Method and apparatus for using a secure credential infrastructure to access vehicle components
First Claim
Patent Images
1. A computer controlled method to personalize a vehicle that is associated with a prospective member device, the method comprising:
- establishing a credential by exchanging a key'"'"'s commitment information over a preferred channel between a credential issuing device and said prospective member device on the vehicle to pre-authenticate said prospective member device;
wherein the preferred channel is a short-range communications channel that excludes telephone communication;
wherein the preferred channel has a physical identification property that requires identification be based on physical proximity;
wherein the preferred channel does not prevent an attacker from monitoring transmissions on the preferred channel; and
wherein the preferred channel has an authenticity property that allows a legitimate party to detect the number of participants in a communication such that an attacker cannot transmit over the preferred channel without detection;
verifying that a public key received from said prospective member device match said key'"'"'s commitment information;
provisioning said prospective member device with said credential, whereby said prospective member device becomes a member device associated with said vehicle; and
securely communicating personalization information to said vehicle through said member device using said credential.
1 Assignment
0 Petitions
Accused Products
Abstract
We present technology that allows layman computer users to simply create, provision, and maintain secured infrastructure—an instant PKI. This technology can be used in a wide variety of applications including enabling secure communications to components of a vehicle, and enabling secure communications between the vehicle and associated infrastructure.
82 Citations
25 Claims
-
1. A computer controlled method to personalize a vehicle that is associated with a prospective member device, the method comprising:
-
establishing a credential by exchanging a key'"'"'s commitment information over a preferred channel between a credential issuing device and said prospective member device on the vehicle to pre-authenticate said prospective member device; wherein the preferred channel is a short-range communications channel that excludes telephone communication; wherein the preferred channel has a physical identification property that requires identification be based on physical proximity; wherein the preferred channel does not prevent an attacker from monitoring transmissions on the preferred channel; and wherein the preferred channel has an authenticity property that allows a legitimate party to detect the number of participants in a communication such that an attacker cannot transmit over the preferred channel without detection; verifying that a public key received from said prospective member device match said key'"'"'s commitment information; provisioning said prospective member device with said credential, whereby said prospective member device becomes a member device associated with said vehicle; and securely communicating personalization information to said vehicle through said member device using said credential. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14)
-
-
15. A prospective member device capable of personalizing a vehicle that is associated with the prospective member device, the prospective member device comprising:
-
a credential establishment mechanism configured to establish a credential by exchanging a key'"'"'s commitment information over a preferred channel between a credential issuing device and the prospective member device; wherein the preferred channel is a short-range communications channel which excludes telephone communication; wherein the preferred channel has a physical identification property that requires identification be based on physical proximity; wherein the preferred channel does not prevent an attacker from monitoring transmissions on the preferred channel; and wherein the preferred channel has an authenticity property that allows a legitimate party to detect the number of participants in the communication such that an attacker cannot transmit over the preferred channel without detection; a pre-authentication mechanism configured to verify that a public key associated with the prospective member device match said key commitment information; a credential provisioning mechanism configured to receive a credential whereby said prospective member device on the vehicle becomes a member device associated with said vehicle; and a communication mechanism configured to securely communicate personalization information for said vehicle through said member device using said credential. - View Dependent Claims (16, 17, 18, 19, 20, 21, 22, 23, 24)
-
-
25. A vehicle including a plurality of computerized devices, at least one of said plurality of computerized devices being a prospective member device comprising:
-
a secure credential infrastructure creation mechanism configured to create a secure credential infrastructure; a credential establishment mechanism comprising;
at least one port configured to establish a preferred channel;wherein the preferred channel is a short-range communications channel which excludes telephone communication; wherein the preferred channel has a physical identification property that requires identification be based on physical proximity; wherein the preferred channel does not prevent an attacker from monitoring transmissions on the preferred channel; and wherein the preferred channel has an authenticity property that allows a legitimate party to detect the number of participants in the communication such that an attacker cannot transmit over the preferred channel without detection; a pre-authentication mechanism configured to verify that a public key associated with the prospective member device match said key commitment information; a credential provisioning mechanism configured to receive a credential whereby said prospective member device on the vehicle becomes a member device associated with said vehicle; and a communication mechanism configured to securely communicate personalization information for said vehicle through said member device using said credential.
-
Specification