Vehicle access system and method of operation

By establishing a secure communication channel between the NFC front-end and the access controller, and using the Diffie-Hellman key exchange to share a key and periodically refresh it, the vulnerability of the NFC vehicle access system to relay attacks is solved, achieving a higher level of security protection.

CN122372947APending Publication Date: 2026-07-10NXP BV

Patent Information

Authority / Receiving Office
CN · China
Patent Type
Applications(China)
Current Assignee / Owner
NXP BV
Filing Date
2025-12-10
Publication Date
2026-07-10

AI Technical Summary

Technical Problem

Existing NFC-based vehicle access systems are vulnerable to relay attacks, where thieves can bypass the connection between the NFC node and the vehicle's network to obtain user credentials and illegally access the vehicle.

Method used

A secure communication channel is used between the NFC front end and the access controller. The secret key is shared through the Diffie-Hellman key exchange process and refreshed periodically to ensure encrypted data transmission and prevent relay attacks.

Benefits of technology

It effectively prevents relay attacks, protects the user authentication process, and ensures the security and privacy of vehicle access.

✦ Generated by Eureka AI based on patent content.

Smart Images

  • Figure CN122372947A_ABST
    Figure CN122372947A_ABST
Patent Text Reader

Abstract

According to a first aspect of this disclosure, a vehicle access system is provided, comprising: a near-field communication (NFC) front end, wherein the NFC front end includes a first secure element; an access controller operatively coupled to the NFC front end, wherein the access controller includes a second secure element configured to verify data provided by the first secure element; wherein the first secure element and the second secure element are configured to establish a secure communication channel for transmitting the data from the first secure element to the second secure element. According to other aspects of this disclosure, a corresponding method for operating the vehicle access system is contemplated, and a computer program for performing the method is provided.
Need to check novelty before this filing date? Find Prior Art

Description

Technical Field

[0001] This disclosure relates to a vehicle access system. Furthermore, this disclosure relates to a corresponding method for operating the vehicle access system, and to a computer program for performing said method. Background Technology

[0002] A vehicle access system allows a vehicle user to conveniently access the vehicle. The system may include a Near Field Communication (NFC) node integrated into parts of the vehicle (e.g., door handles). In this case, a user can bring their mobile device (e.g., a smartphone) close to the NFC node to initiate a vehicle access transaction, where user credentials are transmitted to a secure domain (i.e., a secure element) within the vehicle. Similarly, a user can bring their mobile device close to another NFC node (e.g., installed within the vehicle) to initiate a vehicle engine start transaction, where user credentials are transmitted to a secure domain within the vehicle. In these scenarios, it is important that a malicious party does not access the vehicle or start the engine. Summary of the Invention

[0003] According to a first aspect of this disclosure, a vehicle access system is provided, comprising: a near field communication (NFC) front end, wherein the NFC front end includes a first secure element; an access controller operatively coupled to the NFC front end, wherein the access controller includes a second secure element configured to verify data provided by the first secure element; wherein the first secure element and the second secure element are configured to establish a secure communication channel for transmitting the data from the first secure element to the second secure element.

[0004] In one or more embodiments, the first security element and the second security element are configured to establish the secure communication channel by encrypting and decrypting the data using one or more shared secret keys.

[0005] In one or more embodiments, the Diffie-Hellman key exchange process has been used to share the secret key.

[0006] In one or more embodiments, the shared secret key is refreshed periodically.

[0007] In one or more embodiments, the first security element and the second security element are configured to establish the secure communication channel before the vehicle access system initiates a vehicle access transaction.

[0008] In one or more embodiments, the first security element and the second security element are configured to establish the secure communication channel before the vehicle access system begins an engine start transaction.

[0009] In one or more embodiments, the data includes user credentials for accessing the vehicle or one or more functions of the vehicle.

[0010] In one or more embodiments, a vehicle includes a vehicle access system according to any of the preceding claims.

[0011] In one or more embodiments, the vehicle includes an in-vehicle network for operatively coupling the access controller to the NFC front end.

[0012] According to a second aspect of this disclosure, a method for operating a vehicle access system is envisioned, wherein the vehicle access system includes a near field communication (NFC) front end, the NFC front end including a first secure element and an access controller, the access controller including a second secure element, the method comprising: establishing a secure communication channel by the first secure element and the second secure element for transmitting data from the first secure element to the second secure element; providing the data by the first secure element to the second secure element by transmitting the data via the secure communication channel; and verifying the data provided by the first secure element by the second secure element.

[0013] In one or more embodiments, the first security element and the second security element establish the secure communication channel by encrypting and decrypting the data using one or more shared secret keys.

[0014] In one or more embodiments, the Diffie-Hellman key exchange process has been used to share the secret key.

[0015] In one or more embodiments, the shared secret key is refreshed periodically.

[0016] According to a third aspect of this disclosure, a computer program is provided, the computer program including executable instructions that, when executed by a vehicle access system of the described type, cause the vehicle access system to perform a method of the described type. Attached Figure Description

[0017] The embodiments will be described in more detail with reference to the accompanying drawings.

[0018] Figure 1 An example of a relay attack on an NFC-based vehicle access system is shown.

[0019] Figure 2 An example of an NFC node used in a vehicle is shown.

[0020] Figure 3An illustrative embodiment of a vehicle access system is shown.

[0021] Figure 4 An illustrative embodiment of a method for operating a vehicle access system is shown.

[0022] Figure 5 Another illustrative embodiment of a method for operating a vehicle access system is shown.

[0023] Figure 6 Another illustrative embodiment of a method for operating a vehicle access system is shown. Detailed Implementation

[0024] Vehicle access systems allow users to conveniently access their vehicles, but they are also vulnerable to attacks known as relay attacks. Relay attacks are attacks typically performed on classic vehicle access systems using low-frequency (LF) or ultra-high-frequency (UHF) communication technologies. To complicate such attacks, vehicle access systems based on ultra-wideband (UWB) communication can be used. However, vehicle access systems can also be deployed with near-field communication (NFC) as a backup vehicle access solution, or as a low-cost solution. For example, an NFC-enabled smart card can be used to access the vehicle instead of a key card. This type of NFC-based vehicle access system is vulnerable to relay attacks.

[0025] An NFC-enabled vehicle access system may include one or more so-called NFC nodes integrated into the vehicle in a location easily accessible to the user. For example, an NFC node may be embedded in a door handle, allowing the user to bring their NFC-enabled access device (e.g., a smart card) near the door handle to unlock the vehicle. In another example, an NFC node may be embedded in a designated part of the vehicle compartment, allowing the user to bring their NFC-enabled access device close to that designated part to start the engine. Such NFC nodes are typically connected to an in-vehicle network, such as a dedicated controller area network (CAN) or a local interconnect network (LIN). NFC-based vehicle access systems are typically protected against relay attacks on the in-vehicle network, such as the CAN bus or the Serial Peripheral Interface (SPI) connected to the NFC node. For example, an attack could be performed by completely scrambling the NFC node and using relay between the access device's secure NFC chip (e.g., a smart card) and the in-vehicle network.

[0026] Figure 1An example of a relay attack 100 against an NFC-based vehicle access system 146 is illustrated. In this example, the NFC-based vehicle access system 146 includes two NFC nodes 138 and 140, one of which is installed inside a door handle (i.e., NFC node 138) and the other is integrated into a physical unit within the vehicle that also contains a Qi charging element (i.e., NFC node 140). Furthermore, the vehicle access system 146 includes a secure element 144 operatively coupled to the NFC nodes 138 and 140 via a gateway 142 and can form part of an access controller (not shown) for vehicle 128. It should be noted that vehicle 128 includes other components, namely, a UWB communication unit 130 mounted externally to vehicle 128, a UWB communication unit 132 mounted internally to vehicle 128, one or more Bluetooth Low Energy (BLE) communication units 134, and a ranging microcontroller 136, which also provide the functionality to access vehicle 128. However, in this example, the relay attack is performed against the NFC-based vehicle access system 146.

[0027] Typically, an external NFC-enabled access device is used to obtain access to vehicle 128 or one or more of its functions. Figure 1 The diagram illustrates several examples of such access devices: an NFC-enabled phone 102, an NFC-enabled key card 112, and an NFC-enabled smart card 120. Each of these access devices includes a secure NFC unit 110, 118, 122 for communicating with an NFC-enabled vehicle access system 146 integrated into the vehicle 128. Typically, such access devices are brought close to the NFC-enabled vehicle access system 146, i.e., within NFC communication range. The NFC communication range is typically several centimeters (e.g., 10 centimeters or less). However, in this example, a relay attack is carried using a first attack device 124 and a second attack device 126, attempting to gain access to the vehicle 128 by means of both the first and second attack devices. The first attack device 124 is carried by a first attacker and kept close to the vehicle owner's access device to obtain user credentials using NFC. The second attack device 126, communicating with the first attack device 124 via a long-range RF link, is carried by a second attacker collaborating with the first attacker. The second attack device 126 can communicate directly with the interface unit, which provides direct access to the secure element 144 via an in-vehicle network (e.g., a CAN interface unit, an SPI unit, or an I2C unit), i.e., bypassing access to the NFC front end (not shown) integrated into the NFC nodes 138, 140.

[0028] More specifically, a thief can connect a second attack device 126 to an interface typically used to gain vehicle access, such as a private CAN or SPI line of NFC nodes 138, 140. In this way, the NFC front-end of NFC nodes 138, 140 is effectively bypassed. It should be noted that if the communication protocol is unknown, the thief can use the second attack device 126 to eavesdrop on common protocols used between the NFC front-end and the microcontroller included in NFC nodes 138, 140, between the microcontroller included in said NFC nodes 138, 140 and the CAN interface unit, or between the CAN interface unit of NFC nodes 128, 140 and the CAN itself. Over a long-distance RF link (e.g., sub-GHz, BLE, or Wi-Fi link), the second attack device 126 obtains user credentials from the first attack device 124, converts them into the protocol format used, and transmits them to the secure element 144 of the vehicle access system 146. In this way, user credentials are provided to the secure element 144 without near-field communication between the second attack device 126 and the NFC front end integrated into the NFC nodes 138 and 140.

[0029] As mentioned above, in order to obtain user credentials using NFC, the thief's accomplice brought the first attack device 124 close to the vehicle owner's access device. More specifically, the accomplice placed the first attack device 124 close to the NFC interface of the secure NFC units 110, 118, 122 of the access device carried by the owner (i.e., phone 102, key card 112, or smart card 120). The first attack device 124 activated protocol layer 4 (i.e., the application layer as defined in technical standard ISO 14443-4) of the secure NFC units 110, 118, 122 and sent the Select Application Identifier (AID) to the NFC CCC Digital Key (DK) application. After a successful response, the first attack device 124 then woke up, for example, the private CAN of vehicle 128 and began the authentication process via the second attack device 126.

[0030] Figure 2 An example of an NFC node 200 for use in a vehicle is shown. The NFC node 200 includes a CAN interface unit 202, a host microcontroller 204, an NFC front-end 206, an NFC matching circuit 208, and an NFC antenna 210. (See above reference...) Figure 1As explained, a relay attack can target different components of an NFC-enabled vehicle system, thereby bypassing the NFC front-end 206 of the NFC node 200. For example, an attack can be performed on the vehicle's own CAN connector (not shown). Connecting a second attack device to an existing CAN connector is relatively easy, and the CAN protocol is well-known. Furthermore, an attack can be performed between the CAN interface unit 202 and the host microcontroller 204 of the NFC node 200. This is less straightforward, as the NFC node 200 is typically a closed system. However, it is still possible, and the protocol is relatively simple. Similarly, an attack can be performed between the host microcontroller 204 and the NFC front-end 206 of the NFC node 200. Again, this is not straightforward, but it is still possible, and the protocol is relatively simple.

[0031] The present discussion concerns a vehicle access system, corresponding methods for operating the vehicle access system, and a computer program for executing the methods, which helps to prevent successful relay attacks of the described types.

[0032] Figure 3 An illustrative embodiment of a vehicle access system 300 is shown. The vehicle access system 300 includes an NFC front end 302 and an access controller 306 operatively coupled to each other. The NFC front end 302 includes a first secure element 304. Furthermore, the access controller 306 includes a second secure element 308, wherein the second secure element 308 is configured to verify data provided by the first secure element 304. Furthermore, the first secure element 304 and the second secure element 308 are configured to establish a secure communication channel between them for transmitting the data from the first secure element 304 to the second secure element 308. By establishing a secure communication channel and providing the data to the second secure element 308 through the secure communication channel, relay attacks of the described type can be prevented from succeeding more easily. It should be noted that a secure element can be defined as a tamper-proof integrated circuit with an installed application having specified functionality and a specified security level. Furthermore, the secure element can implement security functions, such as cryptographic and authentication functions.

[0033] In one or more embodiments, the first and second secure elements are configured to establish the secure communication channel by encrypting and decrypting the data using one or more shared secret keys. This further helps prevent successful relay attacks of the described type. Specifically, the NFC front end can no longer be bypassed because the second secure element expects the data to have been encrypted by the first secure element included in the NFC front end, and attempts to decrypt the data completed by the second secure element will fail if an attacker sends unencrypted data as expected. In practical implementations, a Diffie-Hellman key exchange process has been used to share the secret key. In one or more embodiments, the shared secret key is refreshed periodically. In this way, the security level is increased because cracking the secret key used to encrypt the transmitted data becomes more difficult.

[0034] In one or more embodiments, the first and second security elements are configured to establish the secure communication channel before the vehicle access system initiates a vehicle access transaction. This helps prevent relay attacks aimed at gaining access to the vehicle. Furthermore, in one or more embodiments, the first and second security elements are configured to establish the secure communication channel before the vehicle access system initiates an engine start transaction. This helps prevent relay attacks aimed at starting the vehicle's engine. In one or more embodiments, the data includes user credentials for accessing the vehicle or one or more functions of the vehicle. In this way, the user authentication process, which is typically performed to gain access to the vehicle or one or more of its functions, is better protected. The vehicle access system disclosed in this invention can be integrated into a vehicle. In a practical implementation, the vehicle includes an in-vehicle network for operatively coupling the access controller to an NFC front end.

[0035] Figure 4 An illustrative embodiment of a method 400 for operating a vehicle access system is shown, the system comprising: an NFC front end including a first secure element; and an access controller including a second secure element. Method 400 includes the following steps: At 402, the first and second secure elements establish a secure communication channel for transmitting data from the first secure element to the second secure element. Furthermore, at 404, the first secure element provides the data to the second secure element by transmitting the data via the secure communication channel. Furthermore, at 406, the second secure element verifies the data provided by the first secure element. (Refer to the above...) Figure 3 As mentioned in the corresponding vehicle access system, by establishing a secure communication channel and providing the data to the second security element through the secure communication channel, the type of relay attack described can be prevented from succeeding more easily.

[0036] Figure 5 Another illustrative embodiment of a method 500 for operating a vehicle access system is shown. Specifically, method 500 illustrates a use case where a vehicle is accessed securely, i.e., in a manner that can prevent relay attacks of the types described. At 502, NFC node 502 operates in either Low-Power Card Detection (LPCD) or Ultra-Low-Power Card Detection (u-LPCD) mode. It should be noted that LPCD and u-LPCD are techniques for reducing the power consumption of the NFC node, which use short RF sensing pulses to detect load changes on its antenna, rather than maintaining an RF field active to poll the communication counterpart. If the LPCD or u-LPCD process triggers a wake-up 504 for the NFC node and activates layer 4 506, a secure communication channel 508 is established between the NFC node and the vehicle's secure domain. The vehicle access process, which may include CCC-based transactions, then continues. If wake-up 504 is not performed and layer 4 506 is not activated, method 500 returns to step 502.

[0037] Figure 6 Another illustrative embodiment of a method 600 for operating a vehicle access system is shown. Specifically, method 600 shows a preparation phase 602 in which a secure element 608 in the NFC front end of a door NFC node (e.g., an NFC node integrated into a door handle) and a secure element 616 (i.e., an access controller) in the vehicle's secure domain are pre-configured. It should be noted that this pre-configuration can be performed in the factory or periodically in the vehicle. In preparation phase 602, a binding operation 604 is performed by pre-configuring common g and p based on a Diffie-Hellman key exchange process. In the next phase 606, a secure channel is established. This can be done, for example, before each vehicle access and / or before each engine start transaction. Secure channel establishment includes the following operations performed by secure elements 608, 616: generation of ephemeral public keys 610, 618; exchange and reception of these ephemeral public keys 612, 620; and calculation of a shared secret (e.g., one or more secret keys) 614, 622, by means of which a secure channel 624 is established. Finally, in the next stage 626, the vehicle access and / or engine start transaction 628 is performed within the secure channel. It should be noted that g (generator) and p (modulus) are two public secrets shared between the two bound entities. Both entities then generate their own secret X. Using these three vectors (g, p, and X), a shareable secret Y is generated using the formula Y = g^X mod p. Using this method, the secret required to encrypt the data according to the Diffie-Hellman algorithm can be computed.

[0038] The systems and methods described herein may be embodied, at least in part, by one or more computer programs, which may exist in various forms, in both active and inactive states, either within a single computer system or across multiple computer systems. For example, the computer program may exist as a software program consisting of program instructions in source code, object code, executable code, or other formats for performing certain steps. Any of the above formats may be embodied in compressed or uncompressed form on a computer-readable medium, which may include storage devices and signals.

[0039] As used herein, the term "computer" refers to any electronic device that includes a processor, such as a general-purpose central processing unit (CPU), a dedicated processor, or a microcontroller. A computer is capable of receiving data (input), performing a series of predetermined operations on the data, and thereby producing results (output) in the form of information or signals. Depending on the context, the term "computer" will mean (specifically) a processor or (more generally) a processor associated with a combination of related elements housed within a single housing or enclosure.

[0040] The term "processor" or "processing unit" refers to data processing circuitry, which may be a microprocessor, coprocessor, microcontroller, microcomputer, central processing unit, field-programmable gate array (FPGA), programmable logic circuitry, and / or any circuitry that controls signals (analog or digital signals) based on operation instructions stored in memory. The term "memory" refers to storage circuitry or multiple storage circuitry, such as read-only memory, random access memory, volatile memory, non-volatile memory, static memory, dynamic memory, flash memory, cache memory, and / or any circuitry that stores digital information.

[0041] As used herein, "computer-readable media" or "storage media" can be any component capable of containing, storing, transmitting, propagating, or transmitting a computer program for use by or in conjunction with an instruction execution system, device, or apparatus. Computer-readable media can be, for example (but not limited to), electronic, magnetic, optical, electromagnetic, infrared, or semiconductor systems, devices, apparatuses, or propagation media.

[0042] It should be noted that the above embodiments have been described with reference to different subject matter. Specifically, some embodiments may have been described with reference to the claims of the method class, while others may have been described with reference to the claims of the device class. However, those skilled in the art will understand from the foregoing that, unless otherwise stated, any combination of features related to different subject matter, in particular a combination of features of the claims of the method class and features of the claims of the device class, is also considered to be disclosed with this document, except for any combination of features belonging to one type of subject matter.

[0043] Furthermore, it should be noted that the accompanying drawings are schematic. Similar or identical elements are represented by the same reference numerals in different drawings. Additionally, it should be noted that, in order to provide a concise description of illustrative embodiments, implementation details that are customary to those skilled in the art may not be described. It should be understood that in the development of any such implementation, as in any engineering or design project, numerous implementation-specific decisions must be made to achieve the developer's specific objectives, such as complying with system-related and business-related constraints, which may differ between different implementations. Furthermore, it should be understood that such development work may be complex and time-consuming, but is merely a routine task for those skilled in the art in designing, manufacturing, and producing.

[0044] Finally, it should be noted that those skilled in the art will be able to devise numerous alternative embodiments without departing from the scope of the appended claims. Any reference marks placed between parentheses in the claims should not be construed as limiting the claims. The word "comprising" does not exclude the presence of elements or steps other than those listed in the claims. The words "a" or "an" preceding an element do not exclude the presence of a plurality of such elements. The measures recited in the claims can be implemented by means of hardware comprising several different elements and / or by means of a suitably programmed processor. In a device claim listing several components, several of these components can be implemented by the same object in hardware. The mere fact that certain measures are recited in different dependent claims does not imply that combinations of these measures cannot be used to obtain an advantage.

[0045] List of reference numerals

[0046] Relay attack on 100 pairs of vehicle access systems

[0047] 102 telephone

[0048] 104 application

[0049] 106 Ultra-Wideband (UWB) Communication Units

[0050] 108 Bluetooth Low Energy (BLE) communication units

[0051] 110 Secure Near Field Communication (NFC) Unit

[0052] 112 key card

[0053] 114UWB communication unit

[0054] 116BLE communication unit

[0055] 118 secure NFC units

[0056] 120 Smart Card

[0057] 122 Secure NFC Unit

[0058] 124 attack device 1

[0059] 126 attack device 2

[0060] 128 vehicles

[0061] 130UWB Communication Unit (External)

[0062] 132UWB communication unit (internal)

[0063] 134BLE communication unit

[0064] 136 Ranging Microcontroller (Ranging MCU)

[0065] 138 gate NFC nodes including Serial Peripheral Interface (SPI)

[0066] 140 in-vehicle NFC node combined with Qi charging unit

[0067] 142 Gateway (Primary Domain Controller, BDC)

[0068] 144 Safety Element (Automotive Connectivity Consortium CCC, SE Compatible)

[0069] 146 NFC-based Vehicle Access System (NFC-VAS)

[0070] 200 NFC nodes for vehicles

[0071] 202 Controller Area Network (CAN) Interface Unit

[0072] 204 host MCU

[0073] 206NFC front end

[0074] 208 NFC matching circuit

[0075] 210 NFC antenna

[0076] 300 vehicle access system

[0077] 302NFC Front End

[0078] 304 First Safety Element

[0079] 306 Access Controller

[0080] 308 Second Safety Element

[0081] Methods for operating the vehicle access system (400)

[0082] 402 A secure communication channel is established by the first security element and the second security element for transmitting data from the first security element to the second security element.

[0083] 404 The first security element provides the data to the second security element by transmitting the data via a secure communication channel.

[0084] 406 The data provided by the first safety element is verified by the second safety element.

[0085] Methods for operating the vehicle access system (500)

[0086] The 502 NFC node operates in Low Power Card Detection LPCD or Ultra Low Power Card Detection u-LPCD mode.

[0087] How to wake up a 504 NFC node?

[0088] 506 activation layer 4?

[0089] 508 establishes a secure communication channel between the NFC node and the vehicle's secure domain.

[0090] 510 The vehicle access process continues (e.g., CCC-based transactions).

[0091] Methods for operating the vehicle access system (600)

[0092] 602. Pre-configuration of SE and security domain SE in the door NFC node or vehicle NFC node is completed in the factory and / or periodically in the vehicle.

[0093] 604 is bound by pre-configured public g and p (based on Diffie-Hellman key exchange).

[0094] 606. Establishment of a secure channel prior to each vehicle access or engine start transaction.

[0095] SE of the 608NFC front end

[0096] 610 Generate random numbers and a short-lived public key (ePK).

[0097] 612 receives ePK

[0098] 614 Computational Shared Secret

[0099] 616 Access Controller SE

[0100] 618 Generate random numbers and ephemeral public keys (ePK)

[0101] 620 receives ePK

[0102] 622 Computational Shared Secret

[0103] 624 Establish a secure channel

[0104] Vehicle access and engine start transactions within security channel 626

[0105] 628 Performs a vehicle access or engine start transaction.

Claims

1. A vehicle access system, characterized in that, include: A near-field communication (NFC) front end, wherein the NFC front end includes a first secure element; An access controller operatively coupled to the NFC front end, wherein the access controller includes a second security element configured to verify data provided by the first security element; The first security element and the second security element are configured to establish a secure communication channel for transmitting the data from the first security element to the second security element.

2. The vehicle access system according to claim 1, characterized in that, The first security element and the second security element are configured to establish the secure communication channel by encrypting and decrypting the data using one or more shared secret keys.

3. The vehicle access system according to claim 2, characterized in that, The secret key has been shared using the Diffie-Hellman key exchange process.

4. The vehicle access system according to claim 2 or 3, characterized in that, The shared secret key is refreshed periodically.

5. The vehicle access system according to any one of the preceding claims, characterized in that, The first and second security elements are configured to establish the secure communication channel before the vehicle access system initiates a vehicle access transaction.

6. The vehicle access system according to any one of the preceding claims, characterized in that, The first and second safety elements are configured to establish the secure communication channel before the vehicle access system initiates an engine start transaction.

7. The vehicle access system according to any one of the preceding claims, characterized in that, The data includes user credentials for accessing the vehicle or one or more functions of the vehicle.

8. A vehicle, characterized in that, Including the vehicle access system according to any of the preceding claims.

9. A method for operating a vehicle access system, characterized in that, The vehicle access system includes: a near-field communication (NFC) front-end, which includes a first secure element; and an access controller, which includes a second secure element, the method comprising: A secure communication channel is established by the first security element and the second security element for transmitting data from the first security element to the second security element; The first security element provides the data to the second security element by transmitting the data via the secure communication channel; The data provided by the first security element is verified by the second security element.

10. A computer program, characterized in that, Includes executable instructions that, when executed by the vehicle access system according to any one of claims 1 to 7, cause the vehicle access system to perform the method according to claim 9.