Method and apparatus for using a secure credential infrastructure to access vehicle components

US 7,757,076 B2
Filed: 04/30/2004
Issued: 07/13/2010
Est. Priority Date: 12/08/2003
Status: Expired due to Fees

First Claim

Patent Images

1. A computer controlled method to personalize a vehicle that is associated with a prospective member device, the method comprising:

establishing a credential by exchanging a key'"'"'s commitment information over a preferred channel between a credential issuing device and said prospective member device on the vehicle to pre-authenticate said prospective member device;

wherein the preferred channel is a short-range communications channel that excludes telephone communication;

wherein the preferred channel has a physical identification property that requires identification be based on physical proximity;

wherein the preferred channel does not prevent an attacker from monitoring transmissions on the preferred channel; and

wherein the preferred channel has an authenticity property that allows a legitimate party to detect the number of participants in a communication such that an attacker cannot transmit over the preferred channel without detection;

verifying that a public key received from said prospective member device match said key'"'"'s commitment information;

provisioning said prospective member device with said credential, whereby said prospective member device becomes a member device associated with said vehicle; and

securely communicating personalization information to said vehicle through said member device using said credential.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

We present technology that allows layman computer users to simply create, provision, and maintain secured infrastructure—an instant PKI. This technology can be used in a wide variety of applications including enabling secure communications to components of a vehicle, and enabling secure communications between the vehicle and associated infrastructure.

82 Citations

View as Search Results

25 Claims

1. A computer controlled method to personalize a vehicle that is associated with a prospective member device, the method comprising:
- establishing a credential by exchanging a key'"'"'s commitment information over a preferred channel between a credential issuing device and said prospective member device on the vehicle to pre-authenticate said prospective member device;
  
  wherein the preferred channel is a short-range communications channel that excludes telephone communication;
  
  wherein the preferred channel has a physical identification property that requires identification be based on physical proximity;
  
  wherein the preferred channel does not prevent an attacker from monitoring transmissions on the preferred channel; and
  
  wherein the preferred channel has an authenticity property that allows a legitimate party to detect the number of participants in a communication such that an attacker cannot transmit over the preferred channel without detection;
  
  verifying that a public key received from said prospective member device match said key'"'"'s commitment information;
  
  provisioning said prospective member device with said credential, whereby said prospective member device becomes a member device associated with said vehicle; and
  
  securely communicating personalization information to said vehicle through said member device using said credential.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14)
- - 2. The computer controlled method of claim 1, wherein said personalization information comprises protected information related to an occupant of said vehicle.
  - 3. The computer controlled method of claim 2, wherein said protected information includes at least one datum selected from a group consisting of spatial coordinate data, personal identification data of said occupant, account identification data, insurance-related data;
    - vehicle identification data, vehicle operation data, financial data, telephone number data, wireless network data, travel data, and vehicle occupancy data.
  - 4. The computer controlled method of claim 2, wherein said protected information includes at least one datum selected from a group consisting of operating control preferences data, radio operation preferences data, location preferences data, navigation data, controllable environmental preferences, vehicle security system preferences, and vehicle instrument cluster display preferences.
  - 5. The computer controlled method of claim 1, wherein said credential issuing device is selected from the group consisting of a personal data assistant, a cell phone, a computer, a camera, a dedicated key device, a smart card, a personally wearable device, and a subscriber identification module.
  - 6. The computer controlled method of claim 1, wherein said credential issuing device includes said credential issuing authority.
  - 7. The computer controlled method of claim 1, wherein said preferred channel is a location-limited channel.
  - 8. The computer controlled method of claim 1, wherein the step of automatically provisioning is performed by an enrollment station in communication with said credential issuing device.
  - 9. The computer controlled method of claim 1, wherein said secure credential infrastructure is a public key infrastructure, said credential issuing authority is a certification authority and said credential is a public key certificate.
  - 10. The computer controlled method of claim 9, wherein the step of exchanging further comprises steps of:
    - creating a public key pair for said prospective member device; and
      
      sending said public key pair to said prospective member device over said preferred channel.
  - 11. The computer controlled method of claim 9, further comprising steps of:
    - creating a trusted key pair;
      
      storing said trusted key pair;
      
      establishing a certification authority public key certificate; and
      
      storing said certification authority public key certificate.
  - 12. The computer controlled method of claim 1, further comprising a step of revoking said credential.
  - 13. The computer controlled method of claim 1, further comprising a step of using said member device to securely communicate to an external member device that is remote from said vehicle.
  - 14. The computer controlled method of claim 1, further comprising a step of said member device communicating with a second member device.

15. A prospective member device capable of personalizing a vehicle that is associated with the prospective member device, the prospective member device comprising:
- a credential establishment mechanism configured to establish a credential by exchanging a key'"'"'s commitment information over a preferred channel between a credential issuing device and the prospective member device;
  
  wherein the preferred channel is a short-range communications channel which excludes telephone communication;
  
  wherein the preferred channel has a physical identification property that requires identification be based on physical proximity;
  
  wherein the preferred channel does not prevent an attacker from monitoring transmissions on the preferred channel; and
  
  wherein the preferred channel has an authenticity property that allows a legitimate party to detect the number of participants in the communication such that an attacker cannot transmit over the preferred channel without detection;
  
  a pre-authentication mechanism configured to verify that a public key associated with the prospective member device match said key commitment information;
  
  a credential provisioning mechanism configured to receive a credential whereby said prospective member device on the vehicle becomes a member device associated with said vehicle; and
  
  a communication mechanism configured to securely communicate personalization information for said vehicle through said member device using said credential.
- View Dependent Claims (16, 17, 18, 19, 20, 21, 22, 23, 24)
- - 16. The prospective member device of claim 15, wherein said personalization information comprises protected information related to an occupant of said vehicle.
  - 17. The prospective member device of claim 16, wherein said protected information includes at least one datum selected from a group consisting of spatial coordinate data, personal identification data of said occupant, account identification data, insurance-related data;
    - vehicle identification data, vehicle operation data, financial data, telephone number data, wireless network data, travel data, and vehicle occupancy data.
  - 18. The prospective member device of claim 16, wherein said protected information includes at least one datum selected from a group consisting of operating control preferences data, radio operation preferences data, location preferences data, navigation data, controllable environmental preferences, vehicle security system preferences, and vehicle instrument cluster display preferences.
  - 19. The prospective member device of claim 15, wherein said credential is received from a credential issuing device.
  - 20. The prospective member device of claim 15, wherein said preferred channel is a location-limited channel.
  - 21. The prospective member device of claim 15, wherein said secure credential infrastructure is a public key infrastructure, said credential issuing authority is a certification authority and said credential is a public key certificate.
  - 22. The prospective member device of claim 21, wherein the key receiver mechanism further comprises a public key pair receiver mechanism configured to receive said public key pair over said preferred channel.
  - 23. The prospective member device of claim 15, further configured to securely communicate to an external member device that is remote from said vehicle.
  - 24. The prospective member device of claim 15, further comprising a secure communication mechanism configured to securely communicate with a second member device.

25. A vehicle including a plurality of computerized devices, at least one of said plurality of computerized devices being a prospective member device comprising:
- a secure credential infrastructure creation mechanism configured to create a secure credential infrastructure;
  
  a credential establishment mechanism comprising;
  
  at least one port configured to establish a preferred channel;
  
  wherein the preferred channel is a short-range communications channel which excludes telephone communication;
  
  wherein the preferred channel has a physical identification property that requires identification be based on physical proximity;
  
  wherein the preferred channel does not prevent an attacker from monitoring transmissions on the preferred channel; and
  
  wherein the preferred channel has an authenticity property that allows a legitimate party to detect the number of participants in the communication such that an attacker cannot transmit over the preferred channel without detection;
  
  a pre-authentication mechanism configured to verify that a public key associated with the prospective member device match said key commitment information;
  
  a credential provisioning mechanism configured to receive a credential whereby said prospective member device on the vehicle becomes a member device associated with said vehicle; and
  
  a communication mechanism configured to securely communicate personalization information for said vehicle through said member device using said credential.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Palo Alto Research Center, Inc. (Xerox Holdings Corp.)
Original Assignee
Palo Alto Research Center, Inc. (Xerox Holdings Corp.)
Inventors
Smetters, Diana K., Balfanz, Dirk, Durfee, Glenn E., Wong, Hao-Chi, Stewart, Paul J., Grinter, Rebecca E.
Primary Examiner(s)
Moazzami; Nasser
Assistant Examiner(s)
Johnson; Carlton V

Application Number

US10/837,323
Publication Number

US 20050125669A1
Time in Patent Office

2,265 Days
Field of Search

713/171, 713/175
US Class Current

713/156
CPC Class Codes

H04L 63/0492   by using a location-limited...

H04L 63/061   for key exchange, e.g. in p...

H04L 63/0823   using certificates cryptogr...

H04L 63/12   Applying verification of th...

H04L 67/125   involving control of end-de...

H04W 12/04   Key management, e.g. using ...

H04W 12/062   Pre-authentication

Method and apparatus for using a secure credential infrastructure to access vehicle components

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

82 Citations

25 Claims

Specification

Use Cases

Quick Links

Others

Method and apparatus for using a secure credential infrastructure to access vehicle components

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

82 Citations

25 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others