US20190166494A1 - Secure telematics - Google Patents
Secure telematics Download PDFInfo
- Publication number
- US20190166494A1 US20190166494A1 US16/260,927 US201916260927A US2019166494A1 US 20190166494 A1 US20190166494 A1 US 20190166494A1 US 201916260927 A US201916260927 A US 201916260927A US 2019166494 A1 US2019166494 A1 US 2019166494A1
- Authority
- US
- United States
- Prior art keywords
- vehicle
- security controller
- communication device
- information
- proprietary
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Abandoned
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/06—Authentication
-
- B—PERFORMING OPERATIONS; TRANSPORTING
- B60—VEHICLES IN GENERAL
- B60R—VEHICLES, VEHICLE FITTINGS, OR VEHICLE PARTS, NOT OTHERWISE PROVIDED FOR
- B60R25/00—Fittings or systems for preventing or indicating unauthorised use or theft of vehicles
- B60R25/01—Fittings or systems for preventing or indicating unauthorised use or theft of vehicles operating on vehicle systems or fittings, e.g. on doors, seats or windscreens
-
- B—PERFORMING OPERATIONS; TRANSPORTING
- B60—VEHICLES IN GENERAL
- B60R—VEHICLES, VEHICLE FITTINGS, OR VEHICLE PARTS, NOT OTHERWISE PROVIDED FOR
- B60R25/00—Fittings or systems for preventing or indicating unauthorised use or theft of vehicles
- B60R25/01—Fittings or systems for preventing or indicating unauthorised use or theft of vehicles operating on vehicle systems or fittings, e.g. on doors, seats or windscreens
- B60R25/04—Fittings or systems for preventing or indicating unauthorised use or theft of vehicles operating on vehicle systems or fittings, e.g. on doors, seats or windscreens operating on the propulsion system, e.g. engine or drive motor
-
- B—PERFORMING OPERATIONS; TRANSPORTING
- B60—VEHICLES IN GENERAL
- B60R—VEHICLES, VEHICLE FITTINGS, OR VEHICLE PARTS, NOT OTHERWISE PROVIDED FOR
- B60R25/00—Fittings or systems for preventing or indicating unauthorised use or theft of vehicles
- B60R25/10—Fittings or systems for preventing or indicating unauthorised use or theft of vehicles actuating a signalling device
- B60R25/1001—Alarm systems associated with another car fitting or mechanism, e.g. door lock or knob, pedals
-
- B—PERFORMING OPERATIONS; TRANSPORTING
- B60—VEHICLES IN GENERAL
- B60R—VEHICLES, VEHICLE FITTINGS, OR VEHICLE PARTS, NOT OTHERWISE PROVIDED FOR
- B60R25/00—Fittings or systems for preventing or indicating unauthorised use or theft of vehicles
- B60R25/20—Means to switch the anti-theft system on or off
-
- B—PERFORMING OPERATIONS; TRANSPORTING
- B60—VEHICLES IN GENERAL
- B60R—VEHICLES, VEHICLE FITTINGS, OR VEHICLE PARTS, NOT OTHERWISE PROVIDED FOR
- B60R25/00—Fittings or systems for preventing or indicating unauthorised use or theft of vehicles
- B60R25/20—Means to switch the anti-theft system on or off
- B60R25/209—Remote starting of engine
-
- B—PERFORMING OPERATIONS; TRANSPORTING
- B60—VEHICLES IN GENERAL
- B60R—VEHICLES, VEHICLE FITTINGS, OR VEHICLE PARTS, NOT OTHERWISE PROVIDED FOR
- B60R25/00—Fittings or systems for preventing or indicating unauthorised use or theft of vehicles
- B60R25/20—Means to switch the anti-theft system on or off
- B60R25/24—Means to switch the anti-theft system on or off using electronic identifiers containing a code not memorised by the user
- B60R25/241—Means to switch the anti-theft system on or off using electronic identifiers containing a code not memorised by the user whereby access privileges are related to the identifiers
-
- B—PERFORMING OPERATIONS; TRANSPORTING
- B60—VEHICLES IN GENERAL
- B60R—VEHICLES, VEHICLE FITTINGS, OR VEHICLE PARTS, NOT OTHERWISE PROVIDED FOR
- B60R25/00—Fittings or systems for preventing or indicating unauthorised use or theft of vehicles
- B60R25/20—Means to switch the anti-theft system on or off
- B60R25/25—Means to switch the anti-theft system on or off using biometry
-
- B—PERFORMING OPERATIONS; TRANSPORTING
- B60—VEHICLES IN GENERAL
- B60R—VEHICLES, VEHICLE FITTINGS, OR VEHICLE PARTS, NOT OTHERWISE PROVIDED FOR
- B60R25/00—Fittings or systems for preventing or indicating unauthorised use or theft of vehicles
- B60R25/20—Means to switch the anti-theft system on or off
- B60R25/25—Means to switch the anti-theft system on or off using biometry
- B60R25/252—Fingerprint recognition
-
- B—PERFORMING OPERATIONS; TRANSPORTING
- B60—VEHICLES IN GENERAL
- B60R—VEHICLES, VEHICLE FITTINGS, OR VEHICLE PARTS, NOT OTHERWISE PROVIDED FOR
- B60R25/00—Fittings or systems for preventing or indicating unauthorised use or theft of vehicles
- B60R25/20—Means to switch the anti-theft system on or off
- B60R25/25—Means to switch the anti-theft system on or off using biometry
- B60R25/255—Eye recognition
-
- B—PERFORMING OPERATIONS; TRANSPORTING
- B60—VEHICLES IN GENERAL
- B60R—VEHICLES, VEHICLE FITTINGS, OR VEHICLE PARTS, NOT OTHERWISE PROVIDED FOR
- B60R25/00—Fittings or systems for preventing or indicating unauthorised use or theft of vehicles
- B60R25/20—Means to switch the anti-theft system on or off
- B60R25/25—Means to switch the anti-theft system on or off using biometry
- B60R25/257—Voice recognition
-
- B—PERFORMING OPERATIONS; TRANSPORTING
- B60—VEHICLES IN GENERAL
- B60R—VEHICLES, VEHICLE FITTINGS, OR VEHICLE PARTS, NOT OTHERWISE PROVIDED FOR
- B60R25/00—Fittings or systems for preventing or indicating unauthorised use or theft of vehicles
- B60R25/30—Detection related to theft or to other events relevant to anti-theft systems
- B60R25/33—Detection related to theft or to other events relevant to anti-theft systems of global position, e.g. by providing GPS coordinates
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
- G06F21/6236—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database between heterogeneous systems
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0823—Network architectures or network communication protocols for network security for authentication of entities using certificates
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0861—Network architectures or network communication protocols for network security for authentication of entities using biometrical features, e.g. fingerprint, retina-scan
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
- H04L63/102—Entity profiles
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3263—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/06—Authentication
- H04W12/068—Authentication using credential vaults, e.g. password manager applications or one time password [OTP] applications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/06—Authentication
- H04W12/069—Authentication using certificates or pre-shared keys
-
- B—PERFORMING OPERATIONS; TRANSPORTING
- B60—VEHICLES IN GENERAL
- B60R—VEHICLES, VEHICLE FITTINGS, OR VEHICLE PARTS, NOT OTHERWISE PROVIDED FOR
- B60R2325/00—Indexing scheme relating to vehicle anti-theft devices
- B60R2325/10—Communication protocols, communication systems of vehicle anti-theft devices
-
- B—PERFORMING OPERATIONS; TRANSPORTING
- B60—VEHICLES IN GENERAL
- B60R—VEHICLES, VEHICLE FITTINGS, OR VEHICLE PARTS, NOT OTHERWISE PROVIDED FOR
- B60R2325/00—Indexing scheme relating to vehicle anti-theft devices
- B60R2325/10—Communication protocols, communication systems of vehicle anti-theft devices
- B60R2325/101—Bluetooth
-
- B—PERFORMING OPERATIONS; TRANSPORTING
- B60—VEHICLES IN GENERAL
- B60R—VEHICLES, VEHICLE FITTINGS, OR VEHICLE PARTS, NOT OTHERWISE PROVIDED FOR
- B60R2325/00—Indexing scheme relating to vehicle anti-theft devices
- B60R2325/20—Communication devices for vehicle anti-theft devices
- B60R2325/202—Personal digital assistant [PDA]
-
- B—PERFORMING OPERATIONS; TRANSPORTING
- B60—VEHICLES IN GENERAL
- B60R—VEHICLES, VEHICLE FITTINGS, OR VEHICLE PARTS, NOT OTHERWISE PROVIDED FOR
- B60R2325/00—Indexing scheme relating to vehicle anti-theft devices
- B60R2325/20—Communication devices for vehicle anti-theft devices
- B60R2325/205—Mobile phones
-
- G—PHYSICS
- G07—CHECKING-DEVICES
- G07C—TIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
- G07C5/00—Registering or indicating the working of vehicles
- G07C5/008—Registering or indicating the working of vehicles communicating information to a remotely located station
-
- G—PHYSICS
- G07—CHECKING-DEVICES
- G07C—TIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
- G07C5/00—Registering or indicating the working of vehicles
- G07C5/08—Registering or indicating performance data other than driving, working, idle, or waiting time, with or without registering driving, working, idle or waiting time
- G07C5/0841—Registering performance data
- G07C5/085—Registering performance data using electronic data carriers
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2209/00—Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
- H04L2209/80—Wireless
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2209/00—Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
- H04L2209/84—Vehicles
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2463/00—Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00
- H04L2463/082—Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00 applying multi-factor authentication
Definitions
- the present invention relates to telematics and in particular to securing communications involving uses of proprietary resources in a vehicle.
- the vehicle is able to communicate wirelessly with remote systems in order to serve or facilitate a number of objectives including related to safety, navigation, information gathering, entertainment and education. Communications in and with the vehicle typically involve a cellular phone or other communication source/device that is able to send and receive communications from outside the vehicle.
- Vehicle communications can require a number of systems and devices that can include hardware and/or software resident in the vehicle. These can be proprietary to certain entities, such as owners or lessees. There is great reluctance on the part of vehicle makers and others to allowing use of proprietary systems by third parties. In the context of the car manufacturer, it may have numerous proprietary rights in vehicle interfaces, storage memories, vehicle buses, and vehicle devices. There are concerns with the safety and integrity of such systems if third parties were allowed unauthorized or uncontrolled access. There must also be sufficient economic and financial reasons to permit access and use by third parties. Consequently, it is important not only to provide a physical infrastructure that facilitates communications involving the vehicle, but also economic incentives and acceptable returns on investment.
- Unleashing the potential of telematics requires cooperation among various entities, including car makers, manufacturers of communication devices including cellular telephones, developers of applications and communication service providers.
- One or more of these entities has proprietary technologies or interests that must be taken into account and safeguarded.
- handset manufacturers interface to the handset and vehicle manufacturers interface to vehicle devices.
- telematics development will be inhibited.
- vehicles themselves are complex systems where reliability is critical for human safety. Any modifications to the tested and deployed vehicle systems introduces new risk.
- proprietary systems can be rendered secure and shared by the various entities, the issue of security is no longer a draw-back and overall costs associated with vehicle communications can be reduced.
- a rich set of applications can be developed once acceptable access to proprietary systems in the vehicle are made available.
- the interests of the end user can include in at least certain applications protection of the user's privacy. Privacy of the end user might be safeguarded when utilizing resources in the vehicle to conduct financial transactions. In addition to appropriate security and/or privacy protection, it would also be appropriate to establish relationships among the various parties that provide incentive for providing open access to resources associated with vehicles including acceptable remuneration.
- system and method are provided for utilizing resources, including proprietary resources in a vehicle.
- utilization requires establishing relationships between and/or among entities having interests, proprietary and otherwise, in resources that are found in the vehicle or can be located in the vehicle.
- Establishment of relationships includes defining compensation provisions between or among various entities, together with approving resources to be used with proprietary and/or non-proprietary resources found in the vehicle and ensuring that only approved resources are used.
- the proprietary resources can include one or more of the following: vehicle buses, vehicle devices, interfaces, subsystems, storage memory in the vehicle, applications executed in the vehicle, connectivity hardware/software and communication devices.
- Digital buses in the vehicle might include: MOST, IDB 1394, TTP, CAN, FlexRay, LIN, SAE J1939, SAE J1708/1587, SAE J1850, ISO9141, as well as a common bus to which numerous proprietary and non-proprietary resources communicate.
- the common bus can be based on one or more of the above-noted bus technologies.
- the common bus could also be implemented using wireless technologies.
- Proprietary subsystems and/or vehicle devices might include various electronic control units (ECUs) a navigational global positioning system (GPS), an inflator subsystem or device, a personal digital assistant (PDA), a laptop computer, a vehicle monitoring system (VMS) and an accident and emergency notification alarm (AENA).
- Interfaces might include numerous and diverse application programming interfaces (APIs).
- Communication subsystems might include portable or cellular telephones and subsystems that communicate with wireless technology networks using licensed and unlicensed communication channels.
- Proprietary and/or non-proprietary applications might include applications related to entertainment delivered to the vehicle, data gathering from the vehicle, educational information supplied to the vehicle, information sent to the vehicle for use by one or more subsystems and/or vehicle devices in the vehicle. Such applications can be in a variety of fields or areas including related to security services, multi-user services, vehicle-to-vehicle communication services, geographical services, regulatory services, communication services and commerce services.
- the entities with whom relationships can be built based on mutually acceptable conditions include the vehicle makers as the primary entity and other entities including application developers/providers, governmental entities, communication, financial, business and consumer service providers, providers of products and proprietary subsystems and/or device suppliers, as well as vehicle owners/users.
- the conditions under which two or more of these entities are to cooperate can be based on one or more fixed payments, use payments to be made by at least one entity to at least another entity, geographic requirements, resource usage limitations, and remedies for non-compliance.
- a key factor related to establishing the necessary relationships includes certifying resources for use with each other, while taking into account the safety of those involved with such resources and the security of the resources.
- At least some of the entities can be members of a federation that is implemented by a federated security architecture in which member entities accept security requirements and protocols as part of interacting with each other.
- the resources of the system include one or more communication subsystems that enable wireless communications relative to the vehicle. These communication subsystems might include cellular telephones together with their associated interfaces, and other apparatuses for enabling communications with one or more appropriate wireless technologies, such as a wireless LAN (Local Area Network).
- the system can also include a vehicle gateway that allows access to information obtained from vehicle devices that are connected to vehicle buses. In a preferred embodiment, the vehicle gateway communicates with the common bus to which a number of proprietary and/or non-proprietary resources can also communicate.
- the system also includes a security controller that is connected to the common bus.
- the security controller can act as a hub through which all information passes in connection with achieving desired security, especially controlling usage of resources by more than one entity.
- the security controller is involved with security authentication of entities and/or resources, facilitates secure channel establishment between or among entities and/or resources and provides bus and bandwidth arbitration services.
- the security controller essentially acts as a switch in the system and can act as a proxy for other resources or services. All traffic between or among entities and/or resources is routed by or initiation is mediated by the security controller. After a secure session has been established, the security controller need only be involved as necessary to monitor traffic. Monitoring can relate to verifying that the traffic conforms to the predetermined profile, for example, of one or more particular applications.
- the security controller is not integrated into the common bus as a hub or switch, but communicates with the common bus and monitors activities related to security in order to effect its control in connection with assuring that conditions associated with the established relationships are met.
- the system further includes a number of interface modules for which the security controller could provide authentication services.
- interface modules for which the security controller could provide authentication services.
- These can be identified as a communication services module, a human/machine interface services module and vehicle services module.
- the communication services module protects and arbitrates access to resources related to communication.
- the human interface services module arbitrates access to resources related to display and operator intervention or involvement.
- the vehicle services module controls access to vehicle gateway services including assistance related to accessing information obtained from vehicle devices that are connected to one or more vehicle buses.
- these interface modules may be incorporated in the security controller.
- entities accept conditions that establish their relationships.
- the conditions can be the same for three or more entities or they can be different.
- establishing relationships might involve a vehicle maker and an application owner or another having a proprietary interest in an application that is used or is executable with a proprietary vehicle device.
- Another relationship might be established between this same car maker and a proprietary subsystems supplier, such as an after market vehicle device or an add-on vehicle device.
- the conditions accepted by the car maker and subsystem supplier may be different from those that establish the relationship between the car maker and the application developer or other application providing entity.
- such an application entity might establish a relationship with the subsystem supplier that includes conditions that are the same or different from those that establish the relationship between the car maker and the subsystem supplier.
- the establishment of relationships can also involve empowering a certificate authority, who can issue assertions, credentials or certificates that are to be used by the system.
- the certificate authority is fundamentally responsible for issuing certificates in a secure manner to approved resources for use in the vehicle.
- resources may be proprietary or non-proprietary.
- These resources can include applications that utilize other resources.
- a certificate authority can be one of the entities that is included in the group that establishes relationships, such as a vehicle maker, or the certificate authority could be an independent third party.
- There can be more than one certificate authority and a certificate authority could reside with the vehicle that issues credentials to resources within the vehicular security domain.
- the security controller itself could act as a certificate authority and issue certificates to vehicle subsystems or other vehicle resources.
- the certificate authority could also be involved with certifying one or more entities themselves.
- the certification process has the certificate authority being initialized with one or more signature keys associated with supporting desired security.
- the certificate authority could create a public key and a private key pair.
- the public key is delivered to the security controller and can be used to verify or authenticate one or more certificate signatures that are submitted to it.
- the certificate authority could also issue keys to an application developer that allows one or more applications to make certificate requests.
- the certificate authority could create at least a certificate request private key that it sends to the application developer.
- the application developer uses that private key to generate an application certificate request that is sent to the certificate authority.
- the certificate authority determines whether or not to grant the certificate request. In connection with that determination, certain procedures can be implemented. These procedures can be implemented by the certificate authority or, alternatively, another entity such as an application verification authority.
- Such an authority can perform steps related to auditing the application developer's security practices and testing the application in a number of system environments for behavioral and safety considerations.
- the certificate authority can issue the certificate.
- the certificate can include certain properties and/or rights, such as: a unique identifier for the certificate owner, a priority level assigned to the application, duration of the certificate, geographic or other location where the certificate is deemed valid, the identification or description of other resources and/or entities with which the application must communicate to function properly, and APIs that the application is allowed to use.
- the certification process may also be associated with other aspects of the relationships that have been established, such as being correlated with compensation affinity credits or royalties that might be paid as part of one or more conditions accepted by the involved entities.
- a certificate may also be revoked for an application that has been compromised.
- the security controller is provided with revocation information so that during its authentication process it can determine whether or not the certificate for a particular application has been revoked.
- the security controller can monitor the access sought by such an application.
- the application can work with one or more resources in the vehicle based on the properties and/or rights set out in the certificate.
- the application can take many forms in numerous and diverse fields for a large number of uses or functions.
- the present invention expands telematics usage in a vehicle by providing architecture and methodology so that desired incentives and security are met. Development of numerous and diverse applications for vehicle communications are encouraged and supported. Vehicle resource usage can be enhanced by the framework of the present invention. Passenger safety and convenience are fostered by facilitating more and different ways to communicate with the vehicle and its passengers. Sharing of resources should lead to more services for the vehicle user and concomitant reductions in cost. More specifically, the present invention protects the integrity of vehicle resources. Privacy of user and vehicle information is benefitted. Telematics applications are able to more safely access and utilize resources in the vehicle. Standards and procedures are provided related to achieving desired security at the application level.
- FIG. 1 is a block diagram of an embodiment of the system of the present invention in which the security controller acts as a central hub or switch;
- FIG. 2 is a block diagram of another embodiment of the system in which the security controller implements security functions for the system but is not a central hub or switch;
- FIG. 3 is a diagram that illustrates steps and communications for authorizing/authenticating use of a target service by an origin application
- FIG. 4 is a diagram that illustrates steps and communications for securely purchasing a product (e.g., quick food purchase application) in a federated security framework;
- a product e.g., quick food purchase application
- FIG. 5 is a diagram that illustrates steps and communications for securely making a toll payment in a federated security framework
- FIG. 6 is a diagram that illustrates steps and communications for securely making a transportation payment in a federated security framework
- FIG. 7 is a diagram that illustrates steps and communications for securely obtaining vehicle location access information in a federated security framework.
- FIG. 8 is a diagram that illustrates steps and communications for securely allowing access to a vehicle bus by a consumer device in a federated security framework.
- a telematics secure system 20 is illustrated that can be located with a vehicle.
- the system 20 includes apparatuses or subsystems for providing communications to and from the vehicle. Although one or more of a number of apparatuses could be employed including an embedded cellular transceiver and later developed apparatuses, certain apparatuses are noted.
- a cellular phone 24 can be held in the vehicle for transmitting/receiving digital and/or analog information, such as voice and digital commands and digital data.
- the cellular phone 24 permits wireless communications outside the vehicle including to/from remote sources that wish to communicate with vehicle resources.
- the cellular phone 24 can be physically held and electronically adapted to vehicle communication paths using a docking/interfaces subsystem 28 .
- This subsystem 28 facilitates communications for the vehicle user (driver and/or passenger), particularly where the cellular phone 24 is being operated in a hands-free mode.
- the docking/interfaces subsystem 28 can be one or more different apparatuses that are compatible with the particular cellular phone 24 that is selected and utilized. Implementations of certain docking/interfaces subsystems are disclosed in patents assigned to the same assignee as the owner of the present application including U.S. Pat. No. 5,333,177 issued Jul. 26, 1994; U.S. Pat. No. 5,535,274 issued Jul. 9, 1996; U.S. Pat. No. 6,377,825 issued Apr. 23, 2002; and U.S. Pat. No. 6,341,218 issued Jan. 22, 2002.
- the docking/interfaces subsystem 28 communicates or is associated with a communication services module 32 .
- the module 32 can be software comprised of executable program code that protects and arbitrates access to communication resources in or involved with the vehicle. Fundamental functions that can be associated with the communications services module 32 include: supporting communication paths to the Internet for other resources associated with the vehicle; contributing to secure communications on one or more buses found in the vehicle; outputting fault notifications; monitoring and logging usage of communications-related resources; enforcing usage rules for communication resources and managing tools involved with security control, including authentication and authorization related to usage of links and/or resources associated with the vehicle.
- the communications services module 32 could also be used to support automatic or intelligent selection of communication links, as described in U.S. Pat. No. 6,122,514 issued Sep.
- wireless communication subsystems that can be included with the vehicle include a wireless LAN 36 and a wireless PAN 38 .
- the wireless LAN 36 and wireless PAN 38 subsystems can communicate with a compatible interface (e.g. docking/interfaces 28 ) for providing transmissions to the vehicle and sending transmissions from the vehicle, which are properly arbitrated and protected using the communication services module 32 .
- the system 20 can include human interface 40 to permit operator or human interaction or control and can also provide information to the vehicle user by means of visual displays and/or audio outputs.
- the human interface 40 may have a number of input/output mechanisms or devices. These can include a tactile and/or biometric input subsystem(s) 44 that are implemented using appropriate technologies for receiving certain sensory inputs, such as those produced by touch or contact.
- the tactile devices can include programmable input elements, such as buttons, switches, touch points/screens, that enable the user to input desired control information or to modify existing settings. Inputs related to visual or scanned information can also be supplied using one or more of these subsystems 44 .
- One or more voice/audio inputs or subsystems 48 can also be part of the human interface 40 .
- the audio outputs from such subsystem(s) 48 can be provided for any number of purposes, including entertainment, education, pre-recorded voice prompts, and other information desirable objectives, including providing responses and directions (text-to-speech outputs) based on voice inputs.
- One or more displays 52 can be part of the human interface 40 . The display or one of the displays 52 can be for navigation purposes to present location-related information. The display or displays 52 can also be used to depict requested vehicle device information.
- the media input 56 can include one or more subsystems that enable desired media to be seen and/or heard within the vehicle, such as a hard disk as a storage medium, DVD and CD-ROM machines and a map database.
- the human interface 40 is part of the vehicle and has one or more components and/or subsystems that are proprietary to the vehicle maker.
- the human interface 40 has a human/machine interface services module 64 that is similar in many respects to the communication services module 32 .
- the human/machine interface services module 64 functions to support secure communications on one or more of the vehicle buses, provides fault notification related to the human interface 40 , can monitor and log resource usage associated with operator subsystems and components, polices usage rules associated with the human interface 40 and can also be involved with overseeing and managing tools involved with verifying proper usage of component/subsystems of the human interface 40 .
- the subsystems can be provided as part of the original vehicle equipment or included later as vehicle add-ons. They can be proprietary or non-proprietary resources. Proprietary interest(s) in such subsystems can reside in the vehicle makers themselves or in other parties having authorized access to the vehicle.
- the subsystems can include a global positioning system (GPS) 70 that provides geographic or locational information associated with the vehicle, one or more computers 74 , and storage memory 76 .
- GPS global positioning system
- the computer or computers 74 can be portable and removable from the vehicle or embedded with the vehicle for use by vehicle passengers.
- the computer(s) 74 can include a personal digital assistant (PDA) a laptop or any other intelligent and/or processing unit.
- PDA personal digital assistant
- the computer(s) 74 can be used to send and receive communications relative to the other resources of the system 20 , as well as communications externally of the vehicle.
- the storage memory 76 can contain proprietary data and/or program code that involves use of other resources located within and/or outside of the vehicle.
- the storage memory 76 can also encompass one or more hard disks and/or removable memory, such as CD-ROMs.
- the subsystems can also include an assertion repository 78 which functions to store and retrieve signed or unsigned information that may be generated by devices 88 within the vehicle or may be generated by entities involved with or supporting security measures within the vehicle or any other authorized third party.
- Such information can comprise assertions that include information or statements related to characteristics associated with an entity involved with the communication, transaction and/or other activity being conducted, or sought to be conducted, using one or more vehicle resources.
- the content of the assertion can be varied in other ways to provide enough information to grant desired access and/or use, while preserving privacy of one or more users or involved parties.
- rights, obligations and/or abilities associated with the communication, transaction and/or other can be defined or described.
- the assertion repository 78 may include a policy decision engine 82 and a database 90 .
- the policy decision engine 82 is responsible for deciding which information of a plurality of stored information is to be released to a particular request.
- the factors that might be relied upon by the decision engine 82 in making its determinations can include the identity of the requester, the information being requested and the existence of an appropriate user's consent.
- One or more decisions may also be based on information or results from communications with third parties. Third parties may also be utilized to obtain additional information for release.
- the decision engine 82 can also be configured to handle requests to store additional information in the database 90 and make decisions on whether or not to accept such additional information.
- the signed or unsigned information can be applicable to granting or denying authorization to use a particular service or product provider, i.e.
- the database 90 can store any number of signed or unsigned assertions related to allowing access in connection with obtaining a particular service or product, or information. These assertions are available for request by the policy decision engine 82 , and the database 90 is configured to release this information only to or with the authorization of the decision engine 82 .
- the database can be implemented using any number of data storage techniques such as relational and/or object databases and including LDAP, XML, and SQL. Appropriate applications for the assertion repository 78 will be described later herein in the context of discussions about uses of the secure telematics system 20 .
- Additional resources found in the vehicle can include a vehicle gateway 80 .
- the vehicle gateway 80 conventionally communicates with one or more vehicle buses 84 to which one or more vehicle devices 88 are connected or communicate with using electronic control units (ECUs) 86 .
- ECUs electronice control units
- Each ECU 86 interfaces one or more of the digital buses 84 with a particular vehicle device 88 and each such ECU can be individually designated as 86 a, 86 b, 86 c . . .
- the ECU 86 can include one more of a number of different control subsystems such as a body control, a chassis control, an engine control, a transmission control and a telematics control.
- the body control typically controls all interior equipment such as seats, HVAC, instrument cluster, power windows, power doors and other vehicle devices.
- the vehicle devices 88 can be separately identified as 88 a, 88 b, 88 c . . .
- the vehicle buses 84 can be one or more digital buses and can include known buses identified as MOST, IDB 1394, TTP, CAN, FlexRay, LIN, SAE J1708/1587, SAE J1939, SAE J1850, ISO9141.
- the vehicle devices 88 can include an engine monitor, an engine temperature sensor, a pressure sensor, an inflator system for activating air bags and/or vehicular tension-producing devices (e.g., for tensioning seat belts).
- the vehicle gateway 80 controls access to and use of the vehicle buses 84 .
- commands can be sent on one or more buses 84 to one or more selected devices 88 that are connected to the particular bus or buses 84 .
- the vehicle gateway 80 can also have wireless communication interfaces, as well as directly receive remote wireless input(s) by means of an antenna or the like. Such input(s) could be used to supply control signals to vehicle devices 88 including those used in supporting the locking/unlocking of vehicle doors and remote vehicle engine starting.
- vehicle services module 92 In communication with the vehicle gateway 80 is a vehicle services module 92 . Similar to the communication services module 32 and the human/machine interface services module 64 , communications relative to the vehicle gateway 80 pass through the vehicle services module 92 in order to control access to vehicle gateway controlled vehicle buses 84 and vehicle devices 88 .
- the functions of the vehicle services module 92 include supporting secure communications on one or more vehicle or telematics buses 84 , contributing to the enablement of intra-vehicle wireless communications (e.g.
- PAN such as Bluetooth
- PAN personal area network
- arbitrating vehicle bus access for outgoing requests providing fault notification related to vehicle gateway operations, monitoring and logging usage of the vehicle gateway 80 , vehicle buses 84 and/or vehicle devices 88 , enforcing rules related to uses of such resources that communicate with the vehicle gateway 80 , and managing tools related to providing security, such as access keys and certificates approving access.
- the system 20 preferably includes a common bus 96 with which a number of, if not all, communicable resources in the vehicle communicate.
- the common bus 96 can link these resources to a security controller 100 , which acts as a hub or switch through which communications pass relative to the communicable resources.
- a security controller 100 which acts as a hub or switch through which communications pass relative to the communicable resources.
- the common bus 96 can be based on one of a number of available bus technologies including those that provide or implement the vehicle or digital buses 84 .
- the common bus 96 could also be implemented using wireless technologies.
- the common bus 96 can be defined to include a physical layer and a logical layer.
- the physical communication layer of the common bus 96 connects the different resources of the system 20 together. Vehicle manufacturers would typically control the characteristics of such buses.
- the common bus 96 should have at least the following capabilities: sufficient bandwidth to support applications, an open architecture, standardized features, be widely supported, be multiported and have peer-to-peer functionality available.
- the logical layer provides the manner by which resources on the common bus 96 communicate with each other.
- the logical layer is configured so that different resources from different manufacturers can be properly linked to and communicate with the bus.
- the logical layer can be comprised of several different protocols to enable communication between or among devices, services and application program interfaces (APIs) that facilitate requests for certain services.
- APIs application program interfaces
- APIs may be defined include: the security controller 100 to establish secure connections between resources or between a resource and a hub; a communication services API enabling Internet and wireless communications for resources on the common bus 96 ; a vehicle gateway services API enabling status retrieval and control services for the vehicle; an API for the GPS 70 to enable transmissions of position information; a display API for displaying information using the operator unit 40 ; registration related APIs to register resource capabilities; and broadcast related APIs for general dispersal of information.
- Some APIs are already available, for example, AMI-C (Automotive Multi-Media Interface Collaboration) has a defined set of protocols for communication with the vehicle gateway 80 . Security protocols associated with the system 20 are to be compatible with AMI-C, as well as other existing protocols.
- Vehicle communications may be classified from those that entail essentially no risk to those having high risks, with different risk levels in between, such as low risk and medium risk.
- the degree of risk can be based on a number of factors including sensitivity of information, privacy of information, and extent of detrimental effects that can occur when there is an unauthorized communication.
- a risk can be assessed based on key factors that include the resource or resources involved with the sending function and the resource or resources involved with the receiving function.
- a key risk factor relates to the particular application involved with a transmission.
- Applications can include changing configurations of vehicle devices or equipment; displaying vehicle status, upgrading firmware in the vehicle, conducting vehicle diagnostics, downloading one or more applications, downloading media information, downloading advertising, obtaining position information and updating or checking security assertions.
- the security controller 100 can include one or more secure processors and a GPS receiver that is embedded or integral with the secure processor. This combination can effect appropriate secure operations, especially when it is desired to accurately associate GPS information with one or more particular security controller operations.
- the security controller 100 is configured in the system 20 as a central hub or switch through which all traffic involving resources passes. After a secure session has been established, the security controller 100 need only be involved as necessary to monitor data or other information including one or more applications.
- the security controller 100 can be implemented as a single chip. Representative responsibilities and functions of the security controller 100 are:
- the security controller 100 may be involved with storing a number of log-ins and can acquire authentication information in connection with conducting the log-ins.
- the security controller 100 may trust an authentication service, entity or other resource that can maintain a set of credentials for each log-in and inform the security controller 100 regarding the identity of each log-in.
- the security controller 100 manages identities.
- the log-in might be performed when the ignition of the vehicle is activated and the authentication services are provided by the owner of a taxi fleet.
- a smart card might perform the log-in using a central hospital as an authentication service, which is trusted by the security controller 100 .
- the security controller 100 may store user identification information in one or more of a number of forms including a personal identification number (PIN) smart card, password or by means of biometric information. This information can be passed to the security controller 100 through one or more apparatuses or devices communicating with the communication services module 32 , such as the cellular phone 24 , W-LAN subsystem 36 and/or the W-PAN subsystem 38 or, alternatively, through the human/machine interface services module 64 that can receive vehicle user identification information from the human interface 40 .
- PIN personal identification number
- Bus arbitration B the security controller 100 can provide arbitration between high priority and low priority activity on one or more buses located in the vehicle. For example, when there is an emergency, the security controller 100 might halt all low priority activity, such as digital audio or video.
- Application authentication (public key infrastructure) B the security controller 100 contains a registry of digital credential information associated with registered resources.
- an application When an application requires secure access to the common bus 96 , it presents its credential, or certificate indicative of such credential(s), to the security controller 100 .
- access to the common bus 96 is denied unless all traffic on the bus 96 is encrypted.
- the security controller 100 is responsible for ensuring security on the bus 96 , while applications listen to encrypted traffic.
- the security controller 100 may reject an application requesting access to the common bus 96 on a number of grounds, such as an invalid certificate authority signature, invalid or unknown properties, time expiration or revocation of the certificate.
- the security controller 100 requests that the application prove that it is the principal of the credential by presenting valid access information, such as performing a cryptographic operation using the associated private key. Upon successful response, the security controller 100 can open a secure channel with the application for future transactions or transmissions. In the case of Internet applications, laptop usage, PDA usage, or consumer applications, each individual application is required to authenticate with the security controller 100 . A more detailed description of digital certificates will follow herein. A related embodiment for application authentication involving a federated architecture will also be described.
- the security controller 100 can also require more than one key or other security tool to be able to access one or more functions. More than one factor or requirement may be necessary to authenticate an application or a particular entity/user. For example, configuring the settings for a vehicle may require the physical presence of a particular phone (first factor) as well as a particular PIN or password entered through the human interface 40 (second factor). Additional factors may include time, location information, biometric information from the operator or user (fingerprint, voice print, facial print and the like) or third-party information, such as may be required over the Internet, before authentication of a user.
- Multiple resources B the security controller 100 can enable multiple resources to participate or be associated with one application. For example, executing a navigation application might require authentication of software running on a display of the operator unit 40 , the vehicle gateway 80 and the GPS 70 . Many other examples are feasible including using an application that requires GPS location and GPS time.
- PKI public key infrastructure
- the firewall protects resources in the vehicle from invalid, unwanted or malformed requests.
- Applications running on such carry-in computers that require access to services and information provided by the system 20 require certification.
- the security controller 100 handles authentication and key exchange with such applications. If a particular application is not certified, the security controller 100 can allow certain, predetermined vehicle services to be made available to non-certified applications.
- FIG. 2 another embodiment of a telematic secure system 20 - 1 is illustrated.
- the security controller 100 - 1 is included in the system 20 - 1 as another apparatus or resource on the common bus 96 - 1 .
- the security controller 100 - 1 performs all the security functions that are available in the embodiment of FIG. 1 .
- the security controller 100 - 1 does not serve as a switch on the common bus 96 - 1 , unlike the FIG. 1 embodiment.
- the security controller 100 may also be merged with any one of the services modules, for example, the communication services module 32 , the human/machine interface services module 64 and/or the vehicle services module 92 .
- This configuration has the advantage of improving the authentication with the resource that it is merged with since no authentication is required as they constitute the same resource.
- the ability to isolate the common bus 96 is lost.
- Main functions performed by the security controller 100 relate to authorization for access to and use of the telematics secure system 20 . To perform these functions, the security controller 100 can rely on certain tools involving previously granted digital certificates or other digital security assertions or credentials.
- a certificate evidences a grant of properties or rights for accessing and using the system 20 .
- a certificate may apply to a resource, such as an application that is to run in the vehicle using one or more other resources or a proprietary subsystem that is included with the vehicle and which may or may not be removable, e.g., a subsystem that is an add-on to the vehicle by an entity different from the manufacturer of the vehicle.
- a digital certificate is presented to the security controller 100 .
- the certificate can apply to a resource such as an application.
- the security controller 100 determines whether the presenter (e.g., owner or licensed user of the application) of the particular certificate has the rights associated with the certificate. Once this verification or authentication scheme is satisfied, a secure channel of communication may be established for the application.
- the secure channel can include use of adequate encryption.
- the certification process involves a number of procedures and tools. An important part is establishing or identifying a certificate authority (CA) that provide certificates for use in the secure telematics system 20 .
- the CA is responsible for issuing certificates to approved resources for use in the vehicle and/or entities that provide such resources.
- the CA can revoke the rights of previously authorized resources and/or entities when certain violations or breaches are determined.
- the main certification processes include: the CA being initialized with one or more CA signature keys; the CA issuing a set of keys to an application developer that allows such applications to make certificate requests; creating a certificate request by the application and delivering it to the CA; and the CA granting the certificate request and returning it to the application.
- the CA has a signature key or set of signature keys that are used to sign certificates.
- the CA signature key generation process is performed once and the key or keys are stored in a physically secure manner.
- the signature key creation can include the CA creating a CA signature public key (CASPK) and CA signature private key (CASRK) key pair. After its creation, the CA stores the CASRK in a secure manner.
- the CASPK is delivered by the CA to the security controller 100 where it can be used to verify signatures of certificates that are submitted to it. Multiple CA signature key pairs can be generated which allow a diversity of signatures on certificates. In such a case, a list public keys is embedded with the security controller 100 for verification and a CA signature key index is added to the certificate.
- the particular application is first approved.
- the approval procedures are conducted by an entity different from the CA.
- This different entity may be termed an application verification authority (AVA).
- AVA application verification authority
- the CA is also responsible for application verification or approval. Regardless of the identity of the entity or entities, it is authorized and responsible for ensuring that applications entering into the system 20 are safe, secure and operate within predetermined guidelines.
- the approval of the AVA, whether it is the CA or another entity(ies), is obtained before the CA can issue a certificate for the application.
- Approval from this authorized authority can require the following main processes: submission of the application to the AVA by the application developer; auditing of the application developer security practices by the AVA; testing the application by the AVA in a number of environments involving the system 20 for behavioral and safety determinations; providing written notification to the application developer by the AVA when corrections are required before approval can be granted; and upon passing AVA verification, the CA is notified of application approval, in the case in which the AVA is different from the CA.
- the AVA performs a security audit before granting the application developer the ability to enter the system 20 and which audit can include: visiting the application development site by the AVA to make sure that proper security precautions and procedures are in place including to ensure that the protection of keys at the development site and/or at the manufacturing site is sufficient; reviewing the security firmware or other software by the AVA that is related to the protection of one or more keys; and testing of the application in a number of secure telematics system environments to make sure that the application does not jeopardize safety within the vehicle and that the application is sufficiently behaved within the system 20 .
- approval of one version of an application does not automatically grant approval to one or more later versions.
- any application that has received a certificate may be subject to tampering.
- Members of the hacker community may try to modify the application to make it perform in unexpected or undesirable ways.
- One or more members of the developer community may modify their own applications after obtaining a valid certificate. The modification may take the application outside the original specifications or result in security flaws that expose the application to unwanted hacking or attacks.
- the AVA can compute a secure hash of portions of the application and provide that hash to the CA for incorporation into the certificate. Once deployed in the field, the application is required to submit the same portions of itself to the security controller 100 . As part of authentication, the security controller 100 computes the same secure hash and verifies that it matches the value or properties within the certificate.
- the application approval process can also entail adherence to guidelines for application developers and guidelines for applications, together with implementation considerations.
- developers of applications may be required to provide for the physical security of keys within their development facilities and manufacturing facilities. For example, gaining physical access to such keys might require a minimum of two persons present at all times.
- Application developers are to be cognizant of the kinds of attacks that the application may be subjected including communication channel tapping, entity spoofing, denial of service attacks (e.g., network overloading), software or firmware emulation and diagnostic back doors.
- Application developers may be required to partition the application into modules that fall within the jurisdiction of the verification authority and those that fall outside the jurisdiction of the verification authority.
- a clear partitioning allows the developer more abilities to revise modules that fall outside the jurisdiction of the verification authority version control mechanisms. Developers of applications can be required to implement a secure download procedure for field updates since a secured download procedure prevents unwanted applications from entering into the secure telematics system 20 .
- Guidelines for applications can include being sensitive to or highly compatible with the vehicle environment. For example, an application may only be appropriate when the car is not moving and be inappropriate when the car is moving as there may be some distraction to the driver. Each application is required to protect its key or keys such as by means of hardware protection, key obfuscation and encryption techniques. Each application may be required to be aware of priority schema within the system 20 . Some applications may be considered low priority and can be terminated by high priority applications.
- the verification authority can be responsible for behavioral auditing, security auditing and safety auditing.
- the verification authority might rely on software and hardware tools to conduct verification or auditing procedures intended to meet these objectives.
- the CA creates a certificate request public key (CRPK) and a certificate request private key (CRRK) pair. Concomitantly the CA assigns the key pair a certificate request identifier (CRID). After generation of the key pair and the identifier, the CA delivers the CRID and the CRRK to the developer through secure procedures, paths or means. Such security may involve delivery in person, or through a separate secure channel established during an on-site visit.
- the CA also creates a new entry in a local database that can be labeled certificate request public key list (CRPKL). The new entry is linked to the developer's CRID for future access capability.
- the unique identifier may be the next available index to the CRPKL or it may be a globally unique identifier (GUID) or any other unique value that may be used to look up the associated CRPK.
- the new entry can include the following information:
- Such information can also include a secure hash of the application.
- the secure hash involves the reduction of a large amount of data to a small number of bits in such a way that it is mathematically extremely burdensome to revert to the large amount of data without authorization.
- a secure hash value may be encrypted using a secure session key in order to create a “message authentication code.”
- the certificate to be granted has a number of properties or rights.
- the properties in a certificate may include any amount of information: a unique identifier for the owner of the certificate; the priority level assigned to the application where a higher priority application receives bandwidth allocation before a lower priority application; expiration date and time of the certificate; geographic location where the certificate is valid; wireless LAN “hot spot” identifier where the certificate is valid; other resources that are part of the system 20 that the application needs to communicate with to function correctly (the security controller 100 uses this information to open a common secure channel with all resources required for an application to run correctly); APIs that the application is allowed to use whereby restricting access to certain APIs reduces the security risk of some certificates, e.g., a certificate that only grants access to commands that read the state of vehicle information involves a lower risk than a certificate that grants access to commands that control vehicle services to perform one or more functions; and/or additional authentication that may take the form of user confirmation procedure, or external third-party authentication procedures.
- an application developer may obtain a certificate by issuing an application certificate request to the CA.
- the certificate request process varies depending on the type of application that is receiving the certificate, where the application receives its certificate and how the application is distributed.
- Applications may request certificates that involve the following:
- the CA retrieves the CRPK properties, rules and secure hash from the database using the supplied CRID as a lookup parameter.
- the CA also validates the CRS using the CRPK.
- the CA verifies that none of the rules associated with the CRID have failed. For example, the CA verifies that the time period in which the CA grants certificates has not expired. Further, the CA verifies that the requested properties are within the scope of the properties agreed upon during the request to enter into the secure telematics system 20 .
- An application may be unable to ask for a certificate over a certain expiration time.
- the CA creates the certificate including the properties in secure hash, as well as digitally signing it with a CA signature private key (CASRK).
- CA signature private key CA signature private key
- the CA returns the completed certificate to the requester, which return may be conducted across an insecure channel.
- the application is expected to verify that the public key in the certificate matches the CPK that was originally part of the certificate request and verify the authenticity of the certificate by verifying the CA signature.
- the application can gain access to the secure telematics system 20 .
- this includes interaction with the security controller 100 .
- the certified application sends a service request with the certificate to the secure controller 100 .
- the secure controller 100 can return a challenge request to the application that includes a random number encrypted with a public key.
- the application decrypts the random number using its local private key.
- the application sends back to the controller 100 a random number response. If the random number received by the controller 100 in response from the application matches the number encrypted for challenge then the service request is granted. Once granted, the controller 100 sends an indication of a service or session to be initiated to the application.
- Certificates usually last until the expiration date. However, there can be predetermined conditions under which a certificate is revoked.
- an application that has been compromised such as where its private key has been exposed, may be required to be revoked.
- the CA can maintain a certificate revocation list (CRL) that can be embedded within the security controller 100 .
- the security controller 100 consults the CRL during its authentication process to ensure that the application has not been revoked. Updating the CRL may be supported by including a requirement for additional third-party authentication within the certificate itself.
- Certificate creation might utilize currently available tool kits that provide security code that can be required for the application developer.
- These tool kits can include RSA's Cert-C and Certicom's TrustPoint.
- Generated certificates can have other uses including the tracking of fees, payments, royalties or other compensation requirements.
- the issuance of the digital certificates may be used to indicate that such a proprietary resource is to be accessed and/or used.
- Each time a certificate is created for an application an entry is made into the certificate database. The database may be queried to retrieve the number of certificates issued that allow access to proprietary resources and a previously determined fee or royalty may be levied in conjunction with such access or use.
- the secure telematics system 20 enables secure applications to be used in a safe manner with one or more other resources associated with the vehicle. Additionally, incentives are provided to owners or others who have proprietary interest in resources to make available their proprietary resources to control the access in use.
- the proprietary resources in contrast to non-proprietary resources, are resources in which one or more entities has a legally protectable proprietary interest in the resource.
- the legally protectable proprietary interest can be based on one or more legally recognized intellectual properties including patents, trade secrets, copyrights and contract-based rights. Resource usage and expansion thereof, particularly use of proprietary resources, is fostered by establishment of relationships with entities that can be involved with the telematics secure system 20 . These entities can include vehicle makers, communication device vendors, communication services providers, proprietary subsystem suppliers, application developers and vehicle users.
- Establishment of relationships can include the definition and acceptance of conditions by the entities.
- Conditions such as rights and obligations, can be different for different entities or groups of entities. These conditions might include sufficient descriptions or identifications of the resources that can be used; compensation-related factors associated with usage; duration of use; specific definitions or limits of use that can be made of proprietary resources; geographic limitations that define locations within which use can be made; remedies for non-compliance with one or more conditions; and other relevant requirements including obtaining certification as previously discussed including approval of proprietary resources, such as applications, by a designated authority.
- a vendor of after market audio equipment may desire access to proprietary and/or non-proprietary resources in the vehicle in order to interface the vehicle radio to controls and displays associated with the operator or head unit 40 .
- the add-in radio maker may also desire access to the vehicle audio system and hands-free features, such as hands-free cellular telephone usage, that are already contained in or embedded with the vehicle, including voice recognition.
- access to a vehicle PDA interface may be desirable to allow upload and/or download of personal or other desired data.
- Such resources can be made available to the after market supplier based on approval of the radio application and obtaining a digital certificate that works with the security controller 100 .
- the vehicle maker as an entity having one or more proprietary interests in one or more proprietary resources associated with the vehicle, can establish a relationship with such a vendor utilizing appropriate conditions including conditions that provide incentives to the vehicle maker, e.g., revenue to be received for such access and use that might be in the form of a one-time fixed payment, by subscription and/or when the vehicle is resold.
- incentives e.g., revenue to be received for such access and use that might be in the form of a one-time fixed payment, by subscription and/or when the vehicle is resold.
- Vehicle configuration B the cellular phone 24 is available to send configuration information into the vehicle.
- This configuration information may include driver identification, seat position, mirror positions, radio station pre-sets and use of other subsystems or devices located in the vehicle. Upon receiving the information, these can be adjusted under commands from the telematics control unit 80 or other vehicle-resident computing devices. Such an application may require the following steps:
- Another representative example of an application can involve the activation of an inflator system, such as an air bag in the vehicle, which triggers a notification that is sent to a designated entity or authority. Relevant steps for this application include:
- a navigation application involving a subscription service can also be implemented.
- a vehicle can be sold with a GPS and a navigation application built into the human interface 40 .
- the subscription must be renewed.
- a real time certificate is obtained from the certificate authority by creating a certificate request that is validated based on a verifiable financial transaction.
- the secure telematics system is also involved with certificate-related procedures including assertion repository updates and certificate revocation lists that may involve the following:
- Updates may also be requested by the security controller 100 for expired certificates. Certificates may expire after a predetermined date, which can be useful for subscription-based services. In such cases, a secure time source is necessary, such as the embedded GPS 70 . Wireless communication network clock verifications at local hot spots might also be utilized.
- Secure VIN for warranty and quality control B the vehicle maker uses the security controller 100 to ensure that the integrity of stored information related to warranty and quality assurance has not been compromised.
- An activation log could be included that documents automatic collision notification being sent to a designated entity or authority.
- the secure VIN certificate/key can be loaded at the vehicle maker's plant.
- Access to car information for vehicle user application B the car maker can use the security controller to grant access to vehicle information, driver information and vehicle control only to the authorized owner. Essentially this can be the secure key to the vehicle for the owner or other authorized user. One example might be to unlock vehicle doors using a cell phone or PDA.
- Secure access for diagnostic tools B the vehicle maker can use the security controller 100 to grant access to diagnostics information and vehicle configuration only to authorized dealers with authorized tools.
- Access for service provider applications B the vehicle maker can use the security controller 100 to grant access to vehicle information, driver information and vehicle control to authorized service providers with authorized tools.
- Access to user interface resources B the vehicle maker can use the security controller 100 to grant access to the vehicle user interfaces only to authorized applications and devices.
- the vehicle maker may limit the risk for accidents due to driver distraction, e.g., allowing a cell phone to be controlled by steering wheel buttons or built in voice recognition.
- Secure fleet vehicle status B a fleet operator can use the security controller 100 to control access to each vehicle and load status data for its fleet. This information can be securely stored in the vehicle memory 76 and only accessed by authorized entities.
- Secure position data for fleet management B the fleet operator can use the security controller 100 to control access to position data of its fleet.
- the position information can be securely stored in the vehicle memory 76 and only accessed by authorized entities.
- Position data B the car owner or other authorized user can use the security controller 100 to control access to position data of the owners vehicle.
- the position information can be securely stored in the vehicle memory and only accessed by authorized entities.
- Vehicle tracking and security B internal GPS assets, vehicle bus access and vehicle telecommunications can offer many levels of vehicle safety and security such as being aware of the current location of hazardous materials being transported by trucking companies.
- the telematics secure system 20 is adaptable for multi-user applications including:
- a number of authorized vehicle users—resources associated with the system 20 can be specially and uniquely configured for each authorized user of the same vehicle, for example, in providing communication options such as: filtering of “hot spots” for each user based on the particular user's special interests; limiting or presetting vehicle controls for each family member, valet or authorized vehicle operator; and subscriptions associated with particular user authentication.
- Rental car customization B the rental vehicle user can interact with the rented vehicle in order to use a personal cell phone and/or upload a personal directory for radio station preferences.
- the telematics secure system 20 can be accessed for geographical and/or regulatory applications which might include:
- Traffic information subscription B various levels of traffic maps, warnings and special routings can be displayed using a navigation display screen that might be part of the operator unit 40 .
- Vehicle pollution control B the system 20 might be accessed to modify or adjust controls in the vehicle in order to reduce emissions or switch the vehicle to electric power.
- Current road conditions B advanced warning of upcoming road construction or major accidents can be provided using a wireless link warning station that can broadcast the relevant information at a distance from the construction or accident.
- the vehicle user or driver can be warned using a display or audio information by means of the human interface 40 .
- Weather conditions B advanced warning of weather hazards, such as fog, ice and/or snow can be provided using the system 20 so that the vehicle driver has sufficient time to take appropriate action including the possibility of changing to a different route.
- Border crossing and inspection B governmental entities may use the security controller 100 to control access to vehicle data related to border crossings and weight inspection. Such information can be securely stored in the vehicle memory 76 and only accessed by authorized entities.
- Smog testing B governmental entities may use the security controller 100 to control access to vehicle data related to smog tests. Such information can be securely stored in the vehicle memory and only accessed by authorized entities.
- Another category of applications generally relates to communications where the vehicle can be considered a client that receives desired or requested information using wireless LAN network technologies or other protocols.
- Information to be communicated by downloads to the vehicle might include: music (such as MP-3 or WMA formats); address book entries; navigation system updates and personal navigation maps; document synchronization and updates; synchronization with the car PDA; updating online game status; updating and modifying vehicle permissions for authorized users; firewall permissions to control e-commerce applications for a particular user; driver validations and supporting group chats.
- a more specific example of a music download might involve an association with a particular geographic region.
- a special offer might be downloaded to the driver and passengers of the vehicle in the form of music that was compiled to enjoy as they travel through the park.
- Such a special music offering could be made using the secure telematics system 20 via a wireless communication network broadband link or the like to the vehicle occupants.
- a fee associated with acceptance can be paid using the digital funds resource 78 .
- the music is downloaded in an acceptable format to the operator unit 40 for subsequent playing.
- Vehicle as a service provider B with the vehicle having an assertion repository 78 that can be securely accessed by authorized entities the vehicle can be a source of services that are paid for by transactions using the assertion repository 78 .
- Such services might include those related to leasing, financing, repair and/or maintaining the vehicle.
- Such services may be basic navigation services and/or premiums for such services.
- the vehicle maker may be able to exercise appropriate controls over the vehicle when proper payments are not made (e.g., discontinue services, regulate vehicle usage).
- the vehicle might have configured devices, subsystems and components that have activatable features provided that certain conditions including payments are met. These features might include making available extra engine horsepower for a certain period of time.
- vehicles that have the assertion repository 78 may require further validation related to entities or individuals that can use the assertion repository 78 .
- Various biometric devices such as a retina scanner, fingerprint verification or the like might be used to validate access to this resource.
- Control access to consumer electronics devices B the maker of such device uses the security controller 100 to grant access only to authorized users. This may be a secure key to unlock premium features of a cellular phone or a PDA when located in the vehicle.
- Toll payments B governmental entities may use the security controller 100 to control access to the assertion repository 78 for use in making toll and parking payments.
- a WiFi link to an outside toll gate might communicate with the fare meter of a cab in determining the combination of trip distance fare as well as trip related toll costs. Additionally, the system 20 might send an electronic receipt to the cab passenger's PDA having WiFi capability.
- Third-party services and promotions B the vehicle driver and any passenger can receive communications related to products and services that might be available including from business establishments that are within a predetermined distance or range of the vehicle.
- These subscription services and promotions can relate to digital coupons for gas station purchases, hot spot Internet privileges, menus of restaurants and their promotions, and communication offerings, such as free voice over IP long distance.
- Multi-media downloads B music and video can be downloaded by subscription that is based on individual subscriber identification, which can be correlated with the driver and one or more passengers in the vehicle.
- the telematics secure system 20 establishes the environment for numerous and diverse applications that might only be limited by the relationships that can be established and the resources that can be identified or devised for use with or for executing one or more of such applications.
- the security controller 100 can also be configured as part of a federated architecture in which access to and use of resources is also based on one or more assertions or credentials, and/or set(s) thereof, provided by federation members.
- the security controller 100 acts as a proxy or trust arbiter in authorizing and authenticating access requests to vehicle resources.
- the security controller 100 can evaluate complex sets of assertions or security credentials that are provided by an entity or requestor. Based on the credentials, the security controller 100 can determine whether access should be granted or denied.
- An assertion is a signed bundle of information that is asserted to be true by a trusted principal. An assertion may only have meaning or be relevant to certain parties.
- Assertions can be categorized according to different levels or classes that are associated with concomitant rights, privileges and/or obligations.
- the assertions can include identifiers or other information that associate the requesting entity with a particular class of service providers, such as vehicle maintenance members, transportation providers, vehicle fuel providers, and highway toll entities.
- the security controller 100 can also be involved with assertions or security credentials on its own behalf or on behalf of other resources in the vehicle. Certain examples can include providing credentials that authorize release of vehicle location information and which need not include releasing the user or vehicle identity.
- the security controller 100 as part of a vehicle can operate in a federated security environment in which the member entities of the federation agree on the format and content of an assertion, such as security credentials or attributes. They also accept the protocol for exchanging these credentials.
- the security controller 100 can implement the protocols on its own behalf and on behalf of vehicle resources under its domain.
- the security controller 100 is able to issue certificates to resources in the vehicle using a signing certificate issued by a broadly recognized root CA. At the same time, the security controller 100 is able to understand embedded assertions about authentication and authorization in connected resources. The PKI model is still supported, as the PKC's issued to those resources are considered a subclass of the types of assertions that may be utilized by the security controller 100 .
- a new resource e.g. device
- it contacts the security controller 100 or vice versa, and a new certificate is requested.
- the decision whether or not to issue the certificate to that resource in that name is made by the security controller 100 .
- This decision is based on the location of the resource (e.g. connected to one or more vehicle buses), input from the user (e.g. which would be asked, “Is the resource you just connected Radio 407b built by Acme Co.?”, and could later be asked what to allow the radio to do), pre-embedded assertions in the resource that the security controller 100 can verify with the issuers, as well as other appropriate information. Using all these inputs, an intelligent decision with the maximum available information is made whether to grant the certificate.
- the security controller 100 decides based on certain information whether or not to grant certain permissions for unintelligent applications. For intelligent applications, it can act as the domain controller, allowing those clever resources to potentially decide authorization on their own in whatever fashion desired. Either way, the security controller 100 is a necessary component and there are several hooks in the allocation of permissions to various resources to utilize other resources where billing systems can be attached.
- the security controller 100 communicates with an origin or requesting application and a target provider, which can be a target service provider, a target product provider or other provider.
- a target provider which can be a target service provider, a target product provider or other provider.
- the requesting application seeks to utilize the target provider for a particular function or activity.
- certain procedures are followed to ascertain whether or not the origin application is authenticated and has the authority to execute its application. Major steps for these procedures include:
- vehicle resources are used to pay for a product purchased by the vehicle user and, more particularly, to pay for food from a fast or quick food vendor.
- Entities that are part of the federation to provide a secure transaction involving this product purchase include a vendor, a financial institution (e.g., bank) and the vehicle itself through the security controller 100 and the assertion repository 78 , together with the vehicle user who is involved with authorizing the payment.
- This transaction example includes the following steps:
- the decision engine 82 might access it using a wireless session by means of the security controller 100 .
- a toll can be paid by the vehicle user in an anonymous manner.
- the members of the federation include a toll entity, a shuttle company associated with a directory and being involved with transportation, and the vehicle having the security controller 100 , together with the decision engine 82 of the assertion repository 78 .
- the steps and communications associated with this transaction example include:
- additional validation can be made with the shuttle company itself before access is granted. Payment could then occur or transactions could be aggregated by the toll booth entity and present them to the shuttle company later based on their established relationship.
- security credentials from the remote directory, persistent, cached assertions could be relied on that are immediately accessible by the security controller.
- FIG. 6 Another anonymous transaction example is illustrated in FIG. 6 .
- a cab for hire is paid anonymously and the cab user or passenger receives a digitally signed receipt.
- the federation members include a financial institution, such as a credit card company and a public transportation or taxi company, as well as the vehicle resources including the security controller 100 and a vehicle user device that can contain an assertion repository 78 . Due to the federation relationship between the credit card company and the taxi company, the cab driver does not need to know the identity of the cab user or credit card number and there need not be a trust relationship between the vehicle user and the taxi company.
- the steps and communications in this transaction include:
- the fare assertion is an attribute assertion containing transaction information, the fare amount, the cab identifier and could also include other information such as the origin and destination of travel, with all such information being asserted or authorized by the cab company.
- steps and communications are described to permit checking of the current location of a package or other item being shipped.
- the company receiving the item and the delivery company have entered into mutually accepted conditions.
- the site of the receiving company might act as a front end portal for all interactions between it and the security controller 100 .
- an estimated time of arrival could be provided to the shipping manager instead of the actual GPS location of the vehicle.
- a federation implementation maintenance of a vehicle using a particular software diagnostic tool is described in conjunction with FIG. 8 .
- vehicle diagnostic software tool In order to execute the vehicle diagnostic software tool, secure access to the bus of the vehicle is granted.
- the federation members include a vehicle dealer or maker and entities involved with vehicle maintenance, as well as the vehicle itself having the security controller 100 .
- the credentials for allowing use of this diagnostic software are generated by the vehicle dealer. The credentials might be specific for the particular vehicle and/or for a period of time.
- the sequence associated with this application includes:
- the process of obtaining information from the vehicle engine bus could be repeated numerous times after the credentials are validated.
- the credentials might allow the engine bus to be accessed for a defined period of time and/or a limited number of times.
- the credentials are preferably generated specific to each individual computer or other diagnostic device and not to the diagnostic software itself.
Landscapes
- Engineering & Computer Science (AREA)
- Mechanical Engineering (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- Human Computer Interaction (AREA)
- Computing Systems (AREA)
- Theoretical Computer Science (AREA)
- General Health & Medical Sciences (AREA)
- Health & Medical Sciences (AREA)
- Radar, Positioning & Navigation (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Databases & Information Systems (AREA)
- Bioethics (AREA)
- Remote Sensing (AREA)
- Biomedical Technology (AREA)
- Small-Scale Networks (AREA)
- Storage Device Security (AREA)
- Traffic Control Systems (AREA)
- Telephonic Communication Services (AREA)
- Combined Controls Of Internal Combustion Engines (AREA)
- Mobile Radio Communication Systems (AREA)
Abstract
A telematics system that includes a security controller is provided. The security controller is responsible for ensuring secure access to and controlled use of resources in the vehicle. The security measures relied on by the security controller can be based on digital certificates that grant rights to certificate holders, e.g., application developers. In the case in which applications are to be used with vehicle resources, procedures are implemented to make sure that certified applications do not jeopardize vehicle resources' security and vehicle users' safety. Relationships among interested entities are established to promote and support secure vehicle resource access and usage. The entities can include vehicle makers, communication service providers, communication apparatus vendors, vehicle subsystem suppliers, application developers, as well as vehicle owners/users. At least some of the entities can be members of a federation established to enhance and facilitate secure access and usage of vehicle resources.
Description
- This application is continuation of U.S. patent application Ser. No. 15/336,379, filed Oct. 27, 2016, which is a continuation of U.S. patent application Ser. No. 14/819,141, filed Aug. 5, 2015, now U.S. Pat. No. 9,668,133, which is a continuation of U.S. patent application Ser. No. 14/042,246, filed Sep. 30, 2013, now U.S. Pat. No. 9,130,930, which is a continuation of U.S. patent application Ser. No. 12/017,467, filed Jan. 22, 2008, now U.S. Pat. No. 8,719,592, which is a continuation of U.S. patent application Ser. No. 10/767,548, filed Jan. 28, 2004, now U.S. Pat. No. 7,366,892, which claims the benefit of U.S. Provisional Application Ser. No. 60/443,505, filed Jan. 28, 2003, the entire disclosures of which are hereby incorporated herein by reference.
- The present invention relates to telematics and in particular to securing communications involving uses of proprietary resources in a vehicle.
- Technologies have been devised or advanced that contribute to expanding the use of commercial and personal vehicles from merely a form of transportation to acting as communication hubs. The vehicle is able to communicate wirelessly with remote systems in order to serve or facilitate a number of objectives including related to safety, navigation, information gathering, entertainment and education. Communications in and with the vehicle typically involve a cellular phone or other communication source/device that is able to send and receive communications from outside the vehicle.
- Although significant efforts have been directed to improving vehicle communications, substantial barriers remain to fulfill the vast potential of the telematics field. Vehicle communications can require a number of systems and devices that can include hardware and/or software resident in the vehicle. These can be proprietary to certain entities, such as owners or lessees. There is great reluctance on the part of vehicle makers and others to allowing use of proprietary systems by third parties. In the context of the car manufacturer, it may have numerous proprietary rights in vehicle interfaces, storage memories, vehicle buses, and vehicle devices. There are concerns with the safety and integrity of such systems if third parties were allowed unauthorized or uncontrolled access. There must also be sufficient economic and financial reasons to permit access and use by third parties. Consequently, it is important not only to provide a physical infrastructure that facilitates communications involving the vehicle, but also economic incentives and acceptable returns on investment.
- Unleashing the potential of telematics requires cooperation among various entities, including car makers, manufacturers of communication devices including cellular telephones, developers of applications and communication service providers. One or more of these entities has proprietary technologies or interests that must be taken into account and safeguarded. For example, handset manufacturers interface to the handset and vehicle manufacturers interface to vehicle devices. Until there are compelling applications that make use of proprietary vehicle systems and technologies in place to protect proprietary rights, telematics development will be inhibited. Furthermore, vehicles themselves are complex systems where reliability is critical for human safety. Any modifications to the tested and deployed vehicle systems introduces new risk. On the other hand, if proprietary systems can be rendered secure and shared by the various entities, the issue of security is no longer a draw-back and overall costs associated with vehicle communications can be reduced. Additionally, a rich set of applications can be developed once acceptable access to proprietary systems in the vehicle are made available.
- It would be advantageous therefore to provide a framework for protecting the proprietary systems and the interests of multiple parties, including the end user, who are involved with numerous and diverse vehicle communications. The interests of the end user can include in at least certain applications protection of the user's privacy. Privacy of the end user might be safeguarded when utilizing resources in the vehicle to conduct financial transactions. In addition to appropriate security and/or privacy protection, it would also be appropriate to establish relationships among the various parties that provide incentive for providing open access to resources associated with vehicles including acceptable remuneration.
- In accordance with the present invention, system and method are provided for utilizing resources, including proprietary resources in a vehicle. Such utilization requires establishing relationships between and/or among entities having interests, proprietary and otherwise, in resources that are found in the vehicle or can be located in the vehicle. Establishment of relationships includes defining compensation provisions between or among various entities, together with approving resources to be used with proprietary and/or non-proprietary resources found in the vehicle and ensuring that only approved resources are used.
- The proprietary resources can include one or more of the following: vehicle buses, vehicle devices, interfaces, subsystems, storage memory in the vehicle, applications executed in the vehicle, connectivity hardware/software and communication devices. Digital buses in the vehicle might include: MOST, IDB 1394, TTP, CAN, FlexRay, LIN, SAE J1939, SAE J1708/1587, SAE J1850, ISO9141, as well as a common bus to which numerous proprietary and non-proprietary resources communicate. The common bus can be based on one or more of the above-noted bus technologies. The common bus could also be implemented using wireless technologies. Proprietary subsystems and/or vehicle devices might include various electronic control units (ECUs) a navigational global positioning system (GPS), an inflator subsystem or device, a personal digital assistant (PDA), a laptop computer, a vehicle monitoring system (VMS) and an accident and emergency notification alarm (AENA). Interfaces might include numerous and diverse application programming interfaces (APIs). Communication subsystems might include portable or cellular telephones and subsystems that communicate with wireless technology networks using licensed and unlicensed communication channels. Proprietary and/or non-proprietary applications might include applications related to entertainment delivered to the vehicle, data gathering from the vehicle, educational information supplied to the vehicle, information sent to the vehicle for use by one or more subsystems and/or vehicle devices in the vehicle. Such applications can be in a variety of fields or areas including related to security services, multi-user services, vehicle-to-vehicle communication services, geographical services, regulatory services, communication services and commerce services.
- The entities with whom relationships can be built based on mutually acceptable conditions include the vehicle makers as the primary entity and other entities including application developers/providers, governmental entities, communication, financial, business and consumer service providers, providers of products and proprietary subsystems and/or device suppliers, as well as vehicle owners/users. The conditions under which two or more of these entities are to cooperate can be based on one or more fixed payments, use payments to be made by at least one entity to at least another entity, geographic requirements, resource usage limitations, and remedies for non-compliance. A key factor related to establishing the necessary relationships includes certifying resources for use with each other, while taking into account the safety of those involved with such resources and the security of the resources. At least some of the entities can be members of a federation that is implemented by a federated security architecture in which member entities accept security requirements and protocols as part of interacting with each other.
- The resources of the system include one or more communication subsystems that enable wireless communications relative to the vehicle. These communication subsystems might include cellular telephones together with their associated interfaces, and other apparatuses for enabling communications with one or more appropriate wireless technologies, such as a wireless LAN (Local Area Network). The system can also include a vehicle gateway that allows access to information obtained from vehicle devices that are connected to vehicle buses. In a preferred embodiment, the vehicle gateway communicates with the common bus to which a number of proprietary and/or non-proprietary resources can also communicate.
- The system also includes a security controller that is connected to the common bus. The security controller can act as a hub through which all information passes in connection with achieving desired security, especially controlling usage of resources by more than one entity. The security controller is involved with security authentication of entities and/or resources, facilitates secure channel establishment between or among entities and/or resources and provides bus and bandwidth arbitration services. The security controller essentially acts as a switch in the system and can act as a proxy for other resources or services. All traffic between or among entities and/or resources is routed by or initiation is mediated by the security controller. After a secure session has been established, the security controller need only be involved as necessary to monitor traffic. Monitoring can relate to verifying that the traffic conforms to the predetermined profile, for example, of one or more particular applications. In one embodiment, the security controller is not integrated into the common bus as a hub or switch, but communicates with the common bus and monitors activities related to security in order to effect its control in connection with assuring that conditions associated with the established relationships are met.
- In a preferred embodiment, the system further includes a number of interface modules for which the security controller could provide authentication services. These can be identified as a communication services module, a human/machine interface services module and vehicle services module. The communication services module protects and arbitrates access to resources related to communication. The human interface services module arbitrates access to resources related to display and operator intervention or involvement. The vehicle services module controls access to vehicle gateway services including assistance related to accessing information obtained from vehicle devices that are connected to one or more vehicle buses. In one embodiment, these interface modules may be incorporated in the security controller.
- With regard to steps, operations and/or procedures implementing or involving the system, entities accept conditions that establish their relationships. The conditions can be the same for three or more entities or they can be different. For example, establishing relationships might involve a vehicle maker and an application owner or another having a proprietary interest in an application that is used or is executable with a proprietary vehicle device. Another relationship might be established between this same car maker and a proprietary subsystems supplier, such as an after market vehicle device or an add-on vehicle device. The conditions accepted by the car maker and subsystem supplier may be different from those that establish the relationship between the car maker and the application developer or other application providing entity. Relatedly, such an application entity might establish a relationship with the subsystem supplier that includes conditions that are the same or different from those that establish the relationship between the car maker and the subsystem supplier. These conditions can relate to compensation and resource usage.
- The establishment of relationships can also involve empowering a certificate authority, who can issue assertions, credentials or certificates that are to be used by the system. The certificate authority is fundamentally responsible for issuing certificates in a secure manner to approved resources for use in the vehicle. Such resources may be proprietary or non-proprietary. These resources can include applications that utilize other resources. A certificate authority can be one of the entities that is included in the group that establishes relationships, such as a vehicle maker, or the certificate authority could be an independent third party. There can be more than one certificate authority and a certificate authority could reside with the vehicle that issues credentials to resources within the vehicular security domain. The security controller itself could act as a certificate authority and issue certificates to vehicle subsystems or other vehicle resources. In addition to issuing certificates for approved applications and/or subsystems, the certificate authority could also be involved with certifying one or more entities themselves.
- In one embodiment, the certification process has the certificate authority being initialized with one or more signature keys associated with supporting desired security. The certificate authority could create a public key and a private key pair. The public key is delivered to the security controller and can be used to verify or authenticate one or more certificate signatures that are submitted to it. The certificate authority could also issue keys to an application developer that allows one or more applications to make certificate requests. For example, the certificate authority could create at least a certificate request private key that it sends to the application developer. The application developer uses that private key to generate an application certificate request that is sent to the certificate authority. The certificate authority determines whether or not to grant the certificate request. In connection with that determination, certain procedures can be implemented. These procedures can be implemented by the certificate authority or, alternatively, another entity such as an application verification authority. Such an authority can perform steps related to auditing the application developer's security practices and testing the application in a number of system environments for behavioral and safety considerations. When there is approval, the certificate authority can issue the certificate. The certificate can include certain properties and/or rights, such as: a unique identifier for the certificate owner, a priority level assigned to the application, duration of the certificate, geographic or other location where the certificate is deemed valid, the identification or description of other resources and/or entities with which the application must communicate to function properly, and APIs that the application is allowed to use.
- The certification process may also be associated with other aspects of the relationships that have been established, such as being correlated with compensation affinity credits or royalties that might be paid as part of one or more conditions accepted by the involved entities. A certificate may also be revoked for an application that has been compromised. The security controller is provided with revocation information so that during its authentication process it can determine whether or not the certificate for a particular application has been revoked.
- After the certificate is granted for an application, access and use according to the contents of the certificate are allowed. As part of its functions, the security controller can monitor the access sought by such an application. After authorization by the security controller, the application can work with one or more resources in the vehicle based on the properties and/or rights set out in the certificate. As previously noted, the application can take many forms in numerous and diverse fields for a large number of uses or functions.
- Based on the foregoing summary, a number of advantages of the present invention are readily understood. The present invention expands telematics usage in a vehicle by providing architecture and methodology so that desired incentives and security are met. Development of numerous and diverse applications for vehicle communications are encouraged and supported. Vehicle resource usage can be enhanced by the framework of the present invention. Passenger safety and convenience are fostered by facilitating more and different ways to communicate with the vehicle and its passengers. Sharing of resources should lead to more services for the vehicle user and concomitant reductions in cost. More specifically, the present invention protects the integrity of vehicle resources. Privacy of user and vehicle information is benefitted. Telematics applications are able to more safely access and utilize resources in the vehicle. Standards and procedures are provided related to achieving desired security at the application level. Selective and secure enabling of functions associated with the vehicle is advanced. Opportunities are promoted for additional revenue streams, such as pay for use applications and subscriptions. Secure remote diagnostic capabilities and secure upgrades of vehicle software are included. New business or market models are facilitated including mobile advertising and customer affinity programs. Multiple vehicle buses can be rendered more robust and adaptable in communicating with other vehicle resources. The intelligent and secure selection of communication paths are also provided. Security measures can be implemented using a federated security framework that protects user privacy when accessing resources involved with providing of services and/or products for consumers and/or businesses.
- Additional advantages of the present invention will become readily apparent from the following discussion, particularly when taken together with the accompanying drawings.
-
FIG. 1 is a block diagram of an embodiment of the system of the present invention in which the security controller acts as a central hub or switch; -
FIG. 2 is a block diagram of another embodiment of the system in which the security controller implements security functions for the system but is not a central hub or switch; -
FIG. 3 is a diagram that illustrates steps and communications for authorizing/authenticating use of a target service by an origin application; -
FIG. 4 is a diagram that illustrates steps and communications for securely purchasing a product (e.g., quick food purchase application) in a federated security framework; -
FIG. 5 is a diagram that illustrates steps and communications for securely making a toll payment in a federated security framework; -
FIG. 6 is a diagram that illustrates steps and communications for securely making a transportation payment in a federated security framework; -
FIG. 7 is a diagram that illustrates steps and communications for securely obtaining vehicle location access information in a federated security framework; and -
FIG. 8 is a diagram that illustrates steps and communications for securely allowing access to a vehicle bus by a consumer device in a federated security framework. - Referring to
FIG. 1 , a telematicssecure system 20 is illustrated that can be located with a vehicle. Thesystem 20 includes apparatuses or subsystems for providing communications to and from the vehicle. Although one or more of a number of apparatuses could be employed including an embedded cellular transceiver and later developed apparatuses, certain apparatuses are noted. Acellular phone 24 can be held in the vehicle for transmitting/receiving digital and/or analog information, such as voice and digital commands and digital data. Thecellular phone 24 permits wireless communications outside the vehicle including to/from remote sources that wish to communicate with vehicle resources. Thecellular phone 24 can be physically held and electronically adapted to vehicle communication paths using a docking/interfaces subsystem 28. Thissubsystem 28 facilitates communications for the vehicle user (driver and/or passenger), particularly where thecellular phone 24 is being operated in a hands-free mode. Like thecellular phone 24 that can be selected from various makes and models of cellular telephones, the docking/interfaces subsystem 28 can be one or more different apparatuses that are compatible with the particularcellular phone 24 that is selected and utilized. Implementations of certain docking/interfaces subsystems are disclosed in patents assigned to the same assignee as the owner of the present application including U.S. Pat. No. 5,333,177 issued Jul. 26, 1994; U.S. Pat. No. 5,535,274 issued Jul. 9, 1996; U.S. Pat. No. 6,377,825 issued Apr. 23, 2002; and U.S. Pat. No. 6,341,218 issued Jan. 22, 2002. - In one embodiment, the docking/
interfaces subsystem 28 communicates or is associated with acommunication services module 32. Themodule 32 can be software comprised of executable program code that protects and arbitrates access to communication resources in or involved with the vehicle. Fundamental functions that can be associated with thecommunications services module 32 include: supporting communication paths to the Internet for other resources associated with the vehicle; contributing to secure communications on one or more buses found in the vehicle; outputting fault notifications; monitoring and logging usage of communications-related resources; enforcing usage rules for communication resources and managing tools involved with security control, including authentication and authorization related to usage of links and/or resources associated with the vehicle. Thecommunications services module 32 could also be used to support automatic or intelligent selection of communication links, as described in U.S. Pat. No. 6,122,514 issued Sep. 19, 2000 and which is also assigned to the assignee of the present application. Other wireless communication subsystems that can be included with the vehicle include awireless LAN 36 and awireless PAN 38. Like thecellular phone 24, thewireless LAN 36 andwireless PAN 38 subsystems can communicate with a compatible interface (e.g. docking/interfaces 28) for providing transmissions to the vehicle and sending transmissions from the vehicle, which are properly arbitrated and protected using thecommunication services module 32. - In addition to communication resources, the
system 20 can includehuman interface 40 to permit operator or human interaction or control and can also provide information to the vehicle user by means of visual displays and/or audio outputs. Thehuman interface 40 may have a number of input/output mechanisms or devices. These can include a tactile and/or biometric input subsystem(s) 44 that are implemented using appropriate technologies for receiving certain sensory inputs, such as those produced by touch or contact. The tactile devices can include programmable input elements, such as buttons, switches, touch points/screens, that enable the user to input desired control information or to modify existing settings. Inputs related to visual or scanned information can also be supplied using one or more of thesesubsystems 44. One or more voice/audio inputs orsubsystems 48 can also be part of thehuman interface 40. These subsystems or technologies enable voice inputs to be received for desired control/command objectives useful in initiating or otherwise controlling voice recognition functions. The audio outputs from such subsystem(s) 48 can be provided for any number of purposes, including entertainment, education, pre-recorded voice prompts, and other information desirable objectives, including providing responses and directions (text-to-speech outputs) based on voice inputs. One ormore displays 52 can be part of thehuman interface 40. The display or one of thedisplays 52 can be for navigation purposes to present location-related information. The display or displays 52 can also be used to depict requested vehicle device information. Themedia input 56 can include one or more subsystems that enable desired media to be seen and/or heard within the vehicle, such as a hard disk as a storage medium, DVD and CD-ROM machines and a map database. Generally, thehuman interface 40 is part of the vehicle and has one or more components and/or subsystems that are proprietary to the vehicle maker. - Like the communication resources, the
human interface 40 has a human/machineinterface services module 64 that is similar in many respects to thecommunication services module 32. The human/machineinterface services module 64 functions to support secure communications on one or more of the vehicle buses, provides fault notification related to thehuman interface 40, can monitor and log resource usage associated with operator subsystems and components, polices usage rules associated with thehuman interface 40 and can also be involved with overseeing and managing tools involved with verifying proper usage of component/subsystems of thehuman interface 40. - A number of other subsystems can also be incorporated, either permanently or removably, as part of the telematics
secure system 20. The subsystems can be provided as part of the original vehicle equipment or included later as vehicle add-ons. They can be proprietary or non-proprietary resources. Proprietary interest(s) in such subsystems can reside in the vehicle makers themselves or in other parties having authorized access to the vehicle. The subsystems can include a global positioning system (GPS) 70 that provides geographic or locational information associated with the vehicle, one ormore computers 74, andstorage memory 76. The computer orcomputers 74 can be portable and removable from the vehicle or embedded with the vehicle for use by vehicle passengers. The computer(s) 74 can include a personal digital assistant (PDA) a laptop or any other intelligent and/or processing unit. The computer(s) 74 can be used to send and receive communications relative to the other resources of thesystem 20, as well as communications externally of the vehicle. Thestorage memory 76 can contain proprietary data and/or program code that involves use of other resources located within and/or outside of the vehicle. Thestorage memory 76 can also encompass one or more hard disks and/or removable memory, such as CD-ROMs. - The subsystems can also include an
assertion repository 78 which functions to store and retrieve signed or unsigned information that may be generated by devices 88 within the vehicle or may be generated by entities involved with or supporting security measures within the vehicle or any other authorized third party. Such information can comprise assertions that include information or statements related to characteristics associated with an entity involved with the communication, transaction and/or other activity being conducted, or sought to be conducted, using one or more vehicle resources. The content of the assertion can be varied in other ways to provide enough information to grant desired access and/or use, while preserving privacy of one or more users or involved parties. Relatedly, based on the content of a particular assertion, rights, obligations and/or abilities associated with the communication, transaction and/or other can be defined or described. - The
assertion repository 78 may include apolicy decision engine 82 and adatabase 90. Thepolicy decision engine 82 is responsible for deciding which information of a plurality of stored information is to be released to a particular request. The factors that might be relied upon by thedecision engine 82 in making its determinations can include the identity of the requester, the information being requested and the existence of an appropriate user's consent. One or more decisions may also be based on information or results from communications with third parties. Third parties may also be utilized to obtain additional information for release. Thedecision engine 82 can also be configured to handle requests to store additional information in thedatabase 90 and make decisions on whether or not to accept such additional information. The signed or unsigned information can be applicable to granting or denying authorization to use a particular service or product provider, i.e. target provider. Thedatabase 90 can store any number of signed or unsigned assertions related to allowing access in connection with obtaining a particular service or product, or information. These assertions are available for request by thepolicy decision engine 82, and thedatabase 90 is configured to release this information only to or with the authorization of thedecision engine 82. The database can be implemented using any number of data storage techniques such as relational and/or object databases and including LDAP, XML, and SQL. Appropriate applications for theassertion repository 78 will be described later herein in the context of discussions about uses of thesecure telematics system 20. - Additional resources found in the vehicle can include a
vehicle gateway 80. Thevehicle gateway 80 conventionally communicates with one ormore vehicle buses 84 to which one or more vehicle devices 88 are connected or communicate with using electronic control units (ECUs) 86. Each ECU 86 interfaces one or more of thedigital buses 84 with a particular vehicle device 88 and each such ECU can be individually designated as 86 a, 86 b, 86 c . . . The ECU 86 can include one more of a number of different control subsystems such as a body control, a chassis control, an engine control, a transmission control and a telematics control. The body control typically controls all interior equipment such as seats, HVAC, instrument cluster, power windows, power doors and other vehicle devices. The vehicle devices 88 can be separately identified as 88 a, 88 b, 88 c . . . Thevehicle buses 84 can be one or more digital buses and can include known buses identified as MOST, IDB 1394, TTP, CAN, FlexRay, LIN, SAE J1708/1587, SAE J1939, SAE J1850, ISO9141. The vehicle devices 88 can include an engine monitor, an engine temperature sensor, a pressure sensor, an inflator system for activating air bags and/or vehicular tension-producing devices (e.g., for tensioning seat belts). Thevehicle gateway 80 controls access to and use of thevehicle buses 84. Relatedly, by means of thevehicle gateway 80, commands can be sent on one ormore buses 84 to one or more selected devices 88 that are connected to the particular bus orbuses 84. Thevehicle gateway 80 can also have wireless communication interfaces, as well as directly receive remote wireless input(s) by means of an antenna or the like. Such input(s) could be used to supply control signals to vehicle devices 88 including those used in supporting the locking/unlocking of vehicle doors and remote vehicle engine starting. - In communication with the
vehicle gateway 80 is avehicle services module 92. Similar to thecommunication services module 32 and the human/machineinterface services module 64, communications relative to thevehicle gateway 80 pass through thevehicle services module 92 in order to control access to vehicle gateway controlledvehicle buses 84 and vehicle devices 88. The functions of thevehicle services module 92 include supporting secure communications on one or more vehicle ortelematics buses 84, contributing to the enablement of intra-vehicle wireless communications (e.g. PAN, such as Bluetooth), arbitrating vehicle bus access for outgoing requests, providing fault notification related to vehicle gateway operations, monitoring and logging usage of thevehicle gateway 80,vehicle buses 84 and/or vehicle devices 88, enforcing rules related to uses of such resources that communicate with thevehicle gateway 80, and managing tools related to providing security, such as access keys and certificates approving access. - With regard to enabling communications in a secure manner, the
system 20 preferably includes acommon bus 96 with which a number of, if not all, communicable resources in the vehicle communicate. In this embodiment, thecommon bus 96 can link these resources to asecurity controller 100, which acts as a hub or switch through which communications pass relative to the communicable resources. Although represented inFIG. 1 as separate lines or connections to thesecurity controller 100, it should be appreciated that all such lines when linked together represent a common bus. Thecommon bus 96 can be based on one of a number of available bus technologies including those that provide or implement the vehicle ordigital buses 84. Thecommon bus 96 could also be implemented using wireless technologies. - The
common bus 96 can be defined to include a physical layer and a logical layer. The physical communication layer of thecommon bus 96 connects the different resources of thesystem 20 together. Vehicle manufacturers would typically control the characteristics of such buses. Thecommon bus 96 should have at least the following capabilities: sufficient bandwidth to support applications, an open architecture, standardized features, be widely supported, be multiported and have peer-to-peer functionality available. The logical layer provides the manner by which resources on thecommon bus 96 communicate with each other. The logical layer is configured so that different resources from different manufacturers can be properly linked to and communicate with the bus. The logical layer can be comprised of several different protocols to enable communication between or among devices, services and application program interfaces (APIs) that facilitate requests for certain services. Services may define their own APIs for communication with other devices. APIs that may be defined include: thesecurity controller 100 to establish secure connections between resources or between a resource and a hub; a communication services API enabling Internet and wireless communications for resources on thecommon bus 96; a vehicle gateway services API enabling status retrieval and control services for the vehicle; an API for theGPS 70 to enable transmissions of position information; a display API for displaying information using theoperator unit 40; registration related APIs to register resource capabilities; and broadcast related APIs for general dispersal of information. Some APIs are already available, for example, AMI-C (Automotive Multi-Media Interface Collaboration) has a defined set of protocols for communication with thevehicle gateway 80. Security protocols associated with thesystem 20 are to be compatible with AMI-C, as well as other existing protocols. - The successful growth of telematics requires safeguards against unauthorized requests to vehicle resources so as not to allow adverse impacts on vehicle operations. Vehicle communications may be classified from those that entail essentially no risk to those having high risks, with different risk levels in between, such as low risk and medium risk. The degree of risk can be based on a number of factors including sensitivity of information, privacy of information, and extent of detrimental effects that can occur when there is an unauthorized communication. A risk can be assessed based on key factors that include the resource or resources involved with the sending function and the resource or resources involved with the receiving function. A key risk factor relates to the particular application involved with a transmission. Applications can include changing configurations of vehicle devices or equipment; displaying vehicle status, upgrading firmware in the vehicle, conducting vehicle diagnostics, downloading one or more applications, downloading media information, downloading advertising, obtaining position information and updating or checking security assertions.
- In one embodiment, the
security controller 100 can include one or more secure processors and a GPS receiver that is embedded or integral with the secure processor. This combination can effect appropriate secure operations, especially when it is desired to accurately associate GPS information with one or more particular security controller operations. Preferably, thesecurity controller 100 is configured in thesystem 20 as a central hub or switch through which all traffic involving resources passes. After a secure session has been established, thesecurity controller 100 need only be involved as necessary to monitor data or other information including one or more applications. Thesecurity controller 100 can be implemented as a single chip. Representative responsibilities and functions of thesecurity controller 100 are: - User authentication B the
security controller 100 may be involved with storing a number of log-ins and can acquire authentication information in connection with conducting the log-ins. Thesecurity controller 100 may trust an authentication service, entity or other resource that can maintain a set of credentials for each log-in and inform thesecurity controller 100 regarding the identity of each log-in. In such a way, thesecurity controller 100 manages identities. For example, the log-in might be performed when the ignition of the vehicle is activated and the authentication services are provided by the owner of a taxi fleet. As another example, a smart card might perform the log-in using a central hospital as an authentication service, which is trusted by thesecurity controller 100. Thesecurity controller 100 may store user identification information in one or more of a number of forms including a personal identification number (PIN) smart card, password or by means of biometric information. This information can be passed to thesecurity controller 100 through one or more apparatuses or devices communicating with thecommunication services module 32, such as thecellular phone 24, W-LAN subsystem 36 and/or the W-PAN subsystem 38 or, alternatively, through the human/machineinterface services module 64 that can receive vehicle user identification information from thehuman interface 40. - Secure location and time B either as an integral unit or as a stand-alone device with which it communicates, the
security controller 100 can communicate with a GPS receiver (e.g., GPS 70). This receiver provides a secure source of location and time information. The GPS receiver is configured to eliminate or minimize tampering with the information that it provides. This trusted time and location information can be used to check against any location restrictions that might apply to certain resources in the vehicle. - Security monitoring B the
security controller 100 monitorscommon bus 96 activity andvehicle bus 84 activity between or among resources to ensure that the security conditions established during configuration or authentication continue to be met over time. For example, if there were a time condition related to bus activity, thesecurity controller 100 could dynamically discontinue the secure channel connection after a predetermined time event. - Bus arbitration B the
security controller 100 can provide arbitration between high priority and low priority activity on one or more buses located in the vehicle. For example, when there is an emergency, thesecurity controller 100 might halt all low priority activity, such as digital audio or video. - Application authentication (public key infrastructure) B the
security controller 100 contains a registry of digital credential information associated with registered resources. When an application requires secure access to thecommon bus 96, it presents its credential, or certificate indicative of such credential(s), to thesecurity controller 100. Generally, access to thecommon bus 96 is denied unless all traffic on thebus 96 is encrypted. Thesecurity controller 100 is responsible for ensuring security on thebus 96, while applications listen to encrypted traffic. Thesecurity controller 100 may reject an application requesting access to thecommon bus 96 on a number of grounds, such as an invalid certificate authority signature, invalid or unknown properties, time expiration or revocation of the certificate. If the certificate is deemed authentic, thesecurity controller 100 requests that the application prove that it is the principal of the credential by presenting valid access information, such as performing a cryptographic operation using the associated private key. Upon successful response, thesecurity controller 100 can open a secure channel with the application for future transactions or transmissions. In the case of Internet applications, laptop usage, PDA usage, or consumer applications, each individual application is required to authenticate with thesecurity controller 100. A more detailed description of digital certificates will follow herein. A related embodiment for application authentication involving a federated architecture will also be described. - Multiple keys B the
security controller 100 can also require more than one key or other security tool to be able to access one or more functions. More than one factor or requirement may be necessary to authenticate an application or a particular entity/user. For example, configuring the settings for a vehicle may require the physical presence of a particular phone (first factor) as well as a particular PIN or password entered through the human interface 40 (second factor). Additional factors may include time, location information, biometric information from the operator or user (fingerprint, voice print, facial print and the like) or third-party information, such as may be required over the Internet, before authentication of a user. - Multiple resources B the
security controller 100 can enable multiple resources to participate or be associated with one application. For example, executing a navigation application might require authentication of software running on a display of theoperator unit 40, thevehicle gateway 80 and theGPS 70. Many other examples are feasible including using an application that requires GPS location and GPS time. - Multiple public key protocols and algorithms B the
security controller 100 may utilize or be aware of several public key infrastructure (PKI) protocols while a particular resource may have information about only one such protocol. This allows application providers to select from a number of protocols and algorithms as are appropriate for their communications. However, a single algorithm can be chosen so that there are proper communications once a secured channel has been established. - Carry-in device firewall B to support any interface to a
computer 74 that can be used in the vehicle, security firewall functions can be built into thesecurity controller 100. The firewall protects resources in the vehicle from invalid, unwanted or malformed requests. Applications running on such carry-in computers that require access to services and information provided by thesystem 20 require certification. Thesecurity controller 100 handles authentication and key exchange with such applications. If a particular application is not certified, thesecurity controller 100 can allow certain, predetermined vehicle services to be made available to non-certified applications. - With reference to
FIG. 2 , another embodiment of a telematic secure system 20-1 is illustrated. The security controller 100-1 is included in the system 20-1 as another apparatus or resource on the common bus 96-1. According to this architecture, the security controller 100-1 performs all the security functions that are available in the embodiment ofFIG. 1 . However, the security controller 100-1 does not serve as a switch on the common bus 96-1, unlike theFIG. 1 embodiment. This can be a drawback to the effectiveness of the security controller 100-1 since its ability to isolate segments of the common bus 96-1 does not exist inasmuch as it is no longer a switch or central hub through which all communications pass between and among resources on the common bus 96-1. However, multiple key authentication, location-based authentication and certificate management can still be performed by the security controller 100-1. In another embodiment, thesecurity controller 100 may also be merged with any one of the services modules, for example, thecommunication services module 32, the human/machineinterface services module 64 and/or thevehicle services module 92. This configuration has the advantage of improving the authentication with the resource that it is merged with since no authentication is required as they constitute the same resource. On the other hand, like the embodiment ofFIG. 2 , the ability to isolate thecommon bus 96 is lost. - Main functions performed by the
security controller 100 relate to authorization for access to and use of the telematicssecure system 20. To perform these functions, thesecurity controller 100 can rely on certain tools involving previously granted digital certificates or other digital security assertions or credentials. A certificate evidences a grant of properties or rights for accessing and using thesystem 20. A certificate may apply to a resource, such as an application that is to run in the vehicle using one or more other resources or a proprietary subsystem that is included with the vehicle and which may or may not be removable, e.g., a subsystem that is an add-on to the vehicle by an entity different from the manufacturer of the vehicle. A certificate may also be made available that applies to an entity who has generally established itself as meeting all requirements, including safety and security requirements, for access to and use of resources with the vehicle. In the case of an entity being certified, the resources from this entity may be deemed acceptable for use with the vehicle in the case in which the entity has a proven record of meeting requirements for resources available from it. - Generally, a digital certificate is presented to the
security controller 100. The certificate can apply to a resource such as an application. Thesecurity controller 100 determines whether the presenter (e.g., owner or licensed user of the application) of the particular certificate has the rights associated with the certificate. Once this verification or authentication scheme is satisfied, a secure channel of communication may be established for the application. The secure channel can include use of adequate encryption. - The certification process involves a number of procedures and tools. An important part is establishing or identifying a certificate authority (CA) that provide certificates for use in the
secure telematics system 20. The CA is responsible for issuing certificates to approved resources for use in the vehicle and/or entities that provide such resources. The CA can revoke the rights of previously authorized resources and/or entities when certain violations or breaches are determined. The CA is involved with the following, at least some of which will be the subject of later explanation: the security of certificate authority private signature keys; the security of a public key list; the ability to verify that a certificate presenter possesses the associated private key; the ability to assign reasonable properties with each certificate; the ability to automate responses to requests in order to satisfy a large number of certificate requests; and the ability to designate another or secondary CA that is authorized to provide certificate authority functionality instead of the primary CA and which ability can be used to lower bandwidth requirements on the primary CA. The CA can include one or more of a number of entities including one or more vehicle manufacturers, application developers, service providers and representatives thereof, as well as one or more third parties that are independent of vehicle manufacturers and vehicle resource suppliers and/or developers. - Procedures and processes associated with certification are next discussed, particularly in the context of a certificate or other security credentials or assertions being provided for one or more applications that are intended to be executed within the
secure telematics system 20, although it should be appreciated that such processes and procedures can be adapted to apply to other resources and entities associated with such resources. The main certification processes include: the CA being initialized with one or more CA signature keys; the CA issuing a set of keys to an application developer that allows such applications to make certificate requests; creating a certificate request by the application and delivering it to the CA; and the CA granting the certificate request and returning it to the application. - With regard to the CA signature key(s) creation process, the CA has a signature key or set of signature keys that are used to sign certificates. The CA signature key generation process is performed once and the key or keys are stored in a physically secure manner. The signature key creation can include the CA creating a CA signature public key (CASPK) and CA signature private key (CASRK) key pair. After its creation, the CA stores the CASRK in a secure manner. The CASPK is delivered by the CA to the
security controller 100 where it can be used to verify signatures of certificates that are submitted to it. Multiple CA signature key pairs can be generated which allow a diversity of signatures on certificates. In such a case, a list public keys is embedded with thesecurity controller 100 for verification and a CA signature key index is added to the certificate. - Next regarding enablement of the generation of certificate requests, certain security tools or information are provided to the developer of the application that is to be a resource for the vehicle. However, before providing such access tools or other information to the developer, the particular application is first approved. In one embodiment, the approval procedures are conducted by an entity different from the CA. This different entity may be termed an application verification authority (AVA). Alternatively, the CA is also responsible for application verification or approval. Regardless of the identity of the entity or entities, it is authorized and responsible for ensuring that applications entering into the
system 20 are safe, secure and operate within predetermined guidelines. The approval of the AVA, whether it is the CA or another entity(ies), is obtained before the CA can issue a certificate for the application. Approval from this authorized authority can require the following main processes: submission of the application to the AVA by the application developer; auditing of the application developer security practices by the AVA; testing the application by the AVA in a number of environments involving thesystem 20 for behavioral and safety determinations; providing written notification to the application developer by the AVA when corrections are required before approval can be granted; and upon passing AVA verification, the CA is notified of application approval, in the case in which the AVA is different from the CA. - With respect to the application submittal process, an application developer is required to request that its application be allowed to enter the
secure telematics system 20. The request requires submittal of the application accompanied with written documentation that can comprise the following: a mutual non-disclosure agreement, a copy of the application, a complete description of the application, one or more reasons for the application to be part of thesystem 20, the set of properties and/or rights that the application requires to perform its function(s) and a description of the security infrastructure used to protect one or more private keys. - Regarding the application approval process, the AVA performs a security audit before granting the application developer the ability to enter the
system 20 and which audit can include: visiting the application development site by the AVA to make sure that proper security precautions and procedures are in place including to ensure that the protection of keys at the development site and/or at the manufacturing site is sufficient; reviewing the security firmware or other software by the AVA that is related to the protection of one or more keys; and testing of the application in a number of secure telematics system environments to make sure that the application does not jeopardize safety within the vehicle and that the application is sufficiently behaved within thesystem 20. - Also with respect to approval, certain relevant factors are considered and/or noted. First, approval of one version of an application does not automatically grant approval to one or more later versions. Secondly, any application that has received a certificate may be subject to tampering. Members of the hacker community may try to modify the application to make it perform in unexpected or undesirable ways. One or more members of the developer community may modify their own applications after obtaining a valid certificate. The modification may take the application outside the original specifications or result in security flaws that expose the application to unwanted hacking or attacks. To enforce compliance, the AVA can compute a secure hash of portions of the application and provide that hash to the CA for incorporation into the certificate. Once deployed in the field, the application is required to submit the same portions of itself to the
security controller 100. As part of authentication, thesecurity controller 100 computes the same secure hash and verifies that it matches the value or properties within the certificate. - The application approval process can also entail adherence to guidelines for application developers and guidelines for applications, together with implementation considerations. In that regard, developers of applications may be required to provide for the physical security of keys within their development facilities and manufacturing facilities. For example, gaining physical access to such keys might require a minimum of two persons present at all times. Application developers are to be cognizant of the kinds of attacks that the application may be subjected including communication channel tapping, entity spoofing, denial of service attacks (e.g., network overloading), software or firmware emulation and diagnostic back doors. Application developers may be required to partition the application into modules that fall within the jurisdiction of the verification authority and those that fall outside the jurisdiction of the verification authority. A clear partitioning allows the developer more abilities to revise modules that fall outside the jurisdiction of the verification authority version control mechanisms. Developers of applications can be required to implement a secure download procedure for field updates since a secured download procedure prevents unwanted applications from entering into the
secure telematics system 20. - Guidelines for applications can include being sensitive to or highly compatible with the vehicle environment. For example, an application may only be appropriate when the car is not moving and be inappropriate when the car is moving as there may be some distraction to the driver. Each application is required to protect its key or keys such as by means of hardware protection, key obfuscation and encryption techniques. Each application may be required to be aware of priority schema within the
system 20. Some applications may be considered low priority and can be terminated by high priority applications. - Regarding application implementation factors, the verification authority can be responsible for behavioral auditing, security auditing and safety auditing. The verification authority might rely on software and hardware tools to conduct verification or auditing procedures intended to meet these objectives.
- Once the developer is determined to have met the requirements of the verification authority, the process related to generating one or more certificate requests can continue. In particular, the CA creates a certificate request public key (CRPK) and a certificate request private key (CRRK) pair. Concomitantly the CA assigns the key pair a certificate request identifier (CRID). After generation of the key pair and the identifier, the CA delivers the CRID and the CRRK to the developer through secure procedures, paths or means. Such security may involve delivery in person, or through a separate secure channel established during an on-site visit. The CA also creates a new entry in a local database that can be labeled certificate request public key list (CRPKL). The new entry is linked to the developer's CRID for future access capability. The unique identifier may be the next available index to the CRPKL or it may be a globally unique identifier (GUID) or any other unique value that may be used to look up the associated CRPK. The new entry can include the following information:
-
- (a) the CRPK associated with the application;
- (b) the properties of the certificate to be granted. A property range may be entered which limits the range of requested property values, rights and/or obligations that may be issued by the CA. These properties become part of the certificate when a certificate is granted for the particular application; and/or
- (c) any additional rules associated with the granting of the certificate(s) for the application. These can include a maximum number of certificates to be granted, a limited time period in which to grant certificates and a requirement that a financial transaction be confirmed (e.g., compensation or fee to be paid) prior to issuing the certificate.
- Such information can also include a secure hash of the application. The secure hash involves the reduction of a large amount of data to a small number of bits in such a way that it is mathematically extremely burdensome to revert to the large amount of data without authorization. A secure hash value may be encrypted using a secure session key in order to create a “message authentication code.”
- As previously noted, the certificate to be granted has a number of properties or rights. The properties in a certificate may include any amount of information: a unique identifier for the owner of the certificate; the priority level assigned to the application where a higher priority application receives bandwidth allocation before a lower priority application; expiration date and time of the certificate; geographic location where the certificate is valid; wireless LAN “hot spot” identifier where the certificate is valid; other resources that are part of the
system 20 that the application needs to communicate with to function correctly (thesecurity controller 100 uses this information to open a common secure channel with all resources required for an application to run correctly); APIs that the application is allowed to use whereby restricting access to certain APIs reduces the security risk of some certificates, e.g., a certificate that only grants access to commands that read the state of vehicle information involves a lower risk than a certificate that grants access to commands that control vehicle services to perform one or more functions; and/or additional authentication that may take the form of user confirmation procedure, or external third-party authentication procedures. - Once an application developer has been granted the right to utilize the
system 20 by means, for example, of receiving a CRRK, it may obtain a certificate by issuing an application certificate request to the CA. The certificate request process varies depending on the type of application that is receiving the certificate, where the application receives its certificate and how the application is distributed. Applications may request certificates that involve the following: -
- an application embedded within an electronics subsystem may request a certificate from the CA during its manufacturing process so that the application ships in a state that is acceptable for use within the
secure telematics system 20. - an application that is to be distributed through a hard medium (e.g. CD-ROM or DVD) undergoes a single certificate request process that is managed by the application developer. As part of its distribution, the certificate and one or more keys are embedded into the application.
- an application may be distributed through a WAN, LAN, or PAN network. The application developer can choose to obtain certificates for the application dynamically at download or perform a one-time certificate request similar to a hard medium distributed application.
- an application may request a new certificate while running in the end-user environment. The application may require a new or updated certificate to gain access to the
system 20. This ability allows an application to be enabled by the user in the field by obtaining a new or updated certificate, which may include payment of a fee.
- an application embedded within an electronics subsystem may request a certificate from the CA during its manufacturing process so that the application ships in a state that is acceptable for use within the
- Regardless of whether the application or the application developer is requesting a certificate, fundamental steps can be implemented that are applicable for virtually all applications including those just identified and which include the application creating a certificate public key (CPK) and a certificate private key (CRK) key pair; the application securely storing the CRK into non-volatile memory; the application creating a certificate request that includes the following components: the CRID that identifies the requestor to the CA, the CPK that is the application's public key, other certificate properties that are required, and a certificate request signature (CRS) that is created by digitally signing all the above-noted information using the CRRK as the key, with the CRS being used to authenticate the requester to the CA; and the application delivering the request to the CA and which request does not necessarily require a secure channel for transmission.
- With respect to the certificate creation, the CA retrieves the CRPK properties, rules and secure hash from the database using the supplied CRID as a lookup parameter. The CA also validates the CRS using the CRPK. The CA verifies that none of the rules associated with the CRID have failed. For example, the CA verifies that the time period in which the CA grants certificates has not expired. Further, the CA verifies that the requested properties are within the scope of the properties agreed upon during the request to enter into the
secure telematics system 20. An application may be unable to ask for a certificate over a certain expiration time. The CA creates the certificate including the properties in secure hash, as well as digitally signing it with a CA signature private key (CASRK). After the foregoing are implemented, the CA returns the completed certificate to the requester, which return may be conducted across an insecure channel. After receipt, the application is expected to verify that the public key in the certificate matches the CPK that was originally part of the certificate request and verify the authenticity of the certificate by verifying the CA signature. - With receipt of the certificate, the application can gain access to the
secure telematics system 20. Generally, this includes interaction with thesecurity controller 100. In particular, the certified application sends a service request with the certificate to thesecure controller 100. Thesecure controller 100 can return a challenge request to the application that includes a random number encrypted with a public key. The application decrypts the random number using its local private key. The application sends back to the controller 100 a random number response. If the random number received by thecontroller 100 in response from the application matches the number encrypted for challenge then the service request is granted. Once granted, thecontroller 100 sends an indication of a service or session to be initiated to the application. - Certificates usually last until the expiration date. However, there can be predetermined conditions under which a certificate is revoked. By way of example, an application that has been compromised, such as where its private key has been exposed, may be required to be revoked. The CA can maintain a certificate revocation list (CRL) that can be embedded within the
security controller 100. Thesecurity controller 100 consults the CRL during its authentication process to ensure that the application has not been revoked. Updating the CRL may be supported by including a requirement for additional third-party authentication within the certificate itself. - Certificate creation might utilize currently available tool kits that provide security code that can be required for the application developer. These tool kits can include RSA's Cert-C and Certicom's TrustPoint.
- Generated certificates can have other uses including the tracking of fees, payments, royalties or other compensation requirements. In cases where proprietary resources are to be accessed within the
system 20, the issuance of the digital certificates may be used to indicate that such a proprietary resource is to be accessed and/or used. Each time a certificate is created for an application, an entry is made into the certificate database. The database may be queried to retrieve the number of certificates issued that allow access to proprietary resources and a previously determined fee or royalty may be levied in conjunction with such access or use. - The
secure telematics system 20 enables secure applications to be used in a safe manner with one or more other resources associated with the vehicle. Additionally, incentives are provided to owners or others who have proprietary interest in resources to make available their proprietary resources to control the access in use. The proprietary resources, in contrast to non-proprietary resources, are resources in which one or more entities has a legally protectable proprietary interest in the resource. The legally protectable proprietary interest can be based on one or more legally recognized intellectual properties including patents, trade secrets, copyrights and contract-based rights. Resource usage and expansion thereof, particularly use of proprietary resources, is fostered by establishment of relationships with entities that can be involved with the telematicssecure system 20. These entities can include vehicle makers, communication device vendors, communication services providers, proprietary subsystem suppliers, application developers and vehicle users. Establishment of relationships can include the definition and acceptance of conditions by the entities. Conditions, such as rights and obligations, can be different for different entities or groups of entities. These conditions might include sufficient descriptions or identifications of the resources that can be used; compensation-related factors associated with usage; duration of use; specific definitions or limits of use that can be made of proprietary resources; geographic limitations that define locations within which use can be made; remedies for non-compliance with one or more conditions; and other relevant requirements including obtaining certification as previously discussed including approval of proprietary resources, such as applications, by a designated authority. - With the proper establishment of relationships in place, together with acceptable security, various uses and/or applications of the telematics
secure system 20 can be identified and advanced. For example, a vendor of after market audio equipment may desire access to proprietary and/or non-proprietary resources in the vehicle in order to interface the vehicle radio to controls and displays associated with the operator orhead unit 40. The add-in radio maker may also desire access to the vehicle audio system and hands-free features, such as hands-free cellular telephone usage, that are already contained in or embedded with the vehicle, including voice recognition. Further, access to a vehicle PDA interface may be desirable to allow upload and/or download of personal or other desired data. Such resources can be made available to the after market supplier based on approval of the radio application and obtaining a digital certificate that works with thesecurity controller 100. In this case, the vehicle maker, as an entity having one or more proprietary interests in one or more proprietary resources associated with the vehicle, can establish a relationship with such a vendor utilizing appropriate conditions including conditions that provide incentives to the vehicle maker, e.g., revenue to be received for such access and use that might be in the form of a one-time fixed payment, by subscription and/or when the vehicle is resold. - Numerous other applications can be identified or described that might involve applicable resources to be used with other resources associated with the vehicle. There can be many general application areas including related to security, multi-user, geographical, regulatory, communication and commerce. One or more applications may fall into more than one of these groups or categories and other applications may not be clearly delineated into one or more of them. Some representative applications are next described.
- Vehicle configuration B the
cellular phone 24 is available to send configuration information into the vehicle. This configuration information may include driver identification, seat position, mirror positions, radio station pre-sets and use of other subsystems or devices located in the vehicle. Upon receiving the information, these can be adjusted under commands from thetelematics control unit 80 or other vehicle-resident computing devices. Such an application may require the following steps: -
- 1) The
cellular telephone 24 is placed in a cradle with power on. - 2) Operator identification is entered, such as a “PIN”, biometric, smart card, voice command and the like.
- 3) The
cellular telephone 24 receives this information and the vehicle configuration application is initiated. - 4) The
security controller 100 authenticates the configuration application using, for example, appropriate key exchanges. - 5) After successful authentication, the security controller enables or authenticates a communication channel with the gateway to the appropriate bus, vehicle bus or
buses 84, which can be thevehicle gateway 80, if a secure session is not already in progress. - 6) The
security controller 100 chooses a common encrypted session key and distributes it to thecellular phone 24 and thevehicle gateway 80. - 7) The vehicle configuration commands are sent from the
cellular phone 24 to thevehicle gateway 80 via the secure, encrypted channel. - 8) The
vehicle gateway 80 may verify, when desirable or appropriate, that configuration adjustments are to be performed only when the vehicle is stationary. - 9) As part of the overall access and use involving the configuration application, a user acknowledgment might be required before any such adjustments are implemented.
- 1) The
- Another representative example of an application can involve the activation of an inflator system, such as an air bag in the vehicle, which triggers a notification that is sent to a designated entity or authority. Relevant steps for this application include:
-
- 1) During system initialization, a secure alarm channel is established involving the
GPS 70, thevehicle gateway 80, thesecurity controller 100, and thecommunication services module 32 for use during an emergency. - 2) When a sufficient vehicle impact is detected, an air bag of the inflator system is activated or deployed.
- 3) The
vehicle gateway 80 receives one or more air bag related alarms from this vehicle device, which may occur across an embeddedvehicle bus 84 when the inflator system is connected thereto. - 4) The
security controller 100 receives the alarm by way of a secure connection. - 5) The
security controller 100 obtains GPS information from theGPS 70 and delivers it to thecommunication services module 32. Thecommunication services module 32 initiates communications to notify the remote designated entity or authority of the vehicle using thecellular telephone 24 or other communications subsystems, such as the W-LAN and W-PAN subsystems
- 1) During system initialization, a secure alarm channel is established involving the
- A navigation application involving a subscription service can also be implemented. By way of example, a vehicle can be sold with a GPS and a navigation application built into the
human interface 40. For the application to continue to work, the subscription must be renewed. A real time certificate is obtained from the certificate authority by creating a certificate request that is validated based on a verifiable financial transaction. Certain steps are next described related to this application: -
- 1) The vehicle user is notified that the navigation subscription is about to expire and is offered the opportunity to continue the service for another term, such as one year of service.
- 2) The user accepts the offer by entering electronic payment information, such as a credit card number. Secondary user authentication may be required to ensure that the user is allowed to make the transaction, i.e., the user is the owner of the vehicle.
- 3) The application requests a secure channel with the financial institution through the
communications services module 32. Thesecurity controller 100 enables this transaction by opening a common secure channel between the application and with the financial institution through thecommunication services module 32. - 4) The application and financial service communicate through the secure channel to charge the user's account.
- 5) The financial service responds with a confirmation number for the charge.
- 6) The application creates a certificate request to the certificate authority including the confirmation number of the charge as a receipt of the financial transaction.
- 7) The application sends the certificate request to the CA, which does not require a secure channel.
- 8) The CA receives the request, verifies with the financial institution that the charge occurred and issues a one year certificate for the application.
- 9) The application presents the new certificate to the
security controller 100 to enable access by the application to theGPS 70. - 10) The CA distributes the subscription notification to the vehicle maker and application developer for possible fees that might be due including royalties.
- The secure telematics system is also involved with certificate-related procedures including assertion repository updates and certificate revocation lists that may involve the following:
-
- 1) The
system 20 receives notification that an update to a certificate is available. This notification can be received via a wireless link or wired connection such as involving a vehicle or digital bus. - 2) The vehicle user can be notified that the update is available and may acknowledge and/or approve the upload of the update.
- 3) The source of the software or the certificate is authenticated by the
security controller 100. - 4) The upload might be constrained by location such that it occurs only when the vehicle is located within a certain geographic region. In such a case, the certificate presented for the application to be uploaded contains the identification of the required geographic region.
- 5) The upload can also be constrained by time whereby uploads are only allowed within a certain period of time.
- 6) A secure session involving an encrypted communication is set up between the certificate source and the
security controller 100. - 7) The update is loaded into the security controller, which may be a new certificate and/or a certificate revocation list.
- 8) The
security controller 100 authenticates the certificate and/or CRL by means of a digital signature. - 9) Optionally, a third party might be consulted to verify authenticity.
- 10) The
security controller 100 stores the new certificate and/or CRL in its non-volatile memory.
- 1) The
- Similar procedures or steps can be utilized for an application update. Updates may also be requested by the
security controller 100 for expired certificates. Certificates may expire after a predetermined date, which can be useful for subscription-based services. In such cases, a secure time source is necessary, such as the embeddedGPS 70. Wireless communication network clock verifications at local hot spots might also be utilized. - Further applications are next described according to groups or categories. The following relate to security applications:
- Secure VIN for warranty and quality control B the vehicle maker uses the
security controller 100 to ensure that the integrity of stored information related to warranty and quality assurance has not been compromised. An activation log could be included that documents automatic collision notification being sent to a designated entity or authority. The secure VIN certificate/key can be loaded at the vehicle maker's plant. - Access to car information for vehicle user application B the car maker can use the security controller to grant access to vehicle information, driver information and vehicle control only to the authorized owner. Essentially this can be the secure key to the vehicle for the owner or other authorized user. One example might be to unlock vehicle doors using a cell phone or PDA.
- Secure access for diagnostic tools B the vehicle maker can use the
security controller 100 to grant access to diagnostics information and vehicle configuration only to authorized dealers with authorized tools. - Access for service provider applications B the vehicle maker can use the
security controller 100 to grant access to vehicle information, driver information and vehicle control to authorized service providers with authorized tools. - Access to user interface resources B the vehicle maker can use the
security controller 100 to grant access to the vehicle user interfaces only to authorized applications and devices. The vehicle maker may limit the risk for accidents due to driver distraction, e.g., allowing a cell phone to be controlled by steering wheel buttons or built in voice recognition. - Secure fleet vehicle status B a fleet operator can use the
security controller 100 to control access to each vehicle and load status data for its fleet. This information can be securely stored in thevehicle memory 76 and only accessed by authorized entities. - Secure position data for fleet management B the fleet operator can use the
security controller 100 to control access to position data of its fleet. The position information can be securely stored in thevehicle memory 76 and only accessed by authorized entities. - Protection of position data B the car owner or other authorized user can use the
security controller 100 to control access to position data of the owners vehicle. The position information can be securely stored in the vehicle memory and only accessed by authorized entities. - Vehicle tracking and security B internal GPS assets, vehicle bus access and vehicle telecommunications can offer many levels of vehicle safety and security such as being aware of the current location of hazardous materials being transported by trucking companies.
- The telematics
secure system 20 is adaptable for multi-user applications including: - A number of authorized vehicle users—resources associated with the
system 20 can be specially and uniquely configured for each authorized user of the same vehicle, for example, in providing communication options such as: filtering of “hot spots” for each user based on the particular user's special interests; limiting or presetting vehicle controls for each family member, valet or authorized vehicle operator; and subscriptions associated with particular user authentication. - Rental car customization B the rental vehicle user can interact with the rented vehicle in order to use a personal cell phone and/or upload a personal directory for radio station preferences.
- The telematics
secure system 20 can be accessed for geographical and/or regulatory applications which might include: - Traffic information subscription B various levels of traffic maps, warnings and special routings can be displayed using a navigation display screen that might be part of the
operator unit 40. - Vehicle pollution control B the
system 20 might be accessed to modify or adjust controls in the vehicle in order to reduce emissions or switch the vehicle to electric power. - Current road conditions B advanced warning of upcoming road construction or major accidents can be provided using a wireless link warning station that can broadcast the relevant information at a distance from the construction or accident. The vehicle user or driver can be warned using a display or audio information by means of the
human interface 40. - Weather conditions B advanced warning of weather hazards, such as fog, ice and/or snow can be provided using the
system 20 so that the vehicle driver has sufficient time to take appropriate action including the possibility of changing to a different route. - Border crossing and inspection B governmental entities may use the
security controller 100 to control access to vehicle data related to border crossings and weight inspection. Such information can be securely stored in thevehicle memory 76 and only accessed by authorized entities. - Smog testing B governmental entities may use the
security controller 100 to control access to vehicle data related to smog tests. Such information can be securely stored in the vehicle memory and only accessed by authorized entities. - Another category of applications generally relates to communications where the vehicle can be considered a client that receives desired or requested information using wireless LAN network technologies or other protocols. Information to be communicated by downloads to the vehicle might include: music (such as MP-3 or WMA formats); address book entries; navigation system updates and personal navigation maps; document synchronization and updates; synchronization with the car PDA; updating online game status; updating and modifying vehicle permissions for authorized users; firewall permissions to control e-commerce applications for a particular user; driver validations and supporting group chats. A more specific example of a music download might involve an association with a particular geographic region. For example, based on location awareness of a vehicle entering Yellowstone Park, a special offer might be downloaded to the driver and passengers of the vehicle in the form of music that was compiled to enjoy as they travel through the park. Such a special music offering could be made using the
secure telematics system 20 via a wireless communication network broadband link or the like to the vehicle occupants. After acceptance of the offering related to the special music, a fee associated with acceptance can be paid using thedigital funds resource 78. After this occurs, the music is downloaded in an acceptable format to theoperator unit 40 for subsequent playing. - Some e-commerce applications of the telematics
secure system 20 are next described. - Vehicle as a service provider B with the vehicle having an
assertion repository 78 that can be securely accessed by authorized entities, the vehicle can be a source of services that are paid for by transactions using theassertion repository 78. Such services might include those related to leasing, financing, repair and/or maintaining the vehicle. Such services may be basic navigation services and/or premiums for such services. The vehicle maker may be able to exercise appropriate controls over the vehicle when proper payments are not made (e.g., discontinue services, regulate vehicle usage). Additionally, the vehicle might have configured devices, subsystems and components that have activatable features provided that certain conditions including payments are met. These features might include making available extra engine horsepower for a certain period of time. Relatedly, vehicles that have theassertion repository 78 may require further validation related to entities or individuals that can use theassertion repository 78. Various biometric devices, such as a retina scanner, fingerprint verification or the like might be used to validate access to this resource. - Control access to consumer electronics devices B the maker of such device uses the
security controller 100 to grant access only to authorized users. This may be a secure key to unlock premium features of a cellular phone or a PDA when located in the vehicle. - Toll payments B governmental entities may use the
security controller 100 to control access to theassertion repository 78 for use in making toll and parking payments. - Public and private transportation companies can also take advantage of the
system 20. A WiFi link to an outside toll gate might communicate with the fare meter of a cab in determining the combination of trip distance fare as well as trip related toll costs. Additionally, thesystem 20 might send an electronic receipt to the cab passenger's PDA having WiFi capability. - Third-party services and promotions B the vehicle driver and any passenger can receive communications related to products and services that might be available including from business establishments that are within a predetermined distance or range of the vehicle. These subscription services and promotions can relate to digital coupons for gas station purchases, hot spot Internet privileges, menus of restaurants and their promotions, and communication offerings, such as free voice over IP long distance.
- Multi-media downloads B music and video can be downloaded by subscription that is based on individual subscriber identification, which can be correlated with the driver and one or more passengers in the vehicle.
- It should be understood that many other applications are possible and the foregoing applications are intended to be representative thereof. The telematics
secure system 20 establishes the environment for numerous and diverse applications that might only be limited by the relationships that can be established and the resources that can be identified or devised for use with or for executing one or more of such applications. - The
security controller 100 can also be configured as part of a federated architecture in which access to and use of resources is also based on one or more assertions or credentials, and/or set(s) thereof, provided by federation members. In this embodiment, thesecurity controller 100 acts as a proxy or trust arbiter in authorizing and authenticating access requests to vehicle resources. In connection with authorizing and authenticating access requests, thesecurity controller 100 can evaluate complex sets of assertions or security credentials that are provided by an entity or requestor. Based on the credentials, thesecurity controller 100 can determine whether access should be granted or denied. An assertion is a signed bundle of information that is asserted to be true by a trusted principal. An assertion may only have meaning or be relevant to certain parties. Assertions can be categorized according to different levels or classes that are associated with concomitant rights, privileges and/or obligations. For example, the assertions can include identifiers or other information that associate the requesting entity with a particular class of service providers, such as vehicle maintenance members, transportation providers, vehicle fuel providers, and highway toll entities. - The
security controller 100 can also be involved with assertions or security credentials on its own behalf or on behalf of other resources in the vehicle. Certain examples can include providing credentials that authorize release of vehicle location information and which need not include releasing the user or vehicle identity. Thesecurity controller 100 as part of a vehicle can operate in a federated security environment in which the member entities of the federation agree on the format and content of an assertion, such as security credentials or attributes. They also accept the protocol for exchanging these credentials. Thesecurity controller 100 can implement the protocols on its own behalf and on behalf of vehicle resources under its domain. - More specifically, the
security controller 100 is able to issue certificates to resources in the vehicle using a signing certificate issued by a broadly recognized root CA. At the same time, thesecurity controller 100 is able to understand embedded assertions about authentication and authorization in connected resources. The PKI model is still supported, as the PKC's issued to those resources are considered a subclass of the types of assertions that may be utilized by thesecurity controller 100. - In one embodiment, when a new resource (e.g. device) is connected, it contacts the
security controller 100, or vice versa, and a new certificate is requested. The decision whether or not to issue the certificate to that resource in that name is made by thesecurity controller 100. This decision is based on the location of the resource (e.g. connected to one or more vehicle buses), input from the user (e.g. which would be asked, “Is the resource you just connected Radio 407b built by Acme Co.?”, and could later be asked what to allow the radio to do), pre-embedded assertions in the resource that thesecurity controller 100 can verify with the issuers, as well as other appropriate information. Using all these inputs, an intelligent decision with the maximum available information is made whether to grant the certificate. - Identity certificates should always be issued, but that authorization privilege associated with these certificates should be carefully partitioned. This is where the control and the business model can be elaborated. The
security controller 100 decides based on certain information whether or not to grant certain permissions for unintelligent applications. For intelligent applications, it can act as the domain controller, allowing those clever resources to potentially decide authorization on their own in whatever fashion desired. Either way, thesecurity controller 100 is a necessary component and there are several hooks in the allocation of permissions to various resources to utilize other resources where billing systems can be attached. - Making the
security controller 100 able to issue its own certificates to resources in the vehicle greatly lessens the exposure of all the resources involved since new certificates can be easily and locally issued. If the issuer of the security controller's certificate is compromised, new certificates only have to be issued for the security controller(s) it signed for. Additionally, permissions and identities can be handled in a federated way: the radio manufacturer can bundle authorization assertions inside the radio which thesecurity controller 100 can verify with the manufacturer and decide whether to trust. - With reference to
FIG. 3 , a general description is next provided related to an application and operations in which the vehicle, under control of thesecurity controller 100, is part of such a federation. Thesecurity controller 100 communicates with an origin or requesting application and a target provider, which can be a target service provider, a target product provider or other provider. Generally, the requesting application seeks to utilize the target provider for a particular function or activity. In connection with determining whether access by the origin application is to be granted, certain procedures are followed to ascertain whether or not the origin application is authenticated and has the authority to execute its application. Major steps for these procedures include: -
- 1. The origin application contacts the target provider requesting some product, service, resource or other information.
- 2. The target provider sends the origin application a signed assertion with the name of the target provider and the information needed to allow access by the origin application.
- 3. The origin application contacts the
security controller 100 to request a new assertion related to authorization by the origin application to use the target provider. - 4. The
security controller 100 and the origin application mutually authenticate using an established protocol, e.g. a secure sockets layer (SSL) for IP networking. - 5. The origin application presents the assertion that it receives from the target provider to the
security controller 100. - 6. The security controller utilizes the assertion that it receives from the origin application to generate a new assertion for the origin application. This new assertion may include information about the origin application. Alternatively, the information may simply be related to an approval with reference to the original target provider assertion in order to maintain a high level of privacy related to the identity of one or more parties involved with executing the origin application.
- 7. The origin application presents this temporary assertion to the target provider, which may include an accompanying handle or other identifier.
- 8. The target provider verifies the temporary assertion by using information and checking it against the public key of the
security controller 100. Alternatively or additionally, the target provider could check directly with thesecurity controller 100 in connection with performing this verification. As part of this direct communication, additional information could be given to the target provider by thesecurity controller 100. - 9. Based on the information in the temporary assertion that it receives, the target provider grants or denies access to the origin application, which may involve one or more resources under the control of the target provider and/or services/products available through the target provider.
- Referring to
FIG. 4 , a more specific use of a federated architecture, particularly related to maintaining desired privacy, is described. According to this example, vehicle resources are used to pay for a product purchased by the vehicle user and, more particularly, to pay for food from a fast or quick food vendor. Entities that are part of the federation to provide a secure transaction involving this product purchase include a vendor, a financial institution (e.g., bank) and the vehicle itself through thesecurity controller 100 and theassertion repository 78, together with the vehicle user who is involved with authorizing the payment. This transaction example includes the following steps: -
- 1. The vehicle user or consumer places an order with the vendor, who requests payment.
- 2. The
security controller 100 receives the payment request and can query thepolicy decision engine 82 related to payment information. Thedecision engine 82 can access thedatabase 90 or other appropriate assertion orcredential repository 94 in order to receive necessary verified or signed assertions based on the queries submitted by thesecurity controller 100. - 3. The
decision engine 82 may provide the vehicle user with the payment amount and choices for making the payment, for example, using thehuman interface 40. Since no trust relationship exists between the vendor and thesecurity controller 100, the payment amount and recipient are unsecured and untrusted. To establish the security and trust, the financial institution or bank is employed. - 4. The
decision engine 82 selects a bank account to debit for the purchase based on the user input. - 5. Next, the
decision engine 82 finds the bank account and connection information in thecredential repository 94. Although thecredential repository 94 is indicated as being part of theassertion repository 78, it can be located remotely of the vehicle and an authentication and authorization process would be required to obtain the necessary information from any such remote repository. - 6. In one embodiment or optionally, security and anonymity can be enhanced by the
decision engine 82, with the assistance and control of thesecurity controller 100, communicating with the bank and obtain a temporary pseudonym to identify the transaction rather than utilizing a pre-established, persistent identifier. - 7. Regardless of its location, the
credential repository 94 returns to thedecision engine 82 the name of the bank and the identifier associated with the transaction.
- In the case in which the
credential repository 94 is remote relative to the vehicle, thedecision engine 82 might access it using a wireless session by means of thesecurity controller 100. -
- 8. Next, the
decision engine 82 provides thesecurity controller 100 with the payment credentials that can include the bank name and the transaction identifier. - 9. After obtaining them, the
security controller 100 sends the payment credentials to the vendor. - 10. The vendor authenticates and authorizes with the bank.
- 11. The vendor sends the bank payment credentials.
- 12. The bank authenticates and authorizes with the
security controller 100. - 13. The bank presents a payment request to the
security controller 100. - 14. The
security controller 100 presents the payment request to the vehicle user. - 15. The vehicle user accepts the payment request.
- 16. The
security controller 100 indicates authorization of payment and sends it to the bank. - 17. The bank acknowledges that the payment was made to the vendor.
- 8. Next, the
- Referring to
FIG. 5 , another federated security transaction is described. In this example, a toll can be paid by the vehicle user in an anonymous manner. The members of the federation include a toll entity, a shuttle company associated with a directory and being involved with transportation, and the vehicle having thesecurity controller 100, together with thedecision engine 82 of theassertion repository 78. The steps and communications associated with this transaction example include: -
- 1. The toll booth entity initiates an authenticated SSL connection with the
security controller 100 utilizing mutually recognized certificate authorities. - 2. The toll booth entity presents payment demand.
- 3. The
security controller 100 queries thedecision engine 82 for appropriate payment source. - 4. The
decision engine 82 initiates and establishes an authenticated secure connection with a directory that is remote from the vehicle. - 5. The
decision engine 82 presents the authorized assertion to the directory. - 6. The directory generates credentials containing appropriate payment information signed or authorized by the shuttle company.
- 7. The
decision engine 82 returns the credentials to thesecurity controller 100. - 8. The
security controller 100 presents the credentials to the toll booth entity.
- 1. The toll booth entity initiates an authenticated SSL connection with the
- In one embodiment, additional validation can be made with the shuttle company itself before access is granted. Payment could then occur or transactions could be aggregated by the toll booth entity and present them to the shuttle company later based on their established relationship. In a related embodiment, instead of security credentials from the remote directory, persistent, cached assertions could be relied on that are immediately accessible by the security controller.
- Another anonymous transaction example is illustrated in
FIG. 6 . According to this scenario, a cab for hire is paid anonymously and the cab user or passenger receives a digitally signed receipt. The federation members include a financial institution, such as a credit card company and a public transportation or taxi company, as well as the vehicle resources including thesecurity controller 100 and a vehicle user device that can contain anassertion repository 78. Due to the federation relationship between the credit card company and the taxi company, the cab driver does not need to know the identity of the cab user or credit card number and there need not be a trust relationship between the vehicle user and the taxi company. The steps and communications in this transaction include: -
- 1. The
security controller 100 in the cab is alerted that it will be the source for paying the cab fare using, for example, a laptop, a cell phone or other consumer device that contains theassertion repository 78 for the cab user. - 2. Once the trip is completed, the fare amount is read from the cab meter by the
security controller 100. - 3. The
security controller 100 establishes a secure authenticated connection with the cab company, which could be a pre-existing connection. - 4. The fare amount, together with identifier for the cab, is sent to the cab company.
- 5. The cab company generates a signed or authorized fare assertion or reply.
- 6. The
security controller 100 passes the assigned fare to the consumer device of the cab user. - 7. The consumer device itself authenticates directly to the credit card company which authorizes payment or provides its indication that it has responsibility for paying the fare amount. It is preferable that this communication be SSL protected and, alternatively or optionally, the communication could be encrypted at the Internet protocol (IP) layer. This provides protection in the form of not permitting the taxi cab and any other passenger from getting information about the bank with whom the fare paying cab user is communicating.
- 8. The consumer device transmits the signed fare assertion to the credit card company.
- 9. The credit card company authenticates with the taxi company and makes payment based on the signed fare information.
- 10. The taxi company then sends an acknowledgment of payment to the
security controller 100 in the cab. - 11. The
security controller 100 can then send payment acknowledgment to the consumer device.
- 1. The
- In one embodiment, the fare assertion is an attribute assertion containing transaction information, the fare amount, the cab identifier and could also include other information such as the origin and destination of travel, with all such information being asserted or authorized by the cab company.
- In another example of a federated environment that need not involve a payment as part of the user application, steps and communications are described to permit checking of the current location of a package or other item being shipped. With reference to
FIG. 7 , the company receiving the item and the delivery company have entered into mutually accepted conditions. These procedures or steps for this example include: -
- 1. The shipping manager of the receiving company logs on to the company computer.
- 2. The shipping manager queries the delivery company for location of the shipment.
- 3. Information about the shipping manager is securely transferred to target web services that is to make the determination and provide the authorization to enable the shipping manager to obtain the location information. The transferred information about the shipping manager can include the identity of the receiving company, the role of the shipping manager at the shipping company and the item tracking number. With regard to transferring the information about the shipping manager, in one embodiment, a middleware software system or module could be employed identified as the Shibboleth architecture. The Shibboleth architecture is a known architecture that supports sharing of resources which are subject to access controls.
- 4. A signed or authorized assertion is generated by the target web services to which the information was directed. This signed assertion includes the security controller address of the vehicle containing the item, one or more credentials trusted by the
security controller 100 that specify GPS access privileges and a unique session identifier or handle that links the shipping manager to the request in order to prevent unauthorized additional uses and/or other potential misuse. - 5. Based on the address of the
security controller 100 in the vehicle, a SSL session is established directly between the shipping manager and thesecurity controller 100. - 6. The credential(s) is (are) presented to the
security controller 100, which performs relevant validity checks. - 7. In one variation, the
security controller 100 might contact the delivery company to verify the validity of the credential(s) and may request additional information about the vehicle location transaction. In such a case, the credential(s) need not include authentication and authorization information since these would be furnished by the delivery company. - 8. The
security controller 100 then requests the vehicle GPS coordinates. - 9. These coordinates are returned to the
security controller 100 in the vehicle from which location information is requested. - 10. The GPS coordinates are sent to the shipping manager.
- In a more significant variation of this example, the site of the receiving company might act as a front end portal for all interactions between it and the
security controller 100. Alternatively as well, an estimated time of arrival could be provided to the shipping manager instead of the actual GPS location of the vehicle. - In still another example of a federation implementation, maintenance of a vehicle using a particular software diagnostic tool is described in conjunction with
FIG. 8 . In order to execute the vehicle diagnostic software tool, secure access to the bus of the vehicle is granted. The federation members include a vehicle dealer or maker and entities involved with vehicle maintenance, as well as the vehicle itself having thesecurity controller 100. In one embodiment, the credentials for allowing use of this diagnostic software are generated by the vehicle dealer. The credentials might be specific for the particular vehicle and/or for a period of time. The sequence associated with this application includes: -
- 1. The credentials associated with use of the software and concomitant access to the vehicle bus are loaded on a computer, such as a laptop, of the vehicle diagnostics entity in order to enable the software.
- 2. The diagnostic application on the computer establishes a secure session with the
security controller 100 of the vehicle. - 3. The diagnostic application presents the credentials to the
security controller 100. - 4. The
security controller 100 establishes a secure connection with the dealer. - 5. The
security controller 100 presents the credentials contained in the software to the dealer for validation. - 6. The dealer validates the credentials.
- 7. The
security controller 100 might seek the vehicle owner's permission if access to the vehicle bus is granted by the vehicle dealer. - 8. The vehicle owner grants access to the vehicle engine bus.
- 9. The
security controller 100 accesses the vehicle engine bus and requests information. - 10. The
security controller 100 reads information from the engine bus. - 11. The
security controller 100 then transmits this information to the computer.
- The process of obtaining information from the vehicle engine bus could be repeated numerous times after the credentials are validated. The credentials might allow the engine bus to be accessed for a defined period of time and/or a limited number of times. The credentials are preferably generated specific to each individual computer or other diagnostic device and not to the diagnostic software itself.
- The foregoing discussion of the invention has been presented for purposes of illustration and description. Further, the description is not intended to limit the invention to the form disclosed herein. Consequently, variations and modifications commensurate with the above teachings, within the skill and knowledge of the relevant art, are within the scope of the present invention. The embodiments described hereinabove are further intended to explain the best modes presently known of practicing the invention and to enable others skilled in the art to utilize the invention in such, or in other embodiments, and with the various modifications required by their particular application or uses. It is intended that the appended claims be construed to include alternative embodiments to the extent permitted by the prior art.
Claims (20)
1. A communication system comprising:
a security controller located within a first vehicle;
a wireless communication device located within the first vehicle and interconnected to the security controller; and
a first proprietary resource located within the first vehicle and interconnected to the security controller, wherein the first proprietary resource is proprietary to a first entity,
wherein at least one of the wireless communication device and a second proprietary resource are proprietary to a second entity, and wherein the security controller is operable to allow transmission of information associated with the first proprietary resource from the wireless communication device in response to the security controller authenticating at least two of a number of factors associated with the system.
2. The system of claim 1 , wherein the factors associated with the system include an identity of the first vehicle, an identity of the wireless communication device, security information input by a user of the system, identification information of the user of the system, biometric information of the user of the system, location information, and time information.
3. The system of claim 1 , wherein the information to be transmitted is addressed to a second vehicle.
4. The system of claim 1 , wherein the wireless communication device is proprietary to the second entity.
5. The system of claim 1 , wherein the wireless communication device located in the first vehicle and interconnected to the security controller is a first wireless communication device, the system further comprising:
a second wireless communication device, wherein the second wireless communication device is proprietary to the second entity.
6. The system of claim 5 , wherein the first wireless communication device is proprietary to the first entity.
7. The system of claim 6 , wherein the second communication device is interconnected to the security controller.
8. A secure delivery system comprising:
a security controller located within a vehicle, the vehicle configured to carry an object for delivery to a delivery location;
a communication device located within the vehicle and interconnected to the security controller; and
a first proprietary resource located with the vehicle and interconnected to the security controller, the first proprietary resource including a global positioning system providing location information of the vehicle,
wherein the security controller is configured to enable delivery of the location information of the vehicle through the communication device to an entity to which the object is being delivered based on the security controller authenticating information provided by the entity to which the object is being delivered.
9. The system of claim 8 , wherein the information provided by the entity to which the object is being delivered includes one or more of an identity of a user associated with the entity to which the object is being delivered, security information input by the entity to which the object is being delivered, biometric information of a user associated with the entity to which the object is being delivered, and time information.
10. The system of claim 8 , further comprising a second proprietary resource, the second proprietary resource providing status information of the vehicle.
11. The system of claim 8 , wherein the information provided by the entity to which the object is being delivered includes location information provided by the entity to which the object is being delivered.
12. The system of claim 11 , wherein the location information provided by the entity to which the object is being delivered corresponds to the delivery location.
13. The system of claim 12 , wherein the information provided by the entity to which the object is being delivered further includes an additional factor.
14. A communication system comprising:
a mobile communication device;
a first proprietary resource; and
a security controller, wherein the mobile communication device, the first proprietary resource, and the security controller are co-located with each other,
wherein the security controller includes a processor and is configured to enable communications between the mobile communication device and the first proprietary resource, wherein such communications are enabled only when authenticated by the security controller, and
wherein, in response to a request from the mobile communication device that is authenticated by the security controller based on the receipt of at least a first assertion by the security controller, the security controller allows configuration information provided by the mobile communication device to be transmitted by the mobile communication device to the first proprietary resource.
15. The communication system of claim 14 , wherein the security controller is located in a vehicle, and wherein the configuration information includes settings for the vehicle that are specific to a user of the mobile communication device.
16. The communication system of claim 15 , wherein the mobile communication device includes a biometric input, and wherein the request from the mobile communication device is made after an identification of the user is received at the biometric input of the mobile communication device.
17. The communication system of claim 14 , wherein the configuration information comprises at least one of driver identification, seat position, mirror positions, entertainment system presets, and climate control system settings.
18. The communication system of claim 14 , wherein the mobile communication device, the first proprietary resource, and the security controller are located within a vehicle.
19. The communication system of claim 18 , wherein the first proprietary resource includes a vehicle gateway device.
20. The communication system of claim 14 , wherein the first proprietary resource is proprietary to a first entity, and wherein the mobile communication device is proprietary to a second entity.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US16/260,927 US20190166494A1 (en) | 2003-01-28 | 2019-01-29 | Secure telematics |
Applications Claiming Priority (7)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US44350503P | 2003-01-28 | 2003-01-28 | |
US10/767,548 US7366892B2 (en) | 2003-01-28 | 2004-01-28 | Secure telematics |
US12/017,467 US8719592B2 (en) | 2003-01-28 | 2008-01-22 | Secure telematics |
US14/042,246 US9130930B2 (en) | 2003-01-28 | 2013-09-30 | Secure telematics |
US14/819,141 US9668133B2 (en) | 2003-01-28 | 2015-08-05 | Secure telematics |
US15/336,379 US10231125B2 (en) | 2003-01-28 | 2016-10-27 | Secure telematics |
US16/260,927 US20190166494A1 (en) | 2003-01-28 | 2019-01-29 | Secure telematics |
Related Parent Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US15/336,379 Continuation US10231125B2 (en) | 2003-01-28 | 2016-10-27 | Secure telematics |
Publications (1)
Publication Number | Publication Date |
---|---|
US20190166494A1 true US20190166494A1 (en) | 2019-05-30 |
Family
ID=32825342
Family Applications (6)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US10/767,548 Active 2025-12-25 US7366892B2 (en) | 2003-01-28 | 2004-01-28 | Secure telematics |
US12/017,467 Expired - Fee Related US8719592B2 (en) | 2003-01-28 | 2008-01-22 | Secure telematics |
US14/042,246 Expired - Fee Related US9130930B2 (en) | 2003-01-28 | 2013-09-30 | Secure telematics |
US14/819,141 Expired - Lifetime US9668133B2 (en) | 2003-01-28 | 2015-08-05 | Secure telematics |
US15/336,379 Expired - Fee Related US10231125B2 (en) | 2003-01-28 | 2016-10-27 | Secure telematics |
US16/260,927 Abandoned US20190166494A1 (en) | 2003-01-28 | 2019-01-29 | Secure telematics |
Family Applications Before (5)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US10/767,548 Active 2025-12-25 US7366892B2 (en) | 2003-01-28 | 2004-01-28 | Secure telematics |
US12/017,467 Expired - Fee Related US8719592B2 (en) | 2003-01-28 | 2008-01-22 | Secure telematics |
US14/042,246 Expired - Fee Related US9130930B2 (en) | 2003-01-28 | 2013-09-30 | Secure telematics |
US14/819,141 Expired - Lifetime US9668133B2 (en) | 2003-01-28 | 2015-08-05 | Secure telematics |
US15/336,379 Expired - Fee Related US10231125B2 (en) | 2003-01-28 | 2016-10-27 | Secure telematics |
Country Status (6)
Country | Link |
---|---|
US (6) | US7366892B2 (en) |
EP (2) | EP1590917B1 (en) |
JP (1) | JP2006521724A (en) |
AT (1) | ATE492085T1 (en) |
DE (1) | DE602004030534D1 (en) |
WO (1) | WO2004068424A2 (en) |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US10439825B1 (en) * | 2018-11-13 | 2019-10-08 | INTEGRITY Security Services, Inc. | Providing quality of service for certificate management systems |
US20210362735A1 (en) * | 2020-05-20 | 2021-11-25 | Intertrust Technologies Corporation | Policy managed vehicle operation systems and methods |
Families Citing this family (383)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US7769644B2 (en) | 1998-04-01 | 2010-08-03 | R & L Carriers, Inc. | Bill of lading transmission and processing system for less than a load carriers |
US8032278B2 (en) * | 2000-05-17 | 2011-10-04 | Omega Patents, L.L.C. | Vehicle tracking unit with downloadable codes and associated methods |
JP4350921B2 (en) * | 2001-06-12 | 2009-10-28 | 本田技研工業株式会社 | Crew protection device |
US7623497B2 (en) | 2002-04-15 | 2009-11-24 | Qualcomm, Incorporated | Methods and apparatus for extending mobile IP |
US7181615B2 (en) * | 2002-06-28 | 2007-02-20 | Motorola, Inc. | Method and system for vehicle authentication of a remote access device |
US7636840B2 (en) * | 2002-07-10 | 2009-12-22 | Dresser, Inc. | Secure communications and control in a fueling environment |
US7937578B2 (en) * | 2002-11-14 | 2011-05-03 | Qualcomm Incorporated | Communications security methods for supporting end-to-end security associations |
US7366892B2 (en) * | 2003-01-28 | 2008-04-29 | Cellport Systems, Inc. | Secure telematics |
US7401233B2 (en) * | 2003-06-24 | 2008-07-15 | International Business Machines Corporation | Method, system, and apparatus for dynamic data-driven privacy policy protection and data sharing |
US7245905B2 (en) * | 2003-11-17 | 2007-07-17 | General Motors Corporation | Method and system for managing mobile handset portability within telematics equipped vehicles |
US20050132226A1 (en) * | 2003-12-11 | 2005-06-16 | David Wheeler | Trusted mobile platform architecture |
US7548744B2 (en) * | 2003-12-19 | 2009-06-16 | General Motors Corporation | WIFI authentication method |
JP4270031B2 (en) * | 2004-06-09 | 2009-05-27 | 株式会社デンソー | In-vehicle information registration / disclosure system, in-vehicle device and portable device |
TWI238609B (en) * | 2004-06-29 | 2005-08-21 | Lite On Automotive Corp | Wireless update method of vehicle burglarproof system |
US7596690B2 (en) * | 2004-09-09 | 2009-09-29 | International Business Machines Corporation | Peer-to-peer communications |
US7818574B2 (en) * | 2004-09-10 | 2010-10-19 | International Business Machines Corporation | System and method for providing dynamically authorized access to functionality present on an integrated circuit chip |
DE102004056724B4 (en) * | 2004-11-19 | 2021-04-29 | Volkswagen Ag | Method and arrangement for a vehicle-to-vehicle communication network |
US7308251B2 (en) * | 2004-11-19 | 2007-12-11 | Broadcom Corporation | Location-based authentication of wireless terminal |
ITSA20050001A1 (en) * | 2005-01-10 | 2006-07-11 | Fabrizio Jemma | ANTI-THEFT, ANTI-RAPID AND RESCUE SYSTEM FOR BIOMETRIC RECOGNITION OF TERRESTRIAL VEHICLES. |
US7221949B2 (en) * | 2005-02-28 | 2007-05-22 | Research In Motion Limited | Method and system for enhanced security using location-based wireless authentication |
US7353034B2 (en) | 2005-04-04 | 2008-04-01 | X One, Inc. | Location sharing and tracking using mobile phones or other wireless devices |
US8050924B2 (en) * | 2005-04-08 | 2011-11-01 | Sony Online Entertainment Llc | System for generating and selecting names |
US20060252466A1 (en) * | 2005-05-05 | 2006-11-09 | Isabell Gene P Jr | Mechanism for using a laptop in an automobile |
DE102005023544A1 (en) * | 2005-05-21 | 2006-12-07 | Bayerische Motoren Werke Ag | Connection of personal terminals to the communication system of a motor vehicle |
DE102005028663B4 (en) * | 2005-06-15 | 2024-10-24 | Volkswagen Ag | Method and device for securely communicating a component of a vehicle via a wireless communication connection with an external communication partner |
KR100689774B1 (en) * | 2005-07-20 | 2007-03-08 | 주식회사 현대오토넷 | The home telematics system which provides the telematics-terminal and a pc synchronization service and the method |
US7542957B2 (en) * | 2005-07-22 | 2009-06-02 | International Business Machines Corporation | Rich Web application input validation |
US20070033635A1 (en) * | 2005-08-02 | 2007-02-08 | Hirsave Praveen P K | Method, apparatus, and program product for autonomic patch deployment based on autonomic patch risk assessment and policies |
US20070043569A1 (en) * | 2005-08-19 | 2007-02-22 | Intervoice Limited Partnership | System and method for inheritance of advertised functionality in a user interactive system |
US20070055414A1 (en) * | 2005-09-08 | 2007-03-08 | Darji Ankur K | Method and system for configuring telematics control unit |
DE102005048351A1 (en) * | 2005-10-10 | 2007-04-12 | Robert Bosch Gmbh | Infrastructure-based toll collection system with an on-board unit integrated in the vehicle |
ATE511462T1 (en) * | 2005-10-19 | 2011-06-15 | Delphi Tech Inc | REMOTE CONTROL ACCESS SYSTEM FOR VEHICLES |
US20070111672A1 (en) * | 2005-11-14 | 2007-05-17 | Microsoft Corporation | Vehicle-to-vehicle communication |
KR20070059545A (en) * | 2005-12-07 | 2007-06-12 | 삼성전자주식회사 | Apparatus and method for protection system in portable terminal |
US9175977B2 (en) * | 2005-12-20 | 2015-11-03 | General Motors Llc | Method for arbitrating between multiple vehicle navigation systems |
DE102006004076A1 (en) * | 2006-01-28 | 2007-12-13 | Deutsche Telekom Ag | Method and device for informing emergency call centers of the police, the fire brigade or the emergency services about emergency calls received with location information |
DE102006009098A1 (en) * | 2006-02-28 | 2007-08-30 | Daimlerchrysler Ag | Diagnosis data transmitting method for e.g. passenger car, involves transmitting connection request via channel of radio interface to onboard communication module found in vehicle |
US8555403B1 (en) * | 2006-03-30 | 2013-10-08 | Emc Corporation | Privileged access to managed content |
US20070250711A1 (en) * | 2006-04-25 | 2007-10-25 | Phonified Llc | System and method for presenting and inputting information on a mobile device |
US8995412B2 (en) * | 2006-05-16 | 2015-03-31 | Autonet Mobile, Inc. | Mobile router network providing remote emissions testing |
JP4747972B2 (en) * | 2006-07-11 | 2011-08-17 | 株式会社デンソー | Information communication system |
US20080189537A1 (en) * | 2006-09-29 | 2008-08-07 | Rockwell Automation Technologies, Inc. | HMI configuration with limited interoperability |
US9773222B2 (en) | 2006-10-05 | 2017-09-26 | Trimble Inc. | Externally augmented asset management |
US9811949B2 (en) | 2006-10-05 | 2017-11-07 | Trimble Inc. | Method for providing status information pertaining to an asset |
US9747329B2 (en) * | 2006-10-05 | 2017-08-29 | Trimble Inc. | Limiting access to asset management information |
US9747571B2 (en) | 2006-10-05 | 2017-08-29 | Trimble Inc. | Integrated asset management |
US7937075B2 (en) | 2006-10-06 | 2011-05-03 | At&T Intellectual Property I, L.P. | Mode changing of a mobile communications device and vehicle settings when the mobile communications device is in proximity to a vehicle |
US8818614B1 (en) * | 2006-10-12 | 2014-08-26 | At&T Mobility Ii Llc | Personal event data recorder |
KR100777100B1 (en) * | 2006-10-19 | 2007-11-19 | 한국전자통신연구원 | Method and apparatus for providing gps data using network |
US20080109867A1 (en) * | 2006-11-07 | 2008-05-08 | Microsoft Corporation | Service and policies for coordinating behaviors and connectivity of a mesh of heterogeneous devices |
US7865303B2 (en) * | 2006-11-09 | 2011-01-04 | General Motors Llc | Method of providing a navigational route for a vehicle navigation system |
US7917253B2 (en) * | 2006-11-22 | 2011-03-29 | General Motors Llc | Method for making vehicle-related data available to an authorized third party |
US7801507B2 (en) * | 2006-12-08 | 2010-09-21 | Alcatel-Lucent Usa Inc. | Increased automobile security via use of wireless network |
US8050811B2 (en) * | 2006-12-12 | 2011-11-01 | General Motors Llc | Method for controlling the distribution of vehicle-related data |
US8341417B1 (en) * | 2006-12-12 | 2012-12-25 | Cisco Technology, Inc. | Data storage using encoded hash message authentication code |
US7818098B2 (en) * | 2006-12-19 | 2010-10-19 | Inilex, Inc. | System and method for provisioning a vehicle interface module |
US8161454B2 (en) | 2007-01-22 | 2012-04-17 | Ford Motor Company | Software architecture for developing in-vehicle software applications |
US8522019B2 (en) * | 2007-02-23 | 2013-08-27 | Qualcomm Incorporated | Method and apparatus to create trust domains based on proximity |
US8391775B2 (en) | 2007-03-09 | 2013-03-05 | Airbiquity Inc. | Mobile digital radio playlist system |
GB2447672B (en) | 2007-03-21 | 2011-12-14 | Ford Global Tech Llc | Vehicle manoeuvring aids |
US9178705B2 (en) * | 2007-04-13 | 2015-11-03 | International Business Machines Corporation | Method and system for stateless validation |
US20080271122A1 (en) * | 2007-04-27 | 2008-10-30 | John Edward Nolan | Granulated hardware resource protection in an electronic system |
US9932033B2 (en) | 2007-05-10 | 2018-04-03 | Allstate Insurance Company | Route risk mitigation |
US8606512B1 (en) | 2007-05-10 | 2013-12-10 | Allstate Insurance Company | Route risk mitigation |
US10096038B2 (en) | 2007-05-10 | 2018-10-09 | Allstate Insurance Company | Road segment safety rating system |
US10157422B2 (en) | 2007-05-10 | 2018-12-18 | Allstate Insurance Company | Road segment safety rating |
US7725129B2 (en) * | 2007-05-16 | 2010-05-25 | Oliver David Grunhold | Cell phone based vehicle control system |
US7986914B1 (en) | 2007-06-01 | 2011-07-26 | At&T Mobility Ii Llc | Vehicle-based message control using cellular IP |
US8918245B2 (en) * | 2007-06-05 | 2014-12-23 | Snap-On Incorporated | Methods and systems for providing open access to vehicle data |
US8027293B2 (en) | 2007-07-16 | 2011-09-27 | Cellport Systems, Inc. | Communication channel selection and use |
CA2693011C (en) | 2007-07-23 | 2018-05-22 | R & L Carriers, Inc. | Information transmission and processing systems and methods for freight carriers |
US8799648B1 (en) * | 2007-08-15 | 2014-08-05 | Meru Networks | Wireless network controller certification authority |
EP2185370B1 (en) * | 2007-08-29 | 2013-11-06 | Continental Teves AG & Co. oHG | Method and device for adjusting of a driving dynamics system in a motor vehicle |
US7983206B2 (en) * | 2007-09-10 | 2011-07-19 | Robert Bosch Gmbh | Integrated system and method for interactive communication and multimedia support in vehicles |
US11441919B2 (en) * | 2007-09-26 | 2022-09-13 | Apple Inc. | Intelligent restriction of device operations |
DE102007052993A1 (en) * | 2007-11-05 | 2009-05-07 | Volkswagen Ag | Communication nodes for car2X-communication network, has transmitter unit transmitting messages of applications to one of node in wireless manner, and authentication unit providing authentication between applications and nodes |
US9154947B2 (en) * | 2007-12-13 | 2015-10-06 | GM Global Technology Operations LLC | Secure home-to-vehicle wireless connectivity |
US20090190735A1 (en) * | 2008-01-24 | 2009-07-30 | General Motors Corporation | Method and system for enhancing telematics services |
US9047783B2 (en) | 2008-01-31 | 2015-06-02 | Sirius Xm Connected Vehicle Services Inc. | Communication systems and methods for flexible telematics at a vehicle |
DE102008008970A1 (en) * | 2008-02-13 | 2009-08-20 | Bayerische Motoren Werke Aktiengesellschaft | Wiring system of a motor vehicle with exchangeable cryptographic key and / or certificate |
JP4998314B2 (en) * | 2008-02-19 | 2012-08-15 | コニカミノルタホールディングス株式会社 | Communication control method and communication control program |
US8090949B2 (en) * | 2008-03-13 | 2012-01-03 | GM Global Technology Operations LLC | Certificate assignment strategies for efficient operation of the PKI-based security architecture in a vehicular network |
US8521235B2 (en) * | 2008-03-27 | 2013-08-27 | General Motors Llc | Address book sharing system and method for non-verbally adding address book contents using the same |
US20090248237A1 (en) * | 2008-03-31 | 2009-10-01 | Koepf Gerhard A | Methods and systems for user configurable embedded telematics service architecture |
ITBO20080509A1 (en) * | 2008-08-06 | 2010-02-07 | Spal Automotive Srl | ALARM SYSTEM FOR VEHICLES AND SAFETY SYSTEM FOR SUCH ALARM AND SIMILAR SYSTEM. |
US9800413B2 (en) * | 2008-08-15 | 2017-10-24 | Gm Global Technology Operations, Inc. | System and method for performing an asymmetric key exchange between a vehicle and a remote device |
US8607305B2 (en) * | 2008-09-01 | 2013-12-10 | Microsoft Corporation | Collecting anonymous and traceable telemetry |
US8248203B2 (en) * | 2008-09-15 | 2012-08-21 | Martin James Hanwright | Remote monitor/control for billboard lighting or standby power system |
DE102008042259A1 (en) * | 2008-09-22 | 2010-04-08 | Bundesdruckerei Gmbh | Motor vehicle electronic device, motor vehicle, method for displaying data on a motor vehicle display device and computer program product |
EP2332313B1 (en) * | 2008-09-22 | 2016-04-27 | Bundesdruckerei GmbH | Method for storing data, computer program product, id token and computer system |
US9077542B2 (en) * | 2008-09-23 | 2015-07-07 | GM Global Technology Operations LLC | System and method for confirming that a user of an electronic device is an authorized user of a vehicle |
US8819182B2 (en) * | 2008-09-24 | 2014-08-26 | Centurylink Intellectual Property Llc | System and method for updating vehicle media content |
US9112910B2 (en) * | 2008-10-14 | 2015-08-18 | International Business Machines Corporation | Method and system for authentication |
US20100097178A1 (en) * | 2008-10-17 | 2010-04-22 | Pisz James T | Vehicle biometric systems and methods |
KR20110082127A (en) * | 2008-10-28 | 2011-07-18 | 에어비퀴티 인코포레이티드. | Purchase of a piece of music being played on a radio in a vehicle |
US20100114734A1 (en) * | 2008-11-05 | 2010-05-06 | Ford Global Technologies, Llc | Telematics computer system and method for mobile wireless retail order processing and fulfillment |
US8447977B2 (en) * | 2008-12-09 | 2013-05-21 | Canon Kabushiki Kaisha | Authenticating a device with a server over a network |
JP4636171B2 (en) * | 2008-12-17 | 2011-02-23 | トヨタ自動車株式会社 | Biometric authentication system for vehicles |
DE102008055076A1 (en) * | 2008-12-22 | 2010-07-01 | Robert Bosch Gmbh | Device and method for protecting data, computer program, computer program product |
US8644889B2 (en) * | 2009-03-26 | 2014-02-04 | General Motors, LLC. | Restoring connectivity to a desubscribed telematics unit |
US7690032B1 (en) | 2009-05-22 | 2010-03-30 | Daon Holdings Limited | Method and system for confirming the identity of a user |
DE102009023297A1 (en) * | 2009-05-29 | 2010-12-02 | Kuka Roboter Gmbh | Method and device for operating an additional tool axis of a tool guided by a manipulator |
US8554831B2 (en) * | 2009-06-02 | 2013-10-08 | Ford Global Technologies, Llc | System and method for executing hands-free operation of an electronic calendar application within a vehicle |
US20110191581A1 (en) * | 2009-08-27 | 2011-08-04 | Telcordia Technologies, Inc. | Method and system for use in managing vehicle digital certificates |
WO2011037554A2 (en) * | 2009-09-24 | 2011-03-31 | Gilleland David S | Authorisation and monitoring system |
GB201013128D0 (en) * | 2009-09-24 | 2010-09-22 | Barloworld Handling Ltd | Maintence control system |
US20110078236A1 (en) * | 2009-09-29 | 2011-03-31 | Olsen Jr Dan R | Local access control for display devices |
US8397063B2 (en) * | 2009-10-07 | 2013-03-12 | Telcordia Technologies, Inc. | Method for a public-key infrastructure for vehicular networks with limited number of infrastructure servers |
US8942888B2 (en) | 2009-10-15 | 2015-01-27 | Airbiquity Inc. | Extensible scheme for operating vehicle head unit as extended interface for mobile device |
US8838332B2 (en) * | 2009-10-15 | 2014-09-16 | Airbiquity Inc. | Centralized management of motor vehicle software applications and services |
US9002574B2 (en) | 2009-10-15 | 2015-04-07 | Airbiquity Inc. | Mobile integration platform (MIP) integrated handset application proxy (HAP) |
US8831823B2 (en) | 2009-10-15 | 2014-09-09 | Airbiquity Inc. | Centralized management of motor vehicle software applications and services |
US9197736B2 (en) * | 2009-12-31 | 2015-11-24 | Digimarc Corporation | Intuitive computing methods and systems |
US8914628B2 (en) | 2009-11-16 | 2014-12-16 | At&T Intellectual Property I, L.P. | Method and apparatus for providing radio communication with an object in a local environment |
US8311521B1 (en) * | 2009-11-20 | 2012-11-13 | Sprint Communications Company L.P. | Managing notifications on behalf of a mobile device |
US9230292B2 (en) | 2012-11-08 | 2016-01-05 | Uber Technologies, Inc. | Providing on-demand services through use of portable computing devices |
US20110136429A1 (en) * | 2009-12-04 | 2011-06-09 | Gm Global Technology Operations, Inc. | Vehicular wireless payment authorization method |
WO2011069170A1 (en) | 2009-12-04 | 2011-06-09 | Uber, Inc. | System and method for arranging transport amongst parties through use of mobile devices |
US20110162035A1 (en) * | 2009-12-31 | 2011-06-30 | Apple Inc. | Location-based dock for a computing device |
US8346310B2 (en) | 2010-02-05 | 2013-01-01 | Ford Global Technologies, Llc | Method and apparatus for communication between a vehicle based computing system and a remote application |
US20110202416A1 (en) * | 2010-02-12 | 2011-08-18 | Mark Buer | Method and system for authorizing transactions based on device location |
US20110209091A1 (en) * | 2010-02-24 | 2011-08-25 | Visteon Global Technologies, Inc. | System and method to measure bandwidth in human to machine interfaces |
US20110238402A1 (en) * | 2010-03-23 | 2011-09-29 | Fujitsu Limited | System and methods for remote maintenance in an electronic network with multiple clients |
US8819414B2 (en) * | 2010-04-19 | 2014-08-26 | GM Global Technology Operations LLC | Threat mitigation in a vehicle-to-vehicle communication network |
US8549597B1 (en) * | 2010-05-14 | 2013-10-01 | Amazon Technologies, Inc. | Temporary virtual identities in a social networking system |
US9094436B2 (en) | 2010-05-27 | 2015-07-28 | Ford Global Technologies, Llc | Methods and systems for interfacing with a vehicle computing system over multiple data transport channels |
US9639688B2 (en) | 2010-05-27 | 2017-05-02 | Ford Global Technologies, Llc | Methods and systems for implementing and enforcing security and resource policies for a vehicle |
US9768956B2 (en) * | 2010-07-28 | 2017-09-19 | General Motors Llc | Methods and systems for facilitating communications between vehicles and service providers |
US20120030470A1 (en) * | 2010-07-29 | 2012-02-02 | General Motors Llc | Wireless programming of vehicle modules |
US8732697B2 (en) | 2010-08-04 | 2014-05-20 | Premkumar Jonnala | System, method and apparatus for managing applications on a device |
WO2012022234A1 (en) * | 2010-08-20 | 2012-02-23 | 中兴通讯股份有限公司 | Network accessing device and method for mutual authentication therebetween |
US9511683B2 (en) * | 2010-08-25 | 2016-12-06 | GM Global Technology Operations LLC | Occupant recognition and verification system |
US8473575B2 (en) | 2010-08-26 | 2013-06-25 | Ford Global Technologies, Llc | Methods and apparatus for remote activation of an application |
WO2012047544A1 (en) * | 2010-09-27 | 2012-04-12 | Force Protection Technologies Inc. | Methods and systems for integration of vehicle systems |
US10163273B2 (en) | 2010-09-28 | 2018-12-25 | Ford Global Technologies, Llc | Method and system for operating mobile applications in a vehicle |
US9330567B2 (en) | 2011-11-16 | 2016-05-03 | Autoconnect Holdings Llc | Etiquette suggestion |
JP5395036B2 (en) * | 2010-11-12 | 2014-01-22 | 日立オートモティブシステムズ株式会社 | In-vehicle network system |
US20130132246A1 (en) * | 2010-12-06 | 2013-05-23 | Uber Technologies, Inc. | Providing a summary or receipt for on-demand services through use of portable computing devices |
US9420458B2 (en) | 2010-12-13 | 2016-08-16 | Volkswagen Ag | Method for the use of a mobile appliance using a motor vehicle |
US8560739B2 (en) | 2010-12-28 | 2013-10-15 | Ford Global Technologies, Llc | Methods and systems for regulating operation of one or more functions of a mobile application |
US9452735B2 (en) | 2011-02-10 | 2016-09-27 | Ford Global Technologies, Llc | System and method for controlling a restricted mode in a vehicle |
US10145960B2 (en) | 2011-02-24 | 2018-12-04 | Ford Global Technologies, Llc | System and method for cell phone restriction |
US9032493B2 (en) * | 2011-03-31 | 2015-05-12 | Intel Corporation | Connecting mobile devices, internet-connected vehicles, and cloud services |
US9268545B2 (en) | 2011-03-31 | 2016-02-23 | Intel Corporation | Connecting mobile devices, internet-connected hosts, and cloud services |
US8522320B2 (en) | 2011-04-01 | 2013-08-27 | Ford Global Technologies, Llc | Methods and systems for authenticating one or more users of a vehicle communications and information system |
US9926008B2 (en) | 2011-04-19 | 2018-03-27 | Ford Global Technologies, Llc | Trailer backup assist system with waypoint selection |
US9374562B2 (en) | 2011-04-19 | 2016-06-21 | Ford Global Technologies, Llc | System and method for calculating a horizontal camera to target distance |
US9969428B2 (en) | 2011-04-19 | 2018-05-15 | Ford Global Technologies, Llc | Trailer backup assist system with waypoint selection |
US9555832B2 (en) | 2011-04-19 | 2017-01-31 | Ford Global Technologies, Llc | Display system utilizing vehicle and trailer dynamics |
US9500497B2 (en) | 2011-04-19 | 2016-11-22 | Ford Global Technologies, Llc | System and method of inputting an intended backing path |
US9290204B2 (en) | 2011-04-19 | 2016-03-22 | Ford Global Technologies, Llc | Hitch angle monitoring system and method |
US9506774B2 (en) | 2011-04-19 | 2016-11-29 | Ford Global Technologies, Llc | Method of inputting a path for a vehicle and trailer |
US9248858B2 (en) | 2011-04-19 | 2016-02-02 | Ford Global Technologies | Trailer backup assist system |
US9854209B2 (en) | 2011-04-19 | 2017-12-26 | Ford Global Technologies, Llc | Display system utilizing vehicle and trailer dynamics |
US9031498B1 (en) | 2011-04-26 | 2015-05-12 | Sprint Communications Company L.P. | Automotive multi-generation connectivity |
US8938224B2 (en) | 2011-05-12 | 2015-01-20 | Ford Global Technologies, Llc | System and method for automatically enabling a car mode in a personal communication device |
US20120310445A1 (en) | 2011-06-02 | 2012-12-06 | Ford Global Technologies, Llc | Methods and Apparatus for Wireless Device Application Having Vehicle Interaction |
US8788113B2 (en) | 2011-06-13 | 2014-07-22 | Ford Global Technologies, Llc | Vehicle driver advisory system and method |
JP5585545B2 (en) * | 2011-06-28 | 2014-09-10 | 株式会社デンソー | Short-range communication system, vehicle equipment, and portable communication terminal |
US8798656B2 (en) * | 2011-06-29 | 2014-08-05 | Qualcomm Incorporated | Methods and apparatus by which periodically broadcasting nodes can resolve contention for access to a smaller pool of broadcasting resources |
DE102011116131A1 (en) * | 2011-07-23 | 2013-01-24 | Volkswagen Aktiengesellschaft | Method for operating a mobile device by means of a motor vehicle |
US10097993B2 (en) | 2011-07-25 | 2018-10-09 | Ford Global Technologies, Llc | Method and apparatus for remote authentication |
US9529752B2 (en) | 2011-07-25 | 2016-12-27 | Ford Global Technologies, Llc | Method and apparatus for communication between a vehicle based computing system and a remote application |
US8849519B2 (en) | 2011-08-09 | 2014-09-30 | Ford Global Technologies, Llc | Method and apparatus for vehicle hardware theft prevention |
US9439240B1 (en) | 2011-08-26 | 2016-09-06 | Sprint Communications Company L.P. | Mobile communication system identity pairing |
WO2013033686A2 (en) * | 2011-09-01 | 2013-03-07 | Alexander Flavio Panelli | Method and apparatus for social telematics |
US8694203B2 (en) | 2011-09-12 | 2014-04-08 | Ford Global Technologies, Llc | Method and apparatus for vehicle process emulation and configuration on a mobile platform |
WO2013038478A1 (en) * | 2011-09-12 | 2013-03-21 | トヨタ自動車株式会社 | Vehicular electronic control device |
US8995956B2 (en) * | 2011-09-23 | 2015-03-31 | GM Global Technology Operations LLC | System and method for vehicle based cellular offload |
US8548532B1 (en) | 2011-09-27 | 2013-10-01 | Sprint Communications Company L.P. | Head unit to handset interface and integration |
DE102011084254A1 (en) * | 2011-10-11 | 2013-04-11 | Zf Friedrichshafen Ag | Communication system for a motor vehicle |
US9116563B2 (en) * | 2011-10-28 | 2015-08-25 | Honda Motor Co., Ltd. | Connecting touch screen phones in a vehicle |
US9088572B2 (en) | 2011-11-16 | 2015-07-21 | Flextronics Ap, Llc | On board vehicle media controller |
US9081653B2 (en) | 2011-11-16 | 2015-07-14 | Flextronics Ap, Llc | Duplicated processing in vehicles |
US9055022B2 (en) | 2011-11-16 | 2015-06-09 | Flextronics Ap, Llc | On board vehicle networking module |
US9043073B2 (en) | 2011-11-16 | 2015-05-26 | Flextronics Ap, Llc | On board vehicle diagnostic module |
US9173100B2 (en) | 2011-11-16 | 2015-10-27 | Autoconnect Holdings Llc | On board vehicle network security |
US9008906B2 (en) | 2011-11-16 | 2015-04-14 | Flextronics Ap, Llc | Occupant sharing of displayed content in vehicles |
US9116786B2 (en) | 2011-11-16 | 2015-08-25 | Flextronics Ap, Llc | On board vehicle networking module |
US8949823B2 (en) | 2011-11-16 | 2015-02-03 | Flextronics Ap, Llc | On board vehicle installation supervisor |
US20130151705A1 (en) * | 2011-12-07 | 2013-06-13 | Apple Inc. | System for provisioning diverse types of resources through a unified interface |
US8856536B2 (en) * | 2011-12-15 | 2014-10-07 | GM Global Technology Operations LLC | Method and apparatus for secure firmware download using diagnostic link connector (DLC) and OnStar system |
CN104114441B (en) * | 2011-12-30 | 2019-08-13 | 英特尔公司 | Event data record for vehicle |
US20130185124A1 (en) | 2012-01-18 | 2013-07-18 | Square Inc. | Mobile Card Processing Using Multiple Wireless Devices |
US9785920B2 (en) * | 2012-01-18 | 2017-10-10 | Square, Inc. | Acquisition of card information to enhance user experience |
WO2013123057A1 (en) * | 2012-02-13 | 2013-08-22 | Intertrust Technologies Corporation | Trusted connected vehicle systems and methods |
DE102013101508B4 (en) * | 2012-02-20 | 2024-10-02 | Denso Corporation | Data communication authentication system for a vehicle and network coupling device for a vehicle |
IN2014DN08343A (en) * | 2012-03-16 | 2015-05-08 | Qoros Automotive Co Ltd | |
WO2013144962A1 (en) * | 2012-03-29 | 2013-10-03 | Arilou Information Security Technologies Ltd. | Security system and method for protecting a vehicle electronic system |
US8966248B2 (en) | 2012-04-06 | 2015-02-24 | GM Global Technology Operations LLC | Secure software file transfer systems and methods for vehicle control modules |
US9131376B2 (en) | 2012-04-20 | 2015-09-08 | Bank Of America Corporation | Proximity-based dynamic vehicle navigation |
US9398454B1 (en) | 2012-04-24 | 2016-07-19 | Sprint Communications Company L.P. | In-car head unit wireless communication service subscription initialization |
US9569403B2 (en) | 2012-05-03 | 2017-02-14 | Ford Global Technologies, Llc | Methods and systems for authenticating one or more users of a vehicle communications and information system |
US20130297456A1 (en) * | 2012-05-03 | 2013-11-07 | Sprint Communications Company L.P. | Methods and Systems of Digital Rights Management for Vehicles |
US8630747B2 (en) * | 2012-05-14 | 2014-01-14 | Sprint Communications Company L.P. | Alternative authorization for telematics |
TW201404636A (en) | 2012-06-08 | 2014-02-01 | Airbiquity Inc | Assessment of electronic sensor data to remotely identify a motor vehicle and monitor driver behavior |
US9078088B2 (en) | 2012-07-12 | 2015-07-07 | Myine Electronics, Inc. | System and method for transport layer agnostic programming interface for use with smartphones |
US8990343B2 (en) * | 2012-07-30 | 2015-03-24 | Google Inc. | Transferring a state of an application from a first computing device to a second computing device |
US9809185B2 (en) * | 2012-09-04 | 2017-11-07 | Ford Global Technologies, Llc | Method and apparatus for subjective command control of vehicle systems |
EP2713582B1 (en) * | 2012-09-28 | 2018-08-01 | Harman Becker Automotive Systems GmbH | Method and apparatus for personalized access to automotive telematic services |
RU2514138C1 (en) * | 2012-09-28 | 2014-04-27 | Закрытое акционерное общество "Лаборатория Касперского" | System and method for verifying public key certificate to counteract "man-in-middle" attacks |
US9032547B1 (en) | 2012-10-26 | 2015-05-12 | Sprint Communication Company L.P. | Provisioning vehicle based digital rights management for media delivered via phone |
CN102938729B (en) * | 2012-10-30 | 2016-12-21 | 山东智慧生活数据系统有限公司 | The long-range control method of intelligent gateway, intelligent domestic system and home appliance |
US9671233B2 (en) | 2012-11-08 | 2017-06-06 | Uber Technologies, Inc. | Dynamically providing position information of a transit object to a computing device |
CA2895126C (en) | 2012-12-20 | 2021-08-03 | Airbiquity Inc. | Efficient headunit communication integration |
US10387826B2 (en) * | 2013-01-06 | 2019-08-20 | Directed, Llc | Vehicle inventory and customer relation management system and method |
US9218805B2 (en) | 2013-01-18 | 2015-12-22 | Ford Global Technologies, Llc | Method and apparatus for incoming audio processing |
US8981916B2 (en) | 2013-01-28 | 2015-03-17 | Ford Global Technologies, Llc | Method and apparatus for customized vehicle sound-based location |
US9511799B2 (en) | 2013-02-04 | 2016-12-06 | Ford Global Technologies, Llc | Object avoidance for a trailer backup assist system |
US9592851B2 (en) | 2013-02-04 | 2017-03-14 | Ford Global Technologies, Llc | Control modes for a trailer backup assist system |
US9146899B2 (en) | 2013-02-07 | 2015-09-29 | Ford Global Technologies, Llc | System and method of arbitrating audio source streamed by mobile applications |
US9538339B2 (en) | 2013-02-07 | 2017-01-03 | Ford Global Technologies, Llc | Method and system of outputting in a vehicle data streamed by mobile applications |
US8866604B2 (en) | 2013-02-14 | 2014-10-21 | Ford Global Technologies, Llc | System and method for a human machine interface |
US9173238B1 (en) | 2013-02-15 | 2015-10-27 | Sprint Communications Company L.P. | Dual path in-vehicle communication |
US9042603B2 (en) | 2013-02-25 | 2015-05-26 | Ford Global Technologies, Llc | Method and apparatus for estimating the distance from trailer axle to tongue |
US9688246B2 (en) | 2013-02-25 | 2017-06-27 | Ford Global Technologies, Llc | Method and apparatus for in-vehicle alarm activation and response handling |
US8947221B2 (en) | 2013-02-26 | 2015-02-03 | Ford Global Technologies, Llc | Method and apparatus for tracking device connection and state change |
US9665410B2 (en) * | 2013-03-12 | 2017-05-30 | Google Inc. | Processing of application programming interface traffic |
US9141583B2 (en) | 2013-03-13 | 2015-09-22 | Ford Global Technologies, Llc | Method and system for supervising information communication based on occupant and vehicle environment |
US9276736B2 (en) | 2013-03-14 | 2016-03-01 | General Motors Llc | Connection key distribution |
US9002536B2 (en) | 2013-03-14 | 2015-04-07 | Ford Global Technologies, Llc | Key fob security copy to a mobile phone |
US9479601B2 (en) | 2013-03-15 | 2016-10-25 | Ford Global Technologies, Llc | Method and apparatus for seamless application portability over multiple environments |
US9110774B1 (en) | 2013-03-15 | 2015-08-18 | Sprint Communications Company L.P. | System and method of utilizing driving profiles via a mobile device |
US8933822B2 (en) | 2013-03-15 | 2015-01-13 | Ford Global Technologies, Llc | Method and apparatus for extra-vehicular emergency updates following an accident |
US9008890B1 (en) * | 2013-03-15 | 2015-04-14 | Google Inc. | Augmented trajectories for autonomous vehicles |
US20140282827A1 (en) * | 2013-03-15 | 2014-09-18 | Ford Global Technologies, Llc | Method and apparatus for secure data transfer permission handling |
US9246892B2 (en) * | 2013-04-03 | 2016-01-26 | Salesforce.Com, Inc. | System, method and computer program product for managing access to systems, products, and data based on information associated with a physical location of a user |
US9197336B2 (en) | 2013-05-08 | 2015-11-24 | Myine Electronics, Inc. | System and method for providing customized audio content to a vehicle radio system using a smartphone |
CN103248564A (en) * | 2013-05-10 | 2013-08-14 | 浙江吉利汽车研究院有限公司杭州分公司 | Automobile-used gateway system |
US20150298654A1 (en) * | 2013-08-19 | 2015-10-22 | Raymond Anthony Joao | Control, monitoring, and/or security, apparatus and method for premises, vehicles, and/or articles |
US20150063329A1 (en) * | 2013-08-28 | 2015-03-05 | General Motors Llc | Selective vehicle wi-fi access |
US10169821B2 (en) * | 2013-09-20 | 2019-01-01 | Elwha Llc | Systems and methods for insurance based upon status of vehicle software |
US9795521B2 (en) * | 2013-09-23 | 2017-10-24 | Halcore Group, Inc. | Emergency vehicle control application |
US10489132B1 (en) | 2013-09-23 | 2019-11-26 | Sprint Communications Company L.P. | Authenticating mobile device for on board diagnostic system access |
US9179311B2 (en) * | 2013-10-04 | 2015-11-03 | GM Global Technology Operations LLC | Securing vehicle service tool data communications |
US10033814B2 (en) * | 2013-10-08 | 2018-07-24 | Ictk Holdings Co., Ltd. | Vehicle security network device and design method therefor |
US9352777B2 (en) | 2013-10-31 | 2016-05-31 | Ford Global Technologies, Llc | Methods and systems for configuring of a trailer maneuvering system |
US9501875B2 (en) * | 2013-10-31 | 2016-11-22 | GM Global Technology Operations LLC | Methods, systems and apparatus for determining whether any vehicle events specified in notification preferences have occurred |
US20150135271A1 (en) * | 2013-11-11 | 2015-05-14 | GM Global Technology Operations LLC | Device and method to enforce security tagging of embedded network communications |
US20150143451A1 (en) * | 2013-11-19 | 2015-05-21 | Cisco Technology Inc. | Safety in Downloadable Applications for Onboard Computers |
EP3084676B1 (en) * | 2013-12-19 | 2022-04-20 | Intel Corporation | Secure vehicular data management with enhanced privacy |
US10062227B2 (en) | 2014-01-09 | 2018-08-28 | Ford Global Technologies, Llc | Contents inventory tracking system and protocol |
US9836717B2 (en) * | 2014-01-09 | 2017-12-05 | Ford Global Technologies, Llc | Inventory tracking system classification strategy |
DE102014200226A1 (en) * | 2014-01-09 | 2015-07-09 | Bayerische Motoren Werke Aktiengesellschaft | Central communication unit of a motor vehicle |
US9633496B2 (en) | 2014-01-09 | 2017-04-25 | Ford Global Technologies, Llc | Vehicle contents inventory system |
US9758116B2 (en) | 2014-01-10 | 2017-09-12 | Sony Corporation | Apparatus and method for use in configuring an environment of an automobile |
US10096067B1 (en) | 2014-01-24 | 2018-10-09 | Allstate Insurance Company | Reward system related to a vehicle-to-vehicle communication system |
US9355423B1 (en) | 2014-01-24 | 2016-05-31 | Allstate Insurance Company | Reward system related to a vehicle-to-vehicle communication system |
US9390451B1 (en) | 2014-01-24 | 2016-07-12 | Allstate Insurance Company | Insurance system related to a vehicle-to-vehicle communication system |
US10027706B2 (en) | 2014-02-13 | 2018-07-17 | Google Llc | Anti-spoofing protection in an automotive environment |
US10803525B1 (en) * | 2014-02-19 | 2020-10-13 | Allstate Insurance Company | Determining a property of an insurance policy based on the autonomous features of a vehicle |
US10783586B1 (en) | 2014-02-19 | 2020-09-22 | Allstate Insurance Company | Determining a property of an insurance policy based on the density of vehicles |
US10783587B1 (en) | 2014-02-19 | 2020-09-22 | Allstate Insurance Company | Determining a driver score based on the driver's response to autonomous features of a vehicle |
US10796369B1 (en) | 2014-02-19 | 2020-10-06 | Allstate Insurance Company | Determining a property of an insurance policy based on the level of autonomy of a vehicle |
US9940676B1 (en) | 2014-02-19 | 2018-04-10 | Allstate Insurance Company | Insurance system for analysis of autonomous driving |
US9233710B2 (en) | 2014-03-06 | 2016-01-12 | Ford Global Technologies, Llc | Trailer backup assist system using gesture commands and method |
US9503894B2 (en) * | 2014-03-07 | 2016-11-22 | Cellco Partnership | Symbiotic biometric security |
US9571284B2 (en) * | 2014-03-13 | 2017-02-14 | GM Global Technology Operations LLC | Controlling access to personal information stored in a vehicle using a cryptographic key |
DE102014204762A1 (en) * | 2014-03-14 | 2015-09-17 | Sixt Gmbh & Co. Autovermietung Kg | Telematic system, telematics unit and method for remote control or influencing of vehicle functions and for recording vehicle data |
US9386624B2 (en) | 2014-03-28 | 2016-07-05 | GM Global Technology Operations LLC | Systems and methods of facilitating portable device communications |
US9386462B2 (en) | 2014-03-28 | 2016-07-05 | GM Global Technology Operations LLC | Methods and apparatus for determining and planning wireless network deployment sufficiency when utilizing vehicle-based relay nodes |
US9800567B2 (en) | 2014-03-31 | 2017-10-24 | Sap Se | Authentication of network nodes |
US10657483B2 (en) * | 2014-04-29 | 2020-05-19 | Vivint, Inc. | Systems and methods for secure package delivery |
US11410221B2 (en) | 2014-04-29 | 2022-08-09 | Vivint, Inc. | Integrated secure delivery |
US11049343B2 (en) | 2014-04-29 | 2021-06-29 | Vivint, Inc. | Techniques for securing a dropspot |
US11900305B2 (en) | 2014-04-29 | 2024-02-13 | Vivint, Inc. | Occupancy identification for guiding delivery personnel |
ITMO20140156A1 (en) | 2014-05-29 | 2015-11-29 | Cnh Ind Italia Spa | SAFETY SYSTEM FOR A VEHICLE. |
US9252951B1 (en) | 2014-06-13 | 2016-02-02 | Sprint Communications Company L.P. | Vehicle key function control from a mobile phone based on radio frequency link from phone to vehicle |
US9786154B1 (en) | 2014-07-21 | 2017-10-10 | State Farm Mutual Automobile Insurance Company | Methods of facilitating emergency assistance |
US9600949B2 (en) | 2014-07-30 | 2017-03-21 | Master Lock Company Llc | Wireless key management for authentication |
US9996999B2 (en) * | 2014-07-30 | 2018-06-12 | Master Lock Company Llc | Location tracking for locking device |
US9894066B2 (en) | 2014-07-30 | 2018-02-13 | Master Lock Company Llc | Wireless firmware updates |
US9821768B2 (en) * | 2014-10-01 | 2017-11-21 | Continental Intelligent Transportation Systems LLC | Geo-proximity vehicle alert and access system for security and package exchange efficiency |
GB2531247B (en) * | 2014-10-07 | 2021-10-06 | Arm Ip Ltd | Method, hardware and digital certificate for authentication of connected devices |
US20160116510A1 (en) | 2014-10-27 | 2016-04-28 | Master Lock Company | Predictive battery warnings for an electronic locking device |
US9591482B1 (en) | 2014-10-31 | 2017-03-07 | Sprint Communications Company L.P. | Method for authenticating driver for registration of in-vehicle telematics unit |
JP6618480B2 (en) * | 2014-11-12 | 2019-12-11 | パナソニック インテレクチュアル プロパティ コーポレーション オブ アメリカPanasonic Intellectual Property Corporation of America | Update management method, update management system, and control program |
US9533683B2 (en) | 2014-12-05 | 2017-01-03 | Ford Global Technologies, Llc | Sensor failure mitigation system and mode management |
US9522677B2 (en) | 2014-12-05 | 2016-12-20 | Ford Global Technologies, Llc | Mitigation of input device failure and mode management |
DE102014226711A1 (en) * | 2014-12-19 | 2016-06-23 | Zf Friedrichshafen Ag | Method and device for providing navigation information from a vehicle to a vehicle-external data memory and method and data memory for processing of signed navigation information |
DE102015200801A1 (en) * | 2015-01-20 | 2016-07-21 | Continental Teves Ag & Co. Ohg | Electronic control device |
WO2016124424A1 (en) * | 2015-02-03 | 2016-08-11 | Philips Lighting Holding B.V. | Methods and systems for providing conditional access to indoor location information |
US10026506B1 (en) | 2015-02-06 | 2018-07-17 | Brain Trust Innovations I, Llc | System, RFID chip, server and method for capturing vehicle data |
US10249123B2 (en) | 2015-04-09 | 2019-04-02 | Ford Global Technologies, Llc | Systems and methods for mobile phone key fob management |
US9649999B1 (en) | 2015-04-28 | 2017-05-16 | Sprint Communications Company L.P. | Vehicle remote operations control |
US9444892B1 (en) | 2015-05-05 | 2016-09-13 | Sprint Communications Company L.P. | Network event management support for vehicle wireless communication |
CN104859588A (en) * | 2015-05-20 | 2015-08-26 | 王方圆 | Automobile alarm starting device |
CN105550553B (en) * | 2015-06-30 | 2019-11-12 | 宇龙计算机通信科技(深圳)有限公司 | A kind of right management method, terminal, equipment and system |
US9767626B2 (en) * | 2015-07-09 | 2017-09-19 | Ford Global Technologies, Llc | Connected services for vehicle diagnostics and repairs |
US9604651B1 (en) | 2015-08-05 | 2017-03-28 | Sprint Communications Company L.P. | Vehicle telematics unit communication authorization and authentication and communication service provisioning |
US10142420B2 (en) * | 2015-08-25 | 2018-11-27 | Ford Global Technologies, Llc | On-board web server telematics systems and methods |
US9896130B2 (en) | 2015-09-11 | 2018-02-20 | Ford Global Technologies, Llc | Guidance system for a vehicle reversing a trailer along an intended backing path |
WO2017053046A1 (en) * | 2015-09-21 | 2017-03-30 | Continental Intelligent Transportation Systems, LLC | On-demand and on-site vehicle maintenance service |
WO2017058724A1 (en) * | 2015-09-30 | 2017-04-06 | Cummins, Inc. | System, method, and apparatus for secure telematics communication |
JP6217728B2 (en) * | 2015-10-19 | 2017-10-25 | トヨタ自動車株式会社 | Vehicle system and authentication method |
US10692126B2 (en) | 2015-11-17 | 2020-06-23 | Nio Usa, Inc. | Network-based system for selling and servicing cars |
US10269075B2 (en) | 2016-02-02 | 2019-04-23 | Allstate Insurance Company | Subjective route risk mapping and mitigation |
DE102016211352A1 (en) | 2016-02-02 | 2017-08-03 | Volkswagen Aktiengesellschaft | A method for configuring online mobile services |
US10504094B1 (en) * | 2016-02-16 | 2019-12-10 | State Farm Mutual Automobile Insurance Company | Connected car as a payment device |
CN108885752A (en) * | 2016-03-01 | 2018-11-23 | 福特全球技术公司 | Support the fuel purchase account positioning of dedicated short-range communication negotiated in advance |
US11228569B2 (en) * | 2016-03-01 | 2022-01-18 | Ford Global Technologies, Llc | Secure tunneling for connected application security |
CN105785876A (en) * | 2016-04-06 | 2016-07-20 | 陈昊 | Unmanned aerial vehicle authorization system and authorization method thereof |
DE102016106871A1 (en) * | 2016-04-13 | 2017-10-19 | Infineon Technologies Ag | Control device and method for saving data |
US10728249B2 (en) * | 2016-04-26 | 2020-07-28 | Garrett Transporation I Inc. | Approach for securing a vehicle access port |
US10112646B2 (en) | 2016-05-05 | 2018-10-30 | Ford Global Technologies, Llc | Turn recovery human machine interface for trailer backup assist |
US20170353353A1 (en) | 2016-06-03 | 2017-12-07 | Uptake Technologies, Inc. | Provisioning a Local Analytics Device |
US20180012196A1 (en) | 2016-07-07 | 2018-01-11 | NextEv USA, Inc. | Vehicle maintenance manager |
US9928734B2 (en) | 2016-08-02 | 2018-03-27 | Nio Usa, Inc. | Vehicle-to-pedestrian communication systems |
US10650621B1 (en) | 2016-09-13 | 2020-05-12 | Iocurrents, Inc. | Interfacing with a vehicular controller area network |
US10284654B2 (en) | 2016-09-27 | 2019-05-07 | Intel Corporation | Trusted vehicle telematics using blockchain data analytics |
US20180113802A1 (en) * | 2016-10-21 | 2018-04-26 | Sivakumar Yeddnapuddi | Application simulator for a vehicle |
US10735206B2 (en) | 2016-11-07 | 2020-08-04 | The Regents Of The University Of Michigan | Securing information exchanged between internal and external entities of connected vehicles |
US11024160B2 (en) | 2016-11-07 | 2021-06-01 | Nio Usa, Inc. | Feedback performance control and tracking |
US10694357B2 (en) | 2016-11-11 | 2020-06-23 | Nio Usa, Inc. | Using vehicle sensor data to monitor pedestrian health |
US10708547B2 (en) | 2016-11-11 | 2020-07-07 | Nio Usa, Inc. | Using vehicle sensor data to monitor environmental and geologic conditions |
US10410064B2 (en) | 2016-11-11 | 2019-09-10 | Nio Usa, Inc. | System for tracking and identifying vehicles and pedestrians |
US10515390B2 (en) | 2016-11-21 | 2019-12-24 | Nio Usa, Inc. | Method and system for data optimization |
DE102016223862A1 (en) * | 2016-11-30 | 2018-05-30 | Audi Ag | Method for operating a communication device of a motor vehicle |
KR102639075B1 (en) * | 2016-11-30 | 2024-02-22 | 현대자동차주식회사 | Diagnostics device for vehicle and method of managing certificate thereof |
US10249104B2 (en) | 2016-12-06 | 2019-04-02 | Nio Usa, Inc. | Lease observation and event recording |
EP3334198B1 (en) * | 2016-12-12 | 2021-01-27 | AO Kaspersky Lab | Secure control of automotive systems using mobile devices |
RU2652665C1 (en) * | 2016-12-12 | 2018-04-28 | Акционерное общество "Лаборатория Касперского" | System and method of vehicle control |
US11089028B1 (en) * | 2016-12-21 | 2021-08-10 | Amazon Technologies, Inc. | Tokenization federation service |
US10430566B2 (en) * | 2016-12-27 | 2019-10-01 | Paypal, Inc. | Vehicle based electronic authentication and device management |
US10078924B2 (en) * | 2017-01-09 | 2018-09-18 | General Motors Llc | Maintenance management for vehicle-share systems |
US10074223B2 (en) | 2017-01-13 | 2018-09-11 | Nio Usa, Inc. | Secured vehicle for user use only |
US10031521B1 (en) | 2017-01-16 | 2018-07-24 | Nio Usa, Inc. | Method and system for using weather information in operation of autonomous vehicles |
US9984572B1 (en) | 2017-01-16 | 2018-05-29 | Nio Usa, Inc. | Method and system for sharing parking space availability among autonomous vehicles |
US10471829B2 (en) | 2017-01-16 | 2019-11-12 | Nio Usa, Inc. | Self-destruct zone and autonomous vehicle navigation |
US10464530B2 (en) | 2017-01-17 | 2019-11-05 | Nio Usa, Inc. | Voice biometric pre-purchase enrollment for autonomous vehicles |
US10286915B2 (en) | 2017-01-17 | 2019-05-14 | Nio Usa, Inc. | Machine learning for personalized driving |
US10897469B2 (en) | 2017-02-02 | 2021-01-19 | Nio Usa, Inc. | System and method for firewalls between vehicle networks |
US10810273B2 (en) | 2017-06-13 | 2020-10-20 | Bank Of America Corporation | Auto identification and mapping of functional attributes from visual representation |
US10234302B2 (en) | 2017-06-27 | 2019-03-19 | Nio Usa, Inc. | Adaptive route and motion planning based on learned external and internal vehicle environment |
US20190007212A1 (en) * | 2017-06-30 | 2019-01-03 | Intel Corporation | Secure unlock systems for locked devices |
US10369974B2 (en) | 2017-07-14 | 2019-08-06 | Nio Usa, Inc. | Control and coordination of driverless fuel replenishment for autonomous vehicles |
US10710633B2 (en) | 2017-07-14 | 2020-07-14 | Nio Usa, Inc. | Control of complex parking maneuvers and autonomous fuel replenishment of driverless vehicles |
US10541977B2 (en) * | 2017-07-25 | 2020-01-21 | Pacesetter, Inc. | Utilizing signed credentials for secure communication with an implantable medical device |
US10837790B2 (en) | 2017-08-01 | 2020-11-17 | Nio Usa, Inc. | Productive and accident-free driving modes for a vehicle |
US10319236B2 (en) * | 2017-08-07 | 2019-06-11 | Denso International America, Inc. | Efficient DSRC congestion control certification tool |
US20190050276A1 (en) * | 2017-08-08 | 2019-02-14 | Jet Bridge LLC | Method for providing telematics service using virtual vehicle and telematics server using the same |
DE102017008084A1 (en) * | 2017-08-25 | 2019-02-28 | Daimler Ag | Procedure for granting access and driving authorization |
CA3073224A1 (en) * | 2017-09-01 | 2019-03-07 | Automobility Distribution Inc. | Device control app with advertising |
US10759466B2 (en) * | 2017-10-03 | 2020-09-01 | Ford Global Technologies, Llc | Vehicle component operation |
CN107682148A (en) * | 2017-10-12 | 2018-02-09 | 华东师范大学 | Security access system and method between a kind of vehicle bus and internet communication system |
US10635109B2 (en) | 2017-10-17 | 2020-04-28 | Nio Usa, Inc. | Vehicle path-planner monitor and controller |
US10606274B2 (en) | 2017-10-30 | 2020-03-31 | Nio Usa, Inc. | Visual place recognition based self-localization for autonomous vehicles |
US10935978B2 (en) | 2017-10-30 | 2021-03-02 | Nio Usa, Inc. | Vehicle self-localization using particle filters and visual odometry |
US10717412B2 (en) | 2017-11-13 | 2020-07-21 | Nio Usa, Inc. | System and method for controlling a vehicle using secondary access methods |
US11323420B2 (en) | 2017-11-16 | 2022-05-03 | Visa International Service Association | Providing assertions regarding entities |
US10652742B2 (en) | 2017-11-20 | 2020-05-12 | Valeo Comfort And Driving Assistance | Hybrid authentication of vehicle devices and/or mobile user devices |
US11108811B2 (en) | 2018-01-22 | 2021-08-31 | Avaya Inc. | Methods and devices for detecting denial of service attacks in secure interactions |
US10369966B1 (en) | 2018-05-23 | 2019-08-06 | Nio Usa, Inc. | Controlling access to a vehicle using wireless access devices |
US11050556B2 (en) * | 2018-07-13 | 2021-06-29 | Micron Technology, Inc. | Secure vehicular communication |
US10778655B2 (en) * | 2018-07-31 | 2020-09-15 | Solexir Technlogy | Secure control and access of a vehicle |
CN108944785A (en) * | 2018-08-06 | 2018-12-07 | 安徽江淮汽车集团股份有限公司 | A kind of method of long-range car locking |
US11144296B2 (en) | 2018-09-05 | 2021-10-12 | International Business Machines Corporation | Multi-variable based secure download of vehicle updates |
US11184178B2 (en) * | 2018-09-28 | 2021-11-23 | Blackberry Limited | Method and system for intelligent transportation system certificate revocation list reduction |
DE102018217065A1 (en) * | 2018-10-05 | 2020-04-09 | Audi Ag | Control device for activating at least one application software, motor vehicle and method for operating the control device |
CN109484357A (en) * | 2018-11-06 | 2019-03-19 | 电子科技大学 | A kind of CAN bus based automobile finger-print burglary-resisting system |
US11582608B2 (en) * | 2018-11-09 | 2023-02-14 | Carrier Corporation | Geographically secure access to container controller |
US11503005B2 (en) * | 2018-11-09 | 2022-11-15 | Ge Aviation Systems Limited | Tool verification system and method of verifying an unqualified component |
JP7273523B2 (en) * | 2019-01-25 | 2023-05-15 | 株式会社東芝 | Communication control device and communication control system |
US10951728B2 (en) * | 2019-02-11 | 2021-03-16 | Blackberry Limited | Proxy for access of a vehicle component |
US11246020B2 (en) | 2019-03-05 | 2022-02-08 | Ford Global Technologies, Llc | Subscription-based V2X communication network for prioritized service |
CN110138642B (en) * | 2019-04-15 | 2021-09-07 | 深圳市纽创信安科技开发有限公司 | CAN bus-based secure communication method and system |
US20220376931A1 (en) * | 2019-10-08 | 2022-11-24 | Lg Electronics, Inc. | Balancing privacy and efficiency for revocation in vehicular public key infrastructures |
US11652790B2 (en) * | 2019-12-06 | 2023-05-16 | Servicenow, Inc. | Quarantine for cloud-based services |
CN114884737A (en) * | 2019-12-23 | 2022-08-09 | 华为技术有限公司 | Communication method and related product |
US11893092B2 (en) * | 2020-01-17 | 2024-02-06 | Sony Group Corporation | Privilege auto platform |
US11692836B2 (en) | 2020-02-04 | 2023-07-04 | International Business Machines Corporation | Vehicle safely calculator |
WO2021234499A1 (en) | 2020-05-21 | 2021-11-25 | High Sec Labs Ltd. | System and method for detection and prevention of cyber attacks at in-vehicle networks |
CN111735639B (en) * | 2020-05-26 | 2022-03-22 | 清华大学苏州汽车研究院(相城) | Automatic driving scene minimum set generation method for intelligent networked automobile demonstration area |
US11880670B2 (en) | 2020-06-23 | 2024-01-23 | Toyota Motor North America, Inc. | Execution of transport software update |
US11281450B2 (en) | 2020-06-23 | 2022-03-22 | Toyota Motor North America, Inc. | Secure transport software update |
US11520926B2 (en) | 2020-07-09 | 2022-12-06 | Toyota Motor North America, Inc. | Variable transport data retention and deletion |
US11610448B2 (en) | 2020-07-09 | 2023-03-21 | Toyota Motor North America, Inc. | Dynamically adapting driving mode security controls |
CN112116911B (en) * | 2020-09-22 | 2023-12-19 | 深圳易美诺科技有限公司 | Sound control method and device and computer readable storage medium |
US11782690B2 (en) * | 2021-06-29 | 2023-10-10 | Dell Products L.P. | Delivering applications over-the-air while supporting original equipment manufacturer markers |
JP7459850B2 (en) | 2021-08-26 | 2024-04-02 | トヨタ自動車株式会社 | CONTROL DEVICE, SYSTEM, AND CONTROL METHOD |
US11784868B1 (en) | 2022-05-19 | 2023-10-10 | Geotab Inc. | Systems and methods for collecting telematics data from telematics devices |
DE102022120458A1 (en) | 2022-08-12 | 2024-02-15 | Bayerische Motoren Werke Aktiengesellschaft | Method for preventing a tampered controller output message from being issued to a user of a vehicle by a head unit controller of the vehicle, computer-readable medium, system, and vehicle |
WO2024144765A1 (en) * | 2022-12-27 | 2024-07-04 | Rakuten Mobile Usa Llc | Systems and methods for rule-based approval of request |
Citations (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20020031230A1 (en) * | 2000-08-15 | 2002-03-14 | Sweet William B. | Method and apparatus for a web-based application service model for security management |
US6429773B1 (en) * | 2000-10-31 | 2002-08-06 | Hewlett-Packard Company | System for remotely communicating with a vehicle |
US6617961B1 (en) * | 1999-11-15 | 2003-09-09 | Strattec Security Corporation | Security system for a vehicle and method of operating same |
US6704564B1 (en) * | 2000-09-22 | 2004-03-09 | Motorola, Inc. | Method and system for controlling message transmission and acceptance by a telecommunications device |
US20040054918A1 (en) * | 2002-08-30 | 2004-03-18 | International Business Machines Corporation | Secure system and method for enforcement of privacy policy and protection of confidentiality |
US7092943B2 (en) * | 2002-03-01 | 2006-08-15 | Enterasys Networks, Inc. | Location based data |
US9130930B2 (en) * | 2003-01-28 | 2015-09-08 | Cellport Systems, Inc. | Secure telematics |
Family Cites Families (201)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US3644883A (en) | 1969-12-29 | 1972-02-22 | Motorola Inc | Automatic vehicle monitoring identification location alarm and voice communications system |
JPS6011755B2 (en) | 1976-04-26 | 1985-03-27 | 関西ペイント株式会社 | Room temperature curing high solids coating composition |
JPS6011755A (en) | 1983-06-29 | 1985-01-22 | Isuzu Motors Ltd | Shifting control method in electronic control type transmission |
US4831539A (en) | 1984-04-27 | 1989-05-16 | Hagenbuch Roy George Le | Apparatus and method for locating a vehicle in a working area and for the on-board measuring of parameters indicative of vehicle performance |
JPS60249064A (en) | 1984-05-25 | 1985-12-09 | Rohm Co Ltd | Displacement detecting circuit |
US4697281A (en) * | 1986-03-14 | 1987-09-29 | Spectrum Cellular Communications Corporation, Inc. | Cellular telephone data communication system and method |
JPS6189144A (en) | 1984-10-08 | 1986-05-07 | Nissan Motor Co Ltd | Trouble diagnosing apparatus for car |
JPH0342770Y2 (en) * | 1985-02-08 | 1991-09-06 | ||
US4792986A (en) | 1985-12-11 | 1988-12-20 | General Electric Company | Portable radio system with externally programmable universal device connector |
US4718080A (en) * | 1985-12-16 | 1988-01-05 | Serrano Arthur L | Microprocessor controlled interface for cellular system |
CA1277400C (en) | 1986-04-09 | 1990-12-04 | Uri Rapoport | Anti-theft and locating system |
US4890315A (en) | 1987-03-20 | 1989-12-26 | Orion Industries, Inc. | Cellular remote station with multiple coupled units |
ZA883232B (en) * | 1987-05-06 | 1989-07-26 | Dowd Research Pty Ltd O | Packet switches,switching methods,protocols and networks |
US4804937A (en) | 1987-05-26 | 1989-02-14 | Motorola, Inc. | Vehicle monitoring arrangement and system |
US5274837A (en) | 1987-06-03 | 1993-12-28 | Ericsson Ge Mobile Communications Inc. | Trunked radio repeater system with multigroup calling feature |
US4797948A (en) | 1987-07-22 | 1989-01-10 | Motorola, Inc. | Vehicle identification technique for vehicle monitoring system employing RF communication |
JPS6485431A (en) * | 1987-09-28 | 1989-03-30 | Toshiba Corp | Radio telephone system |
US5029233A (en) | 1987-10-09 | 1991-07-02 | Motorola, Inc. | Radio arrangement having two radios sharing circuitry |
JPH01220919A (en) * | 1988-02-29 | 1989-09-04 | Toshiba Corp | Radio telephone set |
US4837800A (en) * | 1988-03-18 | 1989-06-06 | Motorola, Inc. | Cellular data telephone system and cellular data telephone therefor |
US4887265A (en) | 1988-03-18 | 1989-12-12 | Motorola, Inc. | Packet-switched cellular telephone system |
JPH0767174B2 (en) | 1988-04-18 | 1995-07-19 | 日本電気株式会社 | CATV repeater |
JPH0272042A (en) | 1988-08-31 | 1990-03-12 | Matsushita Electric Ind Co Ltd | Corrugated board case device |
US4989230A (en) | 1988-09-23 | 1991-01-29 | Motorola, Inc. | Cellular cordless telephone |
US4977609A (en) | 1988-10-28 | 1990-12-11 | Gte Cellular Communications Corporation | Interface circuit for telecommunications devices |
US5189734A (en) * | 1988-11-16 | 1993-02-23 | U.S. Philips Corporation | Cellular radio system |
US4972457A (en) | 1989-01-19 | 1990-11-20 | Spectrum Information Technologies, Inc. | Portable hybrid communication system and methods |
GB8903123D0 (en) | 1989-02-11 | 1989-03-30 | Lewis Roger W D | Vehicle monitoring system |
US5428636A (en) * | 1993-05-03 | 1995-06-27 | Norand Corporation | Radio frequency local area network |
EP0392411B2 (en) * | 1989-04-14 | 1999-01-07 | Hitachi, Ltd. | A control apparatus for automobiles |
IL93444A (en) * | 1989-04-27 | 1994-05-30 | Motorola Inc | Method and unit for communicating with communications systems having different operating characteristics |
US5081667A (en) * | 1989-05-01 | 1992-01-14 | Clifford Electronics, Inc. | System for integrating a cellular telephone with a vehicle security system |
US5095480A (en) * | 1989-06-16 | 1992-03-10 | Fenner Peter R | Message routing system for shared communication media networks |
US5212722A (en) * | 1989-07-24 | 1993-05-18 | Nec Corporation | Hands-free telephone having a handset volume attenuator for controlling speaker volume in a hands-free adaptor |
BR9006872A (en) | 1989-08-03 | 1991-08-27 | Motorola Inc | PORTABLE RADIO TELEPHONE AND PROCESS TO CONTROL RADIO TELEPHONE CALL |
US5146486A (en) * | 1989-08-31 | 1992-09-08 | Lebowitz Mayer M | Cellular network data transmission system |
US5109402A (en) * | 1989-09-13 | 1992-04-28 | Novatel Communications, Ltd. | Bus for a cellular telephone |
US5287541A (en) * | 1989-11-03 | 1994-02-15 | Motorola, Inc. | Global satellite communication system with geographic protocol conversion |
US5020090A (en) * | 1989-11-13 | 1991-05-28 | Intelligence Technology Corporation | Apparatus for removably connecting a cellular portable telephone to a computer |
US5095503A (en) * | 1989-12-20 | 1992-03-10 | Motorola, Inc. | Cellular telephone controller with synthesized voice feedback for directory number confirmation and call status |
JPH0773387B2 (en) | 1989-12-26 | 1995-08-02 | 日本電気株式会社 | Mobile phone device |
FR2658719B1 (en) * | 1990-02-28 | 1992-05-15 | Oreal | USE IN ASSOCIATION, IN THE PREPARATION OF COSMETIC COMPOSITIONS IN THE FORM OF COMPACTED POWDERS, HOLLOW MICROSPHERES OF THERMOPLASTIC SYNTHETIC MATERIAL, HEXAGONAL BORON NITRIDE, AND N-ACYL LYSINE. |
US5119397A (en) * | 1990-04-26 | 1992-06-02 | Telefonaktiebolaget L M Ericsson | Combined analog and digital cellular telephone system having a secondary set of control channels |
US5127041A (en) * | 1990-06-01 | 1992-06-30 | Spectrum Information Technologies, Inc. | System and method for interfacing computers to diverse telephone networks |
US5561173A (en) * | 1990-06-19 | 1996-10-01 | Carolyn M. Dry | Self-repairing, reinforced matrix materials |
US5043736B1 (en) | 1990-07-27 | 1994-09-06 | Cae Link Corp | Cellular position location system |
US5214774A (en) * | 1990-07-30 | 1993-05-25 | Motorola, Inc. | Segmented memory transfer and message priority on synchronous/asynchronous data bus |
DE4032198C2 (en) | 1990-10-11 | 1995-10-19 | Daimler Benz Aerospace Ag | Transport monitoring method and arrangement for carrying out the method |
US5276908A (en) * | 1990-10-25 | 1994-01-04 | Northern Telecom Limited | Call set-up and spectrum sharing in radio communication on systems with dynamic channel allocation |
US5159592A (en) | 1990-10-29 | 1992-10-27 | International Business Machines Corporation | Network address management for a wired network supporting wireless communication to a plurality of mobile users |
US5444867A (en) | 1991-01-11 | 1995-08-22 | Kabushiki Kaisha Toshiba | Adapter unit for adaptively supplying a portable radio telephone with power |
US5155689A (en) | 1991-01-17 | 1992-10-13 | By-Word Technologies, Inc. | Vehicle locating and communicating method and apparatus |
MX9201267A (en) | 1991-03-29 | 1992-10-01 | Ericsson Telefon Ab L M | ROUTING OF AUXILIARY COMMUNICATION SERVICE. |
JPH04319992A (en) | 1991-04-19 | 1992-11-10 | Pioneer Electron Corp | Long-distance monitor control device for mobile body |
US5293635A (en) | 1991-04-30 | 1994-03-08 | Hewlett-Packard Company | Detection on a network by a mapping application of a relative location of a first device to a second device |
JP3058942B2 (en) | 1991-06-27 | 2000-07-04 | 三菱電機株式会社 | Navigation device |
US5297142A (en) * | 1991-07-18 | 1994-03-22 | Motorola, Inc. | Data transfer method and apparatus for communication between a peripheral and a master |
US5237570A (en) * | 1991-07-18 | 1993-08-17 | Motorola, Inc. | Prioritized data transfer method and apparatus for a radiotelephone peripheral |
US5148473A (en) * | 1991-08-30 | 1992-09-15 | Motorola, Inc. | Pager and radiotelephone apparatus |
US5347272A (en) * | 1991-09-13 | 1994-09-13 | Fuji Xerox Co., Ltd. | System for determining communication routes in a network |
US5526404A (en) * | 1991-10-10 | 1996-06-11 | Space Systems/Loral, Inc. | Worldwide satellite telephone system and a network coordinating gateway for allocating satellite and terrestrial gateway resources |
US5535274A (en) | 1991-10-19 | 1996-07-09 | Cellport Labs, Inc. | Universal connection for cellular telephone interface |
US5333177A (en) | 1991-10-19 | 1994-07-26 | Cell Port Labs, Inc. | Universal connection for cellular telephone interface |
US5479479A (en) | 1991-10-19 | 1995-12-26 | Cell Port Labs, Inc. | Method and apparatus for transmission of and receiving signals having digital information using an air link |
US5276703A (en) * | 1992-01-13 | 1994-01-04 | Windata, Inc. | Wireless local area network communications system |
DE4300848A1 (en) | 1992-01-17 | 1993-08-12 | Pioneer Electronic Corp | Car telephone system connected to car radio - transmits telephone signals to car radio for replay over loudspeaker and display on radio display |
US5260988A (en) | 1992-02-06 | 1993-11-09 | Motorola, Inc. | Apparatus and method for alternative radiotelephone system selection |
US5203012A (en) | 1992-02-10 | 1993-04-13 | Motorola, Inc. | Method and apparatus for optimum channel assignment |
JP3054893B2 (en) | 1992-03-06 | 2000-06-19 | 富士通株式会社 | Mobile phone mounted communication device |
US5218367A (en) | 1992-06-01 | 1993-06-08 | Trackmobile | Vehicle tracking system |
JP3183953B2 (en) | 1992-07-07 | 2001-07-09 | 旭電化工業株式会社 | Stabilized polymer material composition |
US5442633A (en) * | 1992-07-08 | 1995-08-15 | International Business Machines Corporation | Shortcut network layer routing for mobile hosts |
AU670955B2 (en) | 1992-08-04 | 1996-08-08 | Koninklijke Philips Electronics N.V. | Mobile radio system |
JP2805565B2 (en) * | 1992-09-21 | 1998-09-30 | エヌ・ティ・ティ移動通信網株式会社 | Control channel selection method in mobile station |
DE4236982A1 (en) * | 1992-11-02 | 1994-05-05 | Philips Patentverwaltung | Cellular mobile radio system |
US5442553A (en) * | 1992-11-16 | 1995-08-15 | Motorola | Wireless motor vehicle diagnostic and software upgrade system |
US5331634A (en) * | 1993-01-29 | 1994-07-19 | Digital Ocean, Inc. | Technique for bridging local area networks having non-unique node addresses |
US5371734A (en) | 1993-01-29 | 1994-12-06 | Digital Ocean, Inc. | Medium access control protocol for wireless network |
US5331635A (en) * | 1993-02-12 | 1994-07-19 | Fuji Xerox Co., Ltd. | Network system having function of updating routing information |
EP0617361B1 (en) | 1993-03-26 | 2001-11-28 | Cabletron Systems, Inc. | Scheduling method and apparatus for a communication network |
US5649308A (en) * | 1993-04-12 | 1997-07-15 | Trw Inc. | Multiformat auto-handoff communications handset |
US5630061A (en) * | 1993-04-19 | 1997-05-13 | International Business Machines Corporation | System for enabling first computer to communicate over switched network with second computer located within LAN by using media access control driver in different modes |
US5445347A (en) * | 1993-05-13 | 1995-08-29 | Hughes Aircraft Company | Automated wireless preventive maintenance monitoring system for magnetic levitation (MAGLEV) trains and other vehicles |
PL307357A1 (en) * | 1993-06-07 | 1995-05-15 | Radio Local Area Networks | Network link controller |
JP2518156B2 (en) | 1993-07-19 | 1996-07-24 | 日本電気株式会社 | Channel allocation method for wireless communication system |
EP0637152A1 (en) * | 1993-07-30 | 1995-02-01 | International Business Machines Corporation | Method and apparatus to speed up the path selection in a packet switching network |
CA2119699A1 (en) | 1993-08-19 | 1995-02-20 | Keishi Matsuno | Method of and apparatus for determining position of mobile object and mobile radio communication system using the same |
US5675490A (en) * | 1993-08-20 | 1997-10-07 | Siemens Aktiengesellschaft | Immobilizer for preventing unauthorized starting of a motor vehicle and method for operating the same |
JPH0767174A (en) | 1993-08-26 | 1995-03-10 | Nec Corp | Digital automobile telephone system with downloading function for extended software |
AU685849B2 (en) | 1993-09-08 | 1998-01-29 | Pacific Communication Sciences, Inc. | A portable communications and data terminal having multiple modes of operation |
FI98687C (en) | 1993-09-20 | 1997-07-25 | Nokia Telecommunications Oy | A mobile communication system and method for connecting a remote workstation via a mobile communication network to a data network |
CA2123736C (en) | 1993-10-04 | 1999-10-19 | Zygmunt Haas | Packetized cellular system |
US5446736A (en) * | 1993-10-07 | 1995-08-29 | Ast Research, Inc. | Method and apparatus for connecting a node to a wireless network using a standard protocol |
US5544222A (en) * | 1993-11-12 | 1996-08-06 | Pacific Communication Sciences, Inc. | Cellular digtial packet data mobile data base station |
SE9304119D0 (en) | 1993-12-10 | 1993-12-10 | Ericsson Ge Mobile Communicat | Devices and mobile stations for providing packaged data communication in digital TDMA cellular systems |
EP1622409B1 (en) | 1993-12-15 | 2011-11-02 | Mlr, Llc | Wireless communication system including a plurality of independent wireless service networks |
JPH07177570A (en) | 1993-12-17 | 1995-07-14 | Matsushita Electric Ind Co Ltd | Radio telephone set |
US5459660A (en) * | 1993-12-22 | 1995-10-17 | Chrysler Corporation | Circuit and method for interfacing with vehicle computer |
CN1190088C (en) | 1994-02-04 | 2005-02-16 | Ntt移动通信网株式会社 | Mobile communication system with automatic distribution type dynamic channel distribution scheme |
US5509123A (en) * | 1994-03-22 | 1996-04-16 | Cabletron Systems, Inc. | Distributed autonomous object architectures for network layer routing |
GB2288892A (en) | 1994-04-29 | 1995-11-01 | Oakrange Engineering Ltd | Vehicle fleet monitoring apparatus |
US5561836A (en) | 1994-05-02 | 1996-10-01 | Motorola, Inc. | Method and apparatus for qualifying access to communication system services based on subscriber unit location |
US5513379A (en) * | 1994-05-04 | 1996-04-30 | At&T Corp. | Apparatus and method for dynamic resource allocation in wireless communication networks utilizing ordered borrowing |
US5729544A (en) | 1994-05-09 | 1998-03-17 | Motorola, Inc. | Method for transmitting data packets based on message type |
US5483524A (en) * | 1994-05-09 | 1996-01-09 | Lev; Valy | Method for transmitting data packets via a circuit-switched channel |
NO942031L (en) | 1994-06-01 | 1995-12-04 | Ericsson As Creative Engineeri | System for monitoring telephone networks and / or data communication networks, especially mobile telephone networks |
FR2721776B1 (en) | 1994-06-24 | 1996-12-06 | Jamel Daouadi | Method and devices for locating vehicles, in particular stolen vehicles, tracking vehicles for territorial security or the logistics of vehicle fleets. |
CA2196903C (en) * | 1994-08-09 | 2003-10-07 | Kumar Balachandran | Method and apparatus for efficient handoffs by mobile communication entities |
US5515043A (en) * | 1994-08-17 | 1996-05-07 | Berard; Alfredo J. | Cellular/GPS system for vehicle tracking |
US5566173A (en) | 1994-10-12 | 1996-10-15 | Steinbrecher Corporation | Communication system |
GB2294844B (en) | 1994-11-07 | 1999-05-26 | Motorola Inc | Communications operating system and method therefor |
JP3263551B2 (en) | 1994-11-28 | 2002-03-04 | 三洋電機株式会社 | Wireless device |
US6269348B1 (en) * | 1994-11-28 | 2001-07-31 | Veristar Corporation | Tokenless biometric electronic debit and credit transactions |
FI106671B (en) | 1995-03-13 | 2001-03-15 | Nokia Mobile Phones Ltd | Mobile telephony, mobile terminal and a method of establishing a connection from a mobile terminal |
US5594718A (en) * | 1995-03-30 | 1997-01-14 | Qualcomm Incorporated | Method and apparatus for providing mobile unit assisted hard handoff from a CDMA communication system to an alternative access communication system |
WO1996032468A2 (en) * | 1995-04-11 | 1996-10-17 | Merck & Co., Inc. | Bioprocess for production of dipeptide based compounds |
US5636371A (en) * | 1995-06-07 | 1997-06-03 | Bull Hn Information Systems Inc. | Virtual network mechanism to access well known port application programs running on a single host system |
US5710908A (en) * | 1995-06-27 | 1998-01-20 | Canon Kabushiki Kaisha | Adaptive network protocol independent interface |
US5646939A (en) | 1995-08-08 | 1997-07-08 | International Business Machines Coporation | Method and apparatus for address to port mapping in a token ring network |
DE19532067C1 (en) | 1995-08-31 | 1996-10-24 | Daimler Benz Ag | Programming system for vehicle electronic key |
US5752193A (en) * | 1995-09-01 | 1998-05-12 | Motorola, Inc. | Method and apparatus for communicating in a wireless communication system |
US5757916A (en) * | 1995-10-06 | 1998-05-26 | International Series Research, Inc. | Method and apparatus for authenticating the location of remote users of networked computing systems |
US5794164A (en) * | 1995-11-29 | 1998-08-11 | Microsoft Corporation | Vehicle computer system |
US5826188A (en) | 1995-12-07 | 1998-10-20 | Motorola, Inc. | Method and apparatus for handing off calls between differing radio telecommunication networks |
JPH09190236A (en) * | 1996-01-10 | 1997-07-22 | Canon Inc | Method, device and system for processing information |
US5732074A (en) | 1996-01-16 | 1998-03-24 | Cellport Labs, Inc. | Mobile portable wireless communication system |
US6513069B1 (en) * | 1996-03-08 | 2003-01-28 | Actv, Inc. | Enhanced video programming system and method for providing a distributed community network |
US6028505A (en) | 1996-03-27 | 2000-02-22 | Clifford Electronics, Inc. | Electronic vehicle security system with remote control |
US6122514A (en) * | 1997-01-03 | 2000-09-19 | Cellport Systems, Inc. | Communications channel selection |
DE19721286C1 (en) * | 1997-05-21 | 1998-09-17 | Siemens Ag | Initialising motor vehicle anti-theft protection system with several portable electronic keys |
DE59802151D1 (en) | 1997-06-20 | 2001-12-20 | Siemens Ag | MOTOR VEHICLE INSTALLATION DEVICE FOR MOBILE PHONE |
AU1276699A (en) | 1997-10-24 | 1999-05-17 | Cell Port Labs, Inc. | Communications system with modular devices |
US6535913B2 (en) * | 1997-10-31 | 2003-03-18 | Selectica, Inc. | Method and apparatus for use of an application state storage system in interacting with on-line services |
US6128509A (en) | 1997-11-07 | 2000-10-03 | Nokia Mobile Phone Limited | Intelligent service interface and messaging protocol for coupling a mobile station to peripheral devices |
US5941972A (en) * | 1997-12-31 | 1999-08-24 | Crossroads Systems, Inc. | Storage router and method for providing virtual local storage |
JP3196723B2 (en) | 1998-05-01 | 2001-08-06 | 日本電気株式会社 | Pattern display device |
DE19823731A1 (en) * | 1998-05-27 | 1999-12-02 | Bayerische Motoren Werke Ag | Remote control device for vehicles |
US6282469B1 (en) * | 1998-07-22 | 2001-08-28 | Snap-On Technologies, Inc. | Computerized automotive service equipment using multipoint serial link data transmission protocols |
US6301658B1 (en) * | 1998-09-09 | 2001-10-09 | Secure Computing Corporation | Method and system for authenticating digital certificates issued by an authentication hierarchy |
CA2651874A1 (en) | 1998-11-05 | 2000-05-11 | International Truck And Engine Corporation | Land vehicle communications system and process for providing information and coordinating vehicle activities |
US6754485B1 (en) | 1998-12-23 | 2004-06-22 | American Calcar Inc. | Technique for effectively providing maintenance and information to vehicles |
US6236909B1 (en) | 1998-12-28 | 2001-05-22 | International Business Machines Corporation | Method for representing automotive device functionality and software services to applications using JavaBeans |
US6285890B1 (en) | 1999-01-26 | 2001-09-04 | Ericsson, Inc. | Automatic sensing of communication or accessories for mobile terminals |
US6161071A (en) * | 1999-03-12 | 2000-12-12 | Navigation Technologies Corporation | Method and system for an in-vehicle computing architecture |
US6430164B1 (en) | 1999-06-17 | 2002-08-06 | Cellport Systems, Inc. | Communications involving disparate protocol network/bus and device subsystems |
GB2351588B (en) * | 1999-07-01 | 2003-09-03 | Ibm | Security for network-connected vehicles and other network-connected processing environments |
US6341218B1 (en) | 1999-12-06 | 2002-01-22 | Cellport Systems, Inc. | Supporting and connecting a portable phone |
US6377825B1 (en) | 2000-02-18 | 2002-04-23 | Cellport Systems, Inc. | Hands-free wireless communication in a vehicle |
DE10008973B4 (en) * | 2000-02-25 | 2004-10-07 | Bayerische Motoren Werke Ag | Authorization procedure with certificate |
KR20030019356A (en) | 2000-04-17 | 2003-03-06 | 에어비퀴티 인코포레이티드. | Secure dynamic link allocation system for mobile data communication |
US7003289B1 (en) * | 2000-04-24 | 2006-02-21 | Usa Technologies, Inc. | Communication interface device for managing wireless data transmission between a vehicle and the internet |
US6856820B1 (en) | 2000-04-24 | 2005-02-15 | Usa Technologies, Inc. | In-vehicle device for wirelessly connecting a vehicle to the internet and for transacting e-commerce and e-business |
US6895310B1 (en) * | 2000-04-24 | 2005-05-17 | Usa Technologies, Inc. | Vehicle related wireless scientific instrumentation telematics |
SE0001842D0 (en) * | 2000-05-18 | 2000-05-18 | Ericsson Telefon Ab L M | Interface protocol |
US6957133B1 (en) | 2003-05-08 | 2005-10-18 | Reynolds & Reynolds Holdings, Inc. | Small-scale, integrated vehicle telematics device |
DE10038096A1 (en) * | 2000-08-04 | 2002-02-14 | Bosch Gmbh Robert | Data transmission method and system |
US6873824B2 (en) * | 2000-08-22 | 2005-03-29 | Omega Patents, L.L.C. | Remote control system using a cellular telephone and associated methods |
US20020133716A1 (en) * | 2000-09-05 | 2002-09-19 | Shlomi Harif | Rule-based operation and service provider authentication for a keyed system |
JP2002133017A (en) * | 2000-10-30 | 2002-05-10 | Aruze Corp | Point management system |
US11467856B2 (en) | 2002-12-12 | 2022-10-11 | Flexiworld Technologies, Inc. | Portable USB device for internet access service |
US20020059532A1 (en) * | 2000-11-16 | 2002-05-16 | Teruaki Ata | Device and method for authentication |
US6765497B2 (en) | 2000-12-18 | 2004-07-20 | Motorola, Inc. | Method for remotely accessing vehicle system information and user information in a vehicle |
US20020097193A1 (en) * | 2001-01-23 | 2002-07-25 | Freecar Media | System and method to increase the efficiency of outdoor advertising |
US7072950B2 (en) * | 2001-01-23 | 2006-07-04 | Sony Corporation | Method and apparatus for operating system and application selection |
DE10103044A1 (en) * | 2001-01-24 | 2002-07-25 | Bosch Gmbh Robert | Device for user-specific activation of vehicle functions compares information transmitted to vehicle-side transceiver with reference data stored in memory |
JP2002243591A (en) * | 2001-02-22 | 2002-08-28 | Mitsubishi Electric Corp | Failure diagnostic device for use in vehicle |
US6611740B2 (en) * | 2001-03-14 | 2003-08-26 | Networkcar | Internet-based vehicle-diagnostic system |
US6954689B2 (en) | 2001-03-16 | 2005-10-11 | Cnh America Llc | Method and apparatus for monitoring work vehicles |
US20020143447A1 (en) | 2001-03-28 | 2002-10-03 | Miller Matthew T. | Diagnostic system for a vehicle |
JP3465702B2 (en) * | 2001-07-04 | 2003-11-10 | 日産自動車株式会社 | Navigation system |
JP2003109185A (en) | 2001-09-27 | 2003-04-11 | Fujitsu Ten Ltd | On-vehicle information communication device |
US20030158963A1 (en) * | 2002-02-20 | 2003-08-21 | Sturdy James T. | Smartbridge for tactical network routing applications |
WO2003053048A1 (en) | 2001-12-14 | 2003-06-26 | Koninklijke Philips Electronics N.V. | Method of enabling interaction using a portable device |
DE10213165B3 (en) * | 2002-03-23 | 2004-01-29 | Daimlerchrysler Ag | Method and device for taking over data |
US20040204069A1 (en) | 2002-03-29 | 2004-10-14 | Cui John X. | Method of operating a personal communications system |
US7039672B2 (en) | 2002-05-06 | 2006-05-02 | Nokia Corporation | Content delivery architecture for mobile access networks |
US20040001593A1 (en) * | 2002-06-28 | 2004-01-01 | Jurgen Reinold | Method and system for component obtainment of vehicle authentication |
US7549046B2 (en) * | 2002-06-28 | 2009-06-16 | Temic Automotive Of North America, Inc. | Method and system for vehicle authorization of a service technician |
US20040204192A1 (en) | 2002-08-29 | 2004-10-14 | International Business Machines Corporation | Automobile dashboard display interface for facilitating the interactive operator input/output for a standard wireless telephone detachably mounted in the automobile |
US20080313282A1 (en) | 2002-09-10 | 2008-12-18 | Warila Bruce W | User interface, operating system and architecture |
US20040054888A1 (en) * | 2002-09-16 | 2004-03-18 | Chester James S. | Method and system of authentication and ownership verification of collectables |
JP4000291B2 (en) * | 2002-10-09 | 2007-10-31 | 本田技研工業株式会社 | Remote door lock control device for vehicle |
US6960990B2 (en) * | 2002-10-31 | 2005-11-01 | General Motors Corporation | Telematics vehicle security system and method |
JP2004196154A (en) * | 2002-12-19 | 2004-07-15 | Sony Corp | Boarding environmental control system, boarding environmental control device, and boarding environmental control method |
US6868333B2 (en) * | 2003-01-15 | 2005-03-15 | Toyota Infotechnology Center Co., Ltd. | Group interaction system for interaction with other vehicles of a group |
US6983171B2 (en) | 2003-02-28 | 2006-01-03 | Motorola, Inc. | Device and method for communicating teletype information in a vehicle communication system |
EP1618716A1 (en) | 2003-04-23 | 2006-01-25 | Telecom Italia S.p.A. | A client-server system and method thereof for providing multimedia and interactive services to mobile terminals |
CA2526649A1 (en) * | 2003-05-23 | 2004-12-29 | Nnt, Inc. | An enterprise resource planning system with integrated vehicle diagnostic and information system |
US7401233B2 (en) * | 2003-06-24 | 2008-07-15 | International Business Machines Corporation | Method, system, and apparatus for dynamic data-driven privacy policy protection and data sharing |
US7353897B2 (en) | 2003-07-23 | 2008-04-08 | Fernandez Dennis S | Telematic method and apparatus with integrated power source |
GB2404536B (en) * | 2003-07-31 | 2007-02-28 | Hewlett Packard Development Co | Protection of data |
US20050049765A1 (en) * | 2003-08-27 | 2005-03-03 | Sacagawea21 Inc. | Method and apparatus for advertising assessment using location and temporal information |
US20050075768A1 (en) * | 2003-10-02 | 2005-04-07 | Snap-On Technologies, Inc. Autologic, L.L.C. | Multipurpose multifunction interface device for automotive diagnostics |
US7721104B2 (en) * | 2003-10-20 | 2010-05-18 | Nokia Corporation | System, method and computer program product for downloading pushed content |
US20050131595A1 (en) * | 2003-12-12 | 2005-06-16 | Eugene Luskin | Enhanced vehicle event information |
US7317975B2 (en) * | 2004-02-03 | 2008-01-08 | Haldex Brake Products Ab | Vehicle telematics system |
US20050197747A1 (en) * | 2004-03-04 | 2005-09-08 | Jason Rappaport | In-vehicle computer system |
US7305255B2 (en) | 2004-03-26 | 2007-12-04 | Microsoft Corporation | Personal communications server |
US7346370B2 (en) | 2004-04-29 | 2008-03-18 | Cellport Systems, Inc. | Enabling interoperability between distributed devices using different communication link technologies |
US8027293B2 (en) | 2007-07-16 | 2011-09-27 | Cellport Systems, Inc. | Communication channel selection and use |
JP5252106B2 (en) | 2012-07-10 | 2013-07-31 | タイヨーエレック株式会社 | Game machine |
-
2004
- 2004-01-28 US US10/767,548 patent/US7366892B2/en active Active
- 2004-01-28 EP EP04706066A patent/EP1590917B1/en not_active Expired - Lifetime
- 2004-01-28 JP JP2006503122A patent/JP2006521724A/en active Pending
- 2004-01-28 WO PCT/US2004/002441 patent/WO2004068424A2/en active Application Filing
- 2004-01-28 AT AT04706066T patent/ATE492085T1/en not_active IP Right Cessation
- 2004-01-28 DE DE602004030534T patent/DE602004030534D1/en not_active Expired - Lifetime
- 2004-01-28 EP EP20100182443 patent/EP2273719A3/en not_active Withdrawn
-
2008
- 2008-01-22 US US12/017,467 patent/US8719592B2/en not_active Expired - Fee Related
-
2013
- 2013-09-30 US US14/042,246 patent/US9130930B2/en not_active Expired - Fee Related
-
2015
- 2015-08-05 US US14/819,141 patent/US9668133B2/en not_active Expired - Lifetime
-
2016
- 2016-10-27 US US15/336,379 patent/US10231125B2/en not_active Expired - Fee Related
-
2019
- 2019-01-29 US US16/260,927 patent/US20190166494A1/en not_active Abandoned
Patent Citations (9)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US6617961B1 (en) * | 1999-11-15 | 2003-09-09 | Strattec Security Corporation | Security system for a vehicle and method of operating same |
US20020031230A1 (en) * | 2000-08-15 | 2002-03-14 | Sweet William B. | Method and apparatus for a web-based application service model for security management |
US6704564B1 (en) * | 2000-09-22 | 2004-03-09 | Motorola, Inc. | Method and system for controlling message transmission and acceptance by a telecommunications device |
US6429773B1 (en) * | 2000-10-31 | 2002-08-06 | Hewlett-Packard Company | System for remotely communicating with a vehicle |
US7092943B2 (en) * | 2002-03-01 | 2006-08-15 | Enterasys Networks, Inc. | Location based data |
US20040054918A1 (en) * | 2002-08-30 | 2004-03-18 | International Business Machines Corporation | Secure system and method for enforcement of privacy policy and protection of confidentiality |
US9130930B2 (en) * | 2003-01-28 | 2015-09-08 | Cellport Systems, Inc. | Secure telematics |
US9668133B2 (en) * | 2003-01-28 | 2017-05-30 | Cellport Systems, Inc. | Secure telematics |
US10231125B2 (en) * | 2003-01-28 | 2019-03-12 | Cybercar Inc. | Secure telematics |
Cited By (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US10439825B1 (en) * | 2018-11-13 | 2019-10-08 | INTEGRITY Security Services, Inc. | Providing quality of service for certificate management systems |
US10749691B2 (en) * | 2018-11-13 | 2020-08-18 | Integrity Security Services Llc | Providing quality of service for certificate management systems |
US10917248B2 (en) * | 2018-11-13 | 2021-02-09 | Integrity Security Services Llc | Providing quality of service for certificate management systems |
US11177965B2 (en) * | 2018-11-13 | 2021-11-16 | Integrity Security Services Llc | Providing quality of service for certificate management systems |
US20220078030A1 (en) * | 2018-11-13 | 2022-03-10 | Integrity Security Services Llc | Providing quality of service for certificate management systems |
US11792019B2 (en) * | 2018-11-13 | 2023-10-17 | Integrity Security Services Llc | Providing quality of service for certificate management systems |
US20210362735A1 (en) * | 2020-05-20 | 2021-11-25 | Intertrust Technologies Corporation | Policy managed vehicle operation systems and methods |
US12128914B2 (en) * | 2020-05-20 | 2024-10-29 | Intertrust Technologies Corporation | Policy managed vehicle operation systems and methods |
Also Published As
Publication number | Publication date |
---|---|
EP2273719A3 (en) | 2012-04-25 |
DE602004030534D1 (en) | 2011-01-27 |
US8719592B2 (en) | 2014-05-06 |
US20150341787A1 (en) | 2015-11-26 |
US7366892B2 (en) | 2008-04-29 |
US20170048711A1 (en) | 2017-02-16 |
US10231125B2 (en) | 2019-03-12 |
EP1590917A2 (en) | 2005-11-02 |
US9130930B2 (en) | 2015-09-08 |
ATE492085T1 (en) | 2011-01-15 |
WO2004068424A3 (en) | 2005-07-21 |
EP1590917A4 (en) | 2007-10-03 |
WO2004068424A2 (en) | 2004-08-12 |
US20080148374A1 (en) | 2008-06-19 |
EP2273719A2 (en) | 2011-01-12 |
US20140033293A1 (en) | 2014-01-30 |
US20040185842A1 (en) | 2004-09-23 |
JP2006521724A (en) | 2006-09-21 |
EP1590917B1 (en) | 2010-12-15 |
US9668133B2 (en) | 2017-05-30 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US10231125B2 (en) | Secure telematics | |
US11823509B2 (en) | Method and system for securely authenticating an electronic device to a vehicle | |
US11853446B2 (en) | Remote hardware access service | |
EP3576378B1 (en) | Transferring control of vehicles | |
US6463534B1 (en) | Secure wireless electronic-commerce system with wireless network domain | |
CN109830018B (en) | Vehicle borrowing system based on Bluetooth key | |
RU2008141288A (en) | AUTHENTICATION FOR COMMERCIAL TRANSACTION WITH THE MOBILE MODULE | |
US11481509B1 (en) | Device management and security through a distributed ledger system | |
CN113347133B (en) | Authentication method and device of vehicle-mounted equipment | |
RU2007138849A (en) | NETWORK COMMERCIAL TRANSACTIONS | |
EP3907673A1 (en) | Authorization of vehicle repairs | |
WO2024030650A1 (en) | Methods and systems for securely accessing operational data | |
US20170076279A1 (en) | Authenticating purchases made with a handheld wireless device using a vehicle | |
JP2020088836A (en) | Vehicle maintenance system, maintenance server device, management server device, on-vehicle device, maintenance tool, computer program, and vehicle maintenance method | |
JP2020086540A (en) | Maintenance server device, vehicle maintenance system, computer program and vehicle maintenance method | |
US20240008111A1 (en) | Automatic device and vehicle pairing | |
KR20240024853A (en) | Built-in data collection | |
KR20080048321A (en) | Method for issuing certificate including legal guardian's agreements and apparatus thereof | |
KR20240122279A (en) | Apparatus and method for performing authentication for vehicle on-demand service | |
WO2024081094A1 (en) | Bluetooth rf signature for active security countermeasure | |
TW200410120A (en) | Method for providing a function to an automotive measuring instrument, and computer program for executing the method |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
STPP | Information on status: patent application and granting procedure in general |
Free format text: DOCKETED NEW CASE - READY FOR EXAMINATION |
|
STPP | Information on status: patent application and granting procedure in general |
Free format text: NON FINAL ACTION MAILED |
|
AS | Assignment |
Owner name: CYBERCAR INC., COLORADO Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNORS:POPLAWSKY, RALPH C.;KENNEDY, PATRICK J.;SIGNING DATES FROM 20201020 TO 20201109;REEL/FRAME:054349/0359 |
|
STPP | Information on status: patent application and granting procedure in general |
Free format text: FINAL REJECTION MAILED |
|
STCB | Information on status: application discontinuation |
Free format text: ABANDONED -- FAILURE TO RESPOND TO AN OFFICE ACTION |