System and method for digital key sharing for access control

US 10,437,977 B2
Filed: 10/12/2016
Issued: 10/08/2019
Est. Priority Date: 10/13/2015
Status: Active Grant

First Claim

Patent Images

1. A method of sharing permission to access vehicles, the method comprising:

prior to generating a sharing invitation for another party, registering an owner device with a vehicle by obtaining a vehicle identity certificate from the vehicle and providing an owner identity certificate to the vehicle;

generating at an owner device, the sharing invitation for the other party to obtain a credential for the other party;

generating a digital permission for the other party using the credential associated with the sharing invitation;

signing the digital permission using a private key associated with the owner device, the private key being associated with the owner identity certificate provided to the vehicle; and

sending the digital permission to the other party to be used in accessing the vehicle.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A communication system involving an access point, a vehicle and a user is provided. The vehicle and user possess a registration code, the user possesses a public and private key pair, and the access point and vehicle possess certificates and associated private keys. The access point issues a certificate to the user associated with the user'"'"'s public and private keys, and the certificate of the access point is known and trusted by the vehicle. The access point signs a message granting ownership of the vehicle to the user, and the identity of the user indicates the user'"'"'s certificate. The vehicle conditionally accepts the ownership registration request of the user.

11 Citations

View as Search Results

32 Claims

1. A method of sharing permission to access vehicles, the method comprising:
- prior to generating a sharing invitation for another party, registering an owner device with a vehicle by obtaining a vehicle identity certificate from the vehicle and providing an owner identity certificate to the vehicle;
  
  generating at an owner device, the sharing invitation for the other party to obtain a credential for the other party;
  
  generating a digital permission for the other party using the credential associated with the sharing invitation;
  
  signing the digital permission using a private key associated with the owner device, the private key being associated with the owner identity certificate provided to the vehicle; and
  
  sending the digital permission to the other party to be used in accessing the vehicle.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
- - 2. The method of claim 1, further comprising:
    - sending the sharing invitation to a key sharing server; and
      
      receiving from the key sharing server a digital an other party identity certificate as the credential for the other party;
      
      wherein the digital permission is sent to the key sharing server to be forwarded to a device of the other party.
  - 3. The method of claim 1, wherein the digital permission is sent to the other party device using a short range communication channel between the devices.
  - 4. The method of claim 1, further comprising enabling restrictions to be set on the owner device, and including the restrictions in the digital permission sent to the other party.
  - 5. The method of claim 4, wherein the digital permission contains information limiting the other party'"'"'s access to a particular time frame or location, or also indicating one or more limitations on the other party, the limitations associated with one or more parameters.
  - 6. The method of claim 5, wherein the limitation parameter corresponds to a timeframe or location, or in the case of a vehicle, speed or power, or some other controllable parameter associated with the system which is available beyond an access point of the vehicle.
  - 7. The method of claim 5, wherein a limiting parameter is that the digital permission is required to be freshly signed by an access point of the vehicle periodically with a period determined by the owner.
  - 8. The method of claim 1, further comprising receiving from a vehicle, a cryptographic challenge.
  - 9. The method of claim 8, further comprising using the owner'"'"'s cryptographic private key to complete the challenge, and sending the response to the vehicle.
  - 10. The method of claim 9, further comprising encrypting the response to the vehicle.
  - 11. The method of claim 8, wherein the vehicle has generated a nonce to be signed by the owner device, to inhibit replay attacks.
  - 12. The method of claim 1, wherein the communication to the owner is encrypted to the owner.

13. A communication system for an owner device to enable the owner device to share permission to access vehicles, wherein the communication system stores a private key associated with the owner device, the communication system comprising a processor and memory, the memory storing computer executable instructions for:
- prior to generating a sharing invitation for another party, registering an owner device with a vehicle by obtaining a vehicle identity certificate from the vehicle and providing an owner identity certificate to the vehicle;
  
  generating at an owner device, the sharing invitation for the other party to obtain a credential for the other party;
  
  generating a digital permission for the other party using the credential associated with the sharing invitation;
  
  signing the digital permission using a private key associated with the owner device, the private key being associated with the owner identity certificate provided to the vehicle; and
  
  sending the digital permission to the other party to be used in accessing the vehicle.
- View Dependent Claims (14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32)
- - 14. The system of claim 13, wherein the owner device receives from the vehicle, a cryptographic challenge.
  - 15. The system of claim 14, wherein the owner device uses the owner'"'"'s cryptographic private key to complete the challenge, and the owner device sends the response to the vehicle.
  - 16. The system of claim 15, wherein the communication to the vehicle is encrypted to the vehicle.
  - 17. The system of claim 14, wherein the vehicle generates a nonce to be signed by the owner device, to inhibit replay attacks.
  - 18. The system of claim 13, wherein the communication to the owner is encrypted to the owner.
  - 19. The communication system of claim 13 further comprising:
    - an access point; and
      
      the vehicle;
      
      wherein the vehicle and the owner device have a registration code, the owner device has a public and private key pair associated with a user, and the access point and vehicle each have an identity certificate and associated private keys;
      
      wherein the access point issues the identity certificate to the owner device associated with the users public and private keys, and the identity certificate of the access point is known and trusted by the vehicle;
      
      wherein the access point is configured to sign a message granting ownership of the vehicle to the user, the identity of the user indicating the owner identity certificate, and the vehicle conditionally accepts an ownership registration request of the user.
  - 20. The system of claim 19, wherein the access point issues the vehicle identity certificate to establish the user'"'"'s identity using a cryptographic key pair generated by the owner device.
  - 21. The system of claim 20, wherein the vehicle determines that the owner device, whose public key is indicated by the permission, is in possession of the private key associated with the public key.
  - 22. The system of claim 21, wherein possession of the private key is performed by having the owner device sign a particular challenge message.
  - 23. The system of claim 20, wherein the communication to the owner device is encrypted to the user device.
  - 24. The system of claim 20, wherein the communication to the vehicle is encrypted to the vehicle.
  - 25. The system of claim 19, wherein the user issues a registration request to the vehicle containing the owner identity certificate and a cryptographically verifiable representation of the registration code.
  - 26. The system of claim 19, wherein the vehicle validates both the signature of the access point and the cryptographically verifiable representation of the registration code on the message granting ownership to the user.
  - 27. The system of claim 26, wherein the vehicle produces a nonce to be signed by the owner device, to inhibit replay attacks.
  - 28. The system of claim 19, wherein the vehicle produces a signed confirmation of ownership containing the owner identity certificate of the new owner, which is issued to the new owner.
  - 29. The system of claim 28, wherein the confirmation of ownership is passed by the owner to the access point.
  - 30. The system of claim 13, further comprising instructions for:
    - sending the sharing invitation to a key sharing server; and
      
      receiving from the key sharing server an other party identity certificate as the credential for the other party;
      
      wherein the digital permission is sent to the key sharing server to be forwarded to a device of the other party.
  - 31. The system of claim 13, wherein the digital permission is sent to the other party device using a short range communication channel between the devices.
  - 32. The system of claim 13, further comprising instructions for enabling restrictions to be set on the owner device, and including the restrictions in the digital permission sent to the other party.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
ETAS Embedded Systems Canada, Inc. (Robert Bosch GmbH)
Original Assignee
ETAS Embedded Systems Canada, Inc. (Robert Bosch GmbH)
Inventors
Lambert, Robert John, Gallant, Jay Peter, Elkins, Mark Gregory, Ebeid, Nevine Maurice Nassif
Primary Examiner(s)
Le, Chau

Application Number

US15/291,179
Publication Number

US 20170104589A1
Time in Patent Office

1,091 Days
Field of Search
US Class Current
CPC Class Codes

G06F 21/33   using certificates

G06F 21/335   for accessing specific reso...

G06F 2221/2103   Challenge-response

H04L 2209/84   Vehicles

H04L 63/0823   using certificates cryptogr...

H04L 9/3268   using certificate validatio...

H04W 12/082   using revocation of authori...

H04W 4/40   for vehicles, e.g. vehicle-...

H04W 4/80   Services using short range ...

System and method for digital key sharing for access control

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

11 Citations

32 Claims

Specification

Use Cases

Quick Links

Others

System and method for digital key sharing for access control

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

11 Citations

32 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others