Method for controlling access to an in-vehicle wireless network

US 10,057,022 B2
Filed: 09/27/2016
Issued: 08/21/2018
Est. Priority Date: 09/28/2015
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

establishing communication with an in-vehicle router system (IVRS) by a portable device, the portable device communicating with the IVRS via a first communication link and a second communication link, wherein the established communication is maintained to facilitate;

transmitting, by a portable device located within a vehicle, a first token to a wireless access point (AP) associated with the IVRS, via a first communication link, to prompt the wireless AP to reply with a second token, the first communication link implementing a first protocol stack; and

receiving, by the portable device, the second token via the second communication link between the portable device and the IVRS, the second communication link implementing a second protocol stack different from the first protocol stack;

determining, by the portable device, whether the second token matches the first token; and

authenticating the wireless AP, by the portable device, only when the second token has been determined to match the first token.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Disclosed is a technique for managing access by a portable device to an in-vehicle router system (IVRS). The IVRS determines network access privilege of the portable device located within the vehicle. The portable device determines whether it is connected to a wireless access point (AP) of the IVRS or a rogue network. The portable device transmits a first token to the wireless AP, via a first communication link implementing a first protocol stack, to prompt the wireless AP to reply with a second token. The portable device receives the second token via a second communication link implementing a second protocol stack different than the first protocol stack between the portable device and the IVRS. The portable device determines whether the second token matches the first token. If the second token is determined to match the first token, the portable device authenticates the wireless AP.

Citations

34 Claims

1. A method comprising:
- establishing communication with an in-vehicle router system (IVRS) by a portable device, the portable device communicating with the IVRS via a first communication link and a second communication link, wherein the established communication is maintained to facilitate;
  
  transmitting, by a portable device located within a vehicle, a first token to a wireless access point (AP) associated with the IVRS, via a first communication link, to prompt the wireless AP to reply with a second token, the first communication link implementing a first protocol stack; and
  
  receiving, by the portable device, the second token via the second communication link between the portable device and the IVRS, the second communication link implementing a second protocol stack different from the first protocol stack;
  
  determining, by the portable device, whether the second token matches the first token; and
  
  authenticating the wireless AP, by the portable device, only when the second token has been determined to match the first token.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The method of claim 1, wherein the portable device establishes communication with the IVRS by the following steps:
    - transmitting, by the portable device via the second communication link, a request for network access credentials and a first set of identification information;
      
      receiving, by the portable device via the second communication link, a set of network access credentials for connecting to the first communication link; and
      
      transmitting, by the portable device via the first communication link, a connection request using the set of network access credentials, wherein the IVRS is configured to authenticate the portable device by verifying the network access credentials.
  - 3. The method of claim 1, wherein the first token is communicated from the portable device to the wireless AP via either of a wireless local area network (WLAN) link or a near field communication (NFC) link.
  - 4. The method of claim 3, wherein the second token is communicated over a communication link other than a communication link in which the first token is communicated.
  - 5. The method of claim 1, wherein the second communication link has a communication range limited to within the vehicle.
  - 6. The method of claim 1, wherein the second communication link is either of a near field communication (NFC) link or a universal serial bus (USB) link.
  - 7. The method of claim 1, further comprising:
    - terminating communication in response to determining that communication is with a rogue wireless system.
  - 8. The method of claim 1, wherein the first token is produced using a random or pseudo-random value generator.
  - 9. The method of claim 1, wherein the first token and the second token include binary patterns.

10. A method comprising:
- establishing communication with a portable device by an in-vehicle router system (IVRS), the IVRS communicating with the portable device over a wireless local access network (WLAN) and a short range communication link, wherein communication by the portable device with the IVRS is limited to communication with an authentication subsystem of the IVRS, wherein the established communication is maintained to facilitate;
  
  transmitting, via the WLAN, a first token to the portable device; and
  
  receiving, via the short range communication link, a second token from the portable device;
  
  determining whether the first token matches the second token; and
  
  determining network access privilege of the portable device only when the first token has been determined to match the second token.
- View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21)
- - 11. The method of claim 10, wherein the WLAN and the short range communication link remain established at least until network access privilege is granted to the portable device.
  - 12. The method of claim 10, wherein establishing communication with the portable device comprises:
    - receiving from the portable device, via the short range communication link, identification information and a request for network access credentials;
      
      transmitting to the portable device, via the short range communication link, network access credentials for connecting the portable device to the wireless AP;
      
      receiving from the portable device, via the WLAN, a connection request using the network access credentials;
      
      authenticating the portable device, by the IVRS, by verifying the network access credentials; and
      
      in response to authenticating the portable device, enabling limited communication by the portable device to the authentication subsystem.
  - 13. The method of claim 10, further comprising:
    - receiving, via the short range communication link, a third token from the portable device; and
      
      in response to receiving the third token, transmitting to the portable device, via the WLAN, a fourth token corresponding to the third token, the portable device being configured to verify that the third token matches the fourth token,wherein the short range communication link and the WLAN remain active until verification by the portable device is complete.
  - 14. The method of claim 10, further comprising:
    - receiving, via the WLAN, a third token from the portable device; and
      
      in response to receiving the third token, transmitting to the portable device, via the short range communication link, a fourth token corresponding to the third token, the portable device being configured to verify that the third token matches the fourth token,wherein the WLAN and the short range communication link remain active until verification by the portable device is complete.
  - 15. The method of claim 10, further comprising:
    - determining that the portable device does not have network access privilege if an elapsed time between transmitting the first token to the portable device and receiving the second token from the portable device is greater than a threshold time period.
  - 16. The method of claim 10, wherein the first token is produced using a random or pseudo-random value generator.
  - 17. The method of claim 10, further comprising:
    - generating another token in response to at least one of a startup of a vehicle, expiration of a time period, request from an administrator, or a portable device establishing communication with the authentication subsystem of the IVRS.
  - 18. The method of claim 10, wherein another token is generated using a random or pseudo-random value generator.
  - 19. The method of claim 10, wherein the first token and the second token include binary patterns.
  - 20. The method of claim 10, wherein obtaining authorization to enable network access privilege to the portable device comprises at least one of:
    - receiving authorization for the portable device from an administrator of the IVRS;
      
      oridentifying the portable device among one or more authorized devices previously authorized by an administrator of the IVRS.
  - 21. The method of claim 10, wherein a communication range of the short range communication link is limited to within a vehicle.

22. A method comprising:
- establishing, by a portable device within a vehicle, communication with a wireless access point (AP) associated with an in-vehicle router system (IVRS) of a vehicle, the portable device communicating with the IVRS over a wireless local access network (WLAN) and a short range communication link, the communication by the portable device with the IVRS being limited to communication with an authentication subsystem of the IVRS, wherein the established communication is maintained to facilitate;
  
  receiving, by the portable device via the WLAN, a first token, the first token having randomly generated data produced by the IVRS in response to the WLAN connection by the portable device; and
  
  transmitting, by the portable device via the short range communication link, the first token to the IVRS to prompt the IVRS to grant network access privilege to the portable device;
  
  transmitting, by the portable device, a second token via the short range communication link to the IVRS; and
  
  receiving, by the portable device, a third token via the WLAN from the IVRS;
  
  determining, by the portable device, whether the second token matches the third token; and
  
  authenticating the wireless AP, by the portable device, only when the second token has been determined to match the third token.
- View Dependent Claims (23, 24, 25, 26)
- - 23. The method of claim 22, wherein the WLAN and the short range communication link remain established at least until authenticating the wireless AP is performed by the portable device.
  - 24. The method of claim 22, wherein establishing communication with the IVRS comprises:
    - transmitting, by the portable device via the short range communication link, a request for network access credentials and a first set of identification information;
      
      receiving, by the portable device via the short range communication link, information for connecting to the WLAN; and
      
      transmitting, by the portable device via the WLAN, a connection request using the network access credentials, wherein the IVRS is configured to authenticate the portable device by verifying the network access credentials and establish communication with the authentication subsystem.
  - 25. The method of claim 22, wherein the second token is not determined to match the third token if a time period expires before receiving the third token.
  - 26. The method of claim 22, further comprising:
    - receiving network access credentials from the IVRS, wherein the network access credentials enable the portable device to access a network via the IVRS.

27. An in-vehicle router system comprising:
- a wireless access point (AP) configured to communicate with a portable device over a wireless local access network (WLAN);
  
  one or more near field communication (NFC) or wired communication devices configured to communicate with the portable device over a short range communication link; and
  
  at least one processor configured to;
  
  establish communication with the portable device via the wireless AP and the short range communication link, wherein communication with the in-vehicle router system is limited to an authentication subsystem of the in-vehicle router system, wherein the established communication is maintained to facilitate;
  
  transmit by the wireless AP, via the WLAN, a first token to the portable device, wherein the first token is produced by a random or pseudo-random generator; and
  
  receive, via the short range communication link, a second token from the portable device;
  
  determine whether the first token matches the second token; and
  
  determine network access privilege of the portable device only when the first token has been determined to match the second token.
- View Dependent Claims (28, 29, 30, 31, 32, 33, 34)
- - 28. The in-vehicle router system of claim 27, wherein the at least one processor is configured to establish communication with the portable device by performing the following:
    - receive, via the short range communication link, a request for network access credentials and a first set of identification information from the portable device;
      
      transmit, via the short range communication link, information for connecting the wireless AP to the portable device;
      
      receive, via the wireless AP, a connection request using the network access credentials from the portable device; and
      
      authenticate the portable device by verifying the network access credentials, and in response to authenticating the portable device, enable limited communication to the secure subsystem.
  - 29. The in-vehicle router system of claim 27, wherein the at least one processor is further configured to:
    - receive, via the short range communication link, a third token from the portable device; and
      
      in response to receiving the third token, transmit, via the WLAN, a fourth token corresponding to the third token to the portable device, wherein the portable device is configured to verify that the third token matches the fourth token.
  - 30. The in-vehicle router system of claim 27, wherein the portable device is determined not to have network access privilege if a time elapse between transmitting the first token and receiving the second token is greater than a threshold time period.
  - 31. The in-vehicle router system of claim 27, wherein the at least one processor is further configured to:
    - in response to determining the first token does not match the second token, transmit, via the short range communication link, a message to the portable device indicating that network access is denied.
  - 32. The in-vehicle router system of claim 27, wherein the at least one processor is further configured to perform at least one of:
    - receive authorization for the portable device from an administrator of the IVRS;
      
      oridentify the portable device among one or more authorized devices previously authorized by an administrator of the IVRS.
  - 33. The in-vehicle router system of claim 27, wherein the at least one processor is further configured to contact an administrator device to determine network access privilege of the portable device by at least one contact method of a hierarchical list of contact methods.
  - 34. The in-vehicle router system of claim 33, wherein contact methods of the hierarchical list of contact methods include any of a text message, electronic mail, application notification, or automated voice message.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Yazaki Corporation
Original Assignee
Yazaki Corporation
Inventors
Yoganathan, Sivashankar, Kaygee, Anand Ganesan, Dipperstein, Michael David, Soto, Roy Lujan
Primary Examiner(s)
Taha, Shukri

Application Number

US15/277,613
Publication Number

US 20170093536A1
Time in Patent Office

693 Days
Field of Search
US Class Current
CPC Class Codes

G06F 16/172   Caching, prefetching or hoa...

H04L 2209/84   Vehicles

H04L 5/0032   Distributed allocation, i.e...

H04L 63/0492   by using a location-limited...

H04L 63/0807   using tickets, e.g. Kerbero...

H04L 63/18   using different networks or...

H04L 67/04   specially adapted for termi...

H04L 67/12   specially adapted for propr...

H04L 67/125   involving control of end-de...

H04W 12/068   using credential vaults, e....

H04W 12/08   Access security

H04W 12/12   Detection or prevention of ...

H04W 12/122   Counter-measures against at...

H04W 4/48   for in-vehicle communication

H04W 4/80   Services using short range ...

H04W 88/02   Terminal devices

H04W 88/08   Access point devices

Method for controlling access to an in-vehicle wireless network

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

34 Claims

Specification

Solutions

Use Cases

Quick Links

Method for controlling access to an in-vehicle wireless network

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

34 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links