Method and apparatus for using a secure credential infrastructure to access vehicle components

US 20050125669A1
Filed: 04/30/2004
Published: 06/09/2005
Est. Priority Date: 12/08/2003
Status: Active Grant

First Claim

Patent Images

1. A computer controlled method to personalize a vehicle, said vehicle including a plurality of computerized devices, at least one of said plurality of computerized devices being a prospective member device associated with said vehicle, the method comprising steps of:

establishing a credential by;

exchanging key commitment information over a preferred channel between a credential issuing device and said prospective member device to pre-authenticate said prospective member device;

receiving a public key from said prospective member device;

verifying said public key with said key commitment information; and

automatically provisioning said prospective member device with said credential;

whereby said prospective member device becomes a member device associated with said vehicle; and

securely communicating personalization information to said vehicle through said member device using said credential.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

We present technology that allows layman computer users to simply create, provision, and maintain secured infrastructure—an instant PKI. This technology can be used in a wide variety of applications including enabling secure communications to components of a vehicle, and enabling secure communications between the vehicle and associated infrastructure.

Citations

27 Claims

1. A computer controlled method to personalize a vehicle, said vehicle including a plurality of computerized devices, at least one of said plurality of computerized devices being a prospective member device associated with said vehicle, the method comprising steps of:
- establishing a credential by;
  
  exchanging key commitment information over a preferred channel between a credential issuing device and said prospective member device to pre-authenticate said prospective member device;
  
  receiving a public key from said prospective member device;
  
  verifying said public key with said key commitment information; and
  
  automatically provisioning said prospective member device with said credential;
  
  whereby said prospective member device becomes a member device associated with said vehicle; and
  
  securely communicating personalization information to said vehicle through said member device using said credential.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15)
- - 2. The computer controlled method of claim 1, wherein said personalization information comprises protected information related to an occupant of said vehicle.
  - 3. The computer controlled method of claim 2, wherein said protected information includes at least one datum selected from a group consisting of spatial coordinate data, personal identification data of said occupant, account identification data, insurance-related data;
    - vehicle identification data, vehicle operation data, financial data, telephone number data, wireless network data, travel data, and vehicle occupancy data.
  - 4. The computer controlled method of claim 2, wherein said protected information includes at least one datum selected from a group consisting of operating control preferences data, radio operation preferences data, location preferences data, navigation data, controllable environmental preferences, vehicle security system preferences, and vehicle instrument cluster display preferences.
  - 5. The computer controlled method of claim 1, wherein said credential issuing device is selected from the group consisting of a personal data assistant, a cell phone, a computer, a camera, a dedicated key device, a smart card, a personally wearable device, and a subscriber identification module.
  - 6. The computer controlled method of claim 1, wherein said credential issuing device includes said credential issuing authority.
  - 7. The computer controlled method of claim 1, wherein said preferred channel is a location-limited channel.
  - 8. The computer controlled method of claim 1, wherein said preferred channel has a demonstrative identification property and an authenticity property.
  - 9. The computer controlled method of claim 1, wherein the step of automatically provisioning is performed-by an enrollment station in communication with said credential issuing device.
  - 10. The computer controlled method of claim 1, wherein said secure credential infrastructure is a public key infrastructure, said credential issuing authority is a certification authority and said credential is a public key certificate.
  - 11. The computer controlled method of claim 10, wherein the step of exchanging further comprises steps of:
    - creating a public key pair for said prospective member device; and
      
      sending said public key pair to said prospective member device over said preferred channel.
  - 12. The computer controlled method of claim 10, further comprising steps of:
    - creating a trusted key pair;
      
      storing said trusted key pair;
      
      establishing a certification authority public key certificate; and
      
      storing said certification authority public key certificate.
  - 13. The computer controlled method of claim 1, further comprising a step of revoking said credential.
  - 14. The computer controlled method of claim 1, further comprising a step of using said member device to securely communicate to an external member device that is remote from said vehicle.
  - 15. The computer controlled method of claim 1, further comprising a step of said member device communicating with a second member device.

16. A prospective member device capable of personalizing a vehicle, said vehicle including a plurality of computerized devices, at least one of said plurality of computerized devices being the prospective member device, the prospective member device comprising:
- a credential establishment mechanism comprising;
  
  at least one port configured to establish a preferred channel;
  
  a key commitment receiver mechanism configured to receive key commitment information through said at least one port;
  
  a key receiver mechanism configured to receive a public key;
  
  a pre-authentication mechanism configured to verify said public key with said key commitment information; and
  
  a credential provisioning mechanism configured to receive a credential responsive to the pre-authentication mechanism whereby said prospective member device becomes a member device associated with said vehicle; and
  
  a communication mechanism configured to securely receive personalization information for said vehicle through said member device using said credential.
- View Dependent Claims (17, 18, 19, 20, 21, 22, 23, 24, 25, 26)
- - 17. The prospective member device of claim 16, wherein said personalization information comprises protected information related to an occupant of said vehicle.
  - 18. The prospective member device of claim 17, wherein said protected information includes at least one datum selected from a group consisting of spatial coordinate data, personal identification data of said occupant, account identification data, insurance-related data;
    - vehicle identification data, vehicle operation data, financial data, telephone number data, wireless network data, travel data, and vehicle occupancy data.
  - 19. The prospective member device of claim 17, wherein said protected information includes at least one datum selected from a group consisting of operating control preferences data, radio operation preferences data, location preferences data, navigation data, controllable environmental preferences, vehicle security system preferences, and vehicle instrument cluster display preferences.
  - 20. The prospective member device of claim 16, wherein said credential is received from a credential issuing device.
  - 21. The prospective member device of claim 16, wherein said preferred channel is a location-limited channel.
  - 22. The prospective member device of claim 16, wherein said preferred channel has a demonstrative identification property and an authenticity property.
  - 23. The prospective member device of claim 16, wherein said secure credential infrastructure is a public key infrastructure, said credential issuing authority is a certification authority and said credential is a public key certificate.
  - 24. The prospective member device of claim 23, wherein the key receiver mechanism further comprises a public key pair receiver mechanism configured to receive said public key pair over said preferred channel.
  - 25. The prospective member device of claim 16, further configured to securely communicate to an external member device that is remote from said vehicle.
  - 26. The prospective member device of claim 16, further comprising a secure communication mechanism configured to securely communicate with a second member device.

27. A vehicle including a plurality of computerized devices, at least one of said plurality of computerized devices being a prospective member device comprising:
- a credential establishment mechanism comprising;
  
  at least one port configured to establish a preferred channel;
  
  a key commitment receiver mechanism configured to receive key commitment information through said at least one port;
  
  a key receiver mechanism configured to receive a public key;
  
  a pre-authentication mechanism configured to verify said public key with said key commitment information; and
  
  a credential provisioning mechanism configured to receive a credential responsive to the pre-authentication mechanism whereby said prospective member device becomes a member device associated with said vehicle; and
  
  a communication mechanism configured to securely communicate personalization information for said vehicle through said member device using said credential.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Palo Alto Research Center, Inc. (Xerox Holdings Corp.)
Original Assignee
Palo Alto Research Center, Inc. (Xerox Holdings Corp.)
Inventors
Smetters, Diana K., Balfanz, Dirk, Durfee, Glenn E., Wong, Hao-Chi, Stewart, Paul J., Grinter, Rebecca E.

Granted Patent

US 7,757,076 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/171
CPC Class Codes

H04L 63/0492   by using a location-limited...

H04L 63/061   for key exchange, e.g. in p...

H04L 63/0823   using certificates cryptogr...

H04L 63/12   Applying verification of th...

H04L 67/125   involving control of end-de...

H04W 12/04   Key management, e.g. using ...

H04W 12/062   Pre-authentication

Method and apparatus for using a secure credential infrastructure to access vehicle components

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

27 Claims

Specification

Solutions

Use Cases

Quick Links

Method and apparatus for using a secure credential infrastructure to access vehicle components

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

27 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links