Digital certificate pool
First Claim
1. A method of assigning a plurality of private keys to a vehicle in a wireless system, the method comprising:
- generating a vehicle identifier that is indicative of the vehicle based on at least one of a hardware configuration and a software configuration of the vehicle such that the vehicle identifier changes when the at least one of the hardware configuration and the software configuration changes;
encrypting the vehicle identifier at the vehicle;
sending a request for the private keys with the encrypted vehicle identifier from the vehicle to a certificate authority;
obtaining an authentication of the vehicle based on the encrypted vehicle identifier to assign the private keys to the vehicle;
selecting the plurality of private keys from a pool of common private keys, at least one of the selected private keys being used for encrypting a message at the vehicle, and each of the private keys in the pool of common private keys being shared by a plurality of vehicles;
sending the selected private keys to the vehicle; and
storing the selected private keys in the vehicle.
2 Assignments
0 Petitions
Accused Products
Abstract
A wireless vehicle and infrastructure system is described that allows for utilization of a quasi-anonymous common private key/digital certificate pool, such that all vehicles are authenticated to the system, but no one vehicle/user can be readily identified during their use of the system because of their use of set of common private key/digital certificate pairs that are assigned to each vehicle from the pool and are common across multiple vehicles. Vehicle/user anonymity is only temporarily removed during vehicle/user re-authentication and re-issuance of new common private key/digital certificate pairs from the pool in the wireless vehicle and infrastructure system.
-
Citations
35 Claims
-
1. A method of assigning a plurality of private keys to a vehicle in a wireless system, the method comprising:
-
generating a vehicle identifier that is indicative of the vehicle based on at least one of a hardware configuration and a software configuration of the vehicle such that the vehicle identifier changes when the at least one of the hardware configuration and the software configuration changes; encrypting the vehicle identifier at the vehicle; sending a request for the private keys with the encrypted vehicle identifier from the vehicle to a certificate authority; obtaining an authentication of the vehicle based on the encrypted vehicle identifier to assign the private keys to the vehicle; selecting the plurality of private keys from a pool of common private keys, at least one of the selected private keys being used for encrypting a message at the vehicle, and each of the private keys in the pool of common private keys being shared by a plurality of vehicles; sending the selected private keys to the vehicle; and storing the selected private keys in the vehicle. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A method of operating a wireless system, the method comprising:
-
sending a message to the wireless system from a vehicle by randomly using a different private key/digital certificate pair from a set of valid private key/digital certificate pairs stored on the vehicle to sign the message being sent to the wireless system, the wireless system maintaining a pool of current valid common private key/digital certificate pairs that includes the set of the valid private key/digital certificate pairs, each of the private key/digital certificate pairs in the pool of currently valid common private key/digital certificate pairs being shared by and stored in a plurality of vehicles; preparing a certificate revocation list message including a list of revoked private key/digital certificate pairs to be revoked; revoking a valid private key/digital certificate pair by sending the certificate revocation list message from the wireless system to the vehicle, and the vehicle removing the revoked private key/digital certificate pairs on the certificate revocation list message from the vehicle; sending a request for a new currently valid private key/digital certificate pair with an encrypted vehicle identifier from the vehicle to a certificate authority with the vehicle identifier being indicative of the vehicle and based on at least one of a hardware configuration and a software configuration of the vehicle such that the encrypted vehicle identifier changes when the at least one of the hardware configuration and the software configuration changes; obtaining an authentication of the vehicle based on the encrypted vehicle identifier to assign the new currently valid private key/digital certificate pair; and receiving and storing on the vehicle the new currently valid private key/digital certificate pair from the pool of currently valid common private key/digital certificate pairs that is selected and assigned by the certificate authority. - View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18)
-
-
19. A method of operating a vehicle to communicate based on a public-key cryptography using a private key for encrypting a message and a public key for decrypting the message, the method comprising:
-
randomly using a different private key/digital certificate pair from a set of valid private key/digital certificate pairs stored on a vehicle to sign or encrypt the message being sent to a wireless system, the wireless system maintaining a pool of currently valid common private key/digital certificate pairs that includes the set of the valid private key/digital certificate pairs; receiving a certificate revocation list message sent out by the wireless system that contains a list of revoked private key/digital certificate pairs to be revoked; and replacing a private key/digital certificate pair of the set of stored private key/digital certificate pairs on the vehicle if it is on the certificate revocation list by contacting a certificate authority and authenticating the vehicle by sending an encrypted vehicle identifier, which is indicative of the vehicle based on at least one of a hardware configuration and a software configuration of the vehicle such that the vehicle identifier changes when the at least one of the hardware configuration and the software configuration changes, selecting a private key/digital certificate pair from the pool of valid common private key/digital certificate pairs, with each of the private keys in the pool of common private keys being shared by another vehicle, and receiving and storing on the vehicle a new assigned valid private key/digital certificate pair from the pool of currently valid common private key/digital certificate pairs from the certificate authority. - View Dependent Claims (20, 21, 22, 23, 24, 25, 26, 27)
-
-
28. A wireless communication system based on a public-key cryptograph using a private key for encrypting a message and a public key for decrypting the message, the wireless communication system comprising:
-
a wireless system maintaining a pool of currently valid common private key/digital certificate pairs including a selected set of the valid private key/digital certificate pairs; and a vehicle adapted to send the message by randomly using a different private key/digital certificate pair from the selected set of valid private key/digital certificate pairs stored on the vehicle to sign the message being sent by the vehicle, each of the private key/digital certificate pairs in the pool of currently valid common private key/digital certificate pairs being shared by a plurality of vehicles, the vehicle being further adapted to generate an encrypted vehicle identifier that is indicative of the vehicle based on at least one of a hardware configuration and a software configuration of the vehicle such that the vehicle identifier changes when the at least one of the hardware configuration and the software configuration changes, send a request for the private key/digital certificate pairs including the encrypted vehicle identifier, and receive and store the selected set of private key/digital certificate pairs. - View Dependent Claims (29, 30, 31)
-
-
32. A vehicle comprising:
-
a vehicle component adapted to send a message by randomly using a different private key/digital certificate pair from a set of valid private key/digital certificate pairs stored on the vehicle to sign the message being sent by the vehicle to a wireless system, the wireless system maintaining a pool of currently valid common private key/digital certificate pairs that includes the set of the valid private key/digital certificate pairs, each of the private key/digital certificate pairs in the pool of currently valid common private key/digital certificate pairs being shared by a plurality of vehicles, the vehicle component being further adapted to generate an encrypted vehicle identifier that is indicative of the vehicle based on at least one of a hardware configuration and a software configuration of the vehicle such that the encrypted vehicle identifier changes when the at least one of the hardware configuration and the software configuration changes, send a request for the private key/digital certificate pairs including the encrypted vehicle identifier, and receive and store the private key/digital certificate pairs selected from the pool of currently valid common private key/digital certificate pairs. - View Dependent Claims (33, 34, 35)
-
Specification