WIRELESS COMMUNICATION USING COMPACT CERTIFICATES

US 20090249074A1
Filed: 03/31/2008
Published: 10/01/2009
Est. Priority Date: 03/31/2008
Status: Active Grant

First Claim

Patent Images

1. A method for authenticating a digital certificate, comprising the steps of:

storing on a wireless device a first plurality of certificate data items associated with an entity having a digital certificate containing the data items;

receiving at the wireless device a compact certificate that lacks the first plurality of data items, but that contains a second plurality of certificate data items and a digital signature formed using the first and second pluralities of data items; and

validating the compact certificate at the wireless device using the digital signature, the first plurality of data items stored on the device, and the second plurality of data items contained in the compact certificate.

View all claims

14 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method and communications system for generating and using compact digital certificates for secure wireless communication. Each compact certificate includes a digital signature and only a portion of the data used in generating the signature. The remaining certificate data is pre-stored on one or more wireless devices for which secure communication is desired. Upon receiving a compact certificate, the wireless device authenticates the certificate using its digital signature along with both the data contained in the certificate and the data pre-stored on the wireless device. This approach permits secure connections to be established between wireless devices using relatively small digital certificates.

86 Citations

View as Search Results

20 Claims

1. A method for authenticating a digital certificate, comprising the steps of:
- storing on a wireless device a first plurality of certificate data items associated with an entity having a digital certificate containing the data items;
  
  receiving at the wireless device a compact certificate that lacks the first plurality of data items, but that contains a second plurality of certificate data items and a digital signature formed using the first and second pluralities of data items; and
  
  validating the compact certificate at the wireless device using the digital signature, the first plurality of data items stored on the device, and the second plurality of data items contained in the compact certificate.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The method of claim 1, wherein the method further comprises carrying out the following steps at one or more other devices prior to the receiving step:
    - generating the digital certificate containing all of the data items;
      
      signing the digital certificate by applying a digital signature formed using all of the data items;
      
      forming the compact certificate such that it includes the digital signature and the second plurality of data items, but excludes at least some of the first plurality of data items; and
      
      wirelessly transmitting the compact certificate to the wireless device.
  - 3. The method of claim 2, wherein the signing step further comprises performing a mathematical function on the data items and encrypting the result using a private key, and wherein the step of validating the compact certificate further comprises the steps of:
    - extracting the result contained in the digital signature by decrypting the digital signature using a public key associated with the private key;
      
      combining the first plurality of data items stored on the wireless device with the second plurality of data items contained in compact certificate;
      
      performing the mathematical function on the combined data items, andcomparing the result of the mathematical function performed at the wireless device with the result extracted from the digital signature.
  - 4. The method of claim 1, wherein the storing step further comprises storing static content from the digital certificate on the wireless device.
  - 5. The method of claim 1, wherein the wireless device is a telematics unit installed in a vehicle and the entity is a call center that communicates with the telematics unit via a wireless carrier system, and wherein the storing step further comprises storing on the telematics unit at least some of the static data contained in the digital certificate.
  - 6. The method of claim 5, wherein the storing step further comprises storing the static data on the telematics unit prior to delivery of the vehicle to a customer and wherein the receiving and validating steps are carried out after delivery of the vehicle to the customer.
  - 7. The method of claim 5, further comprising the step of storing on the telematics unit a public key issued by the call center, and wherein the validating step further comprises validating the compact certificate using the public key.
  - 8. The method of claim 5, further comprising the step of replacing at least some of the stored static data with newer data.

9. A method of supplying authenticating information to a wireless device, comprising the steps of:
- generating a digital signature using authentication information;
  
  forming a digital certificate that includes the digital signature and only some of the authentication information used in generating the digital signature;
  
  receiving a request to establish a secure connection from a wireless device having stored thereon the remainder of the authentication information used in generating the digital signature; and
  
  wirelessly transmitting the digital certificate to the wireless device.
- View Dependent Claims (10, 11, 12, 13, 14, 15)
- - 10. The method of claim 9, wherein the forming step comprises forming a compact certificate having a serial number, expiration data, public key, and the digital signature.
  - 11. The method of claim 9, wherein the forming step comprises forming a compact certificate that includes the digital signature and all of the authentication information except for that portion stored on the wireless device.
  - 12. The method of claim 9, wherein the digital certificate is one of a number of different digital certificates generated for a particular entity and wherein the authentication information includes static content that is common to the different digital certificates and unique content that is different for the different digital certificates;
    - wherein the generating step further comprises generating the digital signature using the static and unique content;
      
      wherein the forming step further comprises forming the digital certificate using at least the digital signature and all of the unique content; and
      
      wherein the method further comprises the step of providing at least some of the static content to the wireless device in advance of the receiving step.
  - 13. The method of claim 9, wherein the generating step further comprises generating the digital signature using a private key having an associated public key stored on the wireless device.
  - 14. The method of claim 9, wherein the wireless device is a vehicle telematics unit and the method is carried out at a call center, and wherein the generating step further comprises carrying out the following steps during a trusted relationship between the call center and telematics unit:
    - generating the digital signature using a private key having a corresponding public key; and
      
      storing the public key and the portion of the authentication information on the telematics unit.
  - 15. The method of claim 14, wherein the transmitting step further comprises sending the digital certificate from the call center to the telematics unit via cellular communication using CDMA.

16. A method of configuring a vehicle and call center to permit secure communication between them, comprising the steps of:
- generating a vehicle certificate signature using vehicle certificate data and an issuer private key;
  
  generating a call center certificate signature using call center certificate data and an issuer private key;
  
  storing an issuer public key and some of the vehicle certificate data at the call center;
  
  storing an issuer public key and some of the call center certificate data at the vehicle;
  
  programming the vehicle to supply the call center with a compact vehicle certificate containing the vehicle certificate signature and only a portion of the vehicle certificate data; and
  
  programming at least one server at the call center to supply vehicles with a compact call center certificate containing the call center certificate signature and only a portion of the call center certificate data.
- View Dependent Claims (17, 18, 19, 20)
- - 17. The method of claim 16, wherein the generating steps both further comprise generating the certificate signatures using the same issuer private key and the storing steps both further comprise storing the same issuer public key at both the vehicle and call center.
  - 18. The method of claim 16, wherein the portions of certificate data for each of the compact certificates include a serial number, expiration data for the certificate, an associated public key, and its certificate signature.
  - 19. The method of claim 16, wherein the programming steps both further comprise storing executable computer code that, upon execution, generates the compact certificates such that they have a size of no greater than 792 bytes.
  - 20. The method of claim 16, wherein the programming steps both further comprise storing executable computer code that, upon execution, generates the compact certificates such that they have a size of no greater than 88 bytes.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
General Motors LLC (General Motors Company)
Original Assignee
General Motors Corporation (Motors Liquidation Co. GUC Trust)
Inventors
Peirce, Kenneth L., Madhavan, Sethu K., Yi, Ki Hak, Chesnutt, Elizabeth, Alrabady, Ansaf I.

Granted Patent

US 8,327,146 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/176
CPC Class Codes

H04L 2209/80   Wireless network architectu...

H04L 2209/84   Vehicles

H04L 9/3263   involving certificates, e.g...

WIRELESS COMMUNICATION USING COMPACT CERTIFICATES

First Claim

14 Assignments

0 Petitions

Accused Products

Abstract

86 Citations

20 Claims

Specification

Use Cases

Quick Links

Others

WIRELESS COMMUNICATION USING COMPACT CERTIFICATES

First Claim

14 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

86 Citations

20 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others