility is described in US 2003/0050009 A1. The transmitting / receiving device will be here during a logon process with a compared to a normal operation lower transmission power, reducing the transmitted signals also have a lower range. By reducing the Reach can be a higher Security guaranteed since, in this form of the registration process, the respective participants closer to each other need to be positioned which increases security overall.

In front In this background, the present invention has the object underlying the logon method in wireless communication systems and subscribers, and especially in Bluetooth based communication systems and participants continue to improve and preferably continue to simplify.

According to the invention, at least one of these tasks through a registration process with the features of claim 1 and / or by a participant with the features of claim 16 solved.

Accordingly, it is provided:
An application method between subscribers of a wireless communication system, in which for key-based authentication in the login mode between participants provided on a subsequent data communication high-frequency electromagnetic Schlüsseletablierungssignale be replaced according to the RFID standard, which have a relation to the data signals of the data communication lower range. (Claim 1)

• – mit einem Kommunikations-Modul für eine Datenkommunikation, welches zum Senden und Empfangen von Datensignalen,
• – mit einer programmgesteuerten Einrichtung, die zumindest die Steuerung der Datenkommunikation und die Auswertung der empfangenen Datensignale vornimmt,
• – mit einem RFID-Modul für einen Anmeldebetrieb, das zum Senden und Empfangen von RFID-Schlüsseletablierungssignalen, welche eine gegenüber den Datensignalen geringere Reichweite aufweisen, ausgelegt ist. (Patentanspruch 16)

A participant for a communication system,

• With a communication module for data communication, which is used to send and receive data signals,
• With a program-controlled device which performs at least the control of the data communication and the evaluation of the received data signals,
• With an RFID module for a logon operation, which is designed for the transmission and reception of RFID key establishment signals, which have a lower range compared to the data signals. (Claim 16)

Preferably is the wireless communication system as one after the Bluetooth standard working communication system or as one WLAN communication system is formed. In this case, the participant as a Bluetooth participant for a Bluetooth standard communication system trained and the communication module is as a Bluetooth module for one Data communication designed according to the Bluetooth standard. Conceivable would be natural too other wireless communication systems.

The idea on which the present invention is based is to separate the logon process from the actual (data) communication in the case of a communication method and system based on the Bluetooth standard, for example, which is also referred to as pairing there. In particular, the finding that this process, referred to below as the logon mode, is not necessarily Bluetooth-based, and so on must be performed using a corresponding Bluetooth transceiver module. The idea now is to generate high-frequency electromagnetic key establishment signals according to an RFID standard in the log-on mode, which are thus generated exclusively for the key establishment and thus for the identification of an authorized subscriber. An authorized subscriber is to be understood as one who is provided for data communication within the (Bluetooth-based) communication system.

The The present invention is characterized by comparison with known solutions a structurally very simple implementation. For this are only in the for the data communication provided, authorized participants respective Implementing RFID modules, however, very simple and in particular extraordinarily economical can be produced.

Of the particular advantage when using RFID key establishment signals for the Login process is that the RFID data communication - depending on their respective design - typically is designed for very low ranges, whereas the actual (Bluetooth) data communication In contrast, for a lot larger ranges is designed. By now logging in using the RFID standard can be done in a very simple way reducing the range and thereby a significant increase in security during the registration process will be realized. Since a subscriber first for a subsequent ßende (Bluetooth) data communication must be authenticated by another subscriber is it requires that these be placed very close together, with it at all an RFID-based key establishment can be made. Due to the small distance in the RFID key establishment compared to the actual (bluetooth) data communication results in a significantly higher privacy due to physical proximity, which is due to the RFID technology. In the case of a potential eavesdropping should a corresponding transmitting / receiving device of an unauthorized participant in the immediate vicinity the two authorized participants who are currently performing a sign-up process become, what for a user would not easily go unnoticed.

advantageous Refinements and developments of the invention will become apparent the further subclaims as well as from the description in conjunction with the drawing.

• – einen Anmeldebetrieb, bei dem zunächst eine Schlüsseletablierung der an einer Datenkommunikation teilnehmenden Teilnehmer durch Austauschen von RFID-Schlüsseletablierungssignalen durchgeführt wird,
• – einen sich daran anschließenden Normalbetrieb, bei dem nach durchgeführter und erfolgreicher Schlüsseletablierung die Datenkommunikation zum Austausch von Datensignalen zwischen den Teilnehmern nach dem für die eigentliche Datenkommunikation vorgesehenen Standard, beispielsweise nach dem Bluetooth-Standard, erfolgt.

A preferred embodiment of the method according to the invention provides at least two operating modes:

• A login operation in which a key establishment of the participants participating in a data communication is initially carried out by exchanging RFID key establishment signals,
• - An ensuing normal operation, in which, after carried out and successful Schlüsseletablierung the data communication for the exchange of data signals between the participants according to the intended for the actual data communication standard, for example, according to the Bluetooth standard occurs.

In a particularly preferred embodiment is a maximum distance between the participants for the key establishment in sign-on mode is significantly lower than for data communication in the Normal operation. Significant here means at least the factor 10 and preferably by a factor of 100 or even 1000. In particular is, for example, the maximum range of key establishment in the registration mode smaller than 1.5 meters, in particular smaller than 0.5 meters and preferably less than 10 cm. In contrast, is the maximum range of the actual data communication, like for example, the Bluetooth communication, in normal operation greater than 2 meters and in particular larger than 10 meters. This maximum range of the actual (Bluetooth) communication depends essentially from the environment, that is the range is greater, ever less items (Walls, Ceilings, etc.) are located within the transmission path.

typically, however, not necessarily, includes a key establishment in logon mode an initialization and a subsequent link-key generation. Following the key establishment in the context of the authentication mode is preferably an authentication (or evaluation) of the exchanged RFID Schlüsseletablierungssignale made.

Preferably, the evaluation, that is, the authentication of the exchanged RFID Schlüsseletablierungssignale made according to the Bluetooth standard, that is, in the RFID module is then only the pure transmission of Schlüsseletablierungssignale, but not their evaluation and authentication. This evaluation or authentication takes place, for example, in the communication or Bluetooth module provided for the data communication. The RFID module or the RFID transmission is thus used only for the pure registration (ie for the transmission of the key / Bluetooth passkey), in which case the associated with the short range of compelling closeness to the applicant Participants are exploited. In the RFID module, there is thus no evaluation of the transmitted cryptological data, that is to say that in this case no corresponding cryptographic evaluation device is provided. Additionally or alternatively, however, it would also be conceivable that the evaluation or the authentication also takes place in the RFID module.

to increase safety, it is convenient, too Start of the log-in operation first an initialization key to exchange information between the participants in the registration, on which the further key establishment based. As an initialization key in logon mode can For example, a password and / or a PIN number transferred become. For generating the initialization key is for example a key establishment protocol, in particular the Diffie Hellmann Protocol. Additionally or alternatively can also be provided that the initialization key means a random generator is generated.

In In a preferred embodiment, those involved in a registration Participants each have a shared secret, which in the registration mode exchanged between them.

alternative would of course be too conceivable and also advantageous if for the logon mode no encryption is provided. As the logon operation through a very short distance the participant participating in the registration is marked often no further security measures required, which also reduces the required for the registration Hardware and software expenses brings with it.

A very preferred embodiment provides that the registration company Part of the protocol of the data communication is.

In In a particularly preferred embodiment, the program-controlled takes Facility in addition also the control of the log-on company and / or the evaluation of the received RFID key establishment signals in front. This can be done on a dedicated evaluation, for example, within the RFID module, be dispensed with.

typically, is the program-controlled device part of the communication module or of the Bluetooth module. As a program-controlled device comes for example a microprocessor, microcontroller or also a hard-wired logic circuit, for example a FPGA or a PLD, into consideration.

In a typical, but not necessary embodiment has that Communication module or the Bluetooth module with a first Transmit / receive antenna connected first transceiver for transmitting and / or receiving data signals, an encoder for coding the data signals to be transmitted, a decoding device for decoding the received data signals, an evaluation device for Evaluating the received data signals and a memory for Store program, address and / or received data.

In a likewise typical, but not necessary embodiment The RFID module has one with a second transmit / receive antenna connected second transmitting / receiving device for transmitting and / or Receiving RFID key establishment signals, a modulator means for modulating the RFID key establishment signals to be transmitted and a demodulator for demodulating the received ones RFID key establishment signals on.

A Particularly preferred embodiment provides that the RFID module is designed as a transponder (tag). Such transponders for use as authentication are extremely cost effective in the production. additionally or alternatively, an RFID module can also be a reader (reader) have, which with a transponder of another participant for the purpose of authentication in communicative connection is. Readers are generally implemented in participants who are intended as masters, while transponders primarily implemented in participants provided as a slave are. Since a participant may as well be both master and can also act as a slave, it is also advantageous in this case, if this subscriber has both a reader and a transponder having in its RFID module.

A Particularly preferred embodiment provides a Schlüsseletablierungsgenerator preferably in the RFID module before, with the second transceiver is coupled and the one initialization key for the RFID Schlüsseletablierungssignale to be sent generated. Preferably, a random key generator is included of the key establishment generator to generate a random key intended. For the key establishment For example, a Diffie-Hellmann key establishment may be provided be.

A particularly preferred embodiment provides that a (Bluetooth) subscriber and preferably its (Bluetooth) module has a memory in which information about the received key establishment signals and thus about the Passwords, PINs and the like transmitted by another subscriber can be stored. Thus, information about an already established communication connection with respectively other authorized subscribers is stored in the memory. If these two authorized subscribers want to re-establish a communication connection to one another at a later point in time (after interrupting the corresponding communication connection), this can take place much more quickly since the corresponding information is already stored in the memory and is very simply decrypted and generated without it would have to be retrieved there.

The Invention will be described below with reference to the schematic figures The drawings specified embodiments explained in more detail. Show it attended:

1 a block diagram of a Bluetooth-based communication system with two participants to represent the inventive registration method;

2 a block diagram of a first embodiment of a Bluetooth participant according to the invention;

3 a block diagram of a second embodiment of a Bluetooth participant according to the invention;

4 a Bluetooth-based communication system with a participant acting as a master and multiple acting as a slave participants.

In all figures of the drawing are identical and functionally identical elements, Features and signals - if nothing else is indicated - with the same reference numerals have been provided.

1 shows a block diagram of a Bluetooth-based communication system, which here with reference numerals 10 is designated. The communication system 10 has two Bluetooth participants 11 . 11a on. In the present embodiment in 1 Assume that both participants 11 . 11a have a substantially same circuit structure. It is further assumed that these participants 11 . 11a for data communication within the communication system 10 are entitled.

In 1 Suppose that the participant 11 acts as master and the participant 11a acts as a slave. In a corresponding manner, the reference symbols of all elements of the slave acting as a slave additionally have an "a".

A respective Bluetooth participant 11 . 11a contains a Bluetooth module 12 . 12a , which is designed to be based on the Bluetooth standard data communication with a corresponding other participant 11 . 11a perform. This is indicated by a Bluetooth module 12 . 12a one transmitting / receiving antenna each 13 . 13a on. The structure of a Bluetooth module 12 is generally known in a variety of different embodiments and variants, so that subsequent thereto need not be discussed in more detail. For example, only in 3 the approximate structure of a Bluetooth module 12 . 12a described.

According to the invention, a respective participant 11 . 11a also an RFID module 14 . 14a on. The RFID module 14 . 14a is designed to communicate with a corresponding RFID module 14 . 14a another participant 11 . 11a build and execute. The RFID module 14 . 14a also contains a transmit / receive antenna 15 . 15a , The RFID module 14 . 14a is via a control line 16 . 16a with the respective Bluetooth module 12 . 12a connected.

At least one of the RFID modules 14 . 14a may be part of a transponder or a transponder itself. Such a transponder can be designed as an active, passive or semi-passive transponder. Active transponders have their own energy supply, while passive transponders draw their energy supply exclusively via the electromagnetic signals Xa1, Xa2 emitted by the reader. Conversely, in at least one of the RFID modules 14 . 14a a reader can be arranged.

The key establishment signals Xa1, Xa2 may be from the respective RFID modules 14 . 14a actively generated and sent out. In addition, there is also the possibility of these signals Xa1, Xa2 by backscattering the received high-frequency signals Xa1, Xa2 by utilizing the Rückstreuquerschnitts the transmitting / receiving antenna 15 . 15a to create.

The RFID modules communicating with each other in login mode 14 . 14a altogether form an RFID system.

Such RFID systems are well known. Only for the general background of RFID systems and their operation in general and their key establishment and authentication in particular is to the book by Klaus Finkenzeller, RFID manual, third updated and extended edition, Hansa-Verlag, 2002, referenced.

An RFID system always consists of two components, a transponder, which is attached to the object to be identified, and a detection or reading device, the so-called reader, which depending on the design and technology used as a mere reading or writing / Reading unit is formed. Such a reading device typically includes a high-frequency module (transmitter and receiver), a control unit and a coupling element to the transponder. In addition, many readers with an additional interface, such as a RS 232 or RS 485 interface equipped to the received data to another system, in the present embodiment to the respective Bluetooth module 12 . 12a to forward.

The transponder forms the actual data carrier of an RFID system and usually consists of a coupling element and a simple electronic microchip. Outside the response range of the reader, the transponder typically behaves completely passive, so that the response range of the transponder the maximum range of the data communication of the RFID system and thus the two RFID modules 14 . 14a certainly. Only within the response range of the reader and thus within the maximum range A1 of the transponder is activated. The maximum range A1 depends essentially on the positioning accuracy of the transponder with respect to the read / write device and the speed of the transponder in the response range of the reading device.

The RFID system consisting of the RFID modules 14 . 14a in 1 typically operates in a frequency range of about 100 KHz to about 30 MHz via inductive coupling. The Bluetooth system consisting of the Bluetooth modules 12 . 12a In contrast, it operates at a working frequency of 2.4 GHz, which is specified by the Bluetooth standard.

In the following, the application method according to the invention will be described with reference to the block diagram in FIG 1 briefly explained:
Before the two participants 11 . 11a out 1 To build a data communication for the purpose of exchanging data, one of these subscribers must first 11 . 11a , For example, acting as a slave participants 11a , in which each other acting as a master participant 11 notifier. This process will be referred to below as login or as pairing. In registration mode, the two participants 11 . 11a brought into a maximum distance A1 to each other. This maximum distance A1 denotes the maximum range for an RFID communication. Are the two participants 11 . 11a arranged at a distance which is less than the maximum distance A1, then the subscriber can 11a at the other participant 11 Sign in.

For this purpose, the RFID module sends 14a of the participant 11a Key establishment signals Xa1 to the respective RFID module 14 of the other participant 11 , The other participant 11 evaluates these key establishment signals Xa1 and in turn sends corresponding key establishment signals Xa2 to the RFID module 14a of the participant 11a back. There, these key establishment signals Xa2 are also evaluated. Gives the authentication in both RFID modules 14 . 14a in that they are each entitled participants 11 . 11a then these are participants 11 . 11a released for subsequent data communication. The respective RFID modules 14 . 14a signal this to the Bluetooth module 12 . 12a via respective control signals XS, XSa. The Bluetooth modules 12 . 12a can now have a data-communicative connection with the respective Bluetooth module 12a the participant just authenticated 11a carry out.

For this data communication, which is also referred to below as normal operation, the two participants 11 . 11a be brought to a greater distance A2. Distance A2 defines the maximum range between the two parties 11 . 11a , within which a Bluetooth data communication can still be performed reliably and successfully. Typically, this maximum range A2 is significantly greater than the maximum range A1 for RFID-based key establishment.

Both key establishment via a key establishment path 17 as well as the data communication via a data communication path 18 can be unidirectional, ie by a participant 11 . 11a only to the opposite other participant 11 . 11a , or bidirectionally, that is, each of a participant 11 . 11a to the other and back again. It is conceivable for both modes of operation and a multiplex method.

In order to increase security, a mutual authentication between reader and transponder takes place in log-on mode in that both associated subscribers 11 . 11a mutual knowledge of both participants 11 . 11a check known, so-called shared secret. Such a shared secret is typically in the form of a secret cryptographic key in the respective RFID modules 14 . 14a implemented. The evaluation of these key establishment signals Xa1, Xa2 and thus the authentication information contained in these signals Xa1, Xa2 mations can either be in the RFID module 14 . 14a itself and thus done within the reader or the transponder or in the actual Bluetooth module 12 . 12a , There are different, more or less complex key authentication protocols for authentication, which will not be described here. These are generally known in particular in connection with RFID technology, for example from the above-mentioned book by Klaus Finkenzeller, and therefore do not require any further explanation below.

2 shows a Bluetooth participant 11 as he is in a communication system 10 out 1 is usable. In 2 contains the RFID module 14 a transmitting / receiving device 20 as well as an evaluation device 21 , The transmitting / receiving device 20 is on the one hand with the transmitting / receiving antenna 15 and on the other hand with the evaluation device 21 connected. In 2 is in the reception path 22 a decoder device 24 provided for decoding the received key establishment signals Xa1 '. Furthermore, in the transmission path 23 an encoder 25 for encoding the key establishment signals Xa2 'to be sent.

In the case of a positive authentication, ie in the event that a received Schlüsseletablierungssignal Xa1 is assigned to an authorized subscriber, then generates the evaluation 21 a control signal Xs, which is sent to the Bluetooth module 12 is forwarded. This control signal Xs shows the Bluetooth module 12 that the actual data communication with the just authenticated, authorized subscriber can be started.

3 shows a second embodiment of a Bluetooth participant according to the invention 11 , In contrast to the embodiment in 2 includes the RFID module 14 here only the transmitting / receiving device 20 , This transmitting / receiving device 20 is configured to receive key-setting electromagnetic signals Xa1 and corresponding key establishment signals Xa2 via the transmitting / receiving antenna 15 send out. The control of the logon mode as well as the evaluation of the received key establishment signals Xa1 'takes place here in the actual Bluetooth module 12 ,

The Bluetooth module 12 points next to a transmitting / receiving device 30 for this purpose a program-controlled device 31 on top of that with the transceiver 30 is coupled. Furthermore, in the Bluetooth module 12 a memory 32 be provided, for example, a program memory, data storage and / or address memory, with the program-controlled device 31 connected is. The program-controlled device 31 is designed to control the actual data communication with other Bluetooth subscribers and to evaluate the key establishment signals Xa1, Xa2 exchanged in this data communication. This is indicated by the Bluetooth module 12 a coding / decoding device 33 on, between the transceiver 30 and the program-controlled device 31 is arranged. In the coding / decoding device 33 the coding of the data signals Xs2 to be transmitted or the decoding of the received data signals Xs1 takes place.

The program-controlled device 31 is here additionally designed to control the key establishment and thus the login operation. For this purpose, the transmitting / receiving device 20 via a decoder 34 with the program-controlled device 31 connected. The program-controlled device 31 is thus designed to additionally evaluate the received and decoded key establishment signals Xa1 '. The Bluetooth module 12 also includes an encoder 35 that of the program-controlled device 31 is downstream and via which of the program-controlled device 31 generated key establishment signals Xa2 'are encoded.

Instead of using a program-controlled device 31 and an encoder 35 For example, a random number generator may also be used to generate the key establishment signals Xa2 36 be provided, which is controlled by the program-controlled device 31 On the output side, random signals Xa2 'are generated, which are used to generate the key establishment signal Xa2 to be sent.

4 shows a block diagram of a preferred application of the inventive registration method in a Bluetooth-based communication system. The Bluetooth-based communication system may be provided, for example, in addition to or instead of a DECT system (DECT = Digital Enhanced Cordless Telecommunications). The Bluetooth as well as the DECT standard designate a so-called pico-cellular telephony, which can be used within buildings, within the building, a range or a cell radius of about 25-50 meters and outside of more than 100 meters can be achieved ,

The Bluetooth communication system 10 in 4 contains a base station 40 as well as three mobile telephone terminals 41 , The base station 40 acts as a master while the telephone terminals 41 act as a slave. The base station 40 thus corresponds to the participant 11 in 1 while the phone terminals 41 the participant 11a correspond. Would like an additional telephone terminal 42 participate in the data communication, then it must first by means of a registration method according to the invention, as described with reference to 1 described as the master base station 40 Sign in. For this the telephone terminal must 42 be brought within a distance A1 to this base station, so that the registration process according to the invention can take place by means of RFID technology. After successful login, in which the additional participant 42 has been authenticated as an authorized participant, can also with this participant 42 a data communication link to the base station 40 and thus to the other participants 41 being constructed.

Although the present invention above based on preferred embodiments was described, it is not limited to it, but can be modify in a variety of ways.

Thus, the invention is not necessarily for a DECT-based communication system, as in 4 limited, but can be extended to any Bluetooth-based communication systems. Also, the invention is not necessarily limited to the exact construction of Bluetooth subscribers 2 and 3 limited. Rather, it would also be conceivable that the circuit design of these subscribers, in particular with regard to their coding and / or decoding devices, program-controlled devices, transmitting / receiving devices, evaluation devices, etc., may be designed differently, if this is supported by the respective application.

Also the registration process has been described above merely by a simple Key establishment, at the key establishment signals virtually unprotected, more or less unencrypted, was exchanged between the participants. Of course, too conceivable, to increase the security of these key establishment signals additionally to encrypt. There are different encryption protocols for this well-known, however, are well known, so in the context the present patent application was not further discussed. For the Question of encryption and key establishment and thus for the question of the security of the application process applies in each case, the higher the Security desired is, the higher are the requirements for key establishment and the encoding to deliver.

Also the invention is not based on a Bluetooth-based communication system and corresponding participants limited, but lets up expand any communication systems and their subscribers, whose range of data communication is at least greater and especially significantly larger than that of RFID communication.

Claims (25)

Registration procedure between participants ( 11 . 11a ) of a wireless communication system ( 10 ), in which, for a key establishment in the log-on mode, between subscribers provided at a subsequent data communication ( 11 . 11a ) high-frequency electromagnetic key establishment signals (Xa1, Xa2) are exchanged according to the RFID standard, which have a lower range compared to the data signals (Xd1, Xd2) of the data communication (Xd1, Xd2). A method according to claim 1, characterized in that the wireless communication system as a working according to the Bluetooth standard communication system ( 10 ) or is designed as a WLAN communication system. Method according to at least one of the preceding claims, characterized in that the method comprises at least two operating modes: - a log-on mode, in which initially a key establishment of the participants participating in a data communication ( 11 . 11a ) is carried out by exchanging RFID key establishment signals (Xa1, Xa2), - a subsequent normal operation, in which, after successful and successful key establishment, the data communication for the exchange of data signals (Xd1, Xd2) between the participants ( 11 . 11a ) he follows. Method according to at least one of the preceding claims, characterized in that a maximum distance (A1, A2) between the participants ( 11 . 11a ) for the key establishment in logon mode is lower than for data communication in normal operation. Method according to at least one of the preceding Claims, characterized in that the maximum range (A1) of the key establishment in the registration mode is less than 1.5 meters, especially smaller is less than 0.5 cm, and preferably less than 10 cm, and that the maximum range (A2) of data communication in normal operation is larger than 2 meters and in particular is larger than 10 meters. Method according to at least one of the preceding claims, characterized in that a key establishment in logon mode includes initialization and subsequent link key generation. Method according to at least one of the preceding Claims, characterized in that following a Schlüsseletablierung in the context of an authentication mode an authentication the exchanged RFID key establishment signals (Xa1, Xa2) is made. Method according to claim 7, characterized in that that the authentication of the exchanged RFID key establishment signals (Xa1, Xa2) according to the Bluetooth standard he follows. Method according to at least one of the preceding claims, characterized in that, at the beginning of the log-on mode, an initialization key between the subscribers participating in the log-on ( 11 . 11a ), on which the further key establishment is based. Method according to claim 9, characterized that as an initialization key in the login mode a password and / or a PIN number transferred becomes. Method according to one of claims 9 or 10, characterized that for generating the initialization key a key establishment protocol, in particular the Diffie Hellmann protocol is used. Method according to one of claims 9 to 11, characterized in that for the key establishment a random generator ( 36 ) is used. Method according to at least one of the preceding claims, characterized in that the participants participating in an application ( 11 . 11a ) each have a common secret, which is exchanged in the registration company between them. Method according to at least one of the preceding Claims, characterized in that in the logon mode no encryption is provided. Method according to at least one of the preceding Claims, characterized in that the logon mode is part of the protocol the data communication is. Attendees ( 11 . 11a ) for a communication system ( 10 ), in particular for operating a method according to at least one of the preceding claims, - with a communication module ( 12 . 12a ) for data communication, which is used to send and receive data signals (Xd1, Xd2), - with a program-controlled device ( 31 ), which performs at least the control of the data communication and the evaluation of the received data signals (Xd1, Xd2), - with an RFID module ( 14 . 14a ) for a login operation adapted to transmit and receive RFID key establishment signals (Xa1, Xa2) having a lower range than the data signals (Xd1, Xd2). Subscriber according to claim 16, characterized in that the subscriber ( 11 . 11a ) as a Bluetooth participant ( 11 . 11a ) for a Bluetooth standard communication system ( 10 ) and that the communication module ( 12 . 12a ) as Bluetooth module ( 12 . 12a ) is designed for data communication according to the Bluetooth standard. Subscriber according to at least one of Claims 16 or 17, characterized in that the program-controlled device ( 31 ) additionally performs the control of the logon mode and / or the evaluation of the RFID key establishment signals (Xa1, Xa2). Subscriber according to at least one of Claims 16 to 18, characterized in that the program-controlled device is part of the communication module ( 12 . 12a ). Subscriber according to at least one of claims 16 to 19, characterized in that the communication module ( 12 . 12a ) one with a first transmit / receive antenna ( 13 . 13a ) first transmitting / receiving device ( 30 . 30a ) for transmitting and / or receiving data signals (Xd1, Xd2), an encoding device ( 33 ) for coding the data signals to be transmitted, a decoding device ( 33 ) for decoding the received data signals, an evaluation device ( 31 ) for evaluating the received data signals and a memory ( 32 ) for storing program, address and / or received data. Participant according to at least one of claims 16 to 20, characterized in that the RFID module ( 14 . 14a ) one with a second transmit / receive antenna ( 15 . 15a ) second transmitting / receiving device ( 20 . 20a ) for transmitting and / or receiving RFID key establishment signals (Xa1, Xa2), modulator means for modulating the RFID key establishment signals (Xa2) to be sent, and demodulator means for demodulating the received RFID key establishment signals (Xa1). Participant according to at least one of claims 16 or 21, characterized in that the RFID module ( 14 . 14a ) has a transponder and / or a read / write device. Subscriber according to at least one of Claims 16 to 22, characterized in that a key establishment generator ( 36 ) provided with the second transmitting / receiving device ( 20 . 20a ) and which generates a key for the RFID key establishment signals to be transmitted. Subscriber according to Claim 23, characterized in that a random-key generator ( 36 ) as part of the key establishment generator ( 36 ) is provided for generating a random key. Subscriber according to at least one of Claims 16 to 24, characterized in that a memory ( 32 ), in which information about the received key establishment signals (Xa1, Xa2) can be stored.