Systems and methods for a secure subscription based vehicle data service
First Claim
1. A vehicle communication manager device located onboard a vehicle, the device comprising:
- a memory comprising a non-volatile memory device storing a fixed embedded public key, wherein the embedded public key is a public key of a public-private key pair associated with a data service system not onboard the vehicle;
a processor in communication with a wireless datalink transceiver;
a vehicle data service protocol executed by the processor, wherein the vehicle data service protocol initiates a communication session for data service exchanges with the data service system via the wireless datalink transceiver;
wherein the vehicle data service protocol includes a session validation sequence that causes the processor to;
transmit a session request message to the data service system; and
validate an authenticity of a session reply request message received from the data service system using the embedded public key, wherein the session reply message includes a public operational authentication key, a public operational encryption key, and is signed with a subscriber validation private key associated with the embedded public key;
wherein the vehicle data service protocol includes a session initiation sequence that causes the processor to;
transmit an initiation request message to the data service system, the session request message including a key derivation key generated onboard the vehicle, wherein the key derivation key in the initiation request message is encrypted using the public operational encryption key;
validate an authenticity of an initiation response message received from the data service system using the public operational authentication key; and
in response to affirmatively validating the initiation response message, apply the key derivation key to a key derivation function to generate a message authentication key;
wherein the processor authenticates data service uplink messages received from received from the host data service during the communication session using the message authentication key.
1 Assignment
0 Petitions
Accused Products
Abstract
Secure subscription based vehicle data services are provided. In one embodiment, a device comprises: a non-volatile memory comprising an embedded public key (EPK) that comprises a public key of a public-private key pair associated with a data service system not onboard the vehicle; a protocol that initiates a communication session that includes a session validation sequence that causes a processor to transmit a session request message and validate an authenticity of a session reply request using the EPK; the protocol includes a session initiation sequence that causes the processor to: transmit an initiation request message to the data service system that includes a key derivation key, and apply the key derivation key to a key derivation function to generate a message authentication key. The processor authenticates uplink messages exchanged with a host data service using the message authentication key.
-
Citations
9 Claims
-
1. A vehicle communication manager device located onboard a vehicle, the device comprising:
-
a memory comprising a non-volatile memory device storing a fixed embedded public key, wherein the embedded public key is a public key of a public-private key pair associated with a data service system not onboard the vehicle; a processor in communication with a wireless datalink transceiver; a vehicle data service protocol executed by the processor, wherein the vehicle data service protocol initiates a communication session for data service exchanges with the data service system via the wireless datalink transceiver; wherein the vehicle data service protocol includes a session validation sequence that causes the processor to; transmit a session request message to the data service system; and validate an authenticity of a session reply request message received from the data service system using the embedded public key, wherein the session reply message includes a public operational authentication key, a public operational encryption key, and is signed with a subscriber validation private key associated with the embedded public key; wherein the vehicle data service protocol includes a session initiation sequence that causes the processor to; transmit an initiation request message to the data service system, the session request message including a key derivation key generated onboard the vehicle, wherein the key derivation key in the initiation request message is encrypted using the public operational encryption key; validate an authenticity of an initiation response message received from the data service system using the public operational authentication key; and in response to affirmatively validating the initiation response message, apply the key derivation key to a key derivation function to generate a message authentication key; wherein the processor authenticates data service uplink messages received from received from the host data service during the communication session using the message authentication key. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
Specification