WO2019069129A1 - Procédés et dispositifs de gestion d'accès à un véhicule - Google Patents

Procédés et dispositifs de gestion d'accès à un véhicule Download PDF

Info

Publication number
WO2019069129A1
WO2019069129A1 PCT/IB2018/001213 IB2018001213W WO2019069129A1 WO 2019069129 A1 WO2019069129 A1 WO 2019069129A1 IB 2018001213 W IB2018001213 W IB 2018001213W WO 2019069129 A1 WO2019069129 A1 WO 2019069129A1
Authority
WO
WIPO (PCT)
Prior art keywords
signal
vehicle
communication unit
mobile device
receiving
Prior art date
Application number
PCT/IB2018/001213
Other languages
English (en)
Inventor
Shane Adrian WRIGHT
Cameron Kenneth SMITH
Rahim Fateali KESHWANI
Daniel Freeman LOCKHART
David SITEK
Original Assignee
Keyfree Technologies Inc.
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Keyfree Technologies Inc. filed Critical Keyfree Technologies Inc.
Publication of WO2019069129A1 publication Critical patent/WO2019069129A1/fr

Links

Classifications

    • BPERFORMING OPERATIONS; TRANSPORTING
    • B60VEHICLES IN GENERAL
    • B60RVEHICLES, VEHICLE FITTINGS, OR VEHICLE PARTS, NOT OTHERWISE PROVIDED FOR
    • B60R25/00Fittings or systems for preventing or indicating unauthorised use or theft of vehicles
    • B60R25/10Fittings or systems for preventing or indicating unauthorised use or theft of vehicles actuating a signalling device
    • B60R25/102Fittings or systems for preventing or indicating unauthorised use or theft of vehicles actuating a signalling device a signal being sent to a remote location, e.g. a radio signal being transmitted to a police station, a security company or the owner
    • BPERFORMING OPERATIONS; TRANSPORTING
    • B60VEHICLES IN GENERAL
    • B60RVEHICLES, VEHICLE FITTINGS, OR VEHICLE PARTS, NOT OTHERWISE PROVIDED FOR
    • B60R25/00Fittings or systems for preventing or indicating unauthorised use or theft of vehicles
    • B60R25/20Means to switch the anti-theft system on or off
    • B60R25/24Means to switch the anti-theft system on or off using electronic identifiers containing a code not memorised by the user
    • GPHYSICS
    • G08SIGNALLING
    • G08CTRANSMISSION SYSTEMS FOR MEASURED VALUES, CONTROL OR SIMILAR SIGNALS
    • G08C17/00Arrangements for transmitting signals characterised by the use of a wireless electrical link
    • G08C17/02Arrangements for transmitting signals characterised by the use of a wireless electrical link using a radio link
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/03Protecting confidentiality, e.g. by encryption
    • H04W12/033Protecting confidentiality, e.g. by encryption of the user plane, e.g. user's traffic
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/10Integrity
    • H04W12/106Packet or message integrity
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W4/00Services specially adapted for wireless communication networks; Facilities therefor
    • H04W4/30Services specially adapted for particular environments, situations or purposes
    • H04W4/40Services specially adapted for particular environments, situations or purposes for vehicles, e.g. vehicle-to-pedestrians [V2P]
    • BPERFORMING OPERATIONS; TRANSPORTING
    • B60VEHICLES IN GENERAL
    • B60RVEHICLES, VEHICLE FITTINGS, OR VEHICLE PARTS, NOT OTHERWISE PROVIDED FOR
    • B60R2325/00Indexing scheme relating to vehicle anti-theft devices
    • B60R2325/10Communication protocols, communication systems of vehicle anti-theft devices
    • B60R2325/108Encryption
    • BPERFORMING OPERATIONS; TRANSPORTING
    • B60VEHICLES IN GENERAL
    • B60RVEHICLES, VEHICLE FITTINGS, OR VEHICLE PARTS, NOT OTHERWISE PROVIDED FOR
    • B60R2325/00Indexing scheme relating to vehicle anti-theft devices
    • B60R2325/20Communication devices for vehicle anti-theft devices
    • B60R2325/205Mobile phones
    • GPHYSICS
    • G08SIGNALLING
    • G08CTRANSMISSION SYSTEMS FOR MEASURED VALUES, CONTROL OR SIMILAR SIGNALS
    • G08C2201/00Transmission systems of control signals via wireless link
    • G08C2201/60Security, fault tolerance
    • GPHYSICS
    • G08SIGNALLING
    • G08CTRANSMISSION SYSTEMS FOR MEASURED VALUES, CONTROL OR SIMILAR SIGNALS
    • G08C2201/00Transmission systems of control signals via wireless link
    • G08C2201/90Additional features
    • G08C2201/93Remote control using other portable devices, e.g. mobile phone, PDA, laptop

Definitions

  • a first aspect provided herein is a mobile device based system for granting
  • authorization to control a vehicle comprising: a communication unit; a vehicle control module that is separate and distinct from the communication unit; and a mobile device capable of receiving a user input and a first signal, and sending a second signal
  • the mobile device comprises at least one mobile application including executable instructions to control the vehicle, wherein the executable instructions comprise: receiving the first signal from an internet, a cellular network, a server, or any combination thereof; storing the first signal; receiving the user input; and sending the second signal to the communication unit in response to receiving the user input; wherein the first and second signals both comprise a common unique identifier; wherein the communication unit is capable of receiving the second signal from the mobile device and sending a third signal to the vehicle control module; and wherein the vehicle control module is capable of receiving the third signal and sending a command to a receiver within the vehicle.
  • the mobile device is capable of performing the executable instruction of sending the second signal to the communication unit without access to the internet, the cellular network, or the server. In some embodiments, the mobile device is capable of receiving and storing the first signal before receiving the user input. In some embodiments, the communication unit is capable of receiving the second signal from a variety of mobile devices. In some embodiments, the communication unit is capable of sending the third signal to a variety of vehicle control modules. In some embodiments, the vehicle control module is capable of functionally communicating with both the communication unit and the receiver. In some embodiments, at least one of the vehicle control module and the receiver are associated with a specific vehicle.
  • At least one of the communication unit and the vehicle control module is removably or non-removably mounted to the vehicle. In some embodiments, at least one of the communication unit and the vehicle control module is removably or non- removably mounted to an OBD port of the vehicle. In some embodiments, at least one of the communication unit and the vehicle control module are powered by the OBD port of the vehicle, a primary battery, a rechargeable battery, an energy generator, or any combination thereof. In some embodiments, the communication unit is further capable of receiving a fourth signal comprising a vehicle status, from the vehicle. In some embodiments, the communication unit is capable of receiving the fourth signal from the OBD port of the vehicle. In some embodiments, the communication unit is capable of receiving the fourth signal from a variety of specific vehicles. In some embodiments, the vehicle status comprises an OBD code. In some
  • the unique identifier is associated with the vehicle, the receiver, the mobile device, the communication unit, the vehicle control module, or any combination thereof.
  • the unique identifier comprises an encrypted identifier.
  • the unique identifier comprises a signed identifier.
  • the communication unit is further capable of decrypting the encrypted identifier.
  • the communication unit is capable of decrypting the encrypted identifier without access to the internet, the cellular network, or the server.
  • the communication unit is further capable of validating the identifier.
  • the communication unit is capable of validating the encrypted identifier without access to the internet, the cellular network, or the server.
  • the mobile device is capable of receiving the first signal, storing the first signal, and sending the second signal without generating, validating, or decrypting the unique identifier.
  • the executable instructions further comprises authenticating the first signal.
  • at least one of the first signal and the second signal further comprises an access time range.
  • the mobile device is capable of receiving and storing the first signal before receiving the user input.
  • the executable instructions of the mobile application are configured to receive and store the first signal before receiving the user input.
  • the communication unit is further capable of receiving a fifth signal, equivalent to the second signal, from a source other than the mobile device.
  • the source comprises the internet, the cellular network, the server, or any combination thereof.
  • the mobile device receives the first signal from the internet, the cellular network, the server, or any combination thereof.
  • the mobile application is capable of performing the executable instruction of sending the second signal to the communication unit without access to the internet, the cellular network, or the server.
  • the communication unit is further capable of sending a sixth signal to a user, the sixth signal comprising at least one of the sensor data, and a status data correlated to the fourth signal.
  • the communication unit sends the sixth signal to the user via the internet, the cellular network, the server, the mobile device, or any combination thereof.
  • the communication unit comprises a sensor capable of measuring a sensor data
  • the sensor comprises a GPS sensor, an accelerometer, an inclinometer, a vibration sensor, a motion detector, a microphone, a camera, or any combination thereof.
  • the sixth signal further comprises a sensor data measured by the sensor.
  • the authorization to control the vehicle comprises authorization to unlock a vehicle door, lock the door, open the door, close the door, open a vehicle trunk, close the trunk, open a vehicle window, close the window, start a vehicle engine, stop the engine, enable a vehicle keyless start, disable the keyless start, start a vehicle air conditioning, stop the air conditioning, sound a vehicle alarm, disarm the alarm, honk a vehicle horn, turn on a vehicle headlight, turn off the headlight, or any combination thereof.
  • the mobile application further comprises an executable instruction of granting a second user the authorization to control the vehicle.
  • the vehicle is a push-to-start vehicle.
  • the second signal further comprises a request from the mobile device to the communication unit for a challenge.
  • the second signal further comprises the challenge sent from the communication unit to the mobile device.
  • the first signal further comprises a request to sign the challenge from the mobile device to the internet, cellular network, server, or any combination thereof.
  • the first signal further comprises a signed challenge from the internet, cellular network, server, or any combination thereof to the mobile device.
  • the second signal further comprises the signed challenge.
  • the first signal further comprises a key, and wherein the mobile device signs the challenge with the key.
  • a second aspect provided herein is method of granting authorization to control a vehicle comprising: a mobile device receiving a first signal, and sending a second signal; the mobile device storing the first signal; a user submitting an input to the mobile device; the mobile device sending a second signal to a communication unit; the communication unit receiving the second signal from the mobile device; the communication unit sending a third signal to a vehicle control module; the vehicle control module receiving the third signal; and the vehicle control module sending a command to a receiver within the vehicle; wherein the first and second signals both comprise a common unique identifier; and wherein the vehicle control module is in wired or wireless connection with the communication unit and the vehicle.
  • the mobile device sends the second signal to the communication unit without accessing the internet, the cellular network, or the server. In some embodiments, the mobile device receives and stores the first signal before the user submits the input. In some embodiments, the mobile device comprises a variety of one or more mobile devices. In some embodiments, at least one of the vehicle control module and the receiver are associated with a specific vehicle.
  • embodiments further comprise charging at least one of the communication unit and the vehicle control module with an OBD port of the vehicle, a primary battery, a rechargeable battery, an energy generator, or any combination thereof.
  • Some embodiments further comprise the communication unit receiving a fourth signal comprising a vehicle status, from the vehicle.
  • the communication unit receives the fourth signal from the OBD port of the vehicle.
  • the vehicle status comprises an OBD code.
  • the unique identifier is associated with the vehicle, the receiver, the mobile device, the communication unit, the vehicle control module, or any combination thereof.
  • the unique identifier comprises an encrypted identifier.
  • the unique identifier comprises a signed identifier.
  • Some embodiments further comprise the communication unit decrypting the encrypted identifier. In some embodiments the
  • Some embodiments further comprise the
  • the communication unit validating the identifier.
  • the communication unit is capable of validating the encrypted identifier without access to the internet, the cellular network, or the server.
  • Some embodiments further comprise the communication unit authenticating the first signal.
  • the mobile device receives the first signal, stores the first signal, and sends the second signal without generating, validating, or decrypting the unique identifier.
  • at least one of the first signal and the second signal further comprises an access time range.
  • the mobile device receives and stores the first signal before receiving the user input.
  • Some embodiments further comprise the communication unit receiving a fifth signal, equivalent to the second signal, from a source other than the mobile device.
  • the source comprises the internet, the cellular network, the server, or any combination thereof.
  • the mobile device receives the first signal from the internet, the cellular network, the server, or any combination thereof. Some embodiments further comprise the communication unit sending a sixth signal to a user, the sixth signal comprising at least one of the sensor data, and a status data correlated to the fourth signal. In some embodiments the communication unit sends the sixth signal to the user via the internet, the cellular network, the server, the mobile device, or any combination thereof. In some embodiments, the sixth signal further comprises a sensor data measured by a sensor.
  • the authorization to control the vehicle comprises authorization to unlock a vehicle door, lock the door, open the door, close the door, open a vehicle trunk, close the trunk, open a vehicle window, close the window, start a vehicle engine, stop the engine, enable a vehicle keyless start, disable the keyless start, start a vehicle air conditioning, stop the air conditioning, sound a vehicle alarm, disarm the alarm, honk a vehicle horn, turn on a vehicle headlight, turn off the headlight, or any combination thereof. Some embodiments further comprise granting a second user the authorization to control the vehicle.
  • the vehicle is a push-to-start vehicle.
  • the second signal further comprises a request from the mobile device to the communication unit for a challenge.
  • the second signal further comprises the challenge sent from the communication unit to the mobile device.
  • the first signal further comprises a request to sign the challenge from the mobile device to the internet, cellular network, server, or any combination thereof.
  • the first signal further comprises a signed challenge from the internet, cellular network, server, or any combination thereof to the mobile device.
  • the second signal further comprises the signed challenge.
  • the first signal further comprises a key, and wherein the mobile device signs the challenge with the key.
  • a third aspect provided herein is a mobile device based system for granting
  • authorization to control a vehicle comprising: a communication unit; a vehicle control module that is separate and distinct from the communication unit; and a mobile device capable of receiving a user input and a first signal, and sending a second signal
  • the mobile device comprises at least one mobile application including executable instructions to control the vehicle, wherein the executable instructions comprise: receiving the first signal from an internet, a cellular network, a server, or any combination thereof; storing the first signal; receiving the user input; and sending the second signal to the communication unit in response to receiving the user input; wherein the first and second signals both comprise a common unique identifier;
  • the communication unit is capable of receiving the second signal from the mobile device and sending a third signal to the vehicle control module; and wherein the vehicle control module is capable of receiving the third signal and sending a command to a receiver within the vehicle; and wherein the mobile device is capable of performing the executable instruction of sending the second signal to the communication unit without access to the internet, the cellular network, or the server.
  • the mobile device is capable of receiving and storing the first signal before receiving the user input.
  • the communication unit is capable of receiving the second signal from a variety of mobile devices.
  • the communication unit is capable of sending the third signal to a variety of vehicle control modules.
  • the vehicle control module is capable of functionally communicating with both the communication unit and the receiver.
  • at least one of the vehicle control module and the receiver are associated with a specific vehicle.
  • at least one of the communication unit and the vehicle control module is removably or non- removably mounted to the vehicle.
  • at least one of the communication unit and the vehicle control module is removably or non-removably mounted to an OBD port of the vehicle.
  • the communication unit and the vehicle control module are powered by the OBD port of the vehicle, a primary battery, a rechargeable battery, an energy generator, or any combination thereof.
  • the communication unit is further capable of receiving a fourth signal comprising a vehicle status, from the vehicle.
  • the communication unit is capable of receiving the fourth signal from the OBD port of the vehicle.
  • the communication unit is capable of receiving the fourth signal from a variety of specific vehicles.
  • the vehicle status comprises an OBD code.
  • the unique identifier is associated with the vehicle, the receiver, the mobile device, the communication unit, the vehicle control module, or any combination thereof.
  • the unique identifier comprises an encrypted identifier. In some embodiments, the unique identifier comprises a signed identifier. In some embodiments, the communication unit is further capable of decrypting the encrypted identifier. In some embodiments, the communication unit is capable of decrypting the encrypted identifier without access to the internet, the cellular network, or the server. In some embodiments, the communication unit is further capable of validating the identifier. In some embodiments, the communication unit is capable of validating the identifier without access to the internet, the cellular network, or the server. In some embodiments, the executable instructions further comprises authenticating the first signal.
  • the mobile device is capable of receiving the first signal, storing the first signal, and sending the second signal without generating, validating, or decrypting the unique identifier.
  • at least one of the first signal and the second signal further comprises an access time range.
  • the mobile device is capable of receiving and storing the first signal before receiving the user input.
  • the executable instructions of the mobile application are configured to receive and store the first signal before receiving the user input.
  • the communication unit is further capable of receiving a fifth signal, equivalent to the second signal, from a source other than the mobile device.
  • source comprises the internet, the cellular network, the server, or any combination thereof.
  • the mobile device receives the first signal from the internet, the cellular network, the server, or any combination thereof.
  • the mobile application is capable of performing the executable instruction of sending the second signal to the communication unit without access to the internet, the cellular network, or the server.
  • the communication unit is further capable of sending a sixth signal to a user, the sixth signal comprising at least one of the sensor data, and a status data correlated to the fourth signal.
  • the communication unit sends the sixth signal to the user via the internet, the cellular network, the server, the mobile device, or any combination thereof.
  • the communication unit comprises a sensor capable of measuring a sensor data.
  • the sensor comprises a GPS sensor, an accelerometer, an
  • the sixth signal further comprises a sensor data measured by the sensor.
  • the authorization to control the vehicle comprises authorization to unlock a vehicle door, lock the door, open the door, close the door, open a vehicle trunk, close the trunk, open a vehicle window, close the window, start a vehicle engine, stop the engine, enable a vehicle keyless start, disable the keyless start, start a vehicle air conditioning, stop the air conditioning, sound a vehicle alarm, disarm the alarm, honk a vehicle horn, turn on a vehicle headlight, turn off the headlight, or any combination thereof.
  • the mobile application further comprises an executable instruction of granting a second user the
  • the vehicle is a push-to-start vehicle.
  • the second signal further comprises a request from the mobile device to the communication unit for a challenge.
  • the second signal further comprises the challenge sent from the communication unit to the mobile device.
  • the first signal further comprises a request to sign the challenge from the mobile device to the internet, cellular network, server, or any combination thereof.
  • the first signal further comprises a signed challenge from the internet, cellular network, server, or any combination thereof to the mobile device.
  • the second signal further comprises the signed challenge.
  • the first signal further comprises a key, and wherein the mobile device signs the challenge with the key.
  • a fourth aspect provided herein is a method of granting authorization to control a vehicle comprising: a mobile device receiving a first signal, and sending a second signal; the mobile device storing the first signal; a user submitting an input to the mobile device; the mobile device sending a second signal to a communication unit; the communication unit receiving the second signal from the mobile device; the communication unit sending a third signal to a vehicle control module; the vehicle control module receiving the third signal; and the vehicle control module sending a command to a receiver within the vehicle; wherein the first and second signals both comprise a common unique identifier; wherein the vehicle control module is in wired or wireless connection with the communication unit and the vehicle; and wherein the mobile device sends the second signal to the communication unit without accessing the internet, the cellular network, or the server
  • the mobile device receives and stores the first signal before the user submits the input.
  • the mobile device comprises a variety of one or more mobile devices.
  • at least one of the vehicle control module and the receiver are associated with a specific vehicle.
  • Some embodiments further comprise charging at least one of the communication unit and the vehicle control module with an OBD port of the vehicle, a primary battery, a rechargeable battery, an energy generator, or any combination thereof.
  • Some embodiments further comprise the communication unit receiving a fourth signal comprising a vehicle status, from the vehicle.
  • the communication unit receives the fourth signal from the OBD port of the vehicle.
  • the vehicle status comprises an OBD code.
  • the unique identifier is associated with the vehicle, the receiver, the mobile device, the communication unit, the vehicle control module, or any combination thereof.
  • the unique identifier comprises an encrypted identifier. In some embodiments, the unique identifier comprises a signed identifier. Some embodiments further comprise the communication unit decrypting the encrypted identifier. In some embodiments, the communication unit is capable of decrypting the encrypted identifier without access to the internet, the cellular network, or the server. Some embodiments further comprise the communication unit validating the identifier. In some embodiments, the communication unit is capable of validating the identifier without access to the internet, the cellular network, or the server. Some embodiments further comprise the communication unit authenticating the first signal. In some embodiments, the mobile device receives the first signal, stores the first signal, and sends the second signal without generating, validating, or decrypting the unique identifier.
  • the mobile device receives and stores the first signal before receiving the user input. Some embodiments further comprise the communication unit receiving a fifth signal, equivalent to the second signal, from a source other than the mobile device. In some embodiments, the source comprises the internet, the cellular network, the server, or any combination thereof. In some embodiments, the mobile device receives the first signal from the internet, the cellular network, the server, or any combination thereof. Some embodiments further comprise the communication unit sending a sixth signal to a user, the sixth signal comprising at least one of the sensor data, and a status data correlated to the fourth signal.
  • the communication unit sends the sixth signal to the user via the internet, the cellular network, the server, the mobile device, or any combination thereof.
  • the sixth signal further comprises a sensor data measured by a sensor.
  • the authorization to control the vehicle comprises authorization to unlock a vehicle door, lock the door, open the door, close the door, open a vehicle trunk, close the trunk, open a vehicle window, close the window, start a vehicle engine, stop the engine, enable a vehicle keyless start, disable the keyless start, start a vehicle air conditioning, stop the air conditioning, sound a vehicle alarm, disarm the alarm, honk a vehicle horn, turn on a vehicle headlight, turn off the headlight, or any combination thereof.
  • Some embodiments further comprise granting a second user the authorization to control the vehicle.
  • the vehicle is a push-to-start vehicle.
  • a mobile device receiving a first signal, and sending a second signal; the mobile device storing the first signal; a user submitting an input to the mobile device; the mobile device sending a second signal to a communication unit; the communication unit receiving the second signal from the mobile device; the communication unit sending a third signal to a vehicle control module; the vehicle control module receiving the third signal; and the vehicle control module sending a command to a receiver within the vehicle;
  • the first and second signals both comprise a common unique identifier; and wherein the vehicle control module is in wired or wireless connection with the communication unit and the vehicle.
  • the mobile device sends the second signal to the communication unit without accessing the internet, the cellular network, or the server.
  • the mobile device receives and stores the first signal before the user submits the input.
  • the mobile device comprises a variety of one or more mobile devices.
  • at least one of the vehicle control module and the receiver are associated with a specific vehicle. Some embodiments further comprise charging at least one of the
  • Some embodiments further comprise the communication unit receiving a fourth signal comprising a vehicle status, from the vehicle. In some embodiments, the communication unit receives the fourth signal from the OBD port of the vehicle. In some embodiments, the vehicle status comprises an OBD code. In some embodiments, the unique identifier is associated with the vehicle, the receiver, the mobile device, the communication unit, the vehicle control module, or any combination thereof. In some embodiments, the unique identifier comprises an encrypted identifier. In some embodiments, the unique identifier comprises a signed identifier. Some embodiments further comprise the communication unit decrypting the encrypted identifier. In some embodiments the communication unit is capable of decrypting the encrypted identifier without access to the internet, the cellular network, or the server. Some embodiments further comprise the communication unit validating the identifier. In some embodiments the
  • Some embodiments further comprise the
  • the communication unit authenticating the first signal.
  • the mobile device receives the first signal, stores the first signal, and sends the second signal without generating, validating, or decrypting the unique identifier.
  • at least one of the first signal and the second signal further comprises an access time range.
  • the mobile device receives and stores the first signal before receiving the user input.
  • Some embodiments further comprise the communication unit receiving a fifth signal, equivalent to the second signal, from a source other than the mobile device.
  • the source comprises the internet, the cellular network, the server, or any combination thereof.
  • the mobile device receives the first signal from the internet, the cellular network, the server, or any combination thereof.
  • Some embodiments further comprise the communication unit sending a sixth signal to a user, the sixth signal comprising at least one of the sensor data, and a status data correlated to the fourth signal.
  • the communication unit sends the sixth signal to the user via the internet, the cellular network, the server, the mobile device, or any combination thereof.
  • the sixth signal further comprises a sensor data measured by a sensor.
  • the authorization to control the vehicle comprises authorization to unlock a vehicle door, lock the door, open the door, close the door, open a vehicle trunk, close the trunk, open a vehicle window, close the window, start a vehicle engine, stop the engine, enable a vehicle keyless start, disable the keyless start, start a vehicle air conditioning, stop the air conditioning, sound a vehicle alarm, disarm the alarm, honk a vehicle horn, turn on a vehicle headlight, turn off the headlight, or any combination thereof. Some embodiments further comprise granting a second user the authorization to control the vehicle.
  • the vehicle is a push-to-start vehicle.
  • the second signal further comprises a request from the mobile device to the communication unit for a challenge.
  • the second signal further comprises the challenge sent from the communication unit to the mobile device.
  • the first signal further comprises a request to sign the challenge from the mobile device to the internet, cellular network, server, or any combination thereof.
  • the first signal further comprises a signed challenge from the internet, cellular network, server, or any combination thereof to the mobile device.
  • the second signal further comprises the signed challenge.
  • the first signal further comprises a key, and wherein the mobile device signs the challenge with the key.
  • FIG. 1 shows a non-limiting illustration of an exemplary first mobile device based system for granting authorization to control a vehicle.
  • FIG. 2 shows a non-limiting illustration of an exemplary second mobile device based system for granting authorization to control a vehicle.
  • FIG. 3 shows an exemplary flowchart for a process of communication unit
  • FIG. 4 shows an exemplary flowchart for a first process for a new owner activating a communication unit after installation in a vehicle.
  • FIG. 5 shows an exemplary flowchart for a first process of connecting to
  • FIG. 6 shows an exemplary flowchart for a process of locking and unlocking doors.
  • FIG. 7 shows an exemplary flowchart for a second process of connecting to and authenticating the communication unit.
  • FIG. 8 shows an exemplary flowchart for a second process for a new owner activating a communication unit after installation in a vehicle.
  • FIG. 9 shows an exemplary flowchart for a second process of connecting to and authenticating the communication unit.
  • FIG. 10 shows an exemplary flowchart of communication signals between an internet or cellular network, a mobile device, a communications unit, a vehicle module, and a receiver within a vehicle.
  • FIG. 11 shows a non-limiting example of a digital processing device; in this case, a device with one or more CPUs, a memory, a communication interface, and a display.
  • FIG. 12 shows a non-limiting example of a web/mobile application provision system; in this case, a system providing browser-based and/or native mobile user interfaces.
  • FIG. 13 shows a non-limiting example of a cloud-based web/mobile application provision system; in this case, a system comprising an elastically load balanced, auto-scaling web server and application server resources as well synchronously replicated databases.
  • the disclosure provided herein provides for aftermarket devices and systems for car sharing, car rental and ride sharing that are far more scalable and easier to install than current solutions.
  • the disclosure herein further provides a higher level of security by eliminating or reducing the risk of hacking of cellular transmission to a vehicle.
  • the methods and systems herein are applicable for use with all makes and models of vehicles, and minimize the battery drain on the vehicle by utilizing alternative wireless technologies, such Bluetooth Low Energy.
  • a mobile device based system for granting authorization to control a vehicle 105 comprising a communication unit 103, a vehicle control module 104 that is separate and distinct from the communication unit 103, and a mobile device 102 capable of receiving a user input and a first signal, and sending a second signal.
  • the mobile device comprises at least one mobile application including executable instructions to control the vehicle 105, wherein the executable instructions comprise receiving the first signal from an internet, a cellular network, a remote server 101, or any combination thereof; storing the first signal; receiving the user input; and sending the second signal to the communication unit 103 in response to receiving the user input.
  • the first and second signals both comprise a common unique identifier, wherein the communication unit 103 is capable of receiving the second signal from the mobile device 102 and sending a third signal to the vehicle control module 104; and wherein the vehicle control module 104 is capable of receiving the third signal and sending a command to a receiver within the vehicle 105.
  • the communication unit 103 is capable of sending a command to open or close a digital lock 106.
  • FIG. 1 shows a non-limiting illustration of an exemplary "direct wired" first mobile device based system for granting authorization to control a vehicle.
  • the remote server 101 comprises a secure web-based service.
  • the mobile device 102 is carried by the owner or renter and runs an application "app" that is capable of communicating with the remote server 101 and the communication unit 103.
  • the mobile device 102 is not considered trusted and only stores, receives, or transmits encrypted and/or signed data from the remote server 101 and communication unit 103.
  • established cryptography practices are used to ensure that secure data is not tampered with, stored and sent again later, or copied and sent from an unauthorized mobile device.
  • the mobile device 102 communicates with the remote server 101 over the internet using secure HTTP or HTTPS with the strongest available TLS version and cipher suite.
  • the communication unit 103, control module 104, and digital lock 106 are installed in the vehicle 105 and are capable of secure data communication and storage.
  • the communication unit 103 validates communication from the mobile unit 102 and controls features of the vehicle 105 through the control module 104.
  • the mobile device 102 communicates with the communication unit 103 using Bluetooth Low Energy (BLE), near-field communication (NFC) or any other short-range wireless technology.
  • BLE Bluetooth Low Energy
  • NFC near-field communication
  • This communication path is not considered secure and may be susceptible to sniffing, tampering, and jamming. All data sent over this communication path is thus encrypted and/or signed to prevent spoofing, tampering, or information loss commonly associated with such means of communication.
  • the communication unit 103 is wired to the vehicle 105 to supply power and ground, and comprises an integrated GPS module for tracking vehicle 105 position and speed, and an optional long-range wireless (GSM or LTE) module for reporting position, speed, or other diagnostic or status information to the remote server, either periodically or in real time.
  • GSM long-range wireless
  • control module 104 is capable of unlocking and locking the doors and controlling other vehicle 105 functions. Some control modules 104 are installed with aftermarket remote starters and car alarms. Bypass modules support a wide range of vehicle 105 models and model years.
  • the digital lock 106 is a circuit that prevents the vehicle 105 from being started if not authorized by the communication unit 103.
  • FIG. 2 shows a non-limiting illustration of an exemplary "plug-and-play" second mobile device based system for granting authorization to control a vehicle.
  • the second mobile device based system for granting authorization to control a vehicle is capable of enhanced security during factory configuration, employs a Diffie-Hellman key exchange algorithm to ensure that the potentially insecure manufacturing station does not see the admin key, provides protection against rogue apps and mobile device cloning, and employs strong encryption and hashing algorithms using a true random number generator for enhanced device tampering prevention.
  • the roles of the remote server 101, mobile device 102, and communication unit 103 are the same as in the first mobile device based system for granting authorization to control a vehicle.
  • the communication unit 103 and vehicle control module 104 are wired to the vehicle control module 104 or connected using a secure wireless technology in the vehicle 105, and are inaccessible to people outside of the vehicle 103.
  • the communication unit 103 is plugged into the vehicle's OBD-II port for power and also possibly for reading diagnostic and status information such as fuel levels, speed, etc. from the vehicle's communication networks (e.g. CAN bus).
  • the vehicle control module 104 contains similar circuitry that is present in a vehicle's OEM key fob, exposing an interface to enable the communication unit 103 to control the functionality present in the key fob circuitry of locking and unlocking doors, opening the trunk, and/or starting the vehicle.
  • the interface also allows the communication unit 103 to control the passive start functionality of the key fob circuitry to prevent the vehicle 103 from being started if not authorized by the communication unit 103.
  • the vehicle control module is programmed with the vehicle 103 in the same way that a new OEM key fob is added to the vehicle 103, by a dealer or locksmith.
  • the vehicle control module 104 may be manufactured separately by the original equipment manufacturer (OEM), wherein the communication unit 103 does not need to implement proprietary security technology that may be specific to particular vehicle's models or model years.
  • OEM original equipment manufacturer
  • a mobile device based system for granting authorization to control a vehicle 1005 comprising a communication unit 1002, a vehicle control module 1003 that is separate and distinct from the communication unit 1002, and a mobile device 1001 capable of receiving a user input and a first signal 1011, and sending a second signal 1012.
  • the mobile device 1001 comprises at least one mobile application including executable instructions to control the vehicle 1005, wherein the executable instructions comprise receiving the first signal 1011 from an internet, a cellular network, a server 1006, or any combination thereof; storing the first signal 1011; receiving the user input; and sending the second signal 1012 to the communication unit 1001 in response to receiving the user input.
  • the first and second signals 1011 1012 both comprise a common unique identifier, wherein the communication unit 1002 is capable of receiving the second signal 1012 from the mobile device 1001 and sending a third signal 1013 to the vehicle control module 1003; and wherein the vehicle control module 1003 is capable of receiving the third signal 1013 and sending a command 1017 to a receiver 1004 within the vehicle 1005.
  • the mobile device 1001 is capable of performing the executable instruction of sending the second signal 1012 to the communication unit 1002 without access to the internet, the cellular network, or the server. In some embodiments, the mobile device 1001 is capable of receiving and storing the first signal 1011 before receiving the user input. In some embodiments, the communication unit 1002 is capable of receiving the second signal 1012 from a variety of mobile devices 1001. In some embodiments, the communication unit 1002 is capable of sending the third signal 1013 to a variety of vehicle control modules 1003. In some embodiments, the vehicle control module 1003 is capable of functionally communicating with both the communication unit 1002 and the receiver 1004.
  • At least one of the vehicle control module 1003 and the receiver 1004 are associated with a specific vehicle 1005. In some embodiments, at least one of the communication unit 1002 and the vehicle control module 1003 is removably or non-removably mounted to the vehicle 1005. In some
  • At least one of the communication unit 1002 and the vehicle control module 1003 is removably or non-removably mounted to an OBD port of the vehicle 1005. In some embodiments, at least one of the communication unit 1002 and the vehicle control module 1003 are powered by the OBD port of the vehicle 1005, a primary battery, a rechargeable battery, an energy generator, or any combination thereof.
  • the communication unit 1002 is further capable of receiving a fourth signal 1014 comprising a vehicle status, from the vehicle 1005. In some embodiments, the communication unit 1002 is capable of receiving the fourth signal 1014 from the OBD port of the vehicle 1005. In some embodiments, the communication unit 1002 is capable of receiving the fourth signal 1014 from a variety of specific vehicles 1005.
  • the vehicle status comprises an OBD code.
  • the unique identifier is associated with the vehicle 1005, the receiver 1004, the mobile device 1001, the communication unit 1002, the vehicle control module 1003, or any combination thereof.
  • the unique identifier comprises an encrypted identifier.
  • the unique identifier comprises a signed identifier.
  • the communication unit 1002 is further capable of decrypting the encrypted identifier.
  • the communication unit 1002 is capable of decrypting the encrypted identifier without access to the internet, the cellular network, or the server.
  • the communication unit 1002 is further capable of validating the identifier.
  • the communication unit 1002 is capable of validating the encrypted identifier without access to the internet, the cellular network, or the server. In some
  • the mobile device 1001 is capable of receiving the first signal 1011, storing the first signal 1011, and sending the second signal 1012 without generating, validating, or decrypting the unique identifier.
  • the executable instructions further comprise authenticating the first signal 1011.
  • at least one of the first signal 1011 and the second signal 1012 further comprises an access time range.
  • the mobile device 1001 is capable of receiving and storing the first signal 1011 before receiving the user input.
  • the executable instructions of the mobile application are configured to receive and store the first signal 1011 before receiving the user input.
  • the communication unit 1002 is further capable of receiving a fifth signal 1015, equivalent to the second signal 1012, from a source other than the mobile device 1001, wherein the source comprises the internet, the cellular network, the server, or any combination thereof.
  • the mobile device 1001 receives the first signal 1011 from the internet, the cellular network, the server, or any combination thereof.
  • the mobile application is capable of performing the executable instruction of sending the second signal 1012 to the communication unit 1002 without access to the internet, the cellular network, or the server.
  • the communication unit 1002 is further capable of sending a sixth signal 1016 to a user, the sixth signal 1016 comprising at least one of the sensor data, and a status data correlated to the fourth signal 1014.
  • the communication unit 1002 sends the sixth signal 1016 to the user via the internet, the cellular network, the server, the mobile device, or any combination thereof.
  • the communication unit 1002 comprises a sensor capable of measuring a sensor data comprising a GPS sensor, an accelerometer, an inclinometer, a vibration sensor, a motion detector, a microphone, a camera, or any combination thereof.
  • the sixth signal 1016 further comprises a sensor data measured by the sensor.
  • the authorization to control the vehicle 1005 comprises authorization to unlock a vehicle door, lock the door, open the door, close the door, open a vehicle trunk, close the trunk, open a vehicle window, close the window, start a vehicle engine, stop the engine, enable a vehicle keyless start, disable the keyless start, start a vehicle air conditioning, stop the air conditioning, sound a vehicle alarm, disarm the alarm, honk a vehicle horn, turn on a vehicle headlight, turn off the headlight, or any combination thereof.
  • the mobile application further comprises an executable instruction of granting a second user the authorization to control the vehicle 1005.
  • the vehicle 1005 is a push-to-start vehicle.
  • the communication unit does not require a direct communication link with the remote server because a remote link to control door locks or other vehicle functions may be compromised if the remotely server is hacked.
  • Bluetooth communications may not be secure, data sent over Bluetooth is signed and/or encrypted to prevent a potential attacker from trying to capture and replay, jam, or otherwise tamper with the wireless signals.
  • security policies are enforced within the remote server and the communication unit, and not on the app running on the mobile. As such, in some embodiments, unencrypted data is not stored, received, or sent on the mobile device.
  • FIG. 3 shows an exemplary flowchart for a process for communication unit configuration, comprising the communication generating a random admin key 301 on its first boot, a manufacturing station connecting to the communication unit 302, and reading the admin key 303, the communication unit sending the admin key 304 to the manufacturing station, the manufacturing station provisioning a new unit in its database 305 and sending a MAC ID and the admin key to a remote server for storage in a database 306, and the manufacturing station sending a lockdown command 307 to the communication unit, which enters production mode and prevents the admin key from being read 308.
  • the communication unit On first boot, the communication unit generates a pseudorandom 128-bit administrative key 301.
  • the manufacturing station wirelessly connects to the communication unit 302, reads the admin key 303, and sends a request, comprising the unit's unique MAC ID and the admin key that was read, to the remote server to provision the new unit in the database 304.
  • a visible identifier such as a unit's serial number may also be sent.
  • the MAC ID is a unique and difficult to spoof identifier that is assigned to the wireless interface when the interface chip is manufactured and presented to other devices over the wireless network.
  • the manufacturing station authenticates with the remote server using a secret API key which is also IP whitelisted by the server, to prevent others from creating fake devices.
  • a lockdown command is sent to the unit 307 which enters the unit into production mode 307.
  • the admin key may no longer be read by anyone, ensuring that it remains secret.
  • FIG. 7 shows an exemplary flowchart for a second process of connecting to and authenticating the communication unit comprising the communication generating a random admin key 701 on its first boot, a manufacturing station connecting to the communication unit 702, and reading the admin key 703, the communication unit sending the admin key 704, the manufacturing station creating a new unit in its database 705 and sending a MAC ID and the admin key to a remote server that generates random admin keys, calculates an admin shared secret, and sends a public key 706, the manufacturing station writing a server public key 707, and the communications unit calculating and sorting the admin shared secret 708.
  • the method shown in the exemplary flow chart per FIG. 7 employs the Elliptic Curve Diffie-Hellman key agreement protocol to establish a shared secret between the communication unit and remote server over an insecure channel.
  • the communication unit on first boot, the communication unit generates random public and private keys using a true random number generator 701.
  • the manufacturing station connects to the communication unit 702 wirelessly and reads the unit's public key 703, and sends a request to the remote server to provision the new unit in the database 705.
  • the request comprises the unit's unique MAC ID and the public key that was read, and a visible identifier such as a unit's serial number.
  • the remote server then generates its own random public and private keys for the unit, calculates the admin key using the server's public and private keys and the communication unit's public key, and sends back the server's public key 706.
  • the mobile device then forwards the server's public key to the communication unit 707, enabling the unit to calculate and store the admin key 708.
  • FIG. 4 shows an exemplary flowchart for a first "owner claim" process for new owner post-installation activation, comprising a mobile device receiving user credentials and logging into the server 401, the remote server authenticating the user and sending a token 402 to the mobile device which scans for nearby communication units and obtains their MAC IDs 403, receives a user pin 404, establishes connection with the communication unit 405, and requests an admin authentication challenge 406, the communication unit generating a random challenge 407, the mobile devices sending a MAC ID.
  • the remote server signing the challenge with the admin key 409, the mobile device authenticating the signed challenge 410, the communication unit validating the signature 411, the mobile device downloading a key 412, the remote server generating random keys, which are stored in the database and sent in encrypted form to the mobile device 413, which assigns the keys 414, and the communication unit decrypting and storing the keys 415.
  • the owner may be provided with a welcome card identifying the communication unit's MAC ID and unique PIN code.
  • the owner claim process is executed when the owner has Internet connectivity and is within short-range wireless range of the communication unit.
  • the owner begins the process by logging into the app on the mobile device 401.
  • the app also sends the mobile device's AppID in the login request to the remote server.
  • the AppID is a unique identifier for the app running on the particular mobile device, wherein the contents of the mobile device are backed up and restored on a different mobile device, or if the mobile device is wiped and the app is reinstalled, the AppID will change.
  • the remote server detects a user login with a new AppID, it assumes the user is logging in with a different mobile device and triggers re-verification of the user's email address and phone number.
  • the remote server After a successful login, the remote server responds with a session token after validating the owner's credentials 402, the app scans for nearby communication units 403, and the owner identifies the unit with the matching MAC ID and enters the PIN from the welcome card 404.
  • the app then establishes a wireless connection to the
  • the app requests an admin-level authentication challenge from the communication unit 406 which the unit generates pseudorandomly 407.
  • the app then asks the remote server to sign the challenge, passing along the challenge, MAC ID, and PIN 408. If the PIN matches the expected value for the corresponding MAC ID, the server signs the challenge 409 with the unit's admin key and returns the signature to the app.
  • the app then sends the signature to the communication unit 410. If the unit verifies that the signature matches the expected signature (as calculated internally by the unit), the connection is considered authenticated with the admin access level 410. During this process the admin key may not disclosed to the mobile device.
  • the challenge-response approach avoids having to send keys in plain text.
  • a challenge is 128 bits in length and expires after about ten seconds.
  • challenges are signed using a keyed-hash message
  • each message (characteristic) type that the communication unit supports has a required access level for read operations and a required access level for write operations, wherein the four possible access levels comprise admin, primary, secondary, and shared levels.
  • admin keys are used during the owner claim process, primary keys are used by the owner, and secondary keys and shared keys are similar, except that shared keys are time-limited.
  • the app downloads the primary, secondary, and shared keys from the remote server 411, the remote server generates the keys pseudorandomly, stores the keys in the database, and sends the keys back to the app in encrypted form 412.
  • the keys are encrypted using AES- 128 with the admin key, to prevent the keys from being disclosed to the app or during wireless transmission to the communication unit.
  • the app sends the encrypted keys to the communication unit 413 which then decrypts and stores the keys 414.
  • FIG. 8 shows an exemplary flowchart for a second "owner claim" process wherein a new owner activates a communication unit after installation in a vehicle comprising the user entering credentials and logging into the server 801 through the mobile device, the remote server authenticating the user and sending a token 802, the mobile device scanning for nearby communications units and obtaining lists of MAC IDs 803, receiving a user unit selection and pin 804, establishing connection to the communication unit 805, creating a communication session 806, and sending a MAC ID to the remote server which generates a random owner key, encrypts a package containing the owner key and the AppID using an admin shared secret 807, the mobile device forwarding the encrypted admin package and signing the package with the AppID 808, the communication unit verifying that the AppID matches the signature 809, storing the owner key, and encrypting the package 810, and the mobile device forwarding the package 811 to the remote server, which stores the owner's AppID and MAC ID 812.
  • the second "owner claim” process up to the wireless connection being established between the mobile device and the communication unit 805, is identical to the second "owner claim” process.
  • the app requests the remote server to establish a new encrypted communication session with the communication unit 806, passing along the MAC ID and PIN.
  • the server if the PIN matches the expected value for the corresponding MAC ID, the server generates a random primary key then encrypts a package containing the primary key and owner's current AppID using the admin key generated during the factory configuration process 807.
  • a package comprises a message sent between the remote server and communication unit that cannot be inspected by the mobile device, wherein the mobile device passes the package along to the communication unit.
  • the package that initiates the communication session is signed with the admin key, wherein subsequent packages are signed using the primary key.
  • the mobile devices signs the package with its AppID and sends the package to the communication unit 808, wherein the communication unit decrypts the package using the admin key and verifies that the AppID in the package matches the AppID in the signature 809 to ensure that the package was sent by the same mobile device that was authorized by the remote server.
  • the communication unit then stores the primary key and encrypts a new package containing the mobile device's MAC ID 8010.
  • the package is encrypted using the primary key.
  • the app forwards the package to the remote server
  • FIG. 5 shows an exemplary flowchart for a first process of connecting to and authenticating the communication unit comprising the mobile device receiving user credentials and logging into the server 501, the server authenticating the user and sending a token and a vehicle key 502 to the mobile device, which stores the key 503, the mobile device connecting to a vehicle 504, establishing a connection to the communication unit 505 and requesting an authentication challenge 506, the communication unit generating a random challenge 507, the mobile device signing the challenge with the key 508 and authenticating the key with the signed challenge 509, and the communications unit validating the signature 510 and authenticating the connection 511.
  • connection processes shown in flowchart of FIG. 5 is followed for all connections to the communication unit except for during the owner claim process.
  • the user initiates the process by logging into the app on the mobile device 501.
  • the remote server responds with a session token after validating the user's credentials 502, and sends back all of the vehicle keys to the user.
  • the app encrypts and stores the keys in the app's secure storage 503 for potential later offline use.
  • the rest of the connection process in FIG. 5 may occur with or without the mobile device having an Internet connection as long as the user has logged in and downloaded his or her keys, which is advantageous because a vehicle may be parked
  • the app After the user selects the vehicle and initiates connection 504, the app establishes a wireless connection to the communication unit 505 and requests an authentication challenge from the communication unit 506,which the communications unit generates pseudorandomly 507.
  • the challenge is specific to the access level of the user's key.
  • the app then signs the challenge using the key that was downloaded from the server 508 and sends the signature to the communication unit 509.
  • the communications unit verifies that the signature matches the expected signature 510, the connection is considered authenticated with the appropriate access level 511.
  • shared keys are intended to be temporary and not reusable, even if the app or mobile device are compromised, wherein when shared keys are shared, the key is hashed together with an index by the remote server using a HMAC, which is incremented each time the key is shared.
  • the original (non- indexed) base key is encrypted and sent to the communication unit.
  • the hashed key is downloaded to the mobile device.
  • the communication unit independently maintains its own index based on the previously verified index, and increments its internal index up to 256 iterations past the current index when the signature is verified, generating a signature, and comparing it to the app's signature at each iteration. In some embodiments, if any of the generated signatures match, the app's signature is considered valid, otherwise, if the app sends a signature generated with a lower index value, validation will fail. Due to the mathematical nature of the HMAC algorithm, it is practically impossible to recover the base shared key from the signature or to change the index after the signature has been calculated. This effectively prevents past renters from reusing their key.
  • FIG. 9 shows an exemplary flowchart for a second process of connecting to and authenticating the communication unit comprising the mobile device receiving user credentials and AppID, and logging into the server 901, the remote server authenticating the user, sending a visual token and vehicle keys 902, and encrypting a package containing the access control list (ACL) and the phone's AppID using the owner's key 903, the mobile device storing the keys and ACL packages 904, the mobile device connecting to a vehicle 905, establishing connection to a communication unit 906, and forwarding the encrypted ACL package that is signed with the AppID 907, the communications unit decrypting the package and updating the ACL 908, verifying that the AppID matches the signature 909, verifying the phone's MAC ID if the ACL contains the MAC ID 910, authenticating the connection 911, encrypting the package containing the phone's MAC ID using the owner's key if the MAC ID is not in the ACL 912, the mobile device forwarding the encrypted package 913, and the remote
  • FIG. 6 shows an exemplary flowchart for a process of locking a door comprising a user generating a lock doors command 601 through the mobile device, which generates a random challenge 602, and sends a lock door command 603 comprising a challenge to the
  • FIG. 6 further shows an exemplary flowchart for a process of unlocking a door comprising a user generating a lock doors command 608 through the mobile device, which requests a random challenge 609, the communication unit generating a random challenge 610, the mobile device signing the challenge with the key 611 and sending an unlock door command 612 comprising a signature to the communication unit which validates the signature 613 and sends an unlock door command 614 to the vehicle control module to unlock the doors 615.
  • Bluetooth connections may not be secure, a challenge and response protocol is used in some embodiments for locking and unlocking doors. This approach prevents jamming and replay attacks and attempts to tamper with the data from being successful. For example, an unlock command might be captured over the air by an attacker and replayed later to unlock the vehicle. As another example, a lock command might be jammed, preventing the command from reaching the communication unit and leaving the vehicle unlocked.
  • the app during the lock process 601, the app generates a pseudorandom challenge 602 and sends it to the communication unit 603. In some embodiments, after the communications unit instructs the vehicle control module to lock the doors 604, the
  • the communications unit signs the challenge with same key used in the connection process 606, and the app validates the signature 607. In some embodiments, if the app fails to validate the signature the app may conclude that a "man-in-the-middle" intercepted or jammed the command and that the doors were not locked as intended.
  • the app requests an unlock challenge from the communication unit 609.
  • the communications unit generates a pseudorandom challenge 610 which the app then signs 611 and sends back 612, wherein if the communications unit successfully validates the signature 612, the communications unit sends the command to the vehicle control module to unlock the doors 614.
  • a pseudorandom challenge with a ten-second timeout, an attacker capturing and replaying the signature will fail to unlock the doors. Similar processes may be used for enabling and disabling the digital lock that prevents the vehicle from being started.
  • FIG. 9 shows an exemplary flowchart for a second process of connecting to and authenticating the communication unit comprising the mobile device receiving user credentials and AppID, and logging into the server 901, the remote server authenticating the user, sending a visual token and vehicle keys 902, and encrypting a package containing the access control list (ACL) and the phone's AppID using the owner's key 903, the mobile device storing the keys and ACL packages 904, the mobile device connecting to a vehicle 905, establishing connection to a communication unit 906, and forwarding the encrypted ACL package that is signed with the AppID 907, the communications unit decrypting the package and updating the ACL 908, verifying that the AppID matches the signature 909, verifying the phone's MAC ID if the ACL contains the MAC ID 910, authenticating the connection 911, encrypting the package containing the phone's MAC ID using the owner's key if the MAC ID is not in the ACL 912, the mobile device forwarding the encrypted package 913, and the remote
  • the second process of connecting to and authenticating the communication unit comprises the logging into the app on the mobile device 901, The remote server responding with a session token after validating the user's credentials 902, and the remote server sending back data for all of the vehicle keys to which the user has access 903.
  • the key data also includes encrypted packages containing an access control list (ACL) for each communication unit along with the user's current AppID, wherein the ACL comprises a table of multiple records, each consisting of an AppID, the mobile device's MAC ID, and the access level, and wherein the ACL is tagged with an incrementing version number.
  • ACL access control list
  • a record would be included for the owner and all keys that have been shared, wherein the MAC ID is only included if it is known; that is, if a communication unit has previously communicated with the specific mobile device.
  • the key data is stored on the mobile device 904 for potential later offline use, wherein the sensitive data is no longer encrypted (and not decryptable by the app) we no longer need to rely on the app to store it securely.
  • steps 905 to 913 may occur with or without the mobile device having an Internet connection.
  • the app after the user selects the vehicle and initiates connection 905, the app establishes a wireless connection to the communication unit 906. The app then forwards the encrypted ACL to the communication unit, signing the package with its AppID 907. The communication unit decrypts the package and stores the ACL if the version number is higher than the last version number that was received 908.
  • the unit also verifies that the AppID in the package matches the AppID in the signature 909, wherein if the MAC ID corresponding to the current mobile device's AppID is included in the ACL, the unit verifies that the connected mobile device's MAC ID matches the ACL MAC ID 910. If these verification steps are successful, the connection is considered authenticated with the appropriate access level 911
  • the communication unit encrypts a new package containing the mobile device's MAC ID 912, and the app forwards this package to the remote server 913 and the remote server stores the association between the AppID and the mobile device's MAC ID in the database.
  • the above mentioned methods and systems for locking and unlocking a vehicle can be employed with the first or second mobile device based systems for granting authorization to control a vehicle.
  • the term "about” refers to an amount that is near the stated amount by about 10%, 5%, or 1%, including increments therein.
  • a vehicle refers to a mobile machine that transports people or cargo, such as, for example, a wagon, a bicycle, a motor vehicle, a motorcycle, a car, a truck, a bus, a railed vehicle, a train, a tram, a watercraft, a ship, a boat, an aircraft or a spacecraft.
  • a vehicle comprises a door, a trunk, a window, an engine, a window, an air conditioning system, a horn, and a headlight.
  • the term "mobile device” refers to a mobile computing device such as, for example, a laptop computer, a notebook computer, a sub -notebook computer, a netbook computer, a netpad computer, a set-top computer, a media streaming device, a handheld computer, an Internet appliance, a mobile smartphone, a tablet computer, a personal digital assistant, or a video game console.
  • a mobile computing device such as, for example, a laptop computer, a notebook computer, a sub -notebook computer, a netbook computer, a netpad computer, a set-top computer, a media streaming device, a handheld computer, an Internet appliance, a mobile smartphone, a tablet computer, a personal digital assistant, or a video game console.
  • the term "OBD port” refers to an on-board diagnostics port built into may vehicles that enables the vehicle to send a signal comprising a diagnosis or a status.
  • the OBD port is further capable of acting as a source of power.
  • access time range refers to a specific time and/or date range wherein an item or resource can be accessed by a user.
  • a push-to-start vehicle refers to vehicle wherein ignition does not require a physical key, and wherein the engine can be turned on by the push of a button.
  • a push-to-start vehicle comprises a system to detect the proximity or signal from a key fob or authenticating device before starting the engine of the vehicle.
  • the platforms, systems, media, and methods described herein include a digital processing device, or use of the same.
  • the digital processing device includes one or more hardware central processing units (CPUs) or general purpose graphics processing units (GPGPUs) that carry out the device's functions.
  • the digital processing device further comprises an operating system configured to perform executable instructions.
  • the digital processing device is optionally connected a computer network.
  • the digital processing device is optionally connected to the Internet such that it accesses the World Wide Web.
  • the digital processing device is optionally connected to a cloud computing infrastructure.
  • the digital processing device is optionally connected to an intranet.
  • the digital processing device is optionally connected to a data storage device.
  • suitable digital processing devices include, by way of non-limiting examples, server computers, desktop computers, laptop computers, notebook computers, sub-notebook computers, netbook computers, netpad computers, set-top computers, media streaming devices, handheld computers, Internet appliances, mobile smartphones, tablet computers, personal digital assistants, video game consoles, and vehicles.
  • server computers desktop computers, laptop computers, notebook computers, sub-notebook computers, netbook computers, netpad computers, set-top computers, media streaming devices, handheld computers, Internet appliances, mobile smartphones, tablet computers, personal digital assistants, video game consoles, and vehicles.
  • smartphones are suitable for use in the system described herein.
  • Suitable tablet computers include those with booklet, slate, and convertible configurations, known to those of skill in the art.
  • the digital processing device includes an operating system configured to perform executable instructions.
  • the operating system is, for example, software, including programs and data, which manages the device's hardware and provides services for execution of applications.
  • suitable server operating systems include, by way of non-limiting examples, FreeBSD, OpenBSD, NetBSD ® , Linux, Apple ® Mac OS X Server ® , Oracle ® Solaris ® , Windows Server ® , and Novell ® NetWare ® .
  • suitable personal computer operating systems include, by way of non-limiting examples, Microsoft ® Windows ® , Apple ® Mac OS X ® , UNIX ® , and UNIX- like operating systems such as GNU/Linux ® .
  • the operating system is provided by cloud computing.
  • suitable mobile smart phone operating systems include, by way of non-limiting examples, Nokia ® Symbian ® OS, Apple ® iOS ® , Research In Motion ® BlackBerry OS ® , Google ® Android ® , Microsoft ® Windows Phone ® OS, Microsoft ® Windows Mobile ® OS, Linux ® , and Palm ® WebOS ® .
  • suitable media streaming device operating systems include, by way of non-limiting examples, Apple TV ® , Roku ® , Boxee ® , Google TV ® , Google Chromecast ® , Amazon Fire ® , and Samsung ® HomeSync ® .
  • suitable video game console operating systems include, by way of non-limiting examples, Sony ® PS3 ® , Sony ® PS4 ® , Microsoft ® Xbox 360 ® , Microsoft Xbox One, Nintendo ® Wii ® , Nintendo ® Wii U ® , and Ouya ® .
  • the device includes a storage and/or memory device.
  • the storage and/or memory device is one or more physical apparatuses used to store data or programs on a temporary or permanent basis.
  • the device is volatile memory and requires power to maintain stored information.
  • the device is non-volatile memory and retains stored information when the digital processing device is not powered.
  • the non-volatile memory comprises flash memory.
  • the non-volatile memory comprises dynamic random-access memory (DRAM).
  • the non-volatile memory comprises ferroelectric random access memory (FRAM).
  • the non-volatile memory comprises phase-change random access memory (PRAM).
  • the device is a storage device including, by way of non-limiting examples, CD-ROMs, DVDs, flash memory devices, magnetic disk drives, magnetic tapes drives, optical disk drives, and cloud computing based storage.
  • the storage and/or memory device is a combination of devices such as those disclosed herein.
  • the digital processing device includes a display to send visual information to a user.
  • the display is a liquid crystal display (LCD).
  • the display is a thin film transistor liquid crystal display (TFT-LCD).
  • the display is an organic light emitting diode (OLED) display.
  • OLED organic light emitting diode
  • on OLED display is a passive-matrix OLED (PMOLED) or active-matrix OLED (AMOLED) display.
  • the display is a plasma display.
  • the display is a video projector.
  • the display is a head- mounted display in communication with the digital processing device, such as a VR headset.
  • suitable VR headsets include, by way of non-limiting examples, HTC Vive, Oculus Rift, Samsung Gear VR, Microsoft HoloLens, Razer OSVR, FOVE VR, Zeiss VR One, Avegant Glyph, Freefly VR headset, and the like.
  • the display is a combination of devices such as those disclosed herein.
  • the digital processing device includes an input device to receive information from a user.
  • the input device is a keyboard.
  • the input device is a pointing device including, by way of non-limiting examples, a mouse, trackball, track pad, joystick, game controller, or stylus.
  • the input device is a touch screen or a multi-touch screen.
  • the input device is a microphone to capture voice or other sound input.
  • the input device is a video camera or other sensor to capture motion or visual input.
  • the input device is a Kinect, Leap Motion, or the like.
  • the input device is a combination of devices such as those disclosed herein.
  • a digital processing device 1101 is programmed or otherwise configured to grant authorization to control a vehicle.
  • the digital processing device 1101 includes a central processing unit (CPU, also "processor” and “computer processor” herein) 1105, which is optionally a single core, a multi core processor, or a plurality of processors for parallel processing.
  • CPU central processing unit
  • processor also "processor” and “computer processor” herein
  • the digital processing device 1101 also includes memory or memory location 1110 (e.g., random-access memory, read-only memory, flash memory), electronic storage unit 1115 (e.g., hard disk), communication interface 1120 (e.g., network adapter) for communicating with one or more other systems, and peripheral devices 1125, such as cache, other memory, data storage and/or electronic display adapters.
  • memory or memory location 1110 e.g., random-access memory, read-only memory, flash memory
  • electronic storage unit 1115 e.g., hard disk
  • communication interface 1120 e.g., network adapter
  • peripheral devices 1125 such as cache, other memory, data storage and/or electronic display adapters.
  • the memory 1110, storage unit 1115, interface 1120 and peripheral devices 1125 are in
  • the storage unit 1115 comprises a data storage unit (or data repository) for storing data.
  • the digital processing device 1101 is optionally operatively coupled to a computer network ("network") 1130 with the aid of the communication interface 1120.
  • the network 1130 in various cases, is the internet, an internet, and/or extranet, or an intranet and/or extranet that is in communication with the internet.
  • the network 1130 in some cases, is a telecommunication and/or data network.
  • the network 1130 optionally includes one or more computer servers, which enable distributed computing, such as cloud computing.
  • the network 1130 in some cases, with the aid of the device 1101, implements a peer-to-peer network, which enables devices coupled to the device 1101 to behave as a client or a server.
  • the CPU 1105 is configured to execute a sequence of machine-readable instructions, embodied in a program, application, and/or software.
  • the instructions are optionally stored in a memory location, such as the memory 1110.
  • the instructions are directed to the CPU 105, which subsequently program or otherwise configure the CPU 1105 to implement methods of the present disclosure. Examples of operations performed by the CPU 1105 include fetch, decode, execute, and write back.
  • the CPU 1105 is, in some cases, part of a circuit, such as an integrated circuit. One or more other components of the device 1101 are optionally included in the circuit. In some cases, the circuit is an application specific integrated circuit (ASIC) or a field programmable gate array (FPGA).
  • ASIC application specific integrated circuit
  • FPGA field programmable gate array
  • the storage unit 1115 optionally stores files, such as drivers, libraries and saved programs.
  • the storage unit 1115 optionally stores user data, e.g., user preferences and user programs.
  • the digital processing device 1101 optionally communicates with one or more remote computer systems through the network 1130.
  • the device 1101 optionally communicates with a remote computer system of a user.
  • remote computer systems include personal computers (e.g., portable PC), slate or tablet PCs (e.g., Apple ® iPad, Samsung ® Galaxy Tab, etc.), smartphones (e.g., Apple ® iPhone, Android-enabled device, Blackberry ® , etc.), or personal digital assistants.
  • Methods as described herein are optionally implemented by way of machine (e.g., computer processor) executable code stored on an electronic storage location of the digital processing device 101, such as, for example, on the memory 1110 or electronic storage unit 1115.
  • the machine executable or machine readable code is optionally provided in the form of software.
  • the code is executed by the processor 1105.
  • the code is retrieved from the storage unit 1115 and stored on the memory 1110 for ready access by the processor 1105.
  • the electronic storage unit 1115 is precluded, and machine- executable instructions are stored on the memory 1110.
  • Non-transitory computer readable storage medium
  • the platforms, systems, media, and methods disclosed herein include one or more non-transitory computer readable storage media encoded with a program including instructions executable by the operating system of an optionally networked digital processing device.
  • a computer readable storage medium is a tangible component of a digital processing device.
  • a computer readable storage medium is optionally removable from a digital processing device.
  • a computer readable storage medium includes, by way of non-limiting examples, CD-ROMs, DVDs, flash memory devices, solid state memory, magnetic disk drives, magnetic tape drives, optical disk drives, cloud computing systems and services, and the like.
  • the program and instructions are permanently, substantially permanently, semi-permanently, or non- transitorily encoded on the media.
  • the platforms, systems, media, and methods disclosed herein include at least one computer program, or use of the same.
  • a computer program includes a sequence of instructions, executable in the digital processing device's CPU, written to perform a specified task.
  • Computer readable instructions may be implemented as program modules, such as functions, objects, Application Programming Interfaces (APIs), data structures, and the like, that perform particular tasks or implement particular abstract data types.
  • APIs Application Programming Interfaces
  • a computer program may be written in various versions of various languages.
  • a computer program comprises one sequence of instructions. In some embodiments, a computer program comprises a plurality of sequences of instructions. In some embodiments, a computer program is provided from one location. In other embodiments, a computer program is provided from a plurality of locations. In various embodiments, a computer program includes one or more software modules. In various embodiments, a computer program includes, in part or in whole, one or more web applications, one or more mobile applications, one or more standalone applications, one or more web browser plug-ins, extensions, add-ins, or add-ons, or combinations thereof.
  • a computer program includes a web application.
  • a web application in various embodiments, utilizes one or more software frameworks and one or more database systems.
  • a web application is created upon a software framework such as Microsoft ® .NET or Ruby on Rails (RoR).
  • a web application utilizes one or more database systems including, by way of non-limiting examples, relational, non-relational, object oriented, associative, and XML database systems.
  • suitable relational database systems include, by way of non-limiting examples, Microsoft ® SQL Server, mySQLTM, and Oracle ® .
  • a web application in various embodiments, is written in one or more versions of one or more languages.
  • a web application may be written in one or more markup languages, presentation definition languages, client-side scripting languages, server-side coding languages, database query languages, or combinations thereof.
  • a web application is written to some extent in a markup language such as Hypertext Markup Language (HTML), Extensible Hypertext Markup Language (XHTML), or extensible Markup Language (XML).
  • a web application is written to some extent in a presentation definition language such as Cascading Style Sheets (CSS).
  • CSS Cascading Style Sheets
  • a web application is written to some extent in a client-side scripting language such as Asynchronous Javascript and XML (AJAX), Flash ® Actionscript, Javascript, or Silverlight ® .
  • AJAX Asynchronous Javascript and XML
  • Flash ® Actionscript Javascript
  • Javascript or Silverlight ®
  • a web application is written to some extent in a server-side coding language such as Active Server Pages (ASP), ColdFusion ® , Perl, JavaTM, JavaServer Pages (JSP), Hypertext Preprocessor (PHP), PythonTM, Ruby, Tel, Smalltalk, WebDNA ® , or Groovy.
  • a web application is written to some extent in a database query language such as Structured Query Language (SQL).
  • SQL Structured Query Language
  • a web application integrates enterprise server products such as IBM ® Lotus Domino ® .
  • a web application includes a media player element.
  • a media player element utilizes one or more of many suitable multimedia technologies including, by way of non-limiting examples, Adobe ® Flash ® , HTML 5, Apple ® QuickTime ® , Microsoft ® Silverlight ® , JavaTM, and Unity ® .
  • an application provision system comprises one or more databases 1200 accessed by a relational database management system (RDBMS) 1210. Suitable RDBMSs include Firebird, MySQL, PostgreSQL, SQLite, Oracle Database, Microsoft SQL Server, IBM DB2, IBM Informix, SAP Sybase, SAP Sybase, Teradata, and the like.
  • the application provision system further comprises one or more application severs 1220 (such as Java servers, .NET servers, PHP servers, and the like) and one or more web servers 1230 (such as Apache, IIS, GWS and the like).
  • the web server(s) optionally expose one or more web services via app application programming interfaces (APIs) 1240.
  • APIs app application programming interfaces
  • an application provision system alternatively has a distributed, cloud-based architecture 1300 and comprises elastically load balanced, auto-scaling web server resources 1310, and application server resources 1320 as well synchronously replicated databases 1330.
  • a computer program includes a mobile application provided to a mobile digital processing device.
  • the mobile application is provided to a mobile digital processing device at the time it is manufactured.
  • the mobile application is provided to a mobile digital processing device via the computer network described herein.
  • a mobile application is created by techniques known to those of skill in the art using hardware, languages, and development environments known to the art. Those of skill in the art will recognize that mobile applications are written in several languages. Suitable programming languages include, by way of non-limiting examples, C, C++, C#, Objective-C, JavaTM, Javascript, Pascal, Object Pascal, PythonTM, Ruby, VB.NET, WML, and XHTML/HTML with or without CSS, or combinations thereof.
  • Suitable mobile application development environments are available from several sources. Commercially available development environments include, by way of non-limiting examples, AirplaySDK, alcheMo, Appcelerator®, Celsius, Bedrock, Flash Lite, .NET Compact Framework, Rhomobile, and WorkLight Mobile Platform. Other development environments are available without cost including, by way of non-limiting examples, Lazarus, MobiFlex, MoSync, and Phonegap. Also, mobile device manufacturers distribute software developer kits including, by way of non-limiting examples, iPhone and iPad (iOS) SDK, AndroidTM SDK, BlackBerry® SDK, BREW SDK, Palm® OS SDK, Symbian SDK, webOS SDK, and Windows® Mobile SDK.
  • iOS iPhone and iPad
  • a computer program includes a standalone application, which is a program that is run as an independent computer process, not an add-on to an existing process, e.g., not a plug-in.
  • standalone applications are often compiled.
  • a compiler is a computer program(s) that transforms source code written in a programming language into binary object code such as assembly language or machine code. Suitable compiled programming languages include, by way of non-limiting examples, C, C++,
  • a computer program includes one or more executable complied applications.
  • the computer program includes a web browser plug-in (e.g., extension, etc.).
  • a plug-in is one or more software components that add specific functionality to a larger software application. Makers of software applications support plug-ins to enable third-party developers to create abilities which extend an application, to support easily adding new features, and to reduce the size of an application. When supported, plug-ins enables customizing the functionality of a software application. For example, plug-ins are commonly used in web browsers to play video, generate interactivity, scan for viruses, and display particular file types. Those of skill in the art will be familiar with several web browser plug-ins including, Adobe ® Flash ® Player, Microsoft ® Silverlight ® , and Apple ® QuickTime ® .
  • plug-in frameworks are available that enable development of plug-ins in various programming languages, including, by way of non-limiting examples, C++, Delphi, JavaTM, PHP, PythonTM, and VB .NET, or combinations thereof.
  • Web browsers are software applications, designed for use with network-connected digital processing devices, for retrieving, presenting, and traversing information resources on the World Wide Web. Suitable web browsers include, by way of non- limiting examples, Microsoft ® Internet Explorer ® , Mozilla ® Firefox ® , Google ® Chrome, Apple ® Safari ® , Opera Software ® Opera ® , and KDE Konqueror. In some embodiments, the web browser is a mobile web browser.
  • Mobile web browsers are designed for use on mobile digital processing devices including, by way of non-limiting examples, handheld computers, tablet computers, netbook computers, subnotebook computers, smartphones, music players, personal digital assistants (PDAs), and handheld video game systems.
  • Suitable mobile web browsers include, by way of non-limiting examples, Google ® Android ® browser, RFM BlackBerry ® Browser, Apple ® Safari ® , Palm ® Blazer, Palm ® WebOS ® Browser, Mozilla ® Firefox ® for mobile, Microsoft ® Internet Explorer ® Mobile, Amazon ® Kindle ® Basic Web, Nokia ® Browser, Opera Software ® Opera ® Mobile, and Sony ® PSPTM browser.
  • the platforms, systems, media, and methods disclosed herein include software, server, and/or database modules, or use of the same.
  • software modules are created by techniques known to those of skill in the art using machines, software, and languages known to the art.
  • the software modules disclosed herein are implemented in a multitude of ways.
  • a software module comprises a file, a section of code, a programming object, a programming structure, or combinations thereof.
  • a software module comprises a plurality of files, a plurality of sections of code, a plurality of programming objects, a plurality of programming structures, or combinations thereof.
  • the one or more software modules comprise, by way of non-limiting examples, a web application, a mobile application, and a standalone application.
  • software modules are in one computer program or application. In other embodiments, software modules are in more than one computer program or application. In some embodiments, software modules are hosted on one machine. In other embodiments, software modules are hosted on more than one machine. In further embodiments, software modules are hosted on cloud computing platforms. In some embodiments, software modules are hosted on one or more machines in one location. In other embodiments, software modules are hosted on one or more machines in more than one location.
  • the platforms, systems, media, and methods disclosed herein include one or more databases, or use of the same.
  • suitable databases include, by way of non-limiting examples, relational databases, non-relational databases, object oriented databases, object databases, entity- relationship model databases, associative databases, and XML databases. Further non-limiting examples include SQL, PostgreSQL, MySQL, Oracle, DB2, and Sybase.
  • a database is internet-based.
  • a database is web-based.
  • a database is cloud computing-based.
  • a database is based on one or more local computer storage devices.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Mechanical Engineering (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Selective Calling Equipment (AREA)
  • Lock And Its Accessories (AREA)

Abstract

La présente invention concerne des systèmes et des procédés basés sur un dispositif mobile et servant à accorder une autorisation pour commander un véhicule et pour permettre à un utilisateur d'ouvrir et de démarrer le véhicule au moyen d'un dispositif mobile qu'une grande majorité de propriétaires de véhicule ont actuellement avec eux, et qui permet à un utilisateur d'accorder un accès au véhicule à d'autres personnes sans transfert de dispositif physique. Certains modes de réalisation des systèmes basés sur un dispositif mobile sont capables de fonctionner lorsque le dispositif mobile a accès ou n'a pas accès à des données sans fil ou cellulaires.
PCT/IB2018/001213 2017-10-04 2018-10-03 Procédés et dispositifs de gestion d'accès à un véhicule WO2019069129A1 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US201762568242P 2017-10-04 2017-10-04
US62/568,242 2017-10-04

Publications (1)

Publication Number Publication Date
WO2019069129A1 true WO2019069129A1 (fr) 2019-04-11

Family

ID=65995019

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/IB2018/001213 WO2019069129A1 (fr) 2017-10-04 2018-10-03 Procédés et dispositifs de gestion d'accès à un véhicule

Country Status (1)

Country Link
WO (1) WO2019069129A1 (fr)

Cited By (14)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP3819878A1 (fr) 2019-11-06 2021-05-12 Axtuator Oy Technologie de verrouillage numérique mobile
US11017621B1 (en) 2019-11-06 2021-05-25 Axtuator OY Mobile digital locking technology
WO2021168037A1 (fr) * 2020-02-18 2021-08-26 Bae Systems Controls Inc. Dispositifs d'authentification sur un réseau de communication public
CN113459993A (zh) * 2020-03-30 2021-10-01 北京新能源汽车股份有限公司 车辆控制方法、车联网平台、终端及车辆控制设备
CN114205775A (zh) * 2020-09-17 2022-03-18 华为技术有限公司 一种车辆控制方法、移动终端、车载设备和网络设备
US11312207B1 (en) 2021-04-19 2022-04-26 Apple Inc. User interfaces for an electronic key
US11314395B2 (en) 2020-05-29 2022-04-26 Apple Inc. Sharing and using passes or accounts
US11414049B2 (en) 2020-09-08 2022-08-16 Ford Global Technologies, Llc Key delivery and connectivity management for phone-based keys
JP2022545130A (ja) * 2020-01-27 2022-10-25 アップル インコーポレイテッド モバイルキーの登録及び使用
US11526591B1 (en) 2021-06-06 2022-12-13 Apple Inc. Digital identification credential user interfaces
CN115734189A (zh) * 2022-10-31 2023-03-03 广州汽车集团股份有限公司 车辆的控制方法、装置、电子设备及存储介质
US11643048B2 (en) 2020-01-27 2023-05-09 Apple Inc. Mobile key enrollment and use
EP4246346A1 (fr) * 2022-03-18 2023-09-20 Bayerische Motoren Werke Aktiengesellschaft Procédés, programmes informatiques et appareils pour un dispositif intelligent, une plateforme administrative pour véhicules et un véhicule et pour lier un compte utilisateur à une clé numérique
US11950101B2 (en) 2020-04-13 2024-04-02 Apple Inc. Checkpoint identity verification using mobile identification credential

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8736438B1 (en) * 2012-08-15 2014-05-27 Google Inc. Computing device as a vehicle key
US8831224B2 (en) * 2012-09-14 2014-09-09 GM Global Technology Operations LLC Method and apparatus for secure pairing of mobile devices with vehicles using telematics system

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8736438B1 (en) * 2012-08-15 2014-05-27 Google Inc. Computing device as a vehicle key
US8831224B2 (en) * 2012-09-14 2014-09-09 GM Global Technology Operations LLC Method and apparatus for secure pairing of mobile devices with vehicles using telematics system

Cited By (26)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US11017621B1 (en) 2019-11-06 2021-05-25 Axtuator OY Mobile digital locking technology
EP3951727A1 (fr) 2019-11-06 2022-02-09 iLOQ Oy Technologie de verrouillage numérique mobile
EP3819878A1 (fr) 2019-11-06 2021-05-12 Axtuator Oy Technologie de verrouillage numérique mobile
JP2022545130A (ja) * 2020-01-27 2022-10-25 アップル インコーポレイテッド モバイルキーの登録及び使用
JP7317257B2 (ja) 2020-01-27 2023-07-28 アップル インコーポレイテッド モバイルキーの登録及び使用
JP2023101413A (ja) * 2020-01-27 2023-07-20 アップル インコーポレイテッド モバイルキーの登録及び使用
US11643048B2 (en) 2020-01-27 2023-05-09 Apple Inc. Mobile key enrollment and use
JP7236593B2 (ja) 2020-01-27 2023-03-09 アップル インコーポレイテッド モバイルキーの登録及び使用
US11303455B2 (en) 2020-02-18 2022-04-12 Bae Systems Controls Inc. Authenticating devices over a public communication network
WO2021168037A1 (fr) * 2020-02-18 2021-08-26 Bae Systems Controls Inc. Dispositifs d'authentification sur un réseau de communication public
CN113459993A (zh) * 2020-03-30 2021-10-01 北京新能源汽车股份有限公司 车辆控制方法、车联网平台、终端及车辆控制设备
US11950101B2 (en) 2020-04-13 2024-04-02 Apple Inc. Checkpoint identity verification using mobile identification credential
US11775151B2 (en) 2020-05-29 2023-10-03 Apple Inc. Sharing and using passes or accounts
US11526262B2 (en) 2020-05-29 2022-12-13 Apple Inc. Sharing and using passes or accounts
US11314395B2 (en) 2020-05-29 2022-04-26 Apple Inc. Sharing and using passes or accounts
US11853535B2 (en) 2020-05-29 2023-12-26 Apple Inc. Sharing and using passes or accounts
US11414049B2 (en) 2020-09-08 2022-08-16 Ford Global Technologies, Llc Key delivery and connectivity management for phone-based keys
CN114205775A (zh) * 2020-09-17 2022-03-18 华为技术有限公司 一种车辆控制方法、移动终端、车载设备和网络设备
EP4207835A4 (fr) * 2020-09-17 2023-11-01 Huawei Technologies Co., Ltd. Procédé de commande de véhicule, terminal mobile, dispositif embarqué et dispositif réseau
US11312207B1 (en) 2021-04-19 2022-04-26 Apple Inc. User interfaces for an electronic key
US11981181B2 (en) 2021-04-19 2024-05-14 Apple Inc. User interfaces for an electronic key
US11663309B2 (en) 2021-06-06 2023-05-30 Apple Inc. Digital identification credential user interfaces
US11526591B1 (en) 2021-06-06 2022-12-13 Apple Inc. Digital identification credential user interfaces
WO2023174568A1 (fr) * 2022-03-18 2023-09-21 Bayerische Motoren Werke Aktiengesellschaft Procédés, programmes informatiques et appareils pour un dispositif intelligent, une plateforme administrative pour véhicules et un véhicule, et pour lier un compte d'utilisateur à une clé numérique
EP4246346A1 (fr) * 2022-03-18 2023-09-20 Bayerische Motoren Werke Aktiengesellschaft Procédés, programmes informatiques et appareils pour un dispositif intelligent, une plateforme administrative pour véhicules et un véhicule et pour lier un compte utilisateur à une clé numérique
CN115734189A (zh) * 2022-10-31 2023-03-03 广州汽车集团股份有限公司 车辆的控制方法、装置、电子设备及存储介质

Similar Documents

Publication Publication Date Title
WO2019069129A1 (fr) Procédés et dispositifs de gestion d'accès à un véhicule
JP7018109B2 (ja) 機器の安全なプロビジョニングと管理
US11625460B1 (en) Security platform
US11424921B2 (en) Vehicle access systems and methods
US10270770B1 (en) Generic computing device attestation and enrollment
US9996679B2 (en) Methods and apparatus for device authentication and secure data exchange between a server application and a device
US9781098B2 (en) Generic server framework for device authentication and management and a generic framework for endpoint command dispatch
US9325683B2 (en) Mobile application management framework
US9660815B2 (en) Securing a computing device accessory
JP2019061672A (ja) 期限付セキュアアクセス
KR102540090B1 (ko) 전자 장치 및 그의 전자 키 관리 방법
CN111538961B (zh) 软件的激活方法、装置、设备和存储介质
WO2019004097A1 (fr) Système de maintenance, et procédé de maintenance
Das et al. A decentralized vehicle anti-theft system using Blockchain and smart contracts
US11356261B2 (en) Apparatus and methods for secure access to remote content
US9363266B2 (en) Secured electronic device
US10146916B2 (en) Tamper proof device capability store
US20230294638A1 (en) System for managing access to a vehicle by a service provider that is to provide a service associated with the vehicle
WO2016188231A1 (fr) Procédé et appareil de vérification
US20180019870A1 (en) Device to limit access to storage to authenticated actors only

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 18864001

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 18864001

Country of ref document: EP

Kind code of ref document: A1