Secure session communication between a mobile device and a base station

US 10,412,581 B2
Filed: 02/14/2017
Issued: 09/10/2019
Est. Priority Date: 02/14/2017
Status: Active Grant

First Claim

Patent Images

1. A computing system comprising:

a main telematics module,a connectivity module comprising antenna(s), processor(s), the connectivity module configured to;

(a) authenticate a mobile device via a vehicle-access-key (VAK);

(b), if (a), issue an ephemeral-session-key (DSK) to the mobile device;

(c), if (b), establish an active session with the mobile device;

(d) encrypt messages to the mobile device with the VAK during (a) and with the DSK during (c); and

(e) maintain the active session with the mobile device only when a signed challenge message periodically transmitted by the connectivity module is satisfied with a signed response from the mobile device within a countdown, the countdown resetting each time the signed response is received from the mobile device.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A vehicle includes: (i) a main telematics module, (ii) a connectivity module including antenna(s) and processor(s). The connectivity module is configured to: (a) authenticate a mobile device via a vehicle-access-key (VAK); (b), if (a), issue an ephemeral-session-key (DSK) to the mobile device; (c), if (b), establish an active session with the mobile device; (d) encrypt all messages to the mobile device with the VAK during (a) and with the DSK during (c). The connectivity module is configured to automatically revoke the DSK upon expiration of a predetermined time interval.

Citations

20 Claims

1. A computing system comprising:
- a main telematics module,a connectivity module comprising antenna(s), processor(s), the connectivity module configured to;
  
  (a) authenticate a mobile device via a vehicle-access-key (VAK);
  
  (b), if (a), issue an ephemeral-session-key (DSK) to the mobile device;
  
  (c), if (b), establish an active session with the mobile device;
  
  (d) encrypt messages to the mobile device with the VAK during (a) and with the DSK during (c); and
  
  (e) maintain the active session with the mobile device only when a signed challenge message periodically transmitted by the connectivity module is satisfied with a signed response from the mobile device within a countdown, the countdown resetting each time the signed response is received from the mobile device.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20)
- - 2. The computing system of claim 1, wherein the connectivity module is configured to automatically revoke the DSK.
  - 3. The computing system of claim 2, wherein the connectivity module is configured to automatically revoke the DSK upon expiration of a predetermined time interval.
  - 4. The computing system of claim 3, wherein the time interval begins during (b).
  - 5. The computing system of claim 4, wherein the connectivity module is configured to during (c), reject messages from the mobile device encrypted with the VAK but accept messages from another mobile device encrypted with a different VAK.
  - 6. The computing system of claim 1, wherein the connectivity module is configured to begin (a) upon receiving an unencrypted message comprising a valid VAK ID and a valid VAK hash.
  - 7. The computing system of claim 1, wherein the connectivity module is configured to include an unencrypted VAK authentication code in messages including VAK encrypted data.
  - 8. The computing system of claim 7, wherein the connectivity module is configured to include an unencrypted DSK hash in messages including DSK encrypted data.
  - 9. The computing system of claim 1, wherein the connectivity module is configured to break the DSK into a first block (DSK1) and a second block (DSK2).
  - 10. The computing system of claim 9, wherein both of DSK1 and DSK2 are necessary to compute DSK.
  - 11. The computing system of claim 9, wherein the connectivity module is configured to break the DSK by factoring the DSK such that DSK1 is a first factor and DSK2 is a second factor.
  - 12. The computing system of claim 9, wherein the connectivity module is configured to transmit DSK1 in a first message and DSK2 in a later second message.
  - 13. The computing system of claim 12, wherein the connectivity module is configured to transmit DSK2 in reply to a valid response from the mobile device.
  - 14. The computing system of claim 13, wherein the connectivity module is configured to transmit an encrypted nonce to the mobile device.
  - 15. The computing system of claim 14, wherein to be valid, the response must include a value based on the nonce.
  - 16. The computing system of claim 15, wherein the connectivity module is configured to transmit DSK assembly instructions with DSK1 or DSK2.
  - 17. The computing system of claim 16, wherein the connectivity module is configured to increment the nonce and transmit the incremented nonce to the mobile device prior to (c).
  - 18. The computing system of claim 1, wherein the VAK is a first VAK, the DSK is a first DSK and the connectivity module is configured to store multiple VAKs and multiple DSKs.
  - 19. The computing system of claim 1, wherein the connectivity module is configured to revoke the DSK upon receiving a message from the mobile device encrypted with the VAK during (c).
  - 20. The computing system of claim 1, wherein the connectivity module is configured to include unencrypted mobile device metadata in each message to the mobile device, the metadata enabling the mobile device to route the message.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Ford Global Technologies, LLC (Ford Motor Company)
Original Assignee
Ford Global Technologies, LLC (Ford Motor Company)
Inventors
Smyth, Cameron, Southern, Robert James, Van Wiemeersch, John Robert, Erkkila, David Ray, Westra, Mike Raymond, Caushi, Aldi, Turner, John William, Shahidehpour, Bobak, Elangovan, Vivekanandh
Primary Examiner(s)
Bayou, Yonas A

Application Number

US15/432,886
Publication Number

US 20180234843A1
Time in Patent Office

938 Days
Field of Search
US Class Current
CPC Class Codes

H04L 2209/80   Wireless

H04L 63/061   for key exchange, e.g. in p...

H04L 63/068   using time-dependent keys, ...

H04L 63/123   received data contents, e.g...

H04L 67/141   Setup of application sessio...

H04L 9/0643   Hash functions, e.g. MD5, S...

H04L 9/088   Usage controlling of secret...

H04L 9/0891   Revocation or update of sec...

H04L 9/3242   involving keyed hash functi...

H04L 9/3268   using certificate validatio...

H04L 9/3271   using challenge-response

H04W 12/02   Protecting privacy or anony...

H04W 12/03   Protecting confidentiality,...

H04W 12/041   Key generation or derivation

H04W 12/0431   Key distribution or pre-dis...

H04W 12/069   using certificates or pre-s...

H04W 4/40   for vehicles, e.g. vehicle-...

H04W 4/80   Services using short range ...

H04W 76/10   Connection setup

Secure session communication between a mobile device and a base station

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Secure session communication between a mobile device and a base station

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links