US20200128374A1 - System for authenticating and authorizing access to and accounting for wireless access vehicular environment consumption by client devices - Google Patents

System for authenticating and authorizing access to and accounting for wireless access vehicular environment consumption by client devices Download PDF

Info

Publication number
US20200128374A1
US20200128374A1 US16/581,016 US201916581016A US2020128374A1 US 20200128374 A1 US20200128374 A1 US 20200128374A1 US 201916581016 A US201916581016 A US 201916581016A US 2020128374 A1 US2020128374 A1 US 2020128374A1
Authority
US
United States
Prior art keywords
aaa server
obu
operable
ipv6
aaa
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Abandoned
Application number
US16/581,016
Inventor
Martin D. Nathanson
Original Assignee
Paxgrid Cdn Inc.
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Paxgrid Cdn Inc. filed Critical Paxgrid Cdn Inc.
Priority to US16/581,016 priority Critical patent/US20200128374A1/en
Publication of US20200128374A1 publication Critical patent/US20200128374A1/en
Priority to US17/832,071 priority patent/US11812349B2/en
Priority to US18/378,947 priority patent/US20240040350A1/en
Abandoned legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W4/00Services specially adapted for wireless communication networks; Facilities therefor
    • H04W4/30Services specially adapted for particular environments, situations or purposes
    • H04W4/40Services specially adapted for particular environments, situations or purposes for vehicles, e.g. vehicle-to-pedestrians [V2P]
    • H04W4/44Services specially adapted for particular environments, situations or purposes for vehicles, e.g. vehicle-to-pedestrians [V2P] for communication between vehicles and infrastructures, e.g. vehicle-to-cloud [V2C] or vehicle-to-home [V2H]
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/45Structures or tools for the administration of authentication
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/46Multiprogramming arrangements
    • G06F9/54Interprogram communication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/02Protecting privacy or anonymity, e.g. protecting personally identifiable information [PII]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/03Protecting confidentiality, e.g. by encryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/04Key management, e.g. using generic bootstrapping architecture [GBA]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • H04W12/068Authentication using credential vaults, e.g. password manager applications or one time password [OTP] applications
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • H04W12/069Authentication using certificates or pre-shared keys
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/08Access security
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/08Access security
    • H04W12/084Access security using delegated authorisation, e.g. open authorisation [OAuth] protocol
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/08Access security
    • H04W12/086Access security using security domains
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W4/00Services specially adapted for wireless communication networks; Facilities therefor
    • H04W4/24Accounting or billing
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2101/00Indexing scheme associated with group H04L61/00
    • H04L2101/60Types of network addresses
    • H04L2101/618Details of network addresses
    • H04L2101/659Internet protocol version 6 [IPv6] addresses
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/80Wireless
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/84Vehicles
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L43/00Arrangements for monitoring or testing data switching networks
    • H04L43/08Monitoring or testing based on specific metrics, e.g. QoS, energy consumption or environmental parameters
    • H04L43/0805Monitoring or testing based on specific metrics, e.g. QoS, energy consumption or environmental parameters by checking availability
    • H04L43/0811Monitoring or testing based on specific metrics, e.g. QoS, energy consumption or environmental parameters by checking availability by checking connectivity
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L61/00Network arrangements, protocols or services for addressing or naming
    • H04L61/50Address allocation
    • H04L61/5092Address allocation by self-assignment, e.g. picking addresses at random and testing if they are already in use
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0823Network architectures or network communication protocols for network security for authentication of entities using certificates
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0892Network architectures or network communication protocols for network security for authentication of entities by using authentication-authorization-accounting [AAA] servers or protocols
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/12Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W80/00Wireless network protocols or protocol adaptations to wireless operation
    • H04W80/04Network layer protocols, e.g. mobile IP [Internet Protocol]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W84/00Network topologies
    • H04W84/005Moving wireless networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W88/00Devices specially adapted for wireless communication networks, e.g. terminals, base stations or access point devices
    • H04W88/02Terminal devices
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W88/00Devices specially adapted for wireless communication networks, e.g. terminals, base stations or access point devices
    • H04W88/08Access point devices
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W88/00Devices specially adapted for wireless communication networks, e.g. terminals, base stations or access point devices
    • H04W88/14Backbone network devices
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W92/00Interfaces specially adapted for wireless communication networks
    • H04W92/02Inter-networking arrangements
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W92/00Interfaces specially adapted for wireless communication networks
    • H04W92/04Interfaces between hierarchically different network devices
    • H04W92/045Interfaces between hierarchically different network devices between access point and backbone network device
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W92/00Interfaces specially adapted for wireless communication networks
    • H04W92/04Interfaces between hierarchically different network devices
    • H04W92/10Interfaces between hierarchically different network devices between terminal device and access point, i.e. wireless air interface

Definitions

  • DSRC Dedicated Short-Range Communications
  • OBU On-board unit
  • RSU roadside unit
  • OBU typically includes, but is not limited to, a mobile computing device enabled for DSRC communications, meeting the requirements for V2V specified in SAE J2945/1 and SAE J2945/2, or the requirements for V2P, to be specified in future variants of SAE J2945.
  • RSU typically includes, but is not limited to, a stationary or quasi-stationary computing device enabled for DSRC communications, compliant with the IEEE 802.11p specification for the DSRC MAC and PHY layers, the WAVE protocol stack and capable of broadcasting WAVE Service Advertisements (WSAs) on the DSRC Control Channel (CCH).
  • WSAs WAVE Service Advertisements
  • CCH DSRC Control Channel
  • OBU devices without valid security credentials can be effectively denied the WSAs of the RSU, which is typically accomplished by simply discarding transmissions sent by the OBU.
  • WSA are periodic messages defined by the IEEE 1609 protocol suite that identifiers services available on the network.
  • the WAVE architecture provides for authentication of an OBU based on a digital signature in the headers of WAVE Short Message Protocol (WSMP) messages originating from the OBU.
  • the digital signature is generated by the OBU according to an asymmetrical encryption technique and the message transmitted also includes the certificate containing the public key so that the receiving RSU can decrypt the signature.
  • a DSRC infrastructure authority (“infrastructure authority”) may propagate the Certificate Revocation List to the RSUs, which identifies OBU devices for which the security credentials are no longer valid. This can be used by the RSU as a criterion for discarding OBU messages sent using WSMP.
  • This mechanism allows a user device to attach itself to an OBU using Stateless Address Auto-configuration (SLAAC), for example through a WiFiPeertoPeer (WiFiDirect) interface.
  • SLAAC Stateless Address Auto-configuration
  • WiFiPeertoPeer WiFiDirect
  • the OBU acts as an IPv6 router for the user device to connect with the Internet through any RSU which advertises the availability of one or more WAVE Service Channels for this purpose.
  • the system also provides the foundation of the methods for authentication of the user device.
  • a system and method which performs Authentication, Authorization and Accounting (AAA) functions necessary to enable an RSU infrastructure operator to quantify wireless bandwidth consumption by in-vehicle devices using the WAVE Service Channels, on a per-device basis.
  • AAA Authentication, Authorization and Accounting
  • AAA server operated by, or on behalf of a DSRC infrastructure authority, comprising at least one processor running at least one computer program adapted to communicate through the Internet with a plurality of mobile devices and/or an OBU operating a subnet for one or more mobile devices, with a plurality of RSUs, in order to carry out the authentication, authorization, and accounting (AAA), thereby enabling the authority to account for WAVE service channel bandwidth consumption by each of the mobile devices having been duly provisioned by the AAA server.
  • AAA authentication, authorization, and accounting
  • Another aspect provides a plurality of AAA servers operated by, or on behalf of a DSRC infrastructure authority, each server comprising at least one processor running at least one computer program adapted to communicate through the Internet with a plurality of mobile devices and with a plurality of RSUs in order to carry out the authentication, authorization and accounting, the plurality of AAA servers being arrayed for load balancing of inbound Internet traffic and enabling the authority to account for WAVE service channel bandwidth consumption by each of the mobile devices and/or by an OBU operating a subnet for one or more of the mobile devices, which have been duly provisioned in a single database, access to the database being synchronized among the plurality of AAA servers.
  • Another aspect provides a RSU configured with an extended IPv6 Management Information Base (MIB) operable to determine packet and byte count statistics for WAVE service channel usage per client device.
  • the client device may be either an OBU, a non-DSRC mobile device that is IPv6-reachable through an OBU, or a DSRC-enabled user device.
  • the IPv6 MIB is also operable to retrieve, for each datagram received from an IPv6 node operating in the route optimization mode of Mobile IPv6, the fixed “home address” of the mobile node carried in the Mobile IPv6 routing header of the datagram.
  • the RSU is operable to accumulate, in Non-Volatile Random Access Memory (NOVRAM), the packet and byte count statistics for WAVE service channel usage per client device and periodically sends the statistics to the AAA server, encapsulated in a UDP/IP message, only refreshing the NOVRAM table when the AAA server has acknowledged reception of the UDP/IP message.
  • NOVRAM Non-Volatile Random Access Memory
  • Another aspect provides an OBU, compliant with WAVE and IEEE 802.11p and configurable with dual-radio capability, running at least one application level computer program adapted to request authentication and authorization from the AAA server, for IPv6 connectivity to the Internet, either on behalf of a neighboring non-DSRC mobile device or for itself, and configured with an extended IPv6 MIB operable to retrieve the addresses of neighboring devices when a new entry is inserted in a routing table, using either a synchronous method based on SNMP GET to retrieve the routing table periodically, or an asynchronous method based on SNMP TRAP to report “real-time” changes in the routing table. It is to be appreciated that other methods may be practiced for updating the routing table without deviating from the subject invention.
  • Another aspect provides a non-DSRC mobile device, operable to request “Internet Subscription” credentials from the AAA server, using a symmetrically encrypted communications channel established with SSL or a similar handshaking protocol for mutual authentication and key exchange, and operable to use the “Internet Subscription” credentials when responding to authentication challenge messages received from the AAA server as defined by one or more exemplary embodiments or aspects herein.
  • FIG. 1 is a system block diagram illustrating an authorization process and an authentication process between a user device and a AAA server according to the subject invention
  • FIG. 1 b is system block diagram illustrating one method for retrieval of an IP source address from a routing table using Simple Network Management Protocol
  • FIG. 1 c is system block diagram illustrating another method for retrieval of an IP source address from a routing table using Simple Network Management Protocol
  • FIG. 2 is a system block diagram illustrating another embodiment of an authorization and authentication process between an On-board Unit and a AAA server;
  • FIG. 3 is a system block diagram illustrating an embodiment of an authentication process according to the subject invention.
  • FIG. 4 is a system block diagram illustrating an authentication process for foreign devices according to the subject invention.
  • FIG. 5 is a block diagram illustrating a protocol stack above Wireless Access Vehicular Environment utilizing a Border Gateway Protocol
  • FIG. 6 is a system block diagram illustrating a process for distribution of security credentials according to another embodiment of the subject invention.
  • FIG. 7 is a system block diagram illustrating yet another authentication and authorization process for foreign devices according to the subject invention.
  • FIG. 8 is a system block diagram illustrating communication between an AAA server and a plurality of Roadside Units
  • FIG. 9 is a flowchart illustrating the authorization process according to the subject invention.
  • FIG. 10 is a system block diagram and flowchart illustrating a blocking and an unblocking of a client device, such as an On-board Unit, at a AAA server; and
  • FIG. 11 is a system block diagram and flowchart illustrating an accounting process according to the subject invention.
  • all nodes are required to have credentials using the encryption methods specified in IEEE 1609.2.
  • the credentials are issued when the device is provisioned and are used to create digital signatures allowing devices to authenticate themselves, as in the case where mobile devices broadcast a Basic Safety Message (BSM) which carries a digital signature based on the issued credentials.
  • BSM Basic Safety Message
  • a service channel for general-purpose IPv6 communications. Whether the service channel can be used should depend on whether there is a Provider Service Identification (PSID) for this, duly registered according to the procedure defined in IEEE 1609.12.
  • PSID Provider Service Identification
  • DSRC infrastructure will be deployed and managed using various forms of public-private partnership, all sharing the attributes of an “infrastructure authority”, which will address the question of spectrum monetization within the framework of their business models.
  • an OBU complies with the functional requirements established in the NHTSA safety standard, the decision as to whether the OBU, or a third party user device connected to the OBU, can be granted IPv6 connectivity over the WAVE Service Channels, and whether the bandwidth usage is billed, may become discretionary choices for the infrastructure authority. Therefore, some exemplary embodiments may enable an infrastructure authority to grant or deny IPv6 connectivity to individual devices and to measure the service channel bandwidth consumption associated with each device. This is accomplished by implementation of the subject invention as described herein.
  • the first step is “Authentication”. This is based on a “logon” procedure executed by a client device, which includes user device (e.g. a Smartphone) or alternatively by the OBU acting on behalf of the user device.
  • the distinction between these two scenarios is a function of the business models available from an infrastructure operator and the choice made by an owner of the OBU, which could be an OEM-manufactured device or an aftermarket retrofit. For example, if the owner of the OBU absorbs all of the costs associated with IPv6 bandwidth consumption, regardless of which third party user device is the communications end point, the logon is to emanate from the OBU device. If the costs are attributable to a neighboring third party user device, the accounting for bandwidth is applicable to the user device, which should therefore be the originator of the logon.
  • the logon is essentially a request for IPv6 connectivity through a neighboring RSU.
  • the user device or the OBU acting on behalf of the user device described above is a requesting device and may be referred to as a “client” or “client device”.
  • a logon message is digitally signed using an encryption key obtained from a digital certificate issued by, or on behalf of, the infrastructure operator.
  • the digital certificate is encapsulated in the logon message, enabling the receiver to decrypt the signature and to verify the credentials presented in the certificate.
  • the logon message is encapsulated in a UDP/IP packet addressed to the “Roadway Authorization Server” (RAS), a separate host maintained by the infrastructure operator.
  • RAS Real-Authorization Server
  • the Authentication step is supported by an external system capable of verifying the credentials identified in the logon message.
  • an external system capable of verifying the credentials identified in the logon message.
  • FMVSS Federal Motor Vehicle Safety Standard
  • SCMS is based on a Public Key Infrastructure (PKI) architecture, wherein asymmetrical encryption keys are generated by a “root” certificate authority and encapsulated in digital certificates which constitute the credentials of the client device.
  • PKI Public Key Infrastructure
  • the technical architecture of SCMS has evolved from a cooperative effort by the USDOT and the automotive industry, as represented by the Collision Avoidance Metrics Partnership (CAMP). A detailed description of SCMS can be found at http://federalregister.gov/a/2014-24482, which is incorporated herein by reference.
  • the primary purpose of SCMS is to ensure that devices participating in the vehicle-to-vehicle (V2V) communications defined by the FMVSS 150 are duly certified and that their operation does not compromise consumer privacy.
  • V2V vehicle-to-vehicle
  • the AAA server is enabled to request assistance from SCMS components in validating the security credentials of a specific device.
  • the validation process is based on the digital signature, the certificate information and an encrypted unique identifier for the device, all of which is encapsulated in the logon received from that device. It is to be appreciated that the digital signature, the certificate information and the encrypted unique identifier could be transmitted separately in a secure manner.
  • the next step is “Authorization”, to which there are two aspects.
  • the first is the verification that the credentials of the client device have not been revoked by the credentialing authority. This is done using the Certificate Revocation List, which is maintained by the SCMS.
  • the current specification for SCMS calls for distribution of the Certificate Revocation List only to OBUs and RSUs. However, the Certificate Revocation List is also to be distributed to the AAA server, in order to enable the latter for the aforementioned verification.
  • the second aspect is that the account associated with the client is in good standing, which is determined according to the policy of the infrastructure operator.
  • the Authorization step may only be required when the Authentication step passes.
  • Implementation of this capability is based on harnessing existing methods specified in IETF RFCs. Specifically, by adding the functionality of Border Gateway Protocol (BGP) to both the AAA server and the RSU, the AAA server is enabled for Remotely Triggered Black Hole (RTBH) filtering within the RSU, whereby IPv6 traffic from the client can be either blocked or unblocked based on whether the client passed the Authentication and Authorization steps.
  • Border Gateway Protocol BGP
  • RTBH Remotely Triggered Black Hole
  • This methodology provides an efficient, standards-based means of controlling access to the mobile Internet services which infrastructure operators may want to offer, and links the duly authorized credentials of the client device requesting the service to the IPv6 routing table of the RSU, without the need to alter the WAVE suite of specifications.
  • the RSU is configured to keep track of the service channel bandwidth consumption by each device, when using the IPv6 interface, and periodically send reports to the AAA server.
  • the Management Information Base (MIB) of the IPv6 layer may be extended to acquire packet and byte count statistics per client.
  • the consumption data is retrieved using a standard SNMP interface and periodically transmitted to the AAA server, for example through a TCP connection.
  • a DSRC RSU routes IPv6 datagrams received from, or transmitted to, an OBU via a WAVE Service Channel.
  • the owner of the RSU which may be the “infrastructure authority”
  • mechanisms are required to authenticate these devices, authorize their use of service channel and account for the amount of bandwidth consumed by each device.
  • the subject invention provides a server which supports these mechanisms, which is typically called AAA (authentication, authorization and accounting).
  • a single-radio OBU device which adheres to the required duty cycle for monitoring both the safety or “V2V” channel, (which is now specified at CH 172 at the “bottom” of the DSRC band) and the Control Channel (CCH or CH 178), may not be suitable for providing IPv6 connectivity services, since, at a minimum, its receiver would have to divide its time even further between the safety channel, CCH and the designated service channel.
  • the incremental cost of dual-radio devices is sufficiently low to warrant vendors configuring an OBU product, either an Aftermarket Safety Device (ASD) or Retrofit Safety Device (RSD), as defined in the “V2V Readiness Report”, incorporated herein by reference, as a dual-radio device. It is therefore assumed throughout this disclosure that an OBU providing access to service channel bandwidth is configured as a dual-radio device. However, it is to be appreciated that the subject invention could also be implement with the single radio device.
  • the RSU which receives the datagram will automatically route it towards its destination.
  • the administrative policy for the RSU calls for IPv6 traffic to be subject to AAA, then authorization for over-the-air IPv6 communications is to be requested on behalf of either the OBU or one or more devices connected to it.
  • FIG. 1 illustrates the authorization process and an authentication process between the user device and the AAA server according to the subject invention.
  • the notification from the RSU indicating the requirement for authorization is embodied in the WAVE Service Advertisement (WSA) 35 .
  • WSAs which are broadcast on the WAVE CCH by RSUs, constitute the method, required by the WAVE standard, with which the RSU informs the OBUs what services are accessible through the RSU broadcasting the WSA.
  • RSU 30 is configured by the infrastructure operator to issue a WSA which includes the IP address and port of the AAA service to which the OBU can send an authorization request.
  • WSA has previously been used to identify only the address where the OBU should send an authorization request.
  • the subject invention utilizes the WSA to also include channel availability information which the OBU should use for channel configuration, as described further below.
  • WSA 35 encapsulates both the IP address and port for the AAA server.
  • WSA 35 also encapsulates a Provider Service Identification (PSID) signifying that this RSU supports the availability of general-purpose IPv6 connectivity subject to AAA management, as well as the identifiers of the available service channels.
  • PSID Provider Service Identification
  • WSA 35 is not required because access to the service channel may be automatic or not restricted.
  • automatic means real-time or near real-time automated processing by one or more processors, non-manually and without human intervention. However, it is to be appreciated that manual involvement may be required without deviating from the subject invention.
  • Process 21 which is generally a user application running in OBU 20 , through the WSMP interface.
  • Process 21 is implemented by and executed by a processor resident in the OBU 20 . It is to be appreciated that the processor may be any readily available device capable of preforming the processes as described herein.
  • the process steps or instructions, which execute via the processor of OBU 20 or user device 10 implement the functions/acts specified in the flowchart and/or diagram shown throughout the Figures and discussed herein.
  • Process 21 registers a “transmitter profile” with the MAC Layer Management Entity (MLME) which specifies the service channel number specified in the WSA.
  • MLME MAC Layer Management Entity
  • This registration of the transmitter profile ensures that the MLME is always updated whenever a policy change results in a change to the services advertised in a WSA. If IPv6 connectivity services are deactivated at a specific time or location (i.e. specific RSU or cluster of RSUs), the PSIDs corresponding to these services are not present in the WSA and process 21 registers a new transmitter profile which does not include the corresponding service channel number. As explained in IEEE 1609.4, when the Channel Router function of the IEEE 802.11p MAC layer (not shown in FIG. 1 ) cannot find this service channel number, packets intended for transmission using this channel are discarded.
  • the authorization function involves a request sent by OBU 20 to the AAA server 40 , illustrated in FIG. 1 by authorization request, or message, 25 .
  • An example of such messages 25 are disclosed in U.S. patent application Ser. No. 14/151,035, wherein it takes the form of a UDP/IPv6 message.
  • This message 25 is initiated by process 21 , and process 21 listens for WSA 35 . If the request has not already been granted by the AAA server 40 , process 21 queues the message 25 for transmission through the IPv6 interface.
  • WSA 35 indicates that the service advertised is billed to an individual account for a third party user device and therefore the authorization request is from the OBU “on behalf of” the third party device, for example a neighboring Smartphone or tablet, the interface between the OBU and the third party device being, in some exemplary embodiments, a wireless link such as WiFi Direct (also called WiFi Peer to Peer).
  • WiFi Direct also called WiFi Peer to Peer
  • the UDP payload of message 25 contains the IP source address of the user device.
  • a network node notifies its neighbors of its routing capabilities through periodic broadcasts of a “router advertisement” (RA) over the interface through which the neighbors may wish to join the network.
  • the router advertisement is shown in FIG. 1 as RA 100 .
  • U.S. patent application Ser. No. 14/151,035 discloses the process of attachment in terms of the mechanism of Stateless Address Auto-Configuration (SLAAC) specified in RFC 4862 which is also incorporated herein by reference.
  • SLAAC Stateless Address Auto-Configuration
  • the second method ( FIG. 1 c ) is computationally more efficient but requires an extension to the standard IPv6 MIB which defines a new object corresponding to a change in the routing table.
  • a TRAP message is generated which can be received by a handler function 25 , registered with the SNMP layer by process 21 .
  • the OBU 20 becomes the primary “care-of address” for the neighboring user device.
  • the “home address” is carried in the IPv6 Destination Option header.
  • This address is fixed and used as a substitute for the IP source address and destination addresses, since the latter, in the route optimization mode of Mobile IPv6, are the mobile node's “care-of address” address, which is the OBU itself, or, in the case of a DSRC-enabled user device, such as a Smartphone incorporating a DSRC interface, is the RSU.
  • the substitution is therefore required to ensure the granular accumulation of traffic statistics per individual user device, implemented by the Accounting function described below, rather than an aggregate for the OBU to which they are attached.
  • the Accounting function described below
  • the “home address” information required can be acquired by process 31 running in the RSU 30 using an SNMP GET call to retrieve it from the Mobile IPv6 MIB or by processing a TRAP generated for each datagram routed by the RSU.
  • the OBU includes authentication information in the request message 25 , which enables both authorization and authentication to be combined in a single step. This procedure is used in the case where the accounting of service channel bandwidth consumption is aggregated for all devices neighboring the OBU 20 and billed to a single account associated with the OBU 20 .
  • the WSA 36 uses a distinct PSID reflecting the nature of the service.
  • AAA server 40 receives message 24 containing information required to authenticate the client, and therefore does not need to respond with an authentication challenge.
  • the information required for authentication is well known, and may include, but is not limited to, International Mobile Equipment Identity for Smartphones or vehicle identification number, or other such Personal Identifying Information. The method of authentication is described below.
  • the path segments 28 and 29 in FIG. 2 are functionally equivalent to the path segments 27 and 26 in FIG. 1 .
  • the payload in message 24 should contain the OBU's IP address in lieu of the actual source IP address. Subsequent IPv6 datagrams originating from the user device will contain this address in the routing header. This enables the RSU to accumulate the datagram byte count for active OBUs as explained in more detail below.
  • RSU 30 is the first IPv6 hop for the authorization request 25 , which is transmitted over a service channel. RSU 30 then routes the datagram towards its destination. The routing is illustrated by the path segments 26 and 27 in FIG. 1 , which are respectively, the inbound IEEE 802.11p MAC frame received from the service channel and the outbound frame on whatever medium is deployed for backhaul to the Internet. In order to account for service channel bandwidth consumption by individual user devices, RSU 30 caches the source IP address of the datagram in a non-volatile random-access memory (NOVRAM) table of such addresses.
  • NOVRAM non-volatile random-access memory
  • the source IP of inbound datagrams, and the destination IP address of outbound datagrams are matched against the entries in this table and the datagram byte counts are accumulated in the NOVRAM table for the entry corresponding to the correct match. If the RSU is configured for accounting of aggregated service channel bandwidth consumption for all devices neighboring the OBU, then the entry in the NOVRAM table must be the address of the OBU, which can be parsed from the IPv6 header.
  • AAA server 40 Upon receipt of the authorization request 25 , AAA server 40 is configured to authenticate the client.
  • FIG. 1 depicts the AAA server 40 sending an UDP/IP authentication challenge message 105 (or Authentication Challenge) to the IP source address associated with the request, which is the user device 10 .
  • the response mechanism is shown in FIG. 1 as Authentication Challenge Response 103 .
  • the challenge response 103 serves to verify the credentials of the sender, so it requires a secure encryption methodology allowing the sender to prove its authenticity to the infrastructure authority. Since the DSRC cyber-security provisions are specified in IEEE 1609.2, and since the encryption keying material is contained in digital certificates produced and distributed by certificate authorities operated by, or in collaboration with, the infrastructure authority, it follows that these certificate authorities can also provide the same kind of certificates (i.e. compliant with IEEE 1609.2 specifications) to user devices as will be provided to OBUs and RSUs.
  • Authentication Challenge Response 103 involving the encryption keying material (basically the public key of the certificate issued to the user device) and an encrypted payload including some unique identifying information, such as its International Mobile Equipment Identifier (IMEI). Successful decryption enables the receiver to authenticate the user device according to the asymmetrical encryption technology specified in the IEEE 1609.2.
  • AAA Server 40 Upon receipt of Authentication Challenge Response 103 , AAA Server 40 performs a search through a database for the IP source address. This database includes a table, of which the row entries may contain, at a minimum, a unique device identifier, an IPv6 address, security credentials issued to the device by a duly authorized certificate authority and the accumulated WAVE service channel bandwidth consumption within the current reporting period.
  • IP source address If a match is found for the IP source address, this means that this address has been previously encountered and will have already been authenticated. However, in the event that this address is a duplicate of another IPv6 address, formulated according to SLAAC, at a previous time with an entirely different OBU, then the least amount of time it would take for an OBU to leave and then return to the coverage area of an RSU may define the point at which the source IPv6 may be a possible duplicate address, therefore requiring that AAA server 40 authenticate the client.
  • the ability of the AAA server 40 to authenticate a client and to authorize its use of an service channel is dependent on whether it implements the encryption/decryption process specified in the request.
  • the preferred mechanism for authentication is illustrated in FIG. 3 , which depicts the process of issuing, to the client device 10 , the security credentials which it employs when it needs to be authenticated by the receivers of its messages.
  • the security credentials are issued by an entity called the Enrollment Certificate Authority (ECA) which is one of the Certificate Management Entities (CMEs) defined within the SCMS.
  • ECA Enrollment Certificate Authority
  • the issuance of security credentials by the ECA 70 to the OBU 20 is shown in FIG. 3 by the operation 71 .
  • the functional specifications for the issuance of security certificates are part of the bootstrapping process defined by the SCMS whereby the ECA assigns a long-term enrollment certificate or similar to each OBU, which is well-known and beyond the scope of the present disclosure.
  • the enrollment certificate provides, in one possible form, the credentials needed by the OBU for authentication during subsequent procedures defined within the scope of the SCMS. These procedures have been designed so that the digital signatures accompanying the basic safety messages serve the dual purpose of preserving the anonymity of individual vehicles while ensuring that the signatures are authentic, in the sense that the encryption keying material used to create them was duly issued by an authorized certificate management entity.
  • the design criteria for the SCMS architecture have, as a primary objective, the protection of consumer anonymity, and does not include requirements for “monetizing” WAVE service channels based on bandwidth consumption per device.
  • the ability to associate bandwidth consumption with a specific device requires that the security credentials, i.e. the certificates issued by the CMEs, include unique Personal Identifying Information (PII).
  • PII Personal Identifying Information
  • the SCMS design ensures that no PII will be available in any certificates used by OBUs to digitally sign messages, such as basic safety messages. This ensures that while the security credentials of a transmitting device can be validated, its anonymity is protected because it is not possible to identify a device. Therefore, an infrastructure authority requiring AAA functionality cannot rely on enrollment certificates alone to associate bandwidth consumption with any specific OBU or third-party device.
  • VIN Vehicle Identification Number
  • ECM Engine Control Module
  • Process 22 is an application-level software module running in the OBU 20 with two principal functional responsibilities. Process 22 is implemented by and executed by a processor resident in the OBU 20 . It is to be appreciated that the processor may be any readily available device capable of preforming the processes and/or instruction as described herein.
  • the process steps or instructions, which execute via the processor of OBU 20 or user device 10 implement the functions/acts specified in the flowchart and/or diagram shown throughout the Figures and discussed herein.
  • process 22 maintains a listener to receive the credential certificate, as shown by the operation 71 , which delivers the certificate from the ECA, and an acknowledgement 72 , which confirms (or rejects) reception of the certificate.
  • the certificate that is received in operation 71 may be, separately or together, an enrollment certificate, an identification certificate, or other certifying credential used for the authentication function.
  • the following discussion will describe the authentication with the enrollment certificate, without limiting the subject invention thereto. Utilizing the other credential certificates in the same manner is envisioned within this disclosure. To this extent, process 22 is a required component of OBU application software.
  • process 22 when operating within range of an RSU that advertises billable 1Pv6 connectivity services, process 22 has the responsibility of triggering a request 25 from OBU 20 to the AAA server 40 , which combines both the authorization and authentication functions in one step.
  • process 22 encrypts the VIN (acquired by interrogating the ECM using standard protocols defined in SAE J-1979).
  • the encrypted VIN is appended to the enrollment certificate information, which includes the public key, and sends the authorization request 25 to the receiver of the AAA server 40 that can use the public key to decrypt the VIN.
  • the two software functions described above are implemented within the single process 22 . In another embodiment, these two functions could be decoupled so as to yield two separate processes.
  • the SCMS specifications define the ECA as responsible for enrollment of DSRC devices which, by definition, comply with all the standards (IEEE 1609.x, IEEE 802.11p, SAE J-2735 and SAE J-2945) required for these devices to be certified.
  • IEEE 1609.x, IEEE 802.11p, SAE J-2735 and SAE J-2945 all the standards required for these devices to be certified.
  • IPv6 traffic using the WAVE service channel originates from non-DSRC mobile devices, and it is the policy of the infrastructure authority to create billing accounts for individual non-DSRC mobile devices, these devices require the same kind of credentials if their traffic is to be authorized by the AAA system.
  • the AAA server is enabled as a certificate management entity only for non-DSRC mobile devices neighboring OBUs and whose IP traffic can be offloaded onto the WAVE service channel.
  • the certificates produced are “Internet Subscription Certificates” in order to distinguish them from OBU enrollment certificates or the like. Operations 73 and 74 in FIG. 3 illustrate the issuance of such credentials.
  • the communications path for the distribution of these credentials is based on an SSL session between the non-DSRC mobile device and the AAA server.
  • the security credentials of OBU 20 are validated. This is accomplished by successful decryption of the PII encapsulated in the request 25 and received by process 41 , using the public key of the enrollment certificate sent in the request.
  • the decryption algorithm is implemented as software module 42 running in AAA server 40 , and invoked through a synchronous call from process 41 , as shown in FIG. 3 .
  • Process 41 is implemented by and executed by a processor resident in the AAA server 40 . It is to be appreciated that the processor may be any readily available device capable of preforming the processes and/or instruction as described herein.
  • a database 43 of subscribers registered in the AAA server 40 is queried by the search 45 to determine if the PII is found. This constitutes authentication of OBU 20 .
  • the AAA server 40 receives the authentication and/or authorization request in step 101 .
  • the OBU 20 digital signature is decrypted in step 110 .
  • the digital signature is then validated in step 120 and if the signature is not validated, notification is returned to the OBU 20 . If the signature if validated, in step 130 , the database 43 is queried for the PII. If the PII is found in step 140 , notification is returned to the OBU 20 . Otherwise, the request is forwarded to the ECA in step 150 .
  • PII unique identifying information
  • each infrastructure authority is to maintain a AAA server in which vehicles associated with that territory can be registered.
  • An example of the need for this arises in the following scenario.
  • a vehicle is registered (with the DMV) as having an address within a region where the policy of the infrastructure authority is for free mobile Internet service.
  • the vehicle is currently travelling in another region which applies charges for bandwidth consumption and operates the administrative tools (AAA server) for this purpose.
  • AAA server administrative tools
  • Each RSU in this region will advertise the IP address and UDP port number only of the AAA server which is owned and operated by the local authority.
  • the OBU in the vehicle requests authorization to access the service.
  • the AAA server attempts to validate the credentials. Otherwise it requests validation from the ECA for the enrollment certificate used by the OBU. But since the decrypted PII (e.g. the VIN) will not appear in the AAA database, the infrastructure authority could assert its right to deny the vehicle access to the mobile Internet services. The mechanisms for enabling or prohibiting access to the mobile Internet services are described below. However, if a “foreign” vehicle is not registered in its AAA server, an infrastructure authority is operable to interrogate the entire population of AAA servers wherever they have been deployed throughout the jurisdiction governed by the SCMS. If the infrastructure authority prohibits access to a “foreign” vehicle (i.e. one that is not registered in its AAA server) it is operable to forego the revenue that could otherwise be generated from an account associated with the PII registered in a “remote” AAA server.
  • a “foreign” vehicle i.e. one that is not registered in its AAA server
  • FIG. 4 illustrates the sequence of steps needed to find a “foreign” vehicle.
  • the role of the ECA with respect to issuance of credentials to mobile devices is defined within the scope of the SCMS specifications.
  • the ECA encompasses an additional role for authentication of devices which request mobile Internet services but cannot be found in local AAA server databases. This new role requires that the AAA server be integrated into the Public Key Infrastructure (PKI) architecture of the SCMS.
  • PKI Public Key Infrastructure
  • PKI systems are commonly used in Internet transactions for computing devices to present security credentials to any other device that needs proof of authenticity.
  • Security credentials can be derived from a trust “chain” or “hierarchy”, whereby a digital certificate containing the credential(s), itself, is to be authenticated according to the digital signature of the issuer of the certificate.
  • Authentication of a device based on the certificate it presents may require several iterations before reaching a “root” certificate authority which does not derive its trustworthiness from another entity above it in the “trust hierarchy”.
  • the role for the ECA is to incorporate the requisite functionality to support the various procedures or functions of exemplary embodiments herein.
  • it is configured to issue a certificate to any AAA server that an infrastructure authority wishes to deploy. By doing so, it extends the trust hierarchy of the SCMS into the AAA servers that infrastructure authorities need to manage the monetization of the WAVE service channel spectrum.
  • it is to maintain a NOVRAM table of the IP addresses of each AAA server to which it has issued certificates. This ensures that when the PII for the client cannot be found in the database of the local AAA server, the ECA can interrogate all of the duly certified AAA servers operating under the jurisdiction of the SCMS, in order to determine whether the vehicle in question is registered somewhere, as illustrated in step 150 of the flow chart in FIG. 9 .
  • the interrogation of “remote” AAA servers by the ECA is exemplified in FIG. 4 by the interaction between the ECA 70 and the AAA servers 50 and 60 .
  • This representation is intended solely for the purpose of simplifying the diagram and is not intended to imply that the interrogation process is restricted to only two AAA servers.
  • ECA 70 sends a request 75 to a specified listener 56 running in AAA server 50 , which in turn issues the query 55 to the database 53 for the VIN.
  • a binary result (found/not found) is returned to the ECA with the response 76 .
  • request 77 to listener 66 in AAA server 60 encompassing listener 66 and database 63 which are functionally equivalent to listener 40 and database 43 , will trigger query 65 and the same type of binary result in response 78 .
  • the AAA servers are integrated in the PKI architecture of the SCMS system, the security provisions exists to ensure the confidentiality of the VIN information transmitted by the ECA.
  • the AAA server is configured to issue “Internet Subscription” certificates to DSRC OBUs, as well as to non-DSRC mobile devices, as previously described.
  • the communications path for distribution of “Internet Subscription” certificates to OBUs is over DSRC, instead of cellular, and the certificate information is, in some exemplary embodiments, secured by asymmetrical encryption using the enrollment certificate.
  • the authorization request 25 from an OBU 20 uses its Internet Subscription certificate (in lieu of the enrollment certificate) to request authentication from the AAA server 40 . This is illustrated in FIG. 6 .
  • the sequence of steps required to obtain an Internet Subscription certificate is as follows:
  • Internet Subscription certificates for OBUs are that it eliminates the need for interrogation, by the ECA, of multiple AAA servers in order to search for a “foreign” vehicle.
  • Internet Subscription certificates include the domain name of the AAA server that issues them, which are included in the authorization request from OBUs (or in the authorization challenge response from non-DSRC mobile devices).
  • the AAA server receiving the request can therefore resolve the domain name to an IP address.
  • only a single UDP/IP request/response is required.
  • FIG. 7 This alternative path of authorization/authentication of a “foreign” device is shown in FIG. 7 .
  • Process 41 running in AAA server 40 uses a DNS address resolution request 47 to a DNS server 90 to acquire the IP address of a remote AAA server 60 , and then forwards the request 79 to AAA server 60 .
  • AAA server 40 uses its own credentials obtained from the ECA, encrypting request 79 with its private key and sending its certificate information in request 79 so that remote AAA server 60 has the public key to decrypt the message. Since the credentials of AAA server 40 are obtained from the ECA, this both protects the private information included in request 79 , and enables the remote AAA server 60 to authenticate the sender as being linked to the SCMS chain of trust and provide a response 88 .
  • the third condition for authorization is to ensure that the enrollment certificate itself is confirmed as not having expired or been revoked for some reason.
  • Some exemplary embodiments of a mechanism for accomplishing the authorization may involve constructing the request 46 such that its primary objective is verification that the enrollment certificate does not appear is the latest Certificate Revocation List maintained and disseminated by the SCMS. However, if the Certificate Revocation List is propagated by the SCMS to the AAA Server, there is no longer a requirement for request 46 to ask the ECA to verify the received certificate against the Certificate Revocation List. Secondarily, and only if the enrollment certificate is valid and the method described above, of directly interrogating the AAA server identified in the “Internet Subscription” certificate, is not used, request 46 can specify whether the PII in the request (i.e. the VIN) was not found in the local database and needs to be searched in the remote AAA servers.
  • AAA server 40 may respond to the sender of the request for authorization. If the security credentials are invalid or have been revoked, the billing account is delinquent or simply non-existent; the governing policy may call for the request to be denied. However, in order to ensure that IPv6 traffic is blocked, it is not sufficient for the AAA server 40 to send the client a notification of denial. Since the process of granting authorization for IPv6 connectivity falls outside the scope of the IEEE 1609 specifications, it follows that any device requesting such authorization is doing so “voluntarily” and that, if it is denied the authorization, it is not “obligated” to abide by this decision.
  • WAVE specifications do not prohibit it from routing IPv6 traffic towards the destination addresses specified in the datagram headers and there are no provisions within WAVE for the RSU to block this traffic. It follows that a mechanism is required that enables the AAA server 40 to cause IPv6 traffic originating from a specific OBU to be filtered and, conversely, to cause the removal of a filter that has been applied to a specific OBU once it has been authenticated and authorized.
  • a filtering mechanism operates as application layer software using an API provided by the RSU vendor which exposes the transport layer of the protocol stack.
  • DOS Denial of Service
  • One of the methods used by ISPs to protect against these attacks is called Remote Triggered Black Hole (RTBH) filtering.
  • RTBH filtering can be applied to both source and destination addresses but in the specific case of DOS, the filtering is applied to the source address.
  • Border Gateway Protocol as specified in RFC 4271, incorporated herein by reference, operates as a peer-to-peer session over a TCP connection on a well-known port (179), allowing for the propagation of routing information between pairs of routers.
  • An infrastructure operator would normally have a plurality of RSUs and a very limited number, if not a single, AAA server, all operating within the same Autonomous System.
  • This topology is illustrated in FIG. 8 , where the AAA server 40 executes multiple instances of the BGP Finite State Machine defined in RFC 4271, each with a TCP connection to an individual
  • FIG. 10 illustrates use of BGP by a software application, in contrast to the more conventional scenario in which the BGP services are invoked by a network administrator through a command line interface.
  • the use of BGP in the context of this disclosure is a completely automated process, defined by the flow chart in FIG. 10 , which can be described in terms of the following algorithmic steps:
  • the last aspect of the subject invention is Accounting. Since one goal of the subject invention is the monetization of radio spectrum, the RSU, in some exemplary embodiments, is configured to keep track of the service channel bandwidth consumption by each device, when using the IPv6 interface, and periodically send reports to the AAA server. To accomplish this, the Management Information Base (MIB) of the IPv6 layer is extended to acquire packet and byte count statistics per client, the data is retrieved using a standard SNMP interface and periodically transmitted to the AAA server, in some exemplary embodiments through a TCP connection. The preferred implementation is illustrated in FIG. 11 . Process 31 running in the RSU invokes the TRAP handler registration 33 to register TRAP handler 32 with the SNMP, so that per client byte count statistics are reported asynchronously.
  • MIB Management Information Base
  • the extended MIB Whenever a packet is sent to, or received from, the WAVE IPv6 interface, the extended MIB provides the statistics on per client basis (Ipv6ByteRxorTxPacketByteCount), which generates TRAP message 34 .
  • TRAP handler 32 processes the TRAP and informs process 31 using a callback procedure 37 .
  • Process 31 accumulates the per client statistic in a NOVRAM table and periodically sends a UDP/IP report (message 38 ) to the AAA server which is persistent (i.e. requiring an acknowledgement). Before sending the acknowledgement, process 41 running in AAA server 40 invokes the database procedures 43 in order to store the information received in the report.
  • IEEE 802.11p IEEE STANDARD 802.11p-2010-IEEE Standard for Information technology-Local and metropolitan area networks-Specific requirements-Part 11: Wireless LAN Medium Access Control (MAC) and Physical Layer (PHY) Specifications Amendment 6: Wireless Access in Vehicular Environments, available at: https://standards. ieee.org/findstds/standard/802.11p-2010. html

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Theoretical Computer Science (AREA)
  • General Engineering & Computer Science (AREA)
  • Software Systems (AREA)
  • Computer Hardware Design (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Business, Economics & Management (AREA)
  • Accounting & Taxation (AREA)
  • Computing Systems (AREA)
  • Mobile Radio Communication Systems (AREA)
  • Environmental & Geological Engineering (AREA)

Abstract

A system and method are disclosed for authenticating and authorizing access to and accounting for consumption of bandwidth for IPv6 connectivity to the Internet over Wireless Access Vehicular Environment (WAVE) service channels by client devices using an Authentication, Authorization and Accounting (AAA) server. The AAA server authenticates and authorizes client devices to access WAVE service channels, and accounts for bandwidth consumption by the client devices using WAVE service channels to access the Internet. The AAA server enables an RSU infrastructure operator to quantify wireless bandwidth consumption by in-vehicle devices using the WAVE Service Channels, on a per-device basis.

Description

    RELATED APPLICATIONS
  • This application claims priority to U.S. Provisional Patent Application No. 62/357,504, filed on Jul. 1, 2016, which is hereby incorporated by reference. This application also claims priority to U.S. Non-Provisional application Ser. No. 15/639,022, filed on Jun. 30, 2017, which is hereby incorporated by reference. Additionally, this application claims priority to U.S. Non-Provisional application Ser. No. 16/253,861, filed on Jan. 22, 2019, which is hereby incorporated by reference.
  • BACKGROUND
  • In January, 2016, the U.S. Secretary of Transportation announced that the USDOT was proceeding with the federal motor vehicle safety standard (FMVSS) 150 based on vehicle-to-vehicle (V2V) communications technology called Dedicated Short-Range Communications (DSRC). DSRC operates over a 75 MHz frequency band centered at 5.9 GHz, which had previously been allocated by the FCC to support a broad range of intelligent transportation systems (ITS) applications. During the period 2002-2009, the IEEE developed the 1609 suite of protocol specifications governing the use of the band, which is divided into 7 channels, each with 10 MHz width. Four of the channels support an IPv6 (Internet Protocol Version 6) interface, which means that UDP/IPv6 or TCP/IPv6-based application software can operate over these channels.
  • The protocol specifications contained in the IEEE 1609 suite, commonly known as Wireless Access Vehicle Environment (WAVE) and incorporated herein by reference, incorporate security provisions to ensure authentication of WAVE-enabled on-board equipment (OBE) attempting to communicate with roadside equipment (RSE). The terminology OBE and RSE is commonly interchanged with OBU (On-board unit) and RSU (roadside unit). OBU typically includes, but is not limited to, a mobile computing device enabled for DSRC communications, meeting the requirements for V2V specified in SAE J2945/1 and SAE J2945/2, or the requirements for V2P, to be specified in future variants of SAE J2945. RSU typically includes, but is not limited to, a stationary or quasi-stationary computing device enabled for DSRC communications, compliant with the IEEE 802.11p specification for the DSRC MAC and PHY layers, the WAVE protocol stack and capable of broadcasting WAVE Service Advertisements (WSAs) on the DSRC Control Channel (CCH). OBU devices without valid security credentials can be effectively denied the WSAs of the RSU, which is typically accomplished by simply discarding transmissions sent by the OBU. WSA are periodic messages defined by the IEEE 1609 protocol suite that identifiers services available on the network.
  • These aforementioned security provisions present in the IEEE 1609 protocol are aimed at controlling access to services resident in the RSU or accessible to the RSU through dedicated application software in the RSU; i.e. services of which the RSU is “aware” and for which the RSU has the policy responsibility to control access. Examples of such services include, but are not limited to, traveler information, in-vehicle signage, navigation, traffic management, weather information, safety, electronic payment, network services, configuration management, and the like.
  • In the case of IPv6 communications, the role of the RSU is to route IPv6 datagrams towards their destination address. The WAVE architecture provides for authentication of an OBU based on a digital signature in the headers of WAVE Short Message Protocol (WSMP) messages originating from the OBU. The digital signature is generated by the OBU according to an asymmetrical encryption technique and the message transmitted also includes the certificate containing the public key so that the receiving RSU can decrypt the signature. A DSRC infrastructure authority (“infrastructure authority”) may propagate the Certificate Revocation List to the RSUs, which identifies OBU devices for which the security credentials are no longer valid. This can be used by the RSU as a criterion for discarding OBU messages sent using WSMP.
  • In U.S. patent application Ser. No. 14/151,035, incorporated herein by reference, discloses a system which enables a user-interface device, such as a Smartphone or tablet, to establish connectivity to the Internet by using the mechanism defined in RFC 4861 for Router Discovery. This mechanism allows a user device to attach itself to an OBU using Stateless Address Auto-configuration (SLAAC), for example through a WiFiPeertoPeer (WiFiDirect) interface. The OBU acts as an IPv6 router for the user device to connect with the Internet through any RSU which advertises the availability of one or more WAVE Service Channels for this purpose. The system also provides the foundation of the methods for authentication of the user device.
  • SUMMARY
  • In one aspect, a system and method are disclosed which performs Authentication, Authorization and Accounting (AAA) functions necessary to enable an RSU infrastructure operator to quantify wireless bandwidth consumption by in-vehicle devices using the WAVE Service Channels, on a per-device basis.
  • Another aspect provides a AAA server operated by, or on behalf of a DSRC infrastructure authority, comprising at least one processor running at least one computer program adapted to communicate through the Internet with a plurality of mobile devices and/or an OBU operating a subnet for one or more mobile devices, with a plurality of RSUs, in order to carry out the authentication, authorization, and accounting (AAA), thereby enabling the authority to account for WAVE service channel bandwidth consumption by each of the mobile devices having been duly provisioned by the AAA server.
  • Another aspect provides a plurality of AAA servers operated by, or on behalf of a DSRC infrastructure authority, each server comprising at least one processor running at least one computer program adapted to communicate through the Internet with a plurality of mobile devices and with a plurality of RSUs in order to carry out the authentication, authorization and accounting, the plurality of AAA servers being arrayed for load balancing of inbound Internet traffic and enabling the authority to account for WAVE service channel bandwidth consumption by each of the mobile devices and/or by an OBU operating a subnet for one or more of the mobile devices, which have been duly provisioned in a single database, access to the database being synchronized among the plurality of AAA servers.
  • Another aspect provides a RSU configured with an extended IPv6 Management Information Base (MIB) operable to determine packet and byte count statistics for WAVE service channel usage per client device. The client device may be either an OBU, a non-DSRC mobile device that is IPv6-reachable through an OBU, or a DSRC-enabled user device. The IPv6 MIB is also operable to retrieve, for each datagram received from an IPv6 node operating in the route optimization mode of Mobile IPv6, the fixed “home address” of the mobile node carried in the Mobile IPv6 routing header of the datagram. The RSU is operable to accumulate, in Non-Volatile Random Access Memory (NOVRAM), the packet and byte count statistics for WAVE service channel usage per client device and periodically sends the statistics to the AAA server, encapsulated in a UDP/IP message, only refreshing the NOVRAM table when the AAA server has acknowledged reception of the UDP/IP message.
  • Another aspect provides an OBU, compliant with WAVE and IEEE 802.11p and configurable with dual-radio capability, running at least one application level computer program adapted to request authentication and authorization from the AAA server, for IPv6 connectivity to the Internet, either on behalf of a neighboring non-DSRC mobile device or for itself, and configured with an extended IPv6 MIB operable to retrieve the addresses of neighboring devices when a new entry is inserted in a routing table, using either a synchronous method based on SNMP GET to retrieve the routing table periodically, or an asynchronous method based on SNMP TRAP to report “real-time” changes in the routing table. It is to be appreciated that other methods may be practiced for updating the routing table without deviating from the subject invention.
  • Another aspect provides a non-DSRC mobile device, operable to request “Internet Subscription” credentials from the AAA server, using a symmetrically encrypted communications channel established with SSL or a similar handshaking protocol for mutual authentication and key exchange, and operable to use the “Internet Subscription” credentials when responding to authentication challenge messages received from the AAA server as defined by one or more exemplary embodiments or aspects herein.
  • BRIEF DESCRIPTION OF THE DRAWINGS
  • Other objects, features, and advantages of the present invention will be readily appreciated as the same becomes better understood after reading the subsequent description taken in connection with the accompanying drawing wherein:
  • FIG. 1 is a system block diagram illustrating an authorization process and an authentication process between a user device and a AAA server according to the subject invention;
  • FIG. 1b is system block diagram illustrating one method for retrieval of an IP source address from a routing table using Simple Network Management Protocol;
  • FIG. 1c is system block diagram illustrating another method for retrieval of an IP source address from a routing table using Simple Network Management Protocol;
  • FIG. 2 is a system block diagram illustrating another embodiment of an authorization and authentication process between an On-board Unit and a AAA server;
  • FIG. 3 is a system block diagram illustrating an embodiment of an authentication process according to the subject invention;
  • FIG. 4 is a system block diagram illustrating an authentication process for foreign devices according to the subject invention;
  • FIG. 5 is a block diagram illustrating a protocol stack above Wireless Access Vehicular Environment utilizing a Border Gateway Protocol;
  • FIG. 6 is a system block diagram illustrating a process for distribution of security credentials according to another embodiment of the subject invention;
  • FIG. 7 is a system block diagram illustrating yet another authentication and authorization process for foreign devices according to the subject invention;;
  • FIG. 8 is a system block diagram illustrating communication between an AAA server and a plurality of Roadside Units;
  • FIG. 9 is a flowchart illustrating the authorization process according to the subject invention;
  • FIG. 10 is a system block diagram and flowchart illustrating a blocking and an unblocking of a client device, such as an On-board Unit, at a AAA server; and
  • FIG. 11 is a system block diagram and flowchart illustrating an accounting process according to the subject invention.
  • DETAILED DISCLOSURE
  • It is to be understood that the invention is not limited in its application to the details of construction or to the arrangements of the components set forth in the following description of exemplary embodiments, or illustrated in the drawings. The invention is capable of other embodiments and of being practiced and carried out in various ways. Also, it is to be understood that the phraseology and terminology employed herein are for the purpose of the description and should not be regarded as limiting. The use of “including,” “comprising,” or “having” and variations thereof herein is meant to encompass the items listed thereafter and equivalents thereof as well as additional items. In addition, the terms “connected”, “coupled”, “de-coupled” and variations thereof are not restricted to physical, mechanical or electrical connections or couplings. Furthermore, and as described in subsequent paragraphs, the specific mechanical and/or other configurations illustrated in the drawings are intended to exemplify embodiments of the invention. However, other alternative configurations are possible which are considered to be within the teachings of the instant disclosure.
  • In relation to some exemplary embodiments, due to the WAVE security requirements, all nodes (both mobile and stationary) are required to have credentials using the encryption methods specified in IEEE 1609.2. The credentials are issued when the device is provisioned and are used to create digital signatures allowing devices to authenticate themselves, as in the case where mobile devices broadcast a Basic Safety Message (BSM) which carries a digital signature based on the issued credentials. However when a device is provisioned, there is no explicit authorization to use a service channel for general-purpose IPv6 communications. Whether the service channel can be used should depend on whether there is a Provider Service Identification (PSID) for this, duly registered according to the procedure defined in IEEE 1609.12. It is generally assumed that DSRC infrastructure will be deployed and managed using various forms of public-private partnership, all sharing the attributes of an “infrastructure authority”, which will address the question of spectrum monetization within the framework of their business models. Provided that an OBU complies with the functional requirements established in the NHTSA safety standard, the decision as to whether the OBU, or a third party user device connected to the OBU, can be granted IPv6 connectivity over the WAVE Service Channels, and whether the bandwidth usage is billed, may become discretionary choices for the infrastructure authority. Therefore, some exemplary embodiments may enable an infrastructure authority to grant or deny IPv6 connectivity to individual devices and to measure the service channel bandwidth consumption associated with each device. This is accomplished by implementation of the subject invention as described herein.
  • The first step is “Authentication”. This is based on a “logon” procedure executed by a client device, which includes user device (e.g. a Smartphone) or alternatively by the OBU acting on behalf of the user device. The distinction between these two scenarios is a function of the business models available from an infrastructure operator and the choice made by an owner of the OBU, which could be an OEM-manufactured device or an aftermarket retrofit. For example, if the owner of the OBU absorbs all of the costs associated with IPv6 bandwidth consumption, regardless of which third party user device is the communications end point, the logon is to emanate from the OBU device. If the costs are attributable to a neighboring third party user device, the accounting for bandwidth is applicable to the user device, which should therefore be the originator of the logon.
  • The logon is essentially a request for IPv6 connectivity through a neighboring RSU. The user device or the OBU acting on behalf of the user device described above is a requesting device and may be referred to as a “client” or “client device”. A logon message is digitally signed using an encryption key obtained from a digital certificate issued by, or on behalf of, the infrastructure operator. The digital certificate is encapsulated in the logon message, enabling the receiver to decrypt the signature and to verify the credentials presented in the certificate. The logon message is encapsulated in a UDP/IP packet addressed to the “Roadway Authorization Server” (RAS), a separate host maintained by the infrastructure operator. As disclosed in application Ser. No. 14/151,035, when a specific RSU is prepared to offer IPv6 connectivity services to passing OBUs, it broadcasts the IP address and application port of the RAS service in a WAVE Service Advertisement (WSA). Since the verification of credentials constitutes the Authentication step and since some exemplary embodiments herein define the complementary functions of authorization and accounting, the RAS in some exemplary embodiments is designated as a AAA server, as will be described in more detail below.
  • The Authentication step is supported by an external system capable of verifying the credentials identified in the logon message. Such a system has been defined as part of the Federal Motor Vehicle Safety Standard (FMVSS) 150, called the Security Credentials and Management System (SCMS). SCMS is based on a Public Key Infrastructure (PKI) architecture, wherein asymmetrical encryption keys are generated by a “root” certificate authority and encapsulated in digital certificates which constitute the credentials of the client device. The technical architecture of SCMS has evolved from a cooperative effort by the USDOT and the automotive industry, as represented by the Collision Avoidance Metrics Partnership (CAMP). A detailed description of SCMS can be found at http://federalregister.gov/a/2014-24482, which is incorporated herein by reference. The primary purpose of SCMS is to ensure that devices participating in the vehicle-to-vehicle (V2V) communications defined by the FMVSS 150 are duly certified and that their operation does not compromise consumer privacy. Through a secure link between the AAA server and the SCMS, the AAA server is enabled to request assistance from SCMS components in validating the security credentials of a specific device. The validation process is based on the digital signature, the certificate information and an encrypted unique identifier for the device, all of which is encapsulated in the logon received from that device. It is to be appreciated that the digital signature, the certificate information and the encrypted unique identifier could be transmitted separately in a secure manner.
  • The next step is “Authorization”, to which there are two aspects. The first is the verification that the credentials of the client device have not been revoked by the credentialing authority. This is done using the Certificate Revocation List, which is maintained by the SCMS. The current specification for SCMS calls for distribution of the Certificate Revocation List only to OBUs and RSUs. However, the Certificate Revocation List is also to be distributed to the AAA server, in order to enable the latter for the aforementioned verification. The second aspect is that the account associated with the client is in good standing, which is determined according to the policy of the infrastructure operator.
  • The Authorization step may only be required when the Authentication step passes. A Boolean result of “fail” for the first step, or the logical conjunction of both steps, becomes an input to a mechanism which enables the AAA server to manage an IPv6 routing table of the RSU currently providing the connectivity to the client. Implementation of this capability is based on harnessing existing methods specified in IETF RFCs. Specifically, by adding the functionality of Border Gateway Protocol (BGP) to both the AAA server and the RSU, the AAA server is enabled for Remotely Triggered Black Hole (RTBH) filtering within the RSU, whereby IPv6 traffic from the client can be either blocked or unblocked based on whether the client passed the Authentication and Authorization steps. This methodology provides an efficient, standards-based means of controlling access to the mobile Internet services which infrastructure operators may want to offer, and links the duly authorized credentials of the client device requesting the service to the IPv6 routing table of the RSU, without the need to alter the WAVE suite of specifications.
  • The final step is Accounting. The RSU is configured to keep track of the service channel bandwidth consumption by each device, when using the IPv6 interface, and periodically send reports to the AAA server. To accomplish this, the Management Information Base (MIB) of the IPv6 layer may be extended to acquire packet and byte count statistics per client. The consumption data is retrieved using a standard SNMP interface and periodically transmitted to the AAA server, for example through a TCP connection.
  • In relation to some exemplary embodiments, a DSRC RSU routes IPv6 datagrams received from, or transmitted to, an OBU via a WAVE Service Channel. If the owner of the RSU, which may be the “infrastructure authority”, adopts a policy to control and manage service channel bandwidth usage by individual OBUs, and devices connected to OBUs, then mechanisms are required to authenticate these devices, authorize their use of service channel and account for the amount of bandwidth consumed by each device. The subject invention provides a server which supports these mechanisms, which is typically called AAA (authentication, authorization and accounting).
  • A single-radio OBU device which adheres to the required duty cycle for monitoring both the safety or “V2V” channel, (which is now specified at CH 172 at the “bottom” of the DSRC band) and the Control Channel (CCH or CH 178), may not be suitable for providing IPv6 connectivity services, since, at a minimum, its receiver would have to divide its time even further between the safety channel, CCH and the designated service channel. The incremental cost of dual-radio devices is sufficiently low to warrant vendors configuring an OBU product, either an Aftermarket Safety Device (ASD) or Retrofit Safety Device (RSD), as defined in the “V2V Readiness Report”, incorporated herein by reference, as a dual-radio device. It is therefore assumed throughout this disclosure that an OBU providing access to service channel bandwidth is configured as a dual-radio device. However, it is to be appreciated that the subject invention could also be implement with the single radio device.
  • Since the WAVE standard allows IPv6 datagrams to be transmitted on the service channel without any restriction, the RSU which receives the datagram will automatically route it towards its destination. However, if the administrative policy for the RSU calls for IPv6 traffic to be subject to AAA, then authorization for over-the-air IPv6 communications is to be requested on behalf of either the OBU or one or more devices connected to it.
  • FIG. 1 illustrates the authorization process and an authentication process between the user device and the AAA server according to the subject invention. The notification from the RSU indicating the requirement for authorization is embodied in the WAVE Service Advertisement (WSA) 35. WSAs, which are broadcast on the WAVE CCH by RSUs, constitute the method, required by the WAVE standard, with which the RSU informs the OBUs what services are accessible through the RSU broadcasting the WSA.
  • RSU 30 is configured by the infrastructure operator to issue a WSA which includes the IP address and port of the AAA service to which the OBU can send an authorization request. As disclosed in U.S. patent application Ser. No. 14/151,035, the WSA has previously been used to identify only the address where the OBU should send an authorization request. The subject invention utilizes the WSA to also include channel availability information which the OBU should use for channel configuration, as described further below. WSA 35 encapsulates both the IP address and port for the AAA server. WSA 35 also encapsulates a Provider Service Identification (PSID) signifying that this RSU supports the availability of general-purpose IPv6 connectivity subject to AAA management, as well as the identifiers of the available service channels. Different PSIDs are established in order to allow the OBU to differentiate between a service which applies billing charges to the OBU for any neighboring user devices and one for which each user device is associated with its own billing account. The utility of this differentiation is explained further below. Otherwise, as previously indicated, if there is no requirement for AAA, WSA 35 is not required because access to the service channel may be automatic or not restricted. As used herein, automatic means real-time or near real-time automated processing by one or more processors, non-manually and without human intervention. However, it is to be appreciated that manual involvement may be required without deviating from the subject invention.
  • The content of WSA 35 is reported to Process 21, which is generally a user application running in OBU 20, through the WSMP interface. Process 21 is implemented by and executed by a processor resident in the OBU 20. It is to be appreciated that the processor may be any readily available device capable of preforming the processes as described herein. The process steps or instructions, which execute via the processor of OBU 20 or user device 10, implement the functions/acts specified in the flowchart and/or diagram shown throughout the Figures and discussed herein. Process 21 then registers a “transmitter profile” with the MAC Layer Management Entity (MLME) which specifies the service channel number specified in the WSA. This registration of the transmitter profile ensures that the MLME is always updated whenever a policy change results in a change to the services advertised in a WSA. If IPv6 connectivity services are deactivated at a specific time or location (i.e. specific RSU or cluster of RSUs), the PSIDs corresponding to these services are not present in the WSA and process 21 registers a new transmitter profile which does not include the corresponding service channel number. As explained in IEEE 1609.4, when the Channel Router function of the IEEE 802.11p MAC layer (not shown in FIG. 1) cannot find this service channel number, packets intended for transmission using this channel are discarded.
  • The authorization function involves a request sent by OBU 20 to the AAA server 40, illustrated in FIG. 1 by authorization request, or message, 25. An example of such messages 25 are disclosed in U.S. patent application Ser. No. 14/151,035, wherein it takes the form of a UDP/IPv6 message. This message 25 is initiated by process 21, and process 21 listens for WSA 35. If the request has not already been granted by the AAA server 40, process 21 queues the message 25 for transmission through the IPv6 interface. WSA 35 indicates that the service advertised is billed to an individual account for a third party user device and therefore the authorization request is from the OBU “on behalf of” the third party device, for example a neighboring Smartphone or tablet, the interface between the OBU and the third party device being, in some exemplary embodiments, a wireless link such as WiFi Direct (also called WiFi Peer to Peer). In this instance the UDP payload of message 25 contains the IP source address of the user device.
  • The mechanism whereby user device 10 attaches itself to OBU 20 requires that the latter is configured to support the IPv6 “neighbor discovery” specification in RFC 4861, incorporated herein by reference. In this specification, a network node notifies its neighbors of its routing capabilities through periodic broadcasts of a “router advertisement” (RA) over the interface through which the neighbors may wish to join the network. The router advertisement is shown in FIG. 1 as RA 100. U.S. patent application Ser. No. 14/151,035 discloses the process of attachment in terms of the mechanism of Stateless Address Auto-Configuration (SLAAC) specified in RFC 4862 which is also incorporated herein by reference.
  • Prior systems, such as that disclosed in U.S. patent application Ser. No. 14/151,035, did not disclose the method by which the IP source addresses contained in the authorization requests exemplified by message 25 is obtained. When the user device attaches itself to the OBU, the latter may discover the IP source address, in some exemplary embodiments, due to a reception of a Router Solicitation message from the user device, which, as defined in RFC 4861, results in the address of the user device being added to the OBUs routing table. Acquisition of this information requires implementation of SNMP in the OBU. There are two alternative methods that would then be possible, illustrated in FIGS. 1b and 1c , respectively, which illustrate well-known protocol layers. The simplest method (FIG. 1b ) is to configure process 21 to periodically issue an SNMP GET to the localhost to retrieve the ipv6RouteTable object in the IPv6 MIB. The second method (FIG. 1c ) is computationally more efficient but requires an extension to the standard IPv6 MIB which defines a new object corresponding to a change in the routing table. When this is detected, a TRAP message is generated which can be received by a handler function 25, registered with the SNMP layer by process 21.
  • Using WAVE as a platform for mobile Internet services which rely on TCP at the transport layer is frequently discouraged because the OBU address changes as the device moves from one RSU to another. As a result, the user device attaching itself to the OBU will always discover a change in its own IPv6 address with each transition between RSUs, which will disrupt TCP sessions and in turn degrade the quality of any connection-oriented streaming services above the transport layer. The subject invention overcomes these problems by enabling the user device for Mobile IPv6, which is specified in RFC 6275 and incorporated herein by reference, and configured for the “route optimization” (section 11.3.1) mode. According to one aspect of the subject invention, the OBU 20 becomes the primary “care-of address” for the neighboring user device. In the “route optimization” mode, the “home address” is carried in the IPv6 Destination Option header. This address is fixed and used as a substitute for the IP source address and destination addresses, since the latter, in the route optimization mode of Mobile IPv6, are the mobile node's “care-of address” address, which is the OBU itself, or, in the case of a DSRC-enabled user device, such as a Smartphone incorporating a DSRC interface, is the RSU. The substitution is therefore required to ensure the granular accumulation of traffic statistics per individual user device, implemented by the Accounting function described below, rather than an aggregate for the OBU to which they are attached. Similarly to the mechanisms explained above in connection with the OBU obtaining the IP source address shown in FIGS. 1b and 1c , the “home address” information required can be acquired by process 31 running in the RSU 30 using an SNMP GET call to retrieve it from the Mobile IPv6 MIB or by processing a TRAP generated for each datagram routed by the RSU.
  • In some exemplary embodiments, the OBU includes authentication information in the request message 25, which enables both authorization and authentication to be combined in a single step. This procedure is used in the case where the accounting of service channel bandwidth consumption is aggregated for all devices neighboring the OBU 20 and billed to a single account associated with the OBU 20. As shown in FIG. 2, the WSA 36 uses a distinct PSID reflecting the nature of the service. In this instance, AAA server 40 receives message 24 containing information required to authenticate the client, and therefore does not need to respond with an authentication challenge. The information required for authentication is well known, and may include, but is not limited to, International Mobile Equipment Identity for Smartphones or vehicle identification number, or other such Personal Identifying Information. The method of authentication is described below. The path segments 28 and 29 in FIG. 2 are functionally equivalent to the path segments 27 and 26 in FIG. 1. Also in, in some exemplary embodiments, in order to facilitate the Accounting process, the payload in message 24 should contain the OBU's IP address in lieu of the actual source IP address. Subsequent IPv6 datagrams originating from the user device will contain this address in the routing header. This enables the RSU to accumulate the datagram byte count for active OBUs as explained in more detail below.
  • Referring back to FIG. 1, RSU 30 is the first IPv6 hop for the authorization request 25, which is transmitted over a service channel. RSU 30 then routes the datagram towards its destination. The routing is illustrated by the path segments 26 and 27 in FIG. 1, which are respectively, the inbound IEEE 802.11p MAC frame received from the service channel and the outbound frame on whatever medium is deployed for backhaul to the Internet. In order to account for service channel bandwidth consumption by individual user devices, RSU 30 caches the source IP address of the datagram in a non-volatile random-access memory (NOVRAM) table of such addresses. In the accounting process of the subject invention, the source IP of inbound datagrams, and the destination IP address of outbound datagrams, are matched against the entries in this table and the datagram byte counts are accumulated in the NOVRAM table for the entry corresponding to the correct match. If the RSU is configured for accounting of aggregated service channel bandwidth consumption for all devices neighboring the OBU, then the entry in the NOVRAM table must be the address of the OBU, which can be parsed from the IPv6 header.
  • Upon receipt of the authorization request 25, AAA server 40 is configured to authenticate the client. FIG. 1 depicts the AAA server 40 sending an UDP/IP authentication challenge message 105 (or Authentication Challenge) to the IP source address associated with the request, which is the user device 10. The response mechanism is shown in FIG. 1 as Authentication Challenge Response 103. The challenge response 103 serves to verify the credentials of the sender, so it requires a secure encryption methodology allowing the sender to prove its authenticity to the infrastructure authority. Since the DSRC cyber-security provisions are specified in IEEE 1609.2, and since the encryption keying material is contained in digital certificates produced and distributed by certificate authorities operated by, or in collaboration with, the infrastructure authority, it follows that these certificate authorities can also provide the same kind of certificates (i.e. compliant with IEEE 1609.2 specifications) to user devices as will be provided to OBUs and RSUs.
  • User device 10 assembles the Authentication Challenge Response 103, involving the encryption keying material (basically the public key of the certificate issued to the user device) and an encrypted payload including some unique identifying information, such as its International Mobile Equipment Identifier (IMEI). Successful decryption enables the receiver to authenticate the user device according to the asymmetrical encryption technology specified in the IEEE 1609.2. Upon receipt of Authentication Challenge Response 103, AAA Server 40 performs a search through a database for the IP source address. This database includes a table, of which the row entries may contain, at a minimum, a unique device identifier, an IPv6 address, security credentials issued to the device by a duly authorized certificate authority and the accumulated WAVE service channel bandwidth consumption within the current reporting period. If a match is found for the IP source address, this means that this address has been previously encountered and will have already been authenticated. However, in the event that this address is a duplicate of another IPv6 address, formulated according to SLAAC, at a previous time with an entirely different OBU, then the least amount of time it would take for an OBU to leave and then return to the coverage area of an RSU may define the point at which the source IPv6 may be a possible duplicate address, therefore requiring that AAA server 40 authenticate the client.
  • The ability of the AAA server 40 to authenticate a client and to authorize its use of an service channel is dependent on whether it implements the encryption/decryption process specified in the request. The preferred mechanism for authentication is illustrated in FIG. 3, which depicts the process of issuing, to the client device 10, the security credentials which it employs when it needs to be authenticated by the receivers of its messages. The security credentials are issued by an entity called the Enrollment Certificate Authority (ECA) which is one of the Certificate Management Entities (CMEs) defined within the SCMS.
  • The issuance of security credentials by the ECA 70 to the OBU 20 is shown in FIG. 3 by the operation 71. However, the functional specifications for the issuance of security certificates are part of the bootstrapping process defined by the SCMS whereby the ECA assigns a long-term enrollment certificate or similar to each OBU, which is well-known and beyond the scope of the present disclosure. The enrollment certificate provides, in one possible form, the credentials needed by the OBU for authentication during subsequent procedures defined within the scope of the SCMS. These procedures have been designed so that the digital signatures accompanying the basic safety messages serve the dual purpose of preserving the anonymity of individual vehicles while ensuring that the signatures are authentic, in the sense that the encryption keying material used to create them was duly issued by an authorized certificate management entity.
  • The design criteria for the SCMS architecture have, as a primary objective, the protection of consumer anonymity, and does not include requirements for “monetizing” WAVE service channels based on bandwidth consumption per device. As the subject invention provides for accounting procedures, the ability to associate bandwidth consumption with a specific device requires that the security credentials, i.e. the certificates issued by the CMEs, include unique Personal Identifying Information (PII). Generally, the SCMS design ensures that no PII will be available in any certificates used by OBUs to digitally sign messages, such as basic safety messages. This ensures that while the security credentials of a transmitting device can be validated, its anonymity is protected because it is not possible to identify a device. Therefore, an infrastructure authority requiring AAA functionality cannot rely on enrollment certificates alone to associate bandwidth consumption with any specific OBU or third-party device.
  • However, the use of WAVE bandwidth to provide mobile Internet services is based on a consumer discretionary choice. Hence, when the infrastructure authority requests some form of PII in order to register for the service, there is no violation of privacy. One example of PII that can be automatically acquired and delivered to the AAA server is the Vehicle Identification Number (VIN), which can be acquired by an OBU with a CAN-bus connection to the Engine Control Module (ECM) using protocols defined in the SAE standard J-1979 or similar protocols. This is the preferred PII in the case of a billing applied to the aggregate traffic through the OBU, since aftermarket OBU devices can be moved from one vehicle to another.
  • The preferred mechanism for establishing the association between the SCMSissued credentials encapsulated in the enrollment certificate and the PII which can be linked directly to a billing account, is shown in FIG. 3. Process 22 is an application-level software module running in the OBU 20 with two principal functional responsibilities. Process 22 is implemented by and executed by a processor resident in the OBU 20. It is to be appreciated that the processor may be any readily available device capable of preforming the processes and/or instruction as described herein. The process steps or instructions, which execute via the processor of OBU 20 or user device 10 implement the functions/acts specified in the flowchart and/or diagram shown throughout the Figures and discussed herein. First, process 22 maintains a listener to receive the credential certificate, as shown by the operation 71, which delivers the certificate from the ECA, and an acknowledgement 72, which confirms (or rejects) reception of the certificate. It is to be appreciated that the certificate that is received in operation 71 may be, separately or together, an enrollment certificate, an identification certificate, or other certifying credential used for the authentication function. For simplicity, the following discussion will describe the authentication with the enrollment certificate, without limiting the subject invention thereto. Utilizing the other credential certificates in the same manner is envisioned within this disclosure. To this extent, process 22 is a required component of OBU application software. Second, when operating within range of an RSU that advertises billable 1Pv6 connectivity services, process 22 has the responsibility of triggering a request 25 from OBU 20 to the AAA server 40, which combines both the authorization and authentication functions in one step. Using the private key of the asymmetrical encryption methodology specified in the enrollment certificate, process 22 encrypts the VIN (acquired by interrogating the ECM using standard protocols defined in SAE J-1979). The encrypted VIN is appended to the enrollment certificate information, which includes the public key, and sends the authorization request 25 to the receiver of the AAA server 40 that can use the public key to decrypt the VIN. For simplicity of presentation, the two software functions described above are implemented within the single process 22. In another embodiment, these two functions could be decoupled so as to yield two separate processes.
  • The SCMS specifications define the ECA as responsible for enrollment of DSRC devices which, by definition, comply with all the standards (IEEE 1609.x, IEEE 802.11p, SAE J-2735 and SAE J-2945) required for these devices to be certified. However, when IPv6 traffic using the WAVE service channel originates from non-DSRC mobile devices, and it is the policy of the infrastructure authority to create billing accounts for individual non-DSRC mobile devices, these devices require the same kind of credentials if their traffic is to be authorized by the AAA system. To issue such credentials, the AAA server is enabled as a certificate management entity only for non-DSRC mobile devices neighboring OBUs and whose IP traffic can be offloaded onto the WAVE service channel. The certificates produced are “Internet Subscription Certificates” in order to distinguish them from OBU enrollment certificates or the like. Operations 73 and 74 in FIG. 3 illustrate the issuance of such credentials. In some exemplary embodiments, the communications path for the distribution of these credentials is based on an SSL session between the non-DSRC mobile device and the AAA server.
  • In some exemplary embodiments, there are three conditions to be satisfied in order for the AAA server 40 to authorize OBU 20 for access to the IPv6 connectivity service of RSU 30. First, the security credentials of OBU 20 are validated. This is accomplished by successful decryption of the PII encapsulated in the request 25 and received by process 41, using the public key of the enrollment certificate sent in the request. The decryption algorithm is implemented as software module 42 running in AAA server 40, and invoked through a synchronous call from process 41, as shown in FIG. 3. Process 41 is implemented by and executed by a processor resident in the AAA server 40. It is to be appreciated that the processor may be any readily available device capable of preforming the processes and/or instruction as described herein. The process steps or instructions, which execute via the processor of the AAA server 40, implement the functions/acts specified in the flowchart and/or diagram shown throughout the Figures and discussed herein. Second, a database 43 of subscribers registered in the AAA server 40 is queried by the search 45 to determine if the PII is found. This constitutes authentication of OBU 20.
  • In addition, the flow chart in FIG. 9 summarizes these steps. The AAA server 40 receives the authentication and/or authorization request in step 101. Next, the OBU 20 digital signature is decrypted in step 110. The digital signature is then validated in step 120 and if the signature is not validated, notification is returned to the OBU 20. If the signature if validated, in step 130, the database 43 is queried for the PII. If the PII is found in step 140, notification is returned to the OBU 20. Otherwise, the request is forwarded to the ECA in step 150.
  • Typically, user registration is carried out through a Web User or Web Services interface offered by the DSRC infrastructure operator. The actual registration method(s) is (are) outside the scope of this disclosure. Whatever method is used, it is to enable the infrastructure operator to create an account associated with unique identifying information (PII), for example the VIN of the vehicle.
  • It is a fundamental tenet of USDOT policy that operation of DSRC infrastructure will be decentralized across the Unites States. It is envisioned that local jurisdictions, whether they are cities, counties, regional municipal authorities or state DOTs, will establish, or oversee the establishment of, independent DSRC infrastructure operators. Whereas it is expected that in many or perhaps all cases, these operating entities will take the form of public-private partnerships, the corporate structure, the roles and responsibilities of the partners and the procedures for establishing policies which are implemented using the DSRC technology itself, may vary. With particular reference to the present disclosure, there is no technical reason why the policy with respect to mobile Internet service has to be standardized across all jurisdictions. Each jurisdiction has the option of enabling a mobile Internet service through whichever RSUs are deployed within its territory and subject to its management, and to apply whatever schedule of charges for bandwidth consumption of the WAVE service channels that it deems appropriate.
  • The last of the three steps for authentication arises when there is no local database match for the PII, which requires additional procedures set forth below. To ensure inter-operability across regions for mobile Internet services, each infrastructure authority is to maintain a AAA server in which vehicles associated with that territory can be registered. An example of the need for this arises in the following scenario. A vehicle is registered (with the DMV) as having an address within a region where the policy of the infrastructure authority is for free mobile Internet service. The vehicle is currently travelling in another region which applies charges for bandwidth consumption and operates the administrative tools (AAA server) for this purpose. Each RSU in this region will advertise the IP address and UDP port number only of the AAA server which is owned and operated by the local authority. The OBU in the vehicle requests authorization to access the service. If the request comes from a non-DSRC mobiledevice, the AAA server attempts to validate the credentials. Otherwise it requests validation from the ECA for the enrollment certificate used by the OBU. But since the decrypted PII (e.g. the VIN) will not appear in the AAA database, the infrastructure authority could assert its right to deny the vehicle access to the mobile Internet services. The mechanisms for enabling or prohibiting access to the mobile Internet services are described below. However, if a “foreign” vehicle is not registered in its AAA server, an infrastructure authority is operable to interrogate the entire population of AAA servers wherever they have been deployed throughout the jurisdiction governed by the SCMS. If the infrastructure authority prohibits access to a “foreign” vehicle (i.e. one that is not registered in its AAA server) it is operable to forego the revenue that could otherwise be generated from an account associated with the PII registered in a “remote” AAA server.
  • In short, if mobile Internet services are to be accessible wherever a vehicle operates, a mechanism is necessary to enable the operator providing the service to authenticate a “foreign” vehicle operating in its territory and to reconcile the charges for bandwidth consumption with the AAA server in the home territory.
  • FIG. 4 illustrates the sequence of steps needed to find a “foreign” vehicle. As discussed above, the role of the ECA with respect to issuance of credentials to mobile devices is defined within the scope of the SCMS specifications. However, the ECA encompasses an additional role for authentication of devices which request mobile Internet services but cannot be found in local AAA server databases. This new role requires that the AAA server be integrated into the Public Key Infrastructure (PKI) architecture of the SCMS.
  • PKI systems are commonly used in Internet transactions for computing devices to present security credentials to any other device that needs proof of authenticity. Security credentials can be derived from a trust “chain” or “hierarchy”, whereby a digital certificate containing the credential(s), itself, is to be authenticated according to the digital signature of the issuer of the certificate. Authentication of a device based on the certificate it presents may require several iterations before reaching a “root” certificate authority which does not derive its trustworthiness from another entity above it in the “trust hierarchy”.
  • The role for the ECA is to incorporate the requisite functionality to support the various procedures or functions of exemplary embodiments herein. In particular, it is configured to issue a certificate to any AAA server that an infrastructure authority wishes to deploy. By doing so, it extends the trust hierarchy of the SCMS into the AAA servers that infrastructure authorities need to manage the monetization of the WAVE service channel spectrum. Furthermore, it is to maintain a NOVRAM table of the IP addresses of each AAA server to which it has issued certificates. This ensures that when the PII for the client cannot be found in the database of the local AAA server, the ECA can interrogate all of the duly certified AAA servers operating under the jurisdiction of the SCMS, in order to determine whether the vehicle in question is registered somewhere, as illustrated in step 150 of the flow chart in FIG. 9.
  • The interrogation of “remote” AAA servers by the ECA is exemplified in FIG. 4 by the interaction between the ECA 70 and the AAA servers 50 and 60. This representation is intended solely for the purpose of simplifying the diagram and is not intended to imply that the interrogation process is restricted to only two AAA servers. In the first case, ECA 70 sends a request 75 to a specified listener 56 running in AAA server 50, which in turn issues the query 55 to the database 53 for the VIN. A binary result (found/not found) is returned to the ECA with the response 76. Similarly, request 77 to listener 66 in AAA server 60, encompassing listener 66 and database 63 which are functionally equivalent to listener 40 and database 43, will trigger query 65 and the same type of binary result in response 78. Since the AAA servers are integrated in the PKI architecture of the SCMS system, the security provisions exists to ensure the confidentiality of the VIN information transmitted by the ECA.
  • Alternatively, and in order to decouple the credentialing responsibilities of the ECA as currently specified in the SCMS, from the credentialing requirements for any device associated with a mobile IP billing account, the AAA server is configured to issue “Internet Subscription” certificates to DSRC OBUs, as well as to non-DSRC mobile devices, as previously described. In this case, the communications path for distribution of “Internet Subscription” certificates to OBUs is over DSRC, instead of cellular, and the certificate information is, in some exemplary embodiments, secured by asymmetrical encryption using the enrollment certificate. The authorization request 25 from an OBU 20 uses its Internet Subscription certificate (in lieu of the enrollment certificate) to request authentication from the AAA server 40. This is illustrated in FIG. 6. The sequence of steps required to obtain an Internet Subscription certificate is as follows:
      • process 80 is spawned by process 21 (FIG. 1), running in OBU 20, the first time the WSA 35 (or 36) is received.
      • OBU 20 sends UPD/IP message 81 to the process 82, running in the AAA server 40, to request an Internet Subscription certificate. This request includes the OBU's enrollment certificate information.
      • process 82 sends a request/response exchange 83 to the ECA 70 to validate that the enrollment certificate has not been revoked.
      • process 82 sends request/response exchange 84 to module 85 to generate an asymmetrical encryption key pair for OBU 20 and an Internet Subscription certificate containing this information.
      • Process 82 encrypts the information generated by module 85, using the public key of the enrollment certificate received in message 81, and returns this, as the payload of message 86, to process 80 of the OBU 20.
      • OBU 20 acknowledges receipt with message 87.
  • The additional advantage of “Internet Subscription” certificates for OBUs is that it eliminates the need for interrogation, by the ECA, of multiple AAA servers in order to search for a “foreign” vehicle. Internet Subscription certificates include the domain name of the AAA server that issues them, which are included in the authorization request from OBUs (or in the authorization challenge response from non-DSRC mobile devices). The AAA server receiving the request can therefore resolve the domain name to an IP address. In turn, rather than scanning all remote servers until a match is found (requests 75, 77 and responses 76, 78 in FIG. 4), only a single UDP/IP request/response is required.
  • This alternative path of authorization/authentication of a “foreign” device is shown in FIG. 7. Process 41 running in AAA server 40 uses a DNS address resolution request 47 to a DNS server 90 to acquire the IP address of a remote AAA server 60, and then forwards the request 79 to AAA server 60. To ensure confidentiality of the PII information in the payload of request 79, AAA server 40 uses its own credentials obtained from the ECA, encrypting request 79 with its private key and sending its certificate information in request 79 so that remote AAA server 60 has the public key to decrypt the message. Since the credentials of AAA server 40 are obtained from the ECA, this both protects the private information included in request 79, and enables the remote AAA server 60 to authenticate the sender as being linked to the SCMS chain of trust and provide a response 88.
  • The third condition for authorization is to ensure that the enrollment certificate itself is confirmed as not having expired or been revoked for some reason. Some exemplary embodiments of a mechanism for accomplishing the authorization may involve constructing the request 46 such that its primary objective is verification that the enrollment certificate does not appear is the latest Certificate Revocation List maintained and disseminated by the SCMS. However, if the Certificate Revocation List is propagated by the SCMS to the AAA Server, there is no longer a requirement for request 46 to ask the ECA to verify the received certificate against the Certificate Revocation List. Secondarily, and only if the enrollment certificate is valid and the method described above, of directly interrogating the AAA server identified in the “Internet Subscription” certificate, is not used, request 46 can specify whether the PII in the request (i.e. the VIN) was not found in the local database and needs to be searched in the remote AAA servers.
  • AAA server 40 may respond to the sender of the request for authorization. If the security credentials are invalid or have been revoked, the billing account is delinquent or simply non-existent; the governing policy may call for the request to be denied. However, in order to ensure that IPv6 traffic is blocked, it is not sufficient for the AAA server 40 to send the client a notification of denial. Since the process of granting authorization for IPv6 connectivity falls outside the scope of the IEEE 1609 specifications, it follows that any device requesting such authorization is doing so “voluntarily” and that, if it is denied the authorization, it is not “obligated” to abide by this decision. WAVE specifications do not prohibit it from routing IPv6 traffic towards the destination addresses specified in the datagram headers and there are no provisions within WAVE for the RSU to block this traffic. It follows that a mechanism is required that enables the AAA server 40 to cause IPv6 traffic originating from a specific OBU to be filtered and, conversely, to cause the removal of a filter that has been applied to a specific OBU once it has been authenticated and authorized.
  • The preferred methodology for such a mechanism is one which can be implemented in an RSU certified to comply with USDOT recommendations, which implies that the protocol stack above WAVE, illustrated in FIG. 5, is fully implemented. A filtering mechanism operates as application layer software using an API provided by the RSU vendor which exposes the transport layer of the protocol stack. The requirement for a router to discard traffic, based on the point of origin of the traffic, arises in the case of Denial of Service (DOS) attacks. One of the methods used by ISPs to protect against these attacks is called Remote Triggered Black Hole (RTBH) filtering. RTBH filtering can be applied to both source and destination addresses but in the specific case of DOS, the filtering is applied to the source address. This methodology is described in the informational RFC 5635, incorporated herein by reference, which specifies the use of internal Border Gateway Protocol to deliver RTBH filtering instructions to a router. Border Gateway Protocol as specified in RFC 4271, incorporated herein by reference, operates as a peer-to-peer session over a TCP connection on a well-known port (179), allowing for the propagation of routing information between pairs of routers.
  • An infrastructure operator would normally have a plurality of RSUs and a very limited number, if not a single, AAA server, all operating within the same Autonomous System. This topology is illustrated in FIG. 8, where the AAA server 40 executes multiple instances of the BGP Finite State Machine defined in RFC 4271, each with a TCP connection to an individual
  • RSU 30. As shown in FIG. 10, the RTBH filtering instructions are sent as UPDATE messages, which are defined in RFC 4271 and which specify the addresses to be blocked (filtered) or unblocked by the receiving RSU 30. FIG. 5 illustrates use of BGP by a software application, in contrast to the more conventional scenario in which the BGP services are invoked by a network administrator through a command line interface. In other words, the use of BGP in the context of this disclosure is a completely automated process, defined by the flow chart in FIG. 10, which can be described in terms of the following algorithmic steps:
      • An authorization request 25 from an OBU 20 is received by the AAA server 40.
      • Authentication and authorization are carried out in step 200 according to the mechanisms already described in the present disclosure.
      • In step 210, the request is validated. If the request is invalidated (either because authentication fails or authorization is not granted), a “denial notification” can be returned to the OBU in the form of UDP message 92.
      • If the request is authorized, a “grant notification” 94 can be returned to the OBU.
      • In both cases of the preceding cases, a response 96 to the OBU is shown as a dotted line to signify that it is optional. The request for authorization is not part of the WAVE standard and therefore, as previously indicated, the OBU is neither obligated to send this request nor to listen for, or take any action with respect to, a response. Hence implementation of the response message in the AAA Server is not a requirement.
      • In both cases, the result of the authentication/authorization process becomes an input 98 to the invocation of the BGP service that sends an UPDATE message to the RSU through which the OBU request was routed to the AAA Server. Depending on the result, this message will instruct the peer BGP entity running in the RSU to either block or unblock traffic originating from the requesting OBU. The TCP connection is chosen according to the IPv6 address of the RSU, which is obtained by parsing the global prefix and subnet ID from the IPv6 address of the OBU (see RFC 4291 IP Version 6 Addressing Architecture, incorporated herein by reference).
      • An alternative methodology for instructing the RSU block mobile-terminated traffic to a specified mobile destination address would be to send an SNMP SET command instructing the RSU to set to either TRUE or FALSE the MIB object ipv6RouteValid corresponding to the ipv6RouteTable entry for the specified mobile destination address. This approach would not be applicable to blocking (or unblocking) the routing of mobile-originated traffic.
  • The last aspect of the subject invention is Accounting. Since one goal of the subject invention is the monetization of radio spectrum, the RSU, in some exemplary embodiments, is configured to keep track of the service channel bandwidth consumption by each device, when using the IPv6 interface, and periodically send reports to the AAA server. To accomplish this, the Management Information Base (MIB) of the IPv6 layer is extended to acquire packet and byte count statistics per client, the data is retrieved using a standard SNMP interface and periodically transmitted to the AAA server, in some exemplary embodiments through a TCP connection. The preferred implementation is illustrated in FIG. 11. Process 31 running in the RSU invokes the TRAP handler registration 33 to register TRAP handler 32 with the SNMP, so that per client byte count statistics are reported asynchronously. Whenever a packet is sent to, or received from, the WAVE IPv6 interface, the extended MIB provides the statistics on per client basis (Ipv6ByteRxorTxPacketByteCount), which generates TRAP message 34. TRAP handler 32 processes the TRAP and informs process 31 using a callback procedure 37. Process 31 accumulates the per client statistic in a NOVRAM table and periodically sends a UDP/IP report (message 38) to the AAA server which is persistent (i.e. requiring an acknowledgement). Before sending the acknowledgement, process 41 running in AAA server 40 invokes the database procedures 43 in order to store the information received in the report.
  • The individual components shown in outline or designated by blocks in the attached Drawings are all well-known in the injection molding arts, and their specific construction and operation are not critical to the operation or best mode for carrying out the invention.
  • While the present invention has been described with respect to what is presently considered to be the preferred embodiments, it is to be understood that the invention is not limited to the disclosed embodiments. To the contrary, the invention is intended to cover various modifications and equivalent arrangements included within the scope of the appended claims. The scope of the following claims is to be accorded the broadest interpretation so as to encompass all such modifications and equivalent structures and functions.
  • The following references are herein incorporated by reference
  • WAVE: IEEE WIRELESS ACCESS IN VEHICULAR ENVIRONMENTS (WAVE)-IEEE 1609 SERIES, available at http://www.techstreet.com/standards/ieee-wireless-access-in-vehicular-environments-wave-ieee-1609-series?sid=goog&gclid=Clbc_ZfFxs0CFQ6naQodjolKlg&product_id=1893147.
  • IEEE 802.11p: IEEE STANDARD 802.11p-2010-IEEE Standard for Information technology-Local and metropolitan area networks-Specific requirements-Part 11: Wireless LAN Medium Access Control (MAC) and Physical Layer (PHY) Specifications Amendment 6: Wireless Access in Vehicular Environments, available at: https://standards. ieee.org/findstds/standard/802.11p-2010. html
  • U.S. patent application Ser. No. 14/151,035, available at http://www.google.com/patents/US20140195102
  • SCMS Vehicle-to-Vehicle Security Credential Management System; Request for Information, A Notice by the National Highway Traffic Safety Administration on Oct. 15, 2014, available at http://federalregister.gov/a/2014-24482
  • Request For Comments (RFC) 4861 (Neighbor Discovery for IPv6) September 2007, available at https://tools.ietf.org/html/rfc4861
  • RFC 4862 (Stateless Address Autoconfiguration) September 2007, available at https://tools.ietf.org/html/rfc4862
  • RFC 6275 (Mobility Support in IPv6) July 2011, available at https://tools.ietf.org/html/rfc6275
  • RFC 5635 (Remote Triggered Black Hole Filtering) August 2009, available at https://tools.ietf.org/html/rfc5635
  • RFC 4271 (Border Gateway Protocol 4) January 2006, available at https://tools.ietf.org/html/rfc4271
  • RFC 4291 (IPv6 Addressing Architecture) February 2006, available at https://tools.ietf.org/html/rfc4291
  • V2V Readiness Report DOT HS 812 014 August 2014. Vehicle-to-Vehicle Communications: Readiness of V2V Technology for Application, available at http://docplayer.net/13180-Dot-hs-812-014-august-2014-vehicle-to-vehicle-communications-readiness-of-v2v-technology-for-application.html
  • All U.S. patents and patent applications discussed above, as well as all articles, documents, papers, specifications, etc., referenced above are hereby incorporated by reference herein.

Claims (16)

What is claimed is:
1. An AAA server operated by, or on behalf of a Dedicated Short-Range Communications infrastructure authority, transmitting messages among and between On-board Units (OBU) and Roadside Units (RSU), said AAA server comprising at least one processor running at least one computer program adapted to communicate through the Internet with a plurality of user devices and/or an OBU operating a subnet for one or more user devices, with a plurality of RSUs, in order to carry out the functions of Authentication, Authorization and Accounting (AAA), enabling the authority to account for Wireless Access Vehicular Environment service channel bandwidth consumption by each of said user devices having been duly provisioned by said AAA server.
2. An AAA server, as defined in claim 1, configured as a Certificate Management Entity and operable to issue Internet Subscription digital certificates for IPv6-addressable user devices and to transmit said certificates to said user devices over a secure communications channel, said certificates including the domain name of said AAA server.
3. An AAA server, as defined in claim 2, linked to a PKI chain of trust between components of a Security Credentials and Management System (SCMS), operable to process requests from DSRC OBUs for said digital certificates, said requests encapsulating Personal Identifying Information (PII) for said OBUs and secured by the asymmetrical encryption algorithm specified in IEEE 1609.2, using an enrollment certificate issued to said OBUs by the SCMS and operable to establish said secure communications channel for sending said certificate to said OBU using the encryption key of said enrollment certificate.
4. An AAA server, as defined in claim 3, operable to process requests from non-DSRC mobile devices for said digital certificates, said requests encapsulating PII for said mobile device, each mobile device initiating a handshaking protocol to establish a secure, symmetrically encrypted communications channel with said AAA server.
5. An AAA server, as defined in claim 3, operable to receive combined authorization and authentication requests from OBUs, said requests incorporating credentials in the form of digital signatures generated using keys from said Internet Subscription certificates issued to said OBUs by said AAA server; operable to receive said combined authorization and authentication requests forwarded from one or more remote AAA servers on behalf of OBUs that have received said Internet Subscription certificates from said remote AAA servers; operable to process requests from both said OBUs and said remote AAA servers by cryptographic validation of the credentials presented correspondingly by said OBUs and said remote AAA servers, for each request querying a non-remote AAA database for a match with PII contained in the request, and returning a message to the requesting OBU or remote AAA, either granting or denying authorization with a code representing a reason for denial.
6. An AAA server, as defined in claim 3, operable to receive authorization requests from said OBUs on behalf of non-DSRC mobile devices, to send UDP/IP authentication challenge messages directly or indirectly to IPv6 address of said non-DSRC mobile devices; to process responses to said authentication challenges which incorporate credentials in the form of digital signatures generated using keys from said Internet Subscription certificates issued to said non-DSRC mobile devices by said AAA server; and operable to receive said authorization requests forwarded from a remote AAA server on behalf of non-DSRC mobile devices that have received Internet Subscription credentials from said AAA server; operable to process said requests from both non-DSRC mobile devices and remote AAA servers by cryptographic validation of the credentials presented, querying the local AAA database for a match with PII contained in the request, and returning a message to the requester either granting or denying authorization with a code explaining the reason for denial.
7. An AAA server, as defined in claim 3, operable, in the case where the domain name of the Certificate Management Entity having issued credentials used by a user device to request authentication and authorization, identifies a remote AAA server, to forward said request to said remote AAA server, using credentials obtained from said SCMS chain of trust to secure communications with said remote server.
8. An AAA server, as defined in claim 3, operable, in the case where the domain name of the Certificate Management Entity having issued the credentials used by a user device to respond to an authentication challenge from said AAA server, identifies a remote AAA server, to forward said request to said remote AAA server, using credentials obtained from said SCMS chain of trust to secure communications with said remote AAA server.
9. An AAA server, as defined in claim 1, operable to use Remotely Triggered Black Hole (RTBH) filtering with internal Border Gateway Protocol to send UPDATE messages to RSUs within a same Autonomous System, said UPDATE messages being triggered by, and encapsulating the results of an authentication and authorization request for Internet Subscription services received from a user device, said results being either the failure to authenticate said mobile device, or the granting or denial of authorization to said user device.
10. A Roadside Unit (RSU) configured with an extended IPv6 Management Information Base (MIB) operable to determine packet and byte count statistics for Wireless Access Vehicular Vehicle (WAVE) service channel usage per client device, said client device being either an On-board Unit (OBU), a non-DSRC mobile device that is IPv6-reachable through an OBU, or a DSRC-enabled user device; said IPv6 MIB being also operable to retrieve, for each datagram received from an IPv6 node operating in a route optimization mode of Mobile IPv6, a fixed “home address” of the mobile node carried in the Mobile IPv6 routing header of said datagram; said RSU being operable to accumulate, in Non-volatile Random Access Memory (NOVRAM), said packet and byte count statistics for WAVE service channel usage per client device and periodically to send said statistics to a AAA server, encapsulated in a UDP/IP message, only refreshing said NOVRAM table when the AAA server has acknowledged reception of said UDP/IP message.
11. An RSU as defined in claim 10, compliant with the USDOT specifications found in http://docplayer.net/11087167-Dsrc-roadside-unit-rsu-specifications-document.html or a functional equivalent thereof.
12. An RSU, as defined in claim 11, operable to process RTBH filtering instructions from a AAA server within a same Autonomous System.
13. An OBU, compliant with WAVE and IEEE 802.11p and configurable with dual-radio capability, running at least one application level computer program adapted to request authentication and authorization from a AAA server, for IPv6 connectivity to the Internet, either on behalf of a neighboring non-DSRC mobile device or for itself, and configured with an extended IPv6 MIB operable to retrieve the addresses of neighboring devices when a new entry is inserted in a routing table, using either a synchronous method based on SNMP GET to retrieve the routing table periodically, or an asynchronous method based on SNMP TRAP to report “real-time” changes in the routing table.
14. An OBU, as defined claim in 14, operable to request “Internet Subscription” credentials from a AAA server, using its SCMS enrollment certificate from encryption of the request to, and decryption of the response from, said AAA server, and operable to use said credentials when requesting authentication and authorization from said AAA server for said IPv6 connectivity to the Internet.
15. A system facilitating communication between and among On-board Units (OBU) and Roadside Units (RSU) utilizing Dedicated Short-Range Communications (DSRC) to communicate through the Internet with a plurality of user devices and/or an OBU operating a subnet for one or more user devices, said system comprising:
a server transmitting messages among and between the OBU and the RSU, said server comprising at least one processor running at least one computer program adapted to authenticate the user device, authorize the user device to have access to Wireless Access Vehicular Environment (WAVE) service channels, and account for bandwidth consumption by each of said user devices having been duly authenticated and authorized by said AAA server.
16. A system as defined in claim 15, comprising a plurality of servers operated by, or on behalf of a Dedicated Short-Range Communications (DSRC) infrastructure authority.
US16/581,016 2016-07-01 2019-09-24 System for authenticating and authorizing access to and accounting for wireless access vehicular environment consumption by client devices Abandoned US20200128374A1 (en)

Priority Applications (3)

Application Number Priority Date Filing Date Title
US16/581,016 US20200128374A1 (en) 2016-07-01 2019-09-24 System for authenticating and authorizing access to and accounting for wireless access vehicular environment consumption by client devices
US17/832,071 US11812349B2 (en) 2016-07-01 2022-06-03 System for authenticating and authorizing access to and accounting for wireless access vehicular environment consumption by client devices
US18/378,947 US20240040350A1 (en) 2016-07-01 2023-10-11 System for authenticating and authorizing access to and accounting for wireless access vehicular environment consumption by client devices

Applications Claiming Priority (4)

Application Number Priority Date Filing Date Title
US201662357504P 2016-07-01 2016-07-01
US15/639,022 US10187767B2 (en) 2016-07-01 2017-06-30 System for authenticating and authorizing access to and accounting for wireless access vehicular environment consumption by client devices
US201916253861A 2019-01-22 2019-01-22
US16/581,016 US20200128374A1 (en) 2016-07-01 2019-09-24 System for authenticating and authorizing access to and accounting for wireless access vehicular environment consumption by client devices

Related Parent Applications (1)

Application Number Title Priority Date Filing Date
US201916253861A Continuation 2016-07-01 2019-01-22

Related Child Applications (1)

Application Number Title Priority Date Filing Date
US17/832,071 Division US11812349B2 (en) 2016-07-01 2022-06-03 System for authenticating and authorizing access to and accounting for wireless access vehicular environment consumption by client devices

Publications (1)

Publication Number Publication Date
US20200128374A1 true US20200128374A1 (en) 2020-04-23

Family

ID=60786950

Family Applications (4)

Application Number Title Priority Date Filing Date
US15/639,022 Active 2037-07-14 US10187767B2 (en) 2016-07-01 2017-06-30 System for authenticating and authorizing access to and accounting for wireless access vehicular environment consumption by client devices
US16/581,016 Abandoned US20200128374A1 (en) 2016-07-01 2019-09-24 System for authenticating and authorizing access to and accounting for wireless access vehicular environment consumption by client devices
US17/832,071 Active US11812349B2 (en) 2016-07-01 2022-06-03 System for authenticating and authorizing access to and accounting for wireless access vehicular environment consumption by client devices
US18/378,947 Pending US20240040350A1 (en) 2016-07-01 2023-10-11 System for authenticating and authorizing access to and accounting for wireless access vehicular environment consumption by client devices

Family Applications Before (1)

Application Number Title Priority Date Filing Date
US15/639,022 Active 2037-07-14 US10187767B2 (en) 2016-07-01 2017-06-30 System for authenticating and authorizing access to and accounting for wireless access vehicular environment consumption by client devices

Family Applications After (2)

Application Number Title Priority Date Filing Date
US17/832,071 Active US11812349B2 (en) 2016-07-01 2022-06-03 System for authenticating and authorizing access to and accounting for wireless access vehicular environment consumption by client devices
US18/378,947 Pending US20240040350A1 (en) 2016-07-01 2023-10-11 System for authenticating and authorizing access to and accounting for wireless access vehicular environment consumption by client devices

Country Status (3)

Country Link
US (4) US10187767B2 (en)
CA (1) CA3058076A1 (en)
WO (1) WO2018002904A1 (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20240137850A1 (en) * 2013-01-09 2024-04-25 Paxgrid Telemetric Systems, Inc. Vehicle communications via wireless access vehicular environment

Families Citing this family (29)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9301699B2 (en) * 2009-09-18 2016-04-05 St. Jude Medical Coordination Center Bvba Device for acquiring physiological variables measured in a body
JP6406193B2 (en) * 2015-09-17 2018-10-17 株式会社デンソー Communication device
WO2018002904A1 (en) 2016-07-01 2018-01-04 Cnathanson Martin D System for authenticating and authorizing access to and accounting for wireless access vehicular environment consumption by client devices
US10476679B2 (en) 2017-11-14 2019-11-12 INTEGRITY Security Services, Inc. Systems, methods, and devices for multi-stage provisioning and multi-tenant operation for a security credential management system
AU2017445300B2 (en) 2017-12-28 2024-02-15 Paxgrid Cdn Inc. System for authenticating and authorizing access to and accounting for wireless access vehicular environment consumption by client devices
US10680834B2 (en) * 2018-01-31 2020-06-09 GM Global Technology Operations LLC Security credential programming system for programming security processor chips of vehicle control modules
US20190244518A1 (en) * 2018-02-06 2019-08-08 Cavh Llc Connected automated vehicle highway systems and methods for shared mobility
US10645094B2 (en) 2018-02-16 2020-05-05 Integrity Security Services Llc Systems, methods, and devices for provisioning and processing geolocation information for computerized devices
JP7254822B2 (en) * 2018-02-16 2023-04-10 インテグリティ セキュリティ サービシーズ エルエルシー Systems, methods, and apparatus for provisioning and processing geolocation information for computerized devices
US10708808B2 (en) * 2018-05-14 2020-07-07 Denso International America, Inc. Systems and methods for receiving/transmitting basic safety messages and IP communications with a DSRC radio
US11924639B2 (en) 2018-06-11 2024-03-05 Malikie Innovations Limited Revoking credentials after service access
US10728230B2 (en) * 2018-07-05 2020-07-28 Dell Products L.P. Proximity-based authorization for encryption and decryption services
US10771119B2 (en) * 2018-09-18 2020-09-08 Denso International America, Inc. Intelligent antenna system
US11184178B2 (en) * 2018-09-28 2021-11-23 Blackberry Limited Method and system for intelligent transportation system certificate revocation list reduction
CN110971397B (en) 2018-09-28 2021-09-14 华为技术有限公司 Communication method, communication device, server and system
WO2020098941A1 (en) * 2018-11-15 2020-05-22 Huawei Technologies Co., Ltd. Automatic digital identification system integrated between consumer devices and backend services
CN113168483A (en) * 2018-12-06 2021-07-23 大众汽车股份公司 System and method for using global voters using a regional certificate trust list
CN111435945B (en) * 2019-01-15 2023-11-07 厦门雅迅网络股份有限公司 Automobile Ethernet communication method, terminal equipment and storage medium
JP7273523B2 (en) * 2019-01-25 2023-05-15 株式会社東芝 Communication control device and communication control system
US11218454B2 (en) * 2019-02-05 2022-01-04 Cisco Technology, Inc. Facilitating user privacy in communications involving semantic-bearing IPv6 addresses
CN110337088A (en) * 2019-03-18 2019-10-15 北京千方科技股份有限公司 Platooning's communication system and method
WO2020229895A2 (en) * 2019-04-11 2020-11-19 Lg Electronics, Inc. Systems and methods for countering co-existence attack
CN110072213A (en) * 2019-04-23 2019-07-30 山东超越数控电子股份有限公司 A kind of high-performance server is applied to the method in vehicular ad hoc network
CN112291283B (en) * 2019-07-22 2023-03-10 华为技术有限公司 Communication method and device
CN110418342B (en) * 2019-08-08 2022-03-25 深圳成谷科技有限公司 Long-term secret key management method, device and equipment
US12081979B2 (en) * 2020-11-05 2024-09-03 Visa International Service Association One-time wireless authentication of an Internet-of-Things device
US11470112B2 (en) 2020-11-30 2022-10-11 Oracle International Corporation Detection and mitigation of denial of service attacks in distributed networking environments
CN113743926B (en) * 2021-08-26 2024-04-12 如般量子科技有限公司 Anonymous communication and charging system and method based on chargeable ID
CN114553472B (en) * 2022-01-05 2023-09-29 中国互联网络信息中心 Authentication method, authentication device, electronic equipment and storage medium

Family Cites Families (90)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US2292387A (en) 1941-06-10 1942-08-11 Markey Hedy Kiesler Secret communication system
US4188618A (en) 1971-06-29 1980-02-12 Weisbart Emanuel S Digital tachograph system with digital memory system
US4831539A (en) 1984-04-27 1989-05-16 Hagenbuch Roy George Le Apparatus and method for locating a vehicle in a working area and for the on-board measuring of parameters indicative of vehicle performance
US4999833A (en) 1985-05-06 1991-03-12 Itt Corporation Network connectivity control by artificial intelligence
US4804937A (en) 1987-05-26 1989-02-14 Motorola, Inc. Vehicle monitoring arrangement and system
FR2619232B1 (en) 1987-08-07 1994-04-29 Muller & Cie Ets M DATA ACQUISITION AND PROCESSING EQUIPMENT FOR AUTOMOTIVE TECHNICAL CONTROL CENTER
IT1222664B (en) 1987-09-16 1990-09-12 Honeywell Bull Italiana S P A BUS DRIVING AND DECODING CIRCUIT
US4939652A (en) 1988-03-14 1990-07-03 Centrodyne Inc. Trip recorder
GB8903123D0 (en) 1989-02-11 1989-03-30 Lewis Roger W D Vehicle monitoring system
US5073900A (en) 1990-03-19 1991-12-17 Mallinckrodt Albert J Integrated cellular communications system
US5371780A (en) 1990-10-01 1994-12-06 At&T Corp. Communications resource assignment in a wireless telecommunications system
US5546444A (en) 1994-03-11 1996-08-13 Bellsouth Corporation Methods and apparatus for communicating data via a cellular network control channel
US5668880A (en) 1991-07-08 1997-09-16 Alajajian; Philip Michael Inter-vehicle personal data communications device
EP0524676A1 (en) 1991-07-08 1993-01-27 Koninklijke Philips Electronics N.V. Method and arrangement for data transmission
US5177464A (en) 1991-09-04 1993-01-05 Ford Motor Company Catalyst monitoring using a hydrocarbon sensor
US5535274A (en) 1991-10-19 1996-07-09 Cellport Labs, Inc. Universal connection for cellular telephone interface
GB2263376A (en) 1992-01-02 1993-07-21 Leslie Keith Davies Vehicle monitoring equipment
US5223844B1 (en) 1992-04-17 2000-01-25 Auto Trac Inc Vehicle tracking and security system
DE4229931C2 (en) 1992-09-08 1997-01-23 Daimler Benz Ag Method for programming a bus-compatible electronic vehicle control unit
US5497508A (en) 1992-09-30 1996-03-05 Uniden America Corporation Method and apparatus for efficiently monitoring a plurality of radio channels to detect message signals
US6437743B1 (en) 1992-12-04 2002-08-20 Yosef Mintz Method and system for mapping and tracking information from a plurality of remote stations
IL103976A0 (en) 1992-12-04 1994-05-30 Mintz Yossi Method and system for iteratively targeting participants according to their priorities
CA2110025A1 (en) 1992-12-16 1994-06-17 Gerard Joseph Hughes Automatic vehicle recognition and customer automobile diagnostic system
US5400018A (en) 1992-12-22 1995-03-21 Caterpillar Inc. Method of relaying information relating to the status of a vehicle
EP0615391A1 (en) 1993-03-09 1994-09-14 ALCATEL BELL Naamloze Vennootschap Mobile communication network
US5802502A (en) 1993-05-24 1998-09-01 British Telecommunications Public Limited Company System for selective communication connection based on transaction pricing signals
US5854985A (en) 1993-12-15 1998-12-29 Spectrum Information Technologies, Inc. Adaptive omni-modal radio apparatus and methods
JP3215018B2 (en) 1994-09-09 2001-10-02 三菱電機株式会社 Mobile communication system
US5619412A (en) 1994-10-19 1997-04-08 Cummins Engine Company, Inc. Remote control of engine idling time
US5594425A (en) 1994-10-31 1997-01-14 Peoplenet, Inc. Locator device
KR19980702740A (en) 1995-03-03 1998-08-05 밀러 럿셀 비 Method and apparatus for monitoring parameters of vehicular electronic control device
FI106671B (en) 1995-03-13 2001-03-15 Nokia Mobile Phones Ltd Mobile telephony, mobile terminal and a method of establishing a connection from a mobile terminal
US5768531A (en) 1995-03-27 1998-06-16 Toshiba America Information Systems Apparatus and method for using multiple communication paths in a wireless LAN
US5844473A (en) 1995-04-12 1998-12-01 Products Research, Inc. Method and apparatus for remotely collecting operational information of a mobile vehicle
US5717737A (en) 1995-06-01 1998-02-10 Padcom, Inc. Apparatus and method for transparent wireless communication between a remote device and a host system
US5926745A (en) 1995-11-30 1999-07-20 Amsc Subsidiary Corporation Network operations center for mobile earth terminal satellite communications system
US5732074A (en) 1996-01-16 1998-03-24 Cellport Labs, Inc. Mobile portable wireless communication system
US5897605A (en) 1996-03-15 1999-04-27 Sirf Technology, Inc. Spread spectrum receiver with fast signal reacquisition
US6477581B1 (en) 1996-04-09 2002-11-05 International Business Machines Corporation Location/motion sensitive computer connection
US6028537A (en) 1996-06-14 2000-02-22 Prince Corporation Vehicle communication and remote control system
FR2750517B1 (en) 1996-06-27 1998-08-14 Bull Sa METHOD FOR MONITORING A PLURALITY OF OBJECT TYPES OF A PLURALITY OF NODES FROM A ADMINISTRATION NODE IN A COMPUTER SYSTEM
US5886988A (en) 1996-10-23 1999-03-23 Arraycomm, Inc. Channel assignment and call admission control for spatial division multiple access communication systems
DE69739487D1 (en) 1996-11-13 2009-08-20 Toyota Motor Co Ltd COMMUNICATION DEVICE OF INFORMATION ON MOTOR VEHICLES AND COMMUNICATION SYSTEM OF INFORMATION ON MOTOR VEHICLES
US6122514A (en) 1997-01-03 2000-09-19 Cellport Systems, Inc. Communications channel selection
US5905859A (en) 1997-01-09 1999-05-18 International Business Machines Corporation Managed network device security method and apparatus
DE19720285A1 (en) 1997-05-15 1998-11-19 Bosch Gmbh Robert Process for the tamper-proof configuration of a motor vehicle control unit and control unit
JP3374042B2 (en) 1997-05-16 2003-02-04 本田技研工業株式会社 Inter-vehicle communication method
US6405111B2 (en) 1997-05-16 2002-06-11 Snap-On Technologies, Inc. System and method for distributed computer automotive service equipment
US6185413B1 (en) 1997-06-17 2001-02-06 Siemens Aktiengesellschaft Mobile station having a cost-efficient call management method and system
DE19725916A1 (en) 1997-06-19 1999-01-28 Daimler Benz Ag Computer=aided diagnosis device for electronically-controlled systems in motor vehicle
US5961561A (en) 1997-08-14 1999-10-05 Invacare Corporation Method and apparatus for remote maintenance, troubleshooting, and repair of a motorized wheelchair
WO1999022497A1 (en) 1997-10-23 1999-05-06 Martin Daniel Nathanson Telecommunication systems
US20020150050A1 (en) 1999-06-17 2002-10-17 Nathanson Martin D. Automotive telemetry protocol
US20100030423A1 (en) 1999-06-17 2010-02-04 Paxgrid Telemetric Systems, Inc. Automotive telemetry protocol
US6590928B1 (en) 1997-09-17 2003-07-08 Telefonaktiebolaget Lm Ericsson (Publ) Frequency hopping piconets in an uncoordinated wireless multi-user system
US6073089A (en) 1997-10-22 2000-06-06 Baker; Michelle Systems and methods for adaptive profiling, fault detection, and alert generation in a changing environment which is measurable by at least two different measures of state
US5999978A (en) 1997-10-31 1999-12-07 Sun Microsystems, Inc. Distributed system and method for controlling access to network resources and event notifications
US5999179A (en) 1997-11-17 1999-12-07 Fujitsu Limited Platform independent computer network management client
US6535493B1 (en) 1998-01-15 2003-03-18 Symbol Technologies, Inc. Mobile internet communication protocol
US6360257B1 (en) 1998-01-30 2002-03-19 Telefonaktiebolaget L M Ericsson (Publ) Managing group IP addresses in mobile end stations
JPH11298945A (en) 1998-04-08 1999-10-29 Oki Electric Ind Co Ltd Mobile object, mobile object position registration device and mobile object communication system
JP3227489B2 (en) 1998-04-23 2001-11-12 国土交通省土木研究所長 Vehicle communication system and method for dynamically allocating channels
US6085237A (en) 1998-05-01 2000-07-04 Cisco Technology, Inc. User-friendly interface for setting expressions on an SNMP agent
US6445308B1 (en) 1999-01-12 2002-09-03 Toyota Jidosha Kabushiki Kaisha Positional data utilizing inter-vehicle communication method and traveling control apparatus
US6487717B1 (en) 1999-01-15 2002-11-26 Cummins, Inc. System and method for transmission of application software to an embedded vehicle computer
US6295492B1 (en) 1999-01-27 2001-09-25 Infomove.Com, Inc. System for transmitting and displaying multiple, motor vehicle information
US6857013B2 (en) 1999-01-29 2005-02-15 Intermec Ip.Corp. Remote anomaly diagnosis and reconfiguration of an automatic data collection device platform over a telecommunications network
US6181994B1 (en) 1999-04-07 2001-01-30 International Business Machines Corporation Method and system for vehicle initiated delivery of advanced diagnostics based on the determined need by vehicle
JP2000322696A (en) 1999-05-07 2000-11-24 Honda Motor Co Ltd In-line travel controller
US7027773B1 (en) 1999-05-28 2006-04-11 Afx Technology Group International, Inc. On/off keying node-to-node messaging transceiver network with dynamic routing and configuring
WO2000074402A1 (en) 1999-05-28 2000-12-07 Afx Technology Group International, Inc. Wireless transceiver network employing node-to-node data messaging
US6362730B2 (en) 1999-06-14 2002-03-26 Sun Microsystems, Inc. System and method for collecting vehicle information
US6975612B1 (en) 1999-06-14 2005-12-13 Sun Microsystems, Inc. System and method for providing software upgrades to a vehicle
US6507810B2 (en) 1999-06-14 2003-01-14 Sun Microsystems, Inc. Integrated sub-network for a vehicle
US6754183B1 (en) 1999-06-14 2004-06-22 Sun Microsystems, Inc. System and method for integrating a vehicle subnetwork into a primary network
US6253122B1 (en) 1999-06-14 2001-06-26 Sun Microsystems, Inc. Software upgradable dashboard
US6370449B1 (en) 1999-06-14 2002-04-09 Sun Microsystems, Inc. Upgradable vehicle component architecture
US6330499B1 (en) 1999-07-21 2001-12-11 International Business Machines Corporation System and method for vehicle diagnostics and health monitoring
JP2001154725A (en) 1999-11-30 2001-06-08 Mitsubishi Motors Corp Method and device for diagnosing fault of vehicle, and computer readable recording medium recorded with fault diagnostic program
US6587781B2 (en) 2000-08-28 2003-07-01 Estimotion, Inc. Method and system for modeling and processing vehicular traffic data and information and applying thereof
AU2001295325A1 (en) 2000-10-13 2002-04-22 Paxgrid Telemetric Systems Inc. Automotive telemetry protocol
TWI259337B (en) 2000-12-06 2006-08-01 Seiko Epson Corp Non-magnetic mono-component toner and image forming device using the same
US6662099B2 (en) 2001-05-22 2003-12-09 Massachusetts Institute Of Technology Wireless roadway monitoring system
US8599843B2 (en) * 2009-03-02 2013-12-03 Futurewei Technologies, Inc. Apparatus and method for route optimization for proxy mobile internet protocol version six local routing
US8996868B2 (en) * 2010-12-15 2015-03-31 Electronics And Telecommunications Research Institute Method of authenticating vehicle communication
WO2014118647A2 (en) * 2013-01-09 2014-08-07 Nathanson Martin D Vehicle communications via wireless access vehicular environment
US20150262198A1 (en) 2014-03-13 2015-09-17 GM Global Technology Operations LLC Method and apparatus of tracking and predicting usage trend of in-vehicle apps
US10148759B2 (en) * 2016-04-04 2018-12-04 Gogo Llc Presence-based network authentication
WO2018002904A1 (en) 2016-07-01 2018-01-04 Cnathanson Martin D System for authenticating and authorizing access to and accounting for wireless access vehicular environment consumption by client devices
AU2017445300B2 (en) 2017-12-28 2024-02-15 Paxgrid Cdn Inc. System for authenticating and authorizing access to and accounting for wireless access vehicular environment consumption by client devices

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20240137850A1 (en) * 2013-01-09 2024-04-25 Paxgrid Telemetric Systems, Inc. Vehicle communications via wireless access vehicular environment

Also Published As

Publication number Publication date
US11812349B2 (en) 2023-11-07
US20220303739A1 (en) 2022-09-22
US10187767B2 (en) 2019-01-22
US20240040350A1 (en) 2024-02-01
WO2018002904A1 (en) 2018-01-04
US20180004933A1 (en) 2018-01-04
CA3058076A1 (en) 2018-01-04

Similar Documents

Publication Publication Date Title
US11812349B2 (en) System for authenticating and authorizing access to and accounting for wireless access vehicular environment consumption by client devices
US20230370460A1 (en) System for authenticating and authorizing access to and accounting for wireless access vehicular environment consumption by client devices
CN107852341B (en) Subsystem for authorization and activation of features
US20210337386A1 (en) Validating authorization for use of a set of features of a device
CN110572819A (en) Block chain-based multi-domain wireless Mesh network cross-domain authentication method and system
Moustafa et al. Providing authentication and access control in vehicular network environment
Boubakri et al. Access control in 5G communication networks using simple PKI certificates
WO2016205673A1 (en) Enhanced address registration in constrained networks
Moustafa et al. Vehicular networks deployment view: Applications, deployment architectures and security means
Wi et al. Group key based session key establishment protocol for a secure remote vehicle diagnosis
CN117318948A (en) Communication method and device
Coronado et al. A secure service architecture to support wireless vehicular networks
Hammad et al. CARCLOUD: A Secure Architecture for Vehicular Cloud Computing
Nyström et al. Experimental Study of GPRS/WLAN Systems Integration

Legal Events

Date Code Title Description
STPP Information on status: patent application and granting procedure in general

Free format text: DOCKETED NEW CASE - READY FOR EXAMINATION

STPP Information on status: patent application and granting procedure in general

Free format text: NON FINAL ACTION MAILED

STPP Information on status: patent application and granting procedure in general

Free format text: NON FINAL ACTION MAILED

STCB Information on status: application discontinuation

Free format text: ABANDONED -- FAILURE TO RESPOND TO AN OFFICE ACTION