Following are extracts of a report presented by Robert F. Mangine in his capacity of a member of the Coalition Network of Forensic Examiners.  

The Truth About Transponders

Layers of Vehicle Security

Transponder Components and System Operation

One of the most significant features of the transponder system is the micro-transponder (transmitter-responder) that is embedded in the head of the ignition key. This allows a vital component of the electronic system to be removed from the vehicle by the driver along with the mechanical ignition key.

The vehicle on-board components include a ring antenna (also known as an induction coil) located around the outer ignition lock, a transceiver (transmitter-receiver) adjacent to the ring antenna, and, depending on manufacturer, a Body Control Module (BCM) or Electronic Control Module (ECM), usually located in the interior dashboard.

When the ignition key is inserted in the ignition lock keyway and rotated, the vehicle electronics and systems are energized. A signal is then sent through the transceiver and to the ring antenna. This signal is broadcast from the ring antenna to the transponder embedded in the head of the key. The key mounted transponder has no battery or independent power source and the transponder is energized by the electromagnetic field from the ring antenna. The transponder will then send a return signal back to the ring antenna which is processed through the system. What is essentially occurring is a by-directional radio frequency communication between the ignition key and steering column.
If the vehicle systems are energized, and no vehicle specific properly programmed transponder is present, the signal being broadcast by the column mounted ring antenna will receive no reply. This will result in vehicle engine functions being disabled.
The transponder system is considered a passive engine immobilizer system and requires no specific action on the part of the driver, other than key insertion and rotation to energize the vehicle.

Compromise of the Transponder System

The basic working premise regarding any type of vehicle protection is that anything one person designs, another person will determine how to compromise it given sufficient time, knowledge, skill and equipment. This pertains not only to electronic anti-theft systems, but ignition locks/column assemblies as well. It is equally important to remember there are specific procedures that must be followed and detectible damage that will occur when defeating or compromising the physical components.
In the late nineties one domestic transponder system could be compromised through the power distribution center (fuse/relay box) using a series of jumper wires. This procedure would take 45 minutes or longer. One Japanese transponder system could be compromised by changing the vehicle ECM. By the early 2000's this type of compromise of those selected systems was no longer effective. And, although there were these weaknesses in certain early systems, compromise of the transponder system (electronic protection) alone would not allow the vehicle to be driven. Defeat of the ignition lock/steering column (physical protection) was also required, had to be accomplished separately and would result in physical detectable damage to the parts.

Improved electronics began to appear between 2001 and 2003. To now compromise the systems a specialized Scan Tool (hand held computer) was needed in order to program a new key to the system. These professional locksmith tools, including vehicle specific software, can be obtained at a cost of $4,000 to $6,000 from locksmith supply stores. A new, vehicle specific transponder key must also be obtained.
After the Scan Tool is plugged into vehicle the OBD port, one of the first on screen prompts from the Scan Tool is to energize the vehicle, since you can not program a cold vehicle. To accomplish this, the steering column assembly/ignition lock (physical protection) must first be defeated. If a stolen-recovered vehicle with electronic transponder protection does not have the column assembly/ignition lock defeated, then the presence of the transponder system or compromise of the transponder system is irrelevant as the vehicle could not be energized or shifted/steered.
Certain transponders can be "cloned" (copied) using a special electronic device designed specifically for this purpose. Cloning of a transponder key (those that are capable of being cloned) not only requires the electronic key cloning machine and a new vehicle specific transponder be present, but also an existing, properly programmed transponder key for that particular vehicle to originate the cloning process. Once again, the ignition lock/steering column assembly must still be defeated even with a "cloned" key present.

Transponder Terms/Definitions

Fixed Code: The code that is required to start the vehicle does not change.

Rolling Code: When the ignition is turned "ON" and the engine started, the transponder code is checked by the on-board computer module and a new random code is generated. The new code is now required for the next vehicle start cycle.

Encrypted (Challenging Response Code): Communication between the key and vehicle on-board computer module is encrypted in both directions (bi-directional encryption of data) and the code changes during every use.

Transponder: Radio Frequency Transmitter Responder that reacts to an electrical impulse.

Ring Antenna (or Induction Coil): The Ring Antenna serves a duel function. It transmits the carrier frequency from the Transceiver to the Transponder as well as receiving a coded identification signal back from the Transponder.

Transceiver (or Control Module): A Transmitter and Receiver. The Transceiver communicates with both the key embedded Transponder through the Ring Antenna and the vehicle on-board computer module via hard wire. The Transceiver sends a carrier frequency by way of the Ring Antenna and a fixed number of codes are contained in the memory and the Transceiver (control module) verifies that the correct code is being sent.