METHOD AND APPARATUS FOR SECURE PAIRING OF MOBILE DEVICES WITH VEHICLES USING TELEMATICS SYSTEM

US 20140079217A1
Filed: 09/14/2012
Published: 03/20/2014
Est. Priority Date: 09/14/2012
Status: Active Grant

First Claim

Patent Images

1. A method for secure pairing of mobile devices with a vehicle, said method comprising:

providing a first secure communications channel between the vehicle and a telematics server, and a second secure communications channel between a mobile device and the telematics server.requesting access to a vehicle'"'"'s Wi-Fi network by the mobile device;

providing information about the vehicle and the mobile device to the telematics server over the secure communications channels;

providing security data to the vehicle and the mobile device by the telematics server over the secure communications channels, where the security data can be used to establish a trust between the vehicle and the mobile device;

issuing a secrecy challenge by the vehicle to the mobile device, where the secrecy challenge is encrypted using a secret key included in or derived from the security data from the telematics server;

responding to the secrecy challenge by the mobile device to the vehicle, where the secret key is also known and used by the mobile device; and

establishing secure Wi-Fi communications between the vehicle and the mobile device upon a valid response to the secrecy challenge.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method for establishing secure wireless communications between a mobile device and a vehicle, where a user is not required to enter a password, but instead the telematics system is used to bootstrap the trust between the mobile device and the vehicle. The user initiates the process by pressing a button on the mobile device to request pairing. The vehicle uses its secure OnStar cellular communication link to verify the mobile device with the OnStar server, which generates and sends a session key to the vehicle via the vehicle-OnStar cellular connection, and also sends the session key to the mobile device via the device'"'"'s own cellular connection. The session key serves as a shared secret, such that the vehicle can issue a secrecy challenge to the mobile device. When the mobile device responds appropriately, a trusted wireless communications link can be established between the mobile device and the vehicle.

Citations

20 Claims

1. A method for secure pairing of mobile devices with a vehicle, said method comprising:
- providing a first secure communications channel between the vehicle and a telematics server, and a second secure communications channel between a mobile device and the telematics server.requesting access to a vehicle'"'"'s Wi-Fi network by the mobile device;
  
  providing information about the vehicle and the mobile device to the telematics server over the secure communications channels;
  
  providing security data to the vehicle and the mobile device by the telematics server over the secure communications channels, where the security data can be used to establish a trust between the vehicle and the mobile device;
  
  issuing a secrecy challenge by the vehicle to the mobile device, where the secrecy challenge is encrypted using a secret key included in or derived from the security data from the telematics server;
  
  responding to the secrecy challenge by the mobile device to the vehicle, where the secret key is also known and used by the mobile device; and
  
  establishing secure Wi-Fi communications between the vehicle and the mobile device upon a valid response to the secrecy challenge.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. The method of claim 1 wherein providing information about the vehicle and the mobile device to a telematics server includes the vehicle sending a digitally signed message to the telematics server identifying a device address of the vehicle and a device address of the mobile device.
  - 3. The method of claim 2 wherein providing security data to the vehicle and the mobile device by the telematics server includes sending a session key generated by the telematics server in an encrypted, digitally signed message to both the vehicle and the mobile device.
  - 4. The method of claim 3 wherein issuing a secrecy challenge includes generating a random number and symmetrically encrypting the random number by the vehicle using the session key as the secret key.
  - 5. The method of claim 4 wherein responding to the secrecy challenge includes the mobile device using the session key as the secret key to decrypt the secrecy challenge from the vehicle, and using the session key as the secret key to symmetrically encrypt a message to the vehicle containing the random number.
  - 6. The method of claim 1 wherein providing information about the vehicle and the mobile device to a telematics server includes each of the vehicle and the mobile device generating an ephemeral private/public key pair, and each of the vehicle and the mobile device creating a digitally signed message including its ephemeral public key, its device address, a counter and a timestamp, and sending the message to the telematics server.
  - 7. The method of claim 6 wherein providing security data to the vehicle and the mobile device by the telematics server includes sending the ephemeral public key and the device address of the mobile device to the vehicle, and sending the ephemeral public key and the device address of the vehicle to the mobile device.
  - 8. The method of claim 7 wherein issuing a secrecy challenge includes generating a random number and symmetrically encrypting the random number by the vehicle using a session key, generated by performing a Diffie-Hellman calculation on the ephemeral private key of the vehicle and the ephemeral public key of the mobile device, as the secret key.
  - 9. The method of claim 8 wherein responding to the secrecy challenge includes the mobile device using the session key, generated by performing the Diffie-Hellman calculation on the ephemeral public key of the vehicle and the ephemeral private key of the mobile device, as the secret key to decrypt the secrecy challenge from the vehicle, and using the session key as the secret key to symmetrically encrypt a message to the vehicle containing the random number.
  - 10. The method of claim 1 further comprising obtaining permission from a primary mobile device for Wi-Fi network admission of a guest mobile device, by the telematics server, before providing the security data to the vehicle and the guest mobile device.
  - 11. The method of claim 1 wherein the telematics server is an OnStar server.

12. A method for secure pairing of a mobile device with a vehicle, said method comprising:
- providing a first secure communications channel between the vehicle and an OnStar server, and a second secure communications channel between the mobile device and the OnStar server;
  
  requesting access to a vehicle'"'"'s Wi-Fi network by the mobile device;
  
  providing information about the vehicle and the mobile device to the OnStar server, including the vehicle sending a digitally signed message to the OnStar server identifying a device address of the vehicle and a device address of the mobile device;
  
  providing security data to the vehicle and the mobile device by the OnStar server, including sending a session key generated by the OnStar server in an encrypted, digitally signed message to both the vehicle and the mobile device;
  
  issuing a secrecy challenge by the vehicle to the mobile device, including generating a random number and symmetrically encrypting the random number by the vehicle using the session key as the secret key;
  
  responding to the secrecy challenge by the mobile device to the vehicle, including the mobile device using the session key as the secret key to decrypt the secrecy challenge from the vehicle, and using the session key as the secret key to symmetrically encrypt a message to the vehicle containing the random number; and
  
  establishing secure Wi-Fi communications between the vehicle and the mobile device upon a valid response to the secrecy challenge.
- View Dependent Claims (13)
- - 13. The method of claim 12 further comprising obtaining permission from a primary mobile device for Wi-Fi network admission of a guest mobile device, by the OnStar server, before providing the security data to the vehicle and the guest mobile device.

14. A method for secure pairing of a mobile device with a vehicle, said method comprising:
- providing a first secure communications channel between the vehicle and an OnStar server, and a second secure communications channel between the mobile device and the OnStar server.requesting access to a vehicle'"'"'s Wi-Fi network by the mobile device;
  
  providing information about the vehicle and the mobile device to the OnStar server, including each of the vehicle and the mobile device generating an ephemeral private/public key pair, and each of the vehicle and the mobile device creating a digitally signed message including its ephemeral public key, its device address, a counter and a timestamp, and sending the message to the telematics server;
  
  providing security data to the vehicle and the mobile device by the OnStar server, including sending the ephemeral public key and the device address of the mobile device to the vehicle, and sending the ephemeral public key and the device address of the vehicle to the mobile device;
  
  issuing a secrecy challenge by the vehicle to the mobile device, including generating a random number and symmetrically encrypting the random number by the vehicle using a session key, generated by performing a Diffie-Hellman calculation on the ephemeral private key of the vehicle and the ephemeral public key of the mobile device, as the secret key;
  
  responding to the secrecy challenge by the mobile device to the vehicle, including the mobile device using the session key, generated by performing the Diffie-Hellman calculation on the ephemeral public key of the vehicle and the ephemeral private key of the mobile device, as the secret key to decrypt the secrecy challenge from the vehicle, and using the session key as the secret key to symmetrically encrypt a message to the vehicle containing the random number; and
  
  establishing secure Wi-Fi communications between the vehicle and the mobile device upon a valid response to the secrecy challenge.
- View Dependent Claims (15)
- - 15. The method of claim 14 further comprising obtaining permission from a primary mobile device for Wi-Fi network admission of a guest mobile device, by the OnStar server, before providing the security data to the vehicle and the guest mobile device.

16. A system for secure pairing of mobile devices with vehicles, said system comprising:
- a vehicle hosting a Wi-Fi network;
  
  a mobile device desiring access to the vehicle'"'"'s Wi-Fi network;
  
  a telematics server configured to provide security data to the vehicle and the mobile device, where the security data can be used to establish a trust between the vehicle and the mobile device;
  
  a first secure communications channel between the vehicle and the telematics server; and
  
  a second secure communications channel between the mobile device and the telematics server.
- View Dependent Claims (17, 18, 19, 20)
- - 17. The system of claim 16 wherein the first and second secure communications channels include a cellular service provider connection from the vehicle and the mobile device to the internet, and a connection from the internet to the telematics server.
  - 18. The system of claim 16 wherein:
    - the vehicle sends a digitally signed message to the telematics server identifying a device address of the vehicle and a device address of the mobile device;
      
      the telematics server generates a session key and sends the session key in an encrypted, digitally signed message to both the vehicle and the mobile device;
      
      the vehicle issues a secrecy challenge to the mobile device, including generating a random number and symmetrically encrypting the random number by the vehicle using the session key as a secret key;
      
      the mobile device responds to the secrecy challenge, including the mobile device using the session key as the secret key to decrypt the secrecy challenge from the vehicle, and using the session key as the secret key to symmetrically encrypt a message to the vehicle containing the random number; and
      
      the vehicle establishes secure Wi-Fi communications with the mobile device upon receiving a valid response to the secrecy challenge.
  - 19. The system of claim 16 wherein:
    - each of the vehicle and the mobile device generate an ephemeral private/public key pair, and each of the vehicle and the mobile device creates a digitally signed message including its ephemeral public key, its device address, a counter and a timestamp, and sends the message to the telematics server;
      
      the telematics server sends the ephemeral public key and the device address of the mobile device to the vehicle, and sends the ephemeral public key and the device address of the vehicle to the mobile device;
      
      the vehicle issues a secrecy challenge to the mobile device, including generating a random number and symmetrically encrypting the random number by the vehicle using a session key, generated by performing a Diffie-Hellman calculation on the ephemeral private key of the vehicle and the ephemeral public key of the mobile device, as the secret key;
      
      the mobile device responds to the secrecy challenge, including the mobile device using the session key, generated by performing the Diffie-Hellman calculation on the ephemeral public key of the vehicle and the ephemeral private key of the mobile device, as the secret key to decrypt the secrecy challenge from the vehicle, and using the session key as the secret key to symmetrically encrypt a message to the vehicle containing the random number; and
      
      the vehicle establishes secure Wi-Fi communications with the mobile device upon receiving a valid response to the secrecy challenge.
  - 20. The system of claim 16 wherein the telematics server is configured to obtain permission from a primary mobile device for Wi-Fi network admission of a guest mobile device before providing the security data to the vehicle and the guest mobile device.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
GM Global Technology Operations LLC (General Motors Company)
Original Assignee
GM Global Technology Operations LLC (General Motors Company)
Inventors
Bai, Fan, Pop, David P., Correia, John J., Rabadi, Nader M.

Granted Patent

US 8,831,224 B2
Time in Patent Office

Days
Field of Search
US Class Current

380/270
CPC Class Codes

H04L 2209/80   Wireless

H04L 2209/84   Vehicles

H04L 63/0823   using certificates cryptogr...

H04L 63/0869   for achieving mutual authen...

H04L 63/18   using different networks or...

H04L 9/3247   involving digital signatures

H04L 9/3271   using challenge-response

H04L 9/3297   involving time stamps, e.g....

H04W 12/04   Key management, e.g. using ...

H04W 12/06   Authentication

H04W 12/50   Secure pairing of devices

H04W 84/12   WLAN [Wireless Local Area N...

METHOD AND APPARATUS FOR SECURE PAIRING OF MOBILE DEVICES WITH VEHICLES USING TELEMATICS SYSTEM

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

METHOD AND APPARATUS FOR SECURE PAIRING OF MOBILE DEVICES WITH VEHICLES USING TELEMATICS SYSTEM

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links