WO2019069129A1 - Methods and devices for managing access to a vehicle - Google Patents

Methods and devices for managing access to a vehicle Download PDF

Info

Publication number
WO2019069129A1
WO2019069129A1 PCT/IB2018/001213 IB2018001213W WO2019069129A1 WO 2019069129 A1 WO2019069129 A1 WO 2019069129A1 IB 2018001213 W IB2018001213 W IB 2018001213W WO 2019069129 A1 WO2019069129 A1 WO 2019069129A1
Authority
WO
WIPO (PCT)
Prior art keywords
signal
vehicle
communication unit
mobile device
receiving
Prior art date
Application number
PCT/IB2018/001213
Other languages
French (fr)
Inventor
Shane Adrian WRIGHT
Cameron Kenneth SMITH
Rahim Fateali KESHWANI
Daniel Freeman LOCKHART
David SITEK
Original Assignee
Keyfree Technologies Inc.
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Keyfree Technologies Inc. filed Critical Keyfree Technologies Inc.
Publication of WO2019069129A1 publication Critical patent/WO2019069129A1/en

Links

Classifications

    • BPERFORMING OPERATIONS; TRANSPORTING
    • B60VEHICLES IN GENERAL
    • B60RVEHICLES, VEHICLE FITTINGS, OR VEHICLE PARTS, NOT OTHERWISE PROVIDED FOR
    • B60R25/00Fittings or systems for preventing or indicating unauthorised use or theft of vehicles
    • B60R25/10Fittings or systems for preventing or indicating unauthorised use or theft of vehicles actuating a signalling device
    • B60R25/102Fittings or systems for preventing or indicating unauthorised use or theft of vehicles actuating a signalling device a signal being sent to a remote location, e.g. a radio signal being transmitted to a police station, a security company or the owner
    • BPERFORMING OPERATIONS; TRANSPORTING
    • B60VEHICLES IN GENERAL
    • B60RVEHICLES, VEHICLE FITTINGS, OR VEHICLE PARTS, NOT OTHERWISE PROVIDED FOR
    • B60R25/00Fittings or systems for preventing or indicating unauthorised use or theft of vehicles
    • B60R25/20Means to switch the anti-theft system on or off
    • B60R25/24Means to switch the anti-theft system on or off using electronic identifiers containing a code not memorised by the user
    • GPHYSICS
    • G08SIGNALLING
    • G08CTRANSMISSION SYSTEMS FOR MEASURED VALUES, CONTROL OR SIMILAR SIGNALS
    • G08C17/00Arrangements for transmitting signals characterised by the use of a wireless electrical link
    • G08C17/02Arrangements for transmitting signals characterised by the use of a wireless electrical link using a radio link
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/03Protecting confidentiality, e.g. by encryption
    • H04W12/033Protecting confidentiality, e.g. by encryption of the user plane, e.g. user's traffic
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/10Integrity
    • H04W12/106Packet or message integrity
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W4/00Services specially adapted for wireless communication networks; Facilities therefor
    • H04W4/30Services specially adapted for particular environments, situations or purposes
    • H04W4/40Services specially adapted for particular environments, situations or purposes for vehicles, e.g. vehicle-to-pedestrians [V2P]
    • BPERFORMING OPERATIONS; TRANSPORTING
    • B60VEHICLES IN GENERAL
    • B60RVEHICLES, VEHICLE FITTINGS, OR VEHICLE PARTS, NOT OTHERWISE PROVIDED FOR
    • B60R2325/00Indexing scheme relating to vehicle anti-theft devices
    • B60R2325/10Communication protocols, communication systems of vehicle anti-theft devices
    • B60R2325/108Encryption
    • BPERFORMING OPERATIONS; TRANSPORTING
    • B60VEHICLES IN GENERAL
    • B60RVEHICLES, VEHICLE FITTINGS, OR VEHICLE PARTS, NOT OTHERWISE PROVIDED FOR
    • B60R2325/00Indexing scheme relating to vehicle anti-theft devices
    • B60R2325/20Communication devices for vehicle anti-theft devices
    • B60R2325/205Mobile phones
    • GPHYSICS
    • G08SIGNALLING
    • G08CTRANSMISSION SYSTEMS FOR MEASURED VALUES, CONTROL OR SIMILAR SIGNALS
    • G08C2201/00Transmission systems of control signals via wireless link
    • G08C2201/60Security, fault tolerance
    • GPHYSICS
    • G08SIGNALLING
    • G08CTRANSMISSION SYSTEMS FOR MEASURED VALUES, CONTROL OR SIMILAR SIGNALS
    • G08C2201/00Transmission systems of control signals via wireless link
    • G08C2201/90Additional features
    • G08C2201/93Remote control using other portable devices, e.g. mobile phone, PDA, laptop

Definitions

  • a first aspect provided herein is a mobile device based system for granting
  • authorization to control a vehicle comprising: a communication unit; a vehicle control module that is separate and distinct from the communication unit; and a mobile device capable of receiving a user input and a first signal, and sending a second signal
  • the mobile device comprises at least one mobile application including executable instructions to control the vehicle, wherein the executable instructions comprise: receiving the first signal from an internet, a cellular network, a server, or any combination thereof; storing the first signal; receiving the user input; and sending the second signal to the communication unit in response to receiving the user input; wherein the first and second signals both comprise a common unique identifier; wherein the communication unit is capable of receiving the second signal from the mobile device and sending a third signal to the vehicle control module; and wherein the vehicle control module is capable of receiving the third signal and sending a command to a receiver within the vehicle.
  • the mobile device is capable of performing the executable instruction of sending the second signal to the communication unit without access to the internet, the cellular network, or the server. In some embodiments, the mobile device is capable of receiving and storing the first signal before receiving the user input. In some embodiments, the communication unit is capable of receiving the second signal from a variety of mobile devices. In some embodiments, the communication unit is capable of sending the third signal to a variety of vehicle control modules. In some embodiments, the vehicle control module is capable of functionally communicating with both the communication unit and the receiver. In some embodiments, at least one of the vehicle control module and the receiver are associated with a specific vehicle.
  • At least one of the communication unit and the vehicle control module is removably or non-removably mounted to the vehicle. In some embodiments, at least one of the communication unit and the vehicle control module is removably or non- removably mounted to an OBD port of the vehicle. In some embodiments, at least one of the communication unit and the vehicle control module are powered by the OBD port of the vehicle, a primary battery, a rechargeable battery, an energy generator, or any combination thereof. In some embodiments, the communication unit is further capable of receiving a fourth signal comprising a vehicle status, from the vehicle. In some embodiments, the communication unit is capable of receiving the fourth signal from the OBD port of the vehicle. In some embodiments, the communication unit is capable of receiving the fourth signal from a variety of specific vehicles. In some embodiments, the vehicle status comprises an OBD code. In some
  • the unique identifier is associated with the vehicle, the receiver, the mobile device, the communication unit, the vehicle control module, or any combination thereof.
  • the unique identifier comprises an encrypted identifier.
  • the unique identifier comprises a signed identifier.
  • the communication unit is further capable of decrypting the encrypted identifier.
  • the communication unit is capable of decrypting the encrypted identifier without access to the internet, the cellular network, or the server.
  • the communication unit is further capable of validating the identifier.
  • the communication unit is capable of validating the encrypted identifier without access to the internet, the cellular network, or the server.
  • the mobile device is capable of receiving the first signal, storing the first signal, and sending the second signal without generating, validating, or decrypting the unique identifier.
  • the executable instructions further comprises authenticating the first signal.
  • at least one of the first signal and the second signal further comprises an access time range.
  • the mobile device is capable of receiving and storing the first signal before receiving the user input.
  • the executable instructions of the mobile application are configured to receive and store the first signal before receiving the user input.
  • the communication unit is further capable of receiving a fifth signal, equivalent to the second signal, from a source other than the mobile device.
  • the source comprises the internet, the cellular network, the server, or any combination thereof.
  • the mobile device receives the first signal from the internet, the cellular network, the server, or any combination thereof.
  • the mobile application is capable of performing the executable instruction of sending the second signal to the communication unit without access to the internet, the cellular network, or the server.
  • the communication unit is further capable of sending a sixth signal to a user, the sixth signal comprising at least one of the sensor data, and a status data correlated to the fourth signal.
  • the communication unit sends the sixth signal to the user via the internet, the cellular network, the server, the mobile device, or any combination thereof.
  • the communication unit comprises a sensor capable of measuring a sensor data
  • the sensor comprises a GPS sensor, an accelerometer, an inclinometer, a vibration sensor, a motion detector, a microphone, a camera, or any combination thereof.
  • the sixth signal further comprises a sensor data measured by the sensor.
  • the authorization to control the vehicle comprises authorization to unlock a vehicle door, lock the door, open the door, close the door, open a vehicle trunk, close the trunk, open a vehicle window, close the window, start a vehicle engine, stop the engine, enable a vehicle keyless start, disable the keyless start, start a vehicle air conditioning, stop the air conditioning, sound a vehicle alarm, disarm the alarm, honk a vehicle horn, turn on a vehicle headlight, turn off the headlight, or any combination thereof.
  • the mobile application further comprises an executable instruction of granting a second user the authorization to control the vehicle.
  • the vehicle is a push-to-start vehicle.
  • the second signal further comprises a request from the mobile device to the communication unit for a challenge.
  • the second signal further comprises the challenge sent from the communication unit to the mobile device.
  • the first signal further comprises a request to sign the challenge from the mobile device to the internet, cellular network, server, or any combination thereof.
  • the first signal further comprises a signed challenge from the internet, cellular network, server, or any combination thereof to the mobile device.
  • the second signal further comprises the signed challenge.
  • the first signal further comprises a key, and wherein the mobile device signs the challenge with the key.
  • a second aspect provided herein is method of granting authorization to control a vehicle comprising: a mobile device receiving a first signal, and sending a second signal; the mobile device storing the first signal; a user submitting an input to the mobile device; the mobile device sending a second signal to a communication unit; the communication unit receiving the second signal from the mobile device; the communication unit sending a third signal to a vehicle control module; the vehicle control module receiving the third signal; and the vehicle control module sending a command to a receiver within the vehicle; wherein the first and second signals both comprise a common unique identifier; and wherein the vehicle control module is in wired or wireless connection with the communication unit and the vehicle.
  • the mobile device sends the second signal to the communication unit without accessing the internet, the cellular network, or the server. In some embodiments, the mobile device receives and stores the first signal before the user submits the input. In some embodiments, the mobile device comprises a variety of one or more mobile devices. In some embodiments, at least one of the vehicle control module and the receiver are associated with a specific vehicle.
  • embodiments further comprise charging at least one of the communication unit and the vehicle control module with an OBD port of the vehicle, a primary battery, a rechargeable battery, an energy generator, or any combination thereof.
  • Some embodiments further comprise the communication unit receiving a fourth signal comprising a vehicle status, from the vehicle.
  • the communication unit receives the fourth signal from the OBD port of the vehicle.
  • the vehicle status comprises an OBD code.
  • the unique identifier is associated with the vehicle, the receiver, the mobile device, the communication unit, the vehicle control module, or any combination thereof.
  • the unique identifier comprises an encrypted identifier.
  • the unique identifier comprises a signed identifier.
  • Some embodiments further comprise the communication unit decrypting the encrypted identifier. In some embodiments the
  • Some embodiments further comprise the
  • the communication unit validating the identifier.
  • the communication unit is capable of validating the encrypted identifier without access to the internet, the cellular network, or the server.
  • Some embodiments further comprise the communication unit authenticating the first signal.
  • the mobile device receives the first signal, stores the first signal, and sends the second signal without generating, validating, or decrypting the unique identifier.
  • at least one of the first signal and the second signal further comprises an access time range.
  • the mobile device receives and stores the first signal before receiving the user input.
  • Some embodiments further comprise the communication unit receiving a fifth signal, equivalent to the second signal, from a source other than the mobile device.
  • the source comprises the internet, the cellular network, the server, or any combination thereof.
  • the mobile device receives the first signal from the internet, the cellular network, the server, or any combination thereof. Some embodiments further comprise the communication unit sending a sixth signal to a user, the sixth signal comprising at least one of the sensor data, and a status data correlated to the fourth signal. In some embodiments the communication unit sends the sixth signal to the user via the internet, the cellular network, the server, the mobile device, or any combination thereof. In some embodiments, the sixth signal further comprises a sensor data measured by a sensor.
  • the authorization to control the vehicle comprises authorization to unlock a vehicle door, lock the door, open the door, close the door, open a vehicle trunk, close the trunk, open a vehicle window, close the window, start a vehicle engine, stop the engine, enable a vehicle keyless start, disable the keyless start, start a vehicle air conditioning, stop the air conditioning, sound a vehicle alarm, disarm the alarm, honk a vehicle horn, turn on a vehicle headlight, turn off the headlight, or any combination thereof. Some embodiments further comprise granting a second user the authorization to control the vehicle.
  • the vehicle is a push-to-start vehicle.
  • the second signal further comprises a request from the mobile device to the communication unit for a challenge.
  • the second signal further comprises the challenge sent from the communication unit to the mobile device.
  • the first signal further comprises a request to sign the challenge from the mobile device to the internet, cellular network, server, or any combination thereof.
  • the first signal further comprises a signed challenge from the internet, cellular network, server, or any combination thereof to the mobile device.
  • the second signal further comprises the signed challenge.
  • the first signal further comprises a key, and wherein the mobile device signs the challenge with the key.
  • a third aspect provided herein is a mobile device based system for granting
  • authorization to control a vehicle comprising: a communication unit; a vehicle control module that is separate and distinct from the communication unit; and a mobile device capable of receiving a user input and a first signal, and sending a second signal
  • the mobile device comprises at least one mobile application including executable instructions to control the vehicle, wherein the executable instructions comprise: receiving the first signal from an internet, a cellular network, a server, or any combination thereof; storing the first signal; receiving the user input; and sending the second signal to the communication unit in response to receiving the user input; wherein the first and second signals both comprise a common unique identifier;
  • the communication unit is capable of receiving the second signal from the mobile device and sending a third signal to the vehicle control module; and wherein the vehicle control module is capable of receiving the third signal and sending a command to a receiver within the vehicle; and wherein the mobile device is capable of performing the executable instruction of sending the second signal to the communication unit without access to the internet, the cellular network, or the server.
  • the mobile device is capable of receiving and storing the first signal before receiving the user input.
  • the communication unit is capable of receiving the second signal from a variety of mobile devices.
  • the communication unit is capable of sending the third signal to a variety of vehicle control modules.
  • the vehicle control module is capable of functionally communicating with both the communication unit and the receiver.
  • at least one of the vehicle control module and the receiver are associated with a specific vehicle.
  • at least one of the communication unit and the vehicle control module is removably or non- removably mounted to the vehicle.
  • at least one of the communication unit and the vehicle control module is removably or non-removably mounted to an OBD port of the vehicle.
  • the communication unit and the vehicle control module are powered by the OBD port of the vehicle, a primary battery, a rechargeable battery, an energy generator, or any combination thereof.
  • the communication unit is further capable of receiving a fourth signal comprising a vehicle status, from the vehicle.
  • the communication unit is capable of receiving the fourth signal from the OBD port of the vehicle.
  • the communication unit is capable of receiving the fourth signal from a variety of specific vehicles.
  • the vehicle status comprises an OBD code.
  • the unique identifier is associated with the vehicle, the receiver, the mobile device, the communication unit, the vehicle control module, or any combination thereof.
  • the unique identifier comprises an encrypted identifier. In some embodiments, the unique identifier comprises a signed identifier. In some embodiments, the communication unit is further capable of decrypting the encrypted identifier. In some embodiments, the communication unit is capable of decrypting the encrypted identifier without access to the internet, the cellular network, or the server. In some embodiments, the communication unit is further capable of validating the identifier. In some embodiments, the communication unit is capable of validating the identifier without access to the internet, the cellular network, or the server. In some embodiments, the executable instructions further comprises authenticating the first signal.
  • the mobile device is capable of receiving the first signal, storing the first signal, and sending the second signal without generating, validating, or decrypting the unique identifier.
  • at least one of the first signal and the second signal further comprises an access time range.
  • the mobile device is capable of receiving and storing the first signal before receiving the user input.
  • the executable instructions of the mobile application are configured to receive and store the first signal before receiving the user input.
  • the communication unit is further capable of receiving a fifth signal, equivalent to the second signal, from a source other than the mobile device.
  • source comprises the internet, the cellular network, the server, or any combination thereof.
  • the mobile device receives the first signal from the internet, the cellular network, the server, or any combination thereof.
  • the mobile application is capable of performing the executable instruction of sending the second signal to the communication unit without access to the internet, the cellular network, or the server.
  • the communication unit is further capable of sending a sixth signal to a user, the sixth signal comprising at least one of the sensor data, and a status data correlated to the fourth signal.
  • the communication unit sends the sixth signal to the user via the internet, the cellular network, the server, the mobile device, or any combination thereof.
  • the communication unit comprises a sensor capable of measuring a sensor data.
  • the sensor comprises a GPS sensor, an accelerometer, an
  • the sixth signal further comprises a sensor data measured by the sensor.
  • the authorization to control the vehicle comprises authorization to unlock a vehicle door, lock the door, open the door, close the door, open a vehicle trunk, close the trunk, open a vehicle window, close the window, start a vehicle engine, stop the engine, enable a vehicle keyless start, disable the keyless start, start a vehicle air conditioning, stop the air conditioning, sound a vehicle alarm, disarm the alarm, honk a vehicle horn, turn on a vehicle headlight, turn off the headlight, or any combination thereof.
  • the mobile application further comprises an executable instruction of granting a second user the
  • the vehicle is a push-to-start vehicle.
  • the second signal further comprises a request from the mobile device to the communication unit for a challenge.
  • the second signal further comprises the challenge sent from the communication unit to the mobile device.
  • the first signal further comprises a request to sign the challenge from the mobile device to the internet, cellular network, server, or any combination thereof.
  • the first signal further comprises a signed challenge from the internet, cellular network, server, or any combination thereof to the mobile device.
  • the second signal further comprises the signed challenge.
  • the first signal further comprises a key, and wherein the mobile device signs the challenge with the key.
  • a fourth aspect provided herein is a method of granting authorization to control a vehicle comprising: a mobile device receiving a first signal, and sending a second signal; the mobile device storing the first signal; a user submitting an input to the mobile device; the mobile device sending a second signal to a communication unit; the communication unit receiving the second signal from the mobile device; the communication unit sending a third signal to a vehicle control module; the vehicle control module receiving the third signal; and the vehicle control module sending a command to a receiver within the vehicle; wherein the first and second signals both comprise a common unique identifier; wherein the vehicle control module is in wired or wireless connection with the communication unit and the vehicle; and wherein the mobile device sends the second signal to the communication unit without accessing the internet, the cellular network, or the server
  • the mobile device receives and stores the first signal before the user submits the input.
  • the mobile device comprises a variety of one or more mobile devices.
  • at least one of the vehicle control module and the receiver are associated with a specific vehicle.
  • Some embodiments further comprise charging at least one of the communication unit and the vehicle control module with an OBD port of the vehicle, a primary battery, a rechargeable battery, an energy generator, or any combination thereof.
  • Some embodiments further comprise the communication unit receiving a fourth signal comprising a vehicle status, from the vehicle.
  • the communication unit receives the fourth signal from the OBD port of the vehicle.
  • the vehicle status comprises an OBD code.
  • the unique identifier is associated with the vehicle, the receiver, the mobile device, the communication unit, the vehicle control module, or any combination thereof.
  • the unique identifier comprises an encrypted identifier. In some embodiments, the unique identifier comprises a signed identifier. Some embodiments further comprise the communication unit decrypting the encrypted identifier. In some embodiments, the communication unit is capable of decrypting the encrypted identifier without access to the internet, the cellular network, or the server. Some embodiments further comprise the communication unit validating the identifier. In some embodiments, the communication unit is capable of validating the identifier without access to the internet, the cellular network, or the server. Some embodiments further comprise the communication unit authenticating the first signal. In some embodiments, the mobile device receives the first signal, stores the first signal, and sends the second signal without generating, validating, or decrypting the unique identifier.
  • the mobile device receives and stores the first signal before receiving the user input. Some embodiments further comprise the communication unit receiving a fifth signal, equivalent to the second signal, from a source other than the mobile device. In some embodiments, the source comprises the internet, the cellular network, the server, or any combination thereof. In some embodiments, the mobile device receives the first signal from the internet, the cellular network, the server, or any combination thereof. Some embodiments further comprise the communication unit sending a sixth signal to a user, the sixth signal comprising at least one of the sensor data, and a status data correlated to the fourth signal.
  • the communication unit sends the sixth signal to the user via the internet, the cellular network, the server, the mobile device, or any combination thereof.
  • the sixth signal further comprises a sensor data measured by a sensor.
  • the authorization to control the vehicle comprises authorization to unlock a vehicle door, lock the door, open the door, close the door, open a vehicle trunk, close the trunk, open a vehicle window, close the window, start a vehicle engine, stop the engine, enable a vehicle keyless start, disable the keyless start, start a vehicle air conditioning, stop the air conditioning, sound a vehicle alarm, disarm the alarm, honk a vehicle horn, turn on a vehicle headlight, turn off the headlight, or any combination thereof.
  • Some embodiments further comprise granting a second user the authorization to control the vehicle.
  • the vehicle is a push-to-start vehicle.
  • a mobile device receiving a first signal, and sending a second signal; the mobile device storing the first signal; a user submitting an input to the mobile device; the mobile device sending a second signal to a communication unit; the communication unit receiving the second signal from the mobile device; the communication unit sending a third signal to a vehicle control module; the vehicle control module receiving the third signal; and the vehicle control module sending a command to a receiver within the vehicle;
  • the first and second signals both comprise a common unique identifier; and wherein the vehicle control module is in wired or wireless connection with the communication unit and the vehicle.
  • the mobile device sends the second signal to the communication unit without accessing the internet, the cellular network, or the server.
  • the mobile device receives and stores the first signal before the user submits the input.
  • the mobile device comprises a variety of one or more mobile devices.
  • at least one of the vehicle control module and the receiver are associated with a specific vehicle. Some embodiments further comprise charging at least one of the
  • Some embodiments further comprise the communication unit receiving a fourth signal comprising a vehicle status, from the vehicle. In some embodiments, the communication unit receives the fourth signal from the OBD port of the vehicle. In some embodiments, the vehicle status comprises an OBD code. In some embodiments, the unique identifier is associated with the vehicle, the receiver, the mobile device, the communication unit, the vehicle control module, or any combination thereof. In some embodiments, the unique identifier comprises an encrypted identifier. In some embodiments, the unique identifier comprises a signed identifier. Some embodiments further comprise the communication unit decrypting the encrypted identifier. In some embodiments the communication unit is capable of decrypting the encrypted identifier without access to the internet, the cellular network, or the server. Some embodiments further comprise the communication unit validating the identifier. In some embodiments the
  • Some embodiments further comprise the
  • the communication unit authenticating the first signal.
  • the mobile device receives the first signal, stores the first signal, and sends the second signal without generating, validating, or decrypting the unique identifier.
  • at least one of the first signal and the second signal further comprises an access time range.
  • the mobile device receives and stores the first signal before receiving the user input.
  • Some embodiments further comprise the communication unit receiving a fifth signal, equivalent to the second signal, from a source other than the mobile device.
  • the source comprises the internet, the cellular network, the server, or any combination thereof.
  • the mobile device receives the first signal from the internet, the cellular network, the server, or any combination thereof.
  • Some embodiments further comprise the communication unit sending a sixth signal to a user, the sixth signal comprising at least one of the sensor data, and a status data correlated to the fourth signal.
  • the communication unit sends the sixth signal to the user via the internet, the cellular network, the server, the mobile device, or any combination thereof.
  • the sixth signal further comprises a sensor data measured by a sensor.
  • the authorization to control the vehicle comprises authorization to unlock a vehicle door, lock the door, open the door, close the door, open a vehicle trunk, close the trunk, open a vehicle window, close the window, start a vehicle engine, stop the engine, enable a vehicle keyless start, disable the keyless start, start a vehicle air conditioning, stop the air conditioning, sound a vehicle alarm, disarm the alarm, honk a vehicle horn, turn on a vehicle headlight, turn off the headlight, or any combination thereof. Some embodiments further comprise granting a second user the authorization to control the vehicle.
  • the vehicle is a push-to-start vehicle.
  • the second signal further comprises a request from the mobile device to the communication unit for a challenge.
  • the second signal further comprises the challenge sent from the communication unit to the mobile device.
  • the first signal further comprises a request to sign the challenge from the mobile device to the internet, cellular network, server, or any combination thereof.
  • the first signal further comprises a signed challenge from the internet, cellular network, server, or any combination thereof to the mobile device.
  • the second signal further comprises the signed challenge.
  • the first signal further comprises a key, and wherein the mobile device signs the challenge with the key.
  • FIG. 1 shows a non-limiting illustration of an exemplary first mobile device based system for granting authorization to control a vehicle.
  • FIG. 2 shows a non-limiting illustration of an exemplary second mobile device based system for granting authorization to control a vehicle.
  • FIG. 3 shows an exemplary flowchart for a process of communication unit
  • FIG. 4 shows an exemplary flowchart for a first process for a new owner activating a communication unit after installation in a vehicle.
  • FIG. 5 shows an exemplary flowchart for a first process of connecting to
  • FIG. 6 shows an exemplary flowchart for a process of locking and unlocking doors.
  • FIG. 7 shows an exemplary flowchart for a second process of connecting to and authenticating the communication unit.
  • FIG. 8 shows an exemplary flowchart for a second process for a new owner activating a communication unit after installation in a vehicle.
  • FIG. 9 shows an exemplary flowchart for a second process of connecting to and authenticating the communication unit.
  • FIG. 10 shows an exemplary flowchart of communication signals between an internet or cellular network, a mobile device, a communications unit, a vehicle module, and a receiver within a vehicle.
  • FIG. 11 shows a non-limiting example of a digital processing device; in this case, a device with one or more CPUs, a memory, a communication interface, and a display.
  • FIG. 12 shows a non-limiting example of a web/mobile application provision system; in this case, a system providing browser-based and/or native mobile user interfaces.
  • FIG. 13 shows a non-limiting example of a cloud-based web/mobile application provision system; in this case, a system comprising an elastically load balanced, auto-scaling web server and application server resources as well synchronously replicated databases.
  • the disclosure provided herein provides for aftermarket devices and systems for car sharing, car rental and ride sharing that are far more scalable and easier to install than current solutions.
  • the disclosure herein further provides a higher level of security by eliminating or reducing the risk of hacking of cellular transmission to a vehicle.
  • the methods and systems herein are applicable for use with all makes and models of vehicles, and minimize the battery drain on the vehicle by utilizing alternative wireless technologies, such Bluetooth Low Energy.
  • a mobile device based system for granting authorization to control a vehicle 105 comprising a communication unit 103, a vehicle control module 104 that is separate and distinct from the communication unit 103, and a mobile device 102 capable of receiving a user input and a first signal, and sending a second signal.
  • the mobile device comprises at least one mobile application including executable instructions to control the vehicle 105, wherein the executable instructions comprise receiving the first signal from an internet, a cellular network, a remote server 101, or any combination thereof; storing the first signal; receiving the user input; and sending the second signal to the communication unit 103 in response to receiving the user input.
  • the first and second signals both comprise a common unique identifier, wherein the communication unit 103 is capable of receiving the second signal from the mobile device 102 and sending a third signal to the vehicle control module 104; and wherein the vehicle control module 104 is capable of receiving the third signal and sending a command to a receiver within the vehicle 105.
  • the communication unit 103 is capable of sending a command to open or close a digital lock 106.
  • FIG. 1 shows a non-limiting illustration of an exemplary "direct wired" first mobile device based system for granting authorization to control a vehicle.
  • the remote server 101 comprises a secure web-based service.
  • the mobile device 102 is carried by the owner or renter and runs an application "app" that is capable of communicating with the remote server 101 and the communication unit 103.
  • the mobile device 102 is not considered trusted and only stores, receives, or transmits encrypted and/or signed data from the remote server 101 and communication unit 103.
  • established cryptography practices are used to ensure that secure data is not tampered with, stored and sent again later, or copied and sent from an unauthorized mobile device.
  • the mobile device 102 communicates with the remote server 101 over the internet using secure HTTP or HTTPS with the strongest available TLS version and cipher suite.
  • the communication unit 103, control module 104, and digital lock 106 are installed in the vehicle 105 and are capable of secure data communication and storage.
  • the communication unit 103 validates communication from the mobile unit 102 and controls features of the vehicle 105 through the control module 104.
  • the mobile device 102 communicates with the communication unit 103 using Bluetooth Low Energy (BLE), near-field communication (NFC) or any other short-range wireless technology.
  • BLE Bluetooth Low Energy
  • NFC near-field communication
  • This communication path is not considered secure and may be susceptible to sniffing, tampering, and jamming. All data sent over this communication path is thus encrypted and/or signed to prevent spoofing, tampering, or information loss commonly associated with such means of communication.
  • the communication unit 103 is wired to the vehicle 105 to supply power and ground, and comprises an integrated GPS module for tracking vehicle 105 position and speed, and an optional long-range wireless (GSM or LTE) module for reporting position, speed, or other diagnostic or status information to the remote server, either periodically or in real time.
  • GSM long-range wireless
  • control module 104 is capable of unlocking and locking the doors and controlling other vehicle 105 functions. Some control modules 104 are installed with aftermarket remote starters and car alarms. Bypass modules support a wide range of vehicle 105 models and model years.
  • the digital lock 106 is a circuit that prevents the vehicle 105 from being started if not authorized by the communication unit 103.
  • FIG. 2 shows a non-limiting illustration of an exemplary "plug-and-play" second mobile device based system for granting authorization to control a vehicle.
  • the second mobile device based system for granting authorization to control a vehicle is capable of enhanced security during factory configuration, employs a Diffie-Hellman key exchange algorithm to ensure that the potentially insecure manufacturing station does not see the admin key, provides protection against rogue apps and mobile device cloning, and employs strong encryption and hashing algorithms using a true random number generator for enhanced device tampering prevention.
  • the roles of the remote server 101, mobile device 102, and communication unit 103 are the same as in the first mobile device based system for granting authorization to control a vehicle.
  • the communication unit 103 and vehicle control module 104 are wired to the vehicle control module 104 or connected using a secure wireless technology in the vehicle 105, and are inaccessible to people outside of the vehicle 103.
  • the communication unit 103 is plugged into the vehicle's OBD-II port for power and also possibly for reading diagnostic and status information such as fuel levels, speed, etc. from the vehicle's communication networks (e.g. CAN bus).
  • the vehicle control module 104 contains similar circuitry that is present in a vehicle's OEM key fob, exposing an interface to enable the communication unit 103 to control the functionality present in the key fob circuitry of locking and unlocking doors, opening the trunk, and/or starting the vehicle.
  • the interface also allows the communication unit 103 to control the passive start functionality of the key fob circuitry to prevent the vehicle 103 from being started if not authorized by the communication unit 103.
  • the vehicle control module is programmed with the vehicle 103 in the same way that a new OEM key fob is added to the vehicle 103, by a dealer or locksmith.
  • the vehicle control module 104 may be manufactured separately by the original equipment manufacturer (OEM), wherein the communication unit 103 does not need to implement proprietary security technology that may be specific to particular vehicle's models or model years.
  • OEM original equipment manufacturer
  • a mobile device based system for granting authorization to control a vehicle 1005 comprising a communication unit 1002, a vehicle control module 1003 that is separate and distinct from the communication unit 1002, and a mobile device 1001 capable of receiving a user input and a first signal 1011, and sending a second signal 1012.
  • the mobile device 1001 comprises at least one mobile application including executable instructions to control the vehicle 1005, wherein the executable instructions comprise receiving the first signal 1011 from an internet, a cellular network, a server 1006, or any combination thereof; storing the first signal 1011; receiving the user input; and sending the second signal 1012 to the communication unit 1001 in response to receiving the user input.
  • the first and second signals 1011 1012 both comprise a common unique identifier, wherein the communication unit 1002 is capable of receiving the second signal 1012 from the mobile device 1001 and sending a third signal 1013 to the vehicle control module 1003; and wherein the vehicle control module 1003 is capable of receiving the third signal 1013 and sending a command 1017 to a receiver 1004 within the vehicle 1005.
  • the mobile device 1001 is capable of performing the executable instruction of sending the second signal 1012 to the communication unit 1002 without access to the internet, the cellular network, or the server. In some embodiments, the mobile device 1001 is capable of receiving and storing the first signal 1011 before receiving the user input. In some embodiments, the communication unit 1002 is capable of receiving the second signal 1012 from a variety of mobile devices 1001. In some embodiments, the communication unit 1002 is capable of sending the third signal 1013 to a variety of vehicle control modules 1003. In some embodiments, the vehicle control module 1003 is capable of functionally communicating with both the communication unit 1002 and the receiver 1004.
  • At least one of the vehicle control module 1003 and the receiver 1004 are associated with a specific vehicle 1005. In some embodiments, at least one of the communication unit 1002 and the vehicle control module 1003 is removably or non-removably mounted to the vehicle 1005. In some
  • At least one of the communication unit 1002 and the vehicle control module 1003 is removably or non-removably mounted to an OBD port of the vehicle 1005. In some embodiments, at least one of the communication unit 1002 and the vehicle control module 1003 are powered by the OBD port of the vehicle 1005, a primary battery, a rechargeable battery, an energy generator, or any combination thereof.
  • the communication unit 1002 is further capable of receiving a fourth signal 1014 comprising a vehicle status, from the vehicle 1005. In some embodiments, the communication unit 1002 is capable of receiving the fourth signal 1014 from the OBD port of the vehicle 1005. In some embodiments, the communication unit 1002 is capable of receiving the fourth signal 1014 from a variety of specific vehicles 1005.
  • the vehicle status comprises an OBD code.
  • the unique identifier is associated with the vehicle 1005, the receiver 1004, the mobile device 1001, the communication unit 1002, the vehicle control module 1003, or any combination thereof.
  • the unique identifier comprises an encrypted identifier.
  • the unique identifier comprises a signed identifier.
  • the communication unit 1002 is further capable of decrypting the encrypted identifier.
  • the communication unit 1002 is capable of decrypting the encrypted identifier without access to the internet, the cellular network, or the server.
  • the communication unit 1002 is further capable of validating the identifier.
  • the communication unit 1002 is capable of validating the encrypted identifier without access to the internet, the cellular network, or the server. In some
  • the mobile device 1001 is capable of receiving the first signal 1011, storing the first signal 1011, and sending the second signal 1012 without generating, validating, or decrypting the unique identifier.
  • the executable instructions further comprise authenticating the first signal 1011.
  • at least one of the first signal 1011 and the second signal 1012 further comprises an access time range.
  • the mobile device 1001 is capable of receiving and storing the first signal 1011 before receiving the user input.
  • the executable instructions of the mobile application are configured to receive and store the first signal 1011 before receiving the user input.
  • the communication unit 1002 is further capable of receiving a fifth signal 1015, equivalent to the second signal 1012, from a source other than the mobile device 1001, wherein the source comprises the internet, the cellular network, the server, or any combination thereof.
  • the mobile device 1001 receives the first signal 1011 from the internet, the cellular network, the server, or any combination thereof.
  • the mobile application is capable of performing the executable instruction of sending the second signal 1012 to the communication unit 1002 without access to the internet, the cellular network, or the server.
  • the communication unit 1002 is further capable of sending a sixth signal 1016 to a user, the sixth signal 1016 comprising at least one of the sensor data, and a status data correlated to the fourth signal 1014.
  • the communication unit 1002 sends the sixth signal 1016 to the user via the internet, the cellular network, the server, the mobile device, or any combination thereof.
  • the communication unit 1002 comprises a sensor capable of measuring a sensor data comprising a GPS sensor, an accelerometer, an inclinometer, a vibration sensor, a motion detector, a microphone, a camera, or any combination thereof.
  • the sixth signal 1016 further comprises a sensor data measured by the sensor.
  • the authorization to control the vehicle 1005 comprises authorization to unlock a vehicle door, lock the door, open the door, close the door, open a vehicle trunk, close the trunk, open a vehicle window, close the window, start a vehicle engine, stop the engine, enable a vehicle keyless start, disable the keyless start, start a vehicle air conditioning, stop the air conditioning, sound a vehicle alarm, disarm the alarm, honk a vehicle horn, turn on a vehicle headlight, turn off the headlight, or any combination thereof.
  • the mobile application further comprises an executable instruction of granting a second user the authorization to control the vehicle 1005.
  • the vehicle 1005 is a push-to-start vehicle.
  • the communication unit does not require a direct communication link with the remote server because a remote link to control door locks or other vehicle functions may be compromised if the remotely server is hacked.
  • Bluetooth communications may not be secure, data sent over Bluetooth is signed and/or encrypted to prevent a potential attacker from trying to capture and replay, jam, or otherwise tamper with the wireless signals.
  • security policies are enforced within the remote server and the communication unit, and not on the app running on the mobile. As such, in some embodiments, unencrypted data is not stored, received, or sent on the mobile device.
  • FIG. 3 shows an exemplary flowchart for a process for communication unit configuration, comprising the communication generating a random admin key 301 on its first boot, a manufacturing station connecting to the communication unit 302, and reading the admin key 303, the communication unit sending the admin key 304 to the manufacturing station, the manufacturing station provisioning a new unit in its database 305 and sending a MAC ID and the admin key to a remote server for storage in a database 306, and the manufacturing station sending a lockdown command 307 to the communication unit, which enters production mode and prevents the admin key from being read 308.
  • the communication unit On first boot, the communication unit generates a pseudorandom 128-bit administrative key 301.
  • the manufacturing station wirelessly connects to the communication unit 302, reads the admin key 303, and sends a request, comprising the unit's unique MAC ID and the admin key that was read, to the remote server to provision the new unit in the database 304.
  • a visible identifier such as a unit's serial number may also be sent.
  • the MAC ID is a unique and difficult to spoof identifier that is assigned to the wireless interface when the interface chip is manufactured and presented to other devices over the wireless network.
  • the manufacturing station authenticates with the remote server using a secret API key which is also IP whitelisted by the server, to prevent others from creating fake devices.
  • a lockdown command is sent to the unit 307 which enters the unit into production mode 307.
  • the admin key may no longer be read by anyone, ensuring that it remains secret.
  • FIG. 7 shows an exemplary flowchart for a second process of connecting to and authenticating the communication unit comprising the communication generating a random admin key 701 on its first boot, a manufacturing station connecting to the communication unit 702, and reading the admin key 703, the communication unit sending the admin key 704, the manufacturing station creating a new unit in its database 705 and sending a MAC ID and the admin key to a remote server that generates random admin keys, calculates an admin shared secret, and sends a public key 706, the manufacturing station writing a server public key 707, and the communications unit calculating and sorting the admin shared secret 708.
  • the method shown in the exemplary flow chart per FIG. 7 employs the Elliptic Curve Diffie-Hellman key agreement protocol to establish a shared secret between the communication unit and remote server over an insecure channel.
  • the communication unit on first boot, the communication unit generates random public and private keys using a true random number generator 701.
  • the manufacturing station connects to the communication unit 702 wirelessly and reads the unit's public key 703, and sends a request to the remote server to provision the new unit in the database 705.
  • the request comprises the unit's unique MAC ID and the public key that was read, and a visible identifier such as a unit's serial number.
  • the remote server then generates its own random public and private keys for the unit, calculates the admin key using the server's public and private keys and the communication unit's public key, and sends back the server's public key 706.
  • the mobile device then forwards the server's public key to the communication unit 707, enabling the unit to calculate and store the admin key 708.
  • FIG. 4 shows an exemplary flowchart for a first "owner claim" process for new owner post-installation activation, comprising a mobile device receiving user credentials and logging into the server 401, the remote server authenticating the user and sending a token 402 to the mobile device which scans for nearby communication units and obtains their MAC IDs 403, receives a user pin 404, establishes connection with the communication unit 405, and requests an admin authentication challenge 406, the communication unit generating a random challenge 407, the mobile devices sending a MAC ID.
  • the remote server signing the challenge with the admin key 409, the mobile device authenticating the signed challenge 410, the communication unit validating the signature 411, the mobile device downloading a key 412, the remote server generating random keys, which are stored in the database and sent in encrypted form to the mobile device 413, which assigns the keys 414, and the communication unit decrypting and storing the keys 415.
  • the owner may be provided with a welcome card identifying the communication unit's MAC ID and unique PIN code.
  • the owner claim process is executed when the owner has Internet connectivity and is within short-range wireless range of the communication unit.
  • the owner begins the process by logging into the app on the mobile device 401.
  • the app also sends the mobile device's AppID in the login request to the remote server.
  • the AppID is a unique identifier for the app running on the particular mobile device, wherein the contents of the mobile device are backed up and restored on a different mobile device, or if the mobile device is wiped and the app is reinstalled, the AppID will change.
  • the remote server detects a user login with a new AppID, it assumes the user is logging in with a different mobile device and triggers re-verification of the user's email address and phone number.
  • the remote server After a successful login, the remote server responds with a session token after validating the owner's credentials 402, the app scans for nearby communication units 403, and the owner identifies the unit with the matching MAC ID and enters the PIN from the welcome card 404.
  • the app then establishes a wireless connection to the
  • the app requests an admin-level authentication challenge from the communication unit 406 which the unit generates pseudorandomly 407.
  • the app then asks the remote server to sign the challenge, passing along the challenge, MAC ID, and PIN 408. If the PIN matches the expected value for the corresponding MAC ID, the server signs the challenge 409 with the unit's admin key and returns the signature to the app.
  • the app then sends the signature to the communication unit 410. If the unit verifies that the signature matches the expected signature (as calculated internally by the unit), the connection is considered authenticated with the admin access level 410. During this process the admin key may not disclosed to the mobile device.
  • the challenge-response approach avoids having to send keys in plain text.
  • a challenge is 128 bits in length and expires after about ten seconds.
  • challenges are signed using a keyed-hash message
  • each message (characteristic) type that the communication unit supports has a required access level for read operations and a required access level for write operations, wherein the four possible access levels comprise admin, primary, secondary, and shared levels.
  • admin keys are used during the owner claim process, primary keys are used by the owner, and secondary keys and shared keys are similar, except that shared keys are time-limited.
  • the app downloads the primary, secondary, and shared keys from the remote server 411, the remote server generates the keys pseudorandomly, stores the keys in the database, and sends the keys back to the app in encrypted form 412.
  • the keys are encrypted using AES- 128 with the admin key, to prevent the keys from being disclosed to the app or during wireless transmission to the communication unit.
  • the app sends the encrypted keys to the communication unit 413 which then decrypts and stores the keys 414.
  • FIG. 8 shows an exemplary flowchart for a second "owner claim" process wherein a new owner activates a communication unit after installation in a vehicle comprising the user entering credentials and logging into the server 801 through the mobile device, the remote server authenticating the user and sending a token 802, the mobile device scanning for nearby communications units and obtaining lists of MAC IDs 803, receiving a user unit selection and pin 804, establishing connection to the communication unit 805, creating a communication session 806, and sending a MAC ID to the remote server which generates a random owner key, encrypts a package containing the owner key and the AppID using an admin shared secret 807, the mobile device forwarding the encrypted admin package and signing the package with the AppID 808, the communication unit verifying that the AppID matches the signature 809, storing the owner key, and encrypting the package 810, and the mobile device forwarding the package 811 to the remote server, which stores the owner's AppID and MAC ID 812.
  • the second "owner claim” process up to the wireless connection being established between the mobile device and the communication unit 805, is identical to the second "owner claim” process.
  • the app requests the remote server to establish a new encrypted communication session with the communication unit 806, passing along the MAC ID and PIN.
  • the server if the PIN matches the expected value for the corresponding MAC ID, the server generates a random primary key then encrypts a package containing the primary key and owner's current AppID using the admin key generated during the factory configuration process 807.
  • a package comprises a message sent between the remote server and communication unit that cannot be inspected by the mobile device, wherein the mobile device passes the package along to the communication unit.
  • the package that initiates the communication session is signed with the admin key, wherein subsequent packages are signed using the primary key.
  • the mobile devices signs the package with its AppID and sends the package to the communication unit 808, wherein the communication unit decrypts the package using the admin key and verifies that the AppID in the package matches the AppID in the signature 809 to ensure that the package was sent by the same mobile device that was authorized by the remote server.
  • the communication unit then stores the primary key and encrypts a new package containing the mobile device's MAC ID 8010.
  • the package is encrypted using the primary key.
  • the app forwards the package to the remote server
  • FIG. 5 shows an exemplary flowchart for a first process of connecting to and authenticating the communication unit comprising the mobile device receiving user credentials and logging into the server 501, the server authenticating the user and sending a token and a vehicle key 502 to the mobile device, which stores the key 503, the mobile device connecting to a vehicle 504, establishing a connection to the communication unit 505 and requesting an authentication challenge 506, the communication unit generating a random challenge 507, the mobile device signing the challenge with the key 508 and authenticating the key with the signed challenge 509, and the communications unit validating the signature 510 and authenticating the connection 511.
  • connection processes shown in flowchart of FIG. 5 is followed for all connections to the communication unit except for during the owner claim process.
  • the user initiates the process by logging into the app on the mobile device 501.
  • the remote server responds with a session token after validating the user's credentials 502, and sends back all of the vehicle keys to the user.
  • the app encrypts and stores the keys in the app's secure storage 503 for potential later offline use.
  • the rest of the connection process in FIG. 5 may occur with or without the mobile device having an Internet connection as long as the user has logged in and downloaded his or her keys, which is advantageous because a vehicle may be parked
  • the app After the user selects the vehicle and initiates connection 504, the app establishes a wireless connection to the communication unit 505 and requests an authentication challenge from the communication unit 506,which the communications unit generates pseudorandomly 507.
  • the challenge is specific to the access level of the user's key.
  • the app then signs the challenge using the key that was downloaded from the server 508 and sends the signature to the communication unit 509.
  • the communications unit verifies that the signature matches the expected signature 510, the connection is considered authenticated with the appropriate access level 511.
  • shared keys are intended to be temporary and not reusable, even if the app or mobile device are compromised, wherein when shared keys are shared, the key is hashed together with an index by the remote server using a HMAC, which is incremented each time the key is shared.
  • the original (non- indexed) base key is encrypted and sent to the communication unit.
  • the hashed key is downloaded to the mobile device.
  • the communication unit independently maintains its own index based on the previously verified index, and increments its internal index up to 256 iterations past the current index when the signature is verified, generating a signature, and comparing it to the app's signature at each iteration. In some embodiments, if any of the generated signatures match, the app's signature is considered valid, otherwise, if the app sends a signature generated with a lower index value, validation will fail. Due to the mathematical nature of the HMAC algorithm, it is practically impossible to recover the base shared key from the signature or to change the index after the signature has been calculated. This effectively prevents past renters from reusing their key.
  • FIG. 9 shows an exemplary flowchart for a second process of connecting to and authenticating the communication unit comprising the mobile device receiving user credentials and AppID, and logging into the server 901, the remote server authenticating the user, sending a visual token and vehicle keys 902, and encrypting a package containing the access control list (ACL) and the phone's AppID using the owner's key 903, the mobile device storing the keys and ACL packages 904, the mobile device connecting to a vehicle 905, establishing connection to a communication unit 906, and forwarding the encrypted ACL package that is signed with the AppID 907, the communications unit decrypting the package and updating the ACL 908, verifying that the AppID matches the signature 909, verifying the phone's MAC ID if the ACL contains the MAC ID 910, authenticating the connection 911, encrypting the package containing the phone's MAC ID using the owner's key if the MAC ID is not in the ACL 912, the mobile device forwarding the encrypted package 913, and the remote
  • FIG. 6 shows an exemplary flowchart for a process of locking a door comprising a user generating a lock doors command 601 through the mobile device, which generates a random challenge 602, and sends a lock door command 603 comprising a challenge to the
  • FIG. 6 further shows an exemplary flowchart for a process of unlocking a door comprising a user generating a lock doors command 608 through the mobile device, which requests a random challenge 609, the communication unit generating a random challenge 610, the mobile device signing the challenge with the key 611 and sending an unlock door command 612 comprising a signature to the communication unit which validates the signature 613 and sends an unlock door command 614 to the vehicle control module to unlock the doors 615.
  • Bluetooth connections may not be secure, a challenge and response protocol is used in some embodiments for locking and unlocking doors. This approach prevents jamming and replay attacks and attempts to tamper with the data from being successful. For example, an unlock command might be captured over the air by an attacker and replayed later to unlock the vehicle. As another example, a lock command might be jammed, preventing the command from reaching the communication unit and leaving the vehicle unlocked.
  • the app during the lock process 601, the app generates a pseudorandom challenge 602 and sends it to the communication unit 603. In some embodiments, after the communications unit instructs the vehicle control module to lock the doors 604, the
  • the communications unit signs the challenge with same key used in the connection process 606, and the app validates the signature 607. In some embodiments, if the app fails to validate the signature the app may conclude that a "man-in-the-middle" intercepted or jammed the command and that the doors were not locked as intended.
  • the app requests an unlock challenge from the communication unit 609.
  • the communications unit generates a pseudorandom challenge 610 which the app then signs 611 and sends back 612, wherein if the communications unit successfully validates the signature 612, the communications unit sends the command to the vehicle control module to unlock the doors 614.
  • a pseudorandom challenge with a ten-second timeout, an attacker capturing and replaying the signature will fail to unlock the doors. Similar processes may be used for enabling and disabling the digital lock that prevents the vehicle from being started.
  • FIG. 9 shows an exemplary flowchart for a second process of connecting to and authenticating the communication unit comprising the mobile device receiving user credentials and AppID, and logging into the server 901, the remote server authenticating the user, sending a visual token and vehicle keys 902, and encrypting a package containing the access control list (ACL) and the phone's AppID using the owner's key 903, the mobile device storing the keys and ACL packages 904, the mobile device connecting to a vehicle 905, establishing connection to a communication unit 906, and forwarding the encrypted ACL package that is signed with the AppID 907, the communications unit decrypting the package and updating the ACL 908, verifying that the AppID matches the signature 909, verifying the phone's MAC ID if the ACL contains the MAC ID 910, authenticating the connection 911, encrypting the package containing the phone's MAC ID using the owner's key if the MAC ID is not in the ACL 912, the mobile device forwarding the encrypted package 913, and the remote
  • the second process of connecting to and authenticating the communication unit comprises the logging into the app on the mobile device 901, The remote server responding with a session token after validating the user's credentials 902, and the remote server sending back data for all of the vehicle keys to which the user has access 903.
  • the key data also includes encrypted packages containing an access control list (ACL) for each communication unit along with the user's current AppID, wherein the ACL comprises a table of multiple records, each consisting of an AppID, the mobile device's MAC ID, and the access level, and wherein the ACL is tagged with an incrementing version number.
  • ACL access control list
  • a record would be included for the owner and all keys that have been shared, wherein the MAC ID is only included if it is known; that is, if a communication unit has previously communicated with the specific mobile device.
  • the key data is stored on the mobile device 904 for potential later offline use, wherein the sensitive data is no longer encrypted (and not decryptable by the app) we no longer need to rely on the app to store it securely.
  • steps 905 to 913 may occur with or without the mobile device having an Internet connection.
  • the app after the user selects the vehicle and initiates connection 905, the app establishes a wireless connection to the communication unit 906. The app then forwards the encrypted ACL to the communication unit, signing the package with its AppID 907. The communication unit decrypts the package and stores the ACL if the version number is higher than the last version number that was received 908.
  • the unit also verifies that the AppID in the package matches the AppID in the signature 909, wherein if the MAC ID corresponding to the current mobile device's AppID is included in the ACL, the unit verifies that the connected mobile device's MAC ID matches the ACL MAC ID 910. If these verification steps are successful, the connection is considered authenticated with the appropriate access level 911
  • the communication unit encrypts a new package containing the mobile device's MAC ID 912, and the app forwards this package to the remote server 913 and the remote server stores the association between the AppID and the mobile device's MAC ID in the database.
  • the above mentioned methods and systems for locking and unlocking a vehicle can be employed with the first or second mobile device based systems for granting authorization to control a vehicle.
  • the term "about” refers to an amount that is near the stated amount by about 10%, 5%, or 1%, including increments therein.
  • a vehicle refers to a mobile machine that transports people or cargo, such as, for example, a wagon, a bicycle, a motor vehicle, a motorcycle, a car, a truck, a bus, a railed vehicle, a train, a tram, a watercraft, a ship, a boat, an aircraft or a spacecraft.
  • a vehicle comprises a door, a trunk, a window, an engine, a window, an air conditioning system, a horn, and a headlight.
  • the term "mobile device” refers to a mobile computing device such as, for example, a laptop computer, a notebook computer, a sub -notebook computer, a netbook computer, a netpad computer, a set-top computer, a media streaming device, a handheld computer, an Internet appliance, a mobile smartphone, a tablet computer, a personal digital assistant, or a video game console.
  • a mobile computing device such as, for example, a laptop computer, a notebook computer, a sub -notebook computer, a netbook computer, a netpad computer, a set-top computer, a media streaming device, a handheld computer, an Internet appliance, a mobile smartphone, a tablet computer, a personal digital assistant, or a video game console.
  • the term "OBD port” refers to an on-board diagnostics port built into may vehicles that enables the vehicle to send a signal comprising a diagnosis or a status.
  • the OBD port is further capable of acting as a source of power.
  • access time range refers to a specific time and/or date range wherein an item or resource can be accessed by a user.
  • a push-to-start vehicle refers to vehicle wherein ignition does not require a physical key, and wherein the engine can be turned on by the push of a button.
  • a push-to-start vehicle comprises a system to detect the proximity or signal from a key fob or authenticating device before starting the engine of the vehicle.
  • the platforms, systems, media, and methods described herein include a digital processing device, or use of the same.
  • the digital processing device includes one or more hardware central processing units (CPUs) or general purpose graphics processing units (GPGPUs) that carry out the device's functions.
  • the digital processing device further comprises an operating system configured to perform executable instructions.
  • the digital processing device is optionally connected a computer network.
  • the digital processing device is optionally connected to the Internet such that it accesses the World Wide Web.
  • the digital processing device is optionally connected to a cloud computing infrastructure.
  • the digital processing device is optionally connected to an intranet.
  • the digital processing device is optionally connected to a data storage device.
  • suitable digital processing devices include, by way of non-limiting examples, server computers, desktop computers, laptop computers, notebook computers, sub-notebook computers, netbook computers, netpad computers, set-top computers, media streaming devices, handheld computers, Internet appliances, mobile smartphones, tablet computers, personal digital assistants, video game consoles, and vehicles.
  • server computers desktop computers, laptop computers, notebook computers, sub-notebook computers, netbook computers, netpad computers, set-top computers, media streaming devices, handheld computers, Internet appliances, mobile smartphones, tablet computers, personal digital assistants, video game consoles, and vehicles.
  • smartphones are suitable for use in the system described herein.
  • Suitable tablet computers include those with booklet, slate, and convertible configurations, known to those of skill in the art.
  • the digital processing device includes an operating system configured to perform executable instructions.
  • the operating system is, for example, software, including programs and data, which manages the device's hardware and provides services for execution of applications.
  • suitable server operating systems include, by way of non-limiting examples, FreeBSD, OpenBSD, NetBSD ® , Linux, Apple ® Mac OS X Server ® , Oracle ® Solaris ® , Windows Server ® , and Novell ® NetWare ® .
  • suitable personal computer operating systems include, by way of non-limiting examples, Microsoft ® Windows ® , Apple ® Mac OS X ® , UNIX ® , and UNIX- like operating systems such as GNU/Linux ® .
  • the operating system is provided by cloud computing.
  • suitable mobile smart phone operating systems include, by way of non-limiting examples, Nokia ® Symbian ® OS, Apple ® iOS ® , Research In Motion ® BlackBerry OS ® , Google ® Android ® , Microsoft ® Windows Phone ® OS, Microsoft ® Windows Mobile ® OS, Linux ® , and Palm ® WebOS ® .
  • suitable media streaming device operating systems include, by way of non-limiting examples, Apple TV ® , Roku ® , Boxee ® , Google TV ® , Google Chromecast ® , Amazon Fire ® , and Samsung ® HomeSync ® .
  • suitable video game console operating systems include, by way of non-limiting examples, Sony ® PS3 ® , Sony ® PS4 ® , Microsoft ® Xbox 360 ® , Microsoft Xbox One, Nintendo ® Wii ® , Nintendo ® Wii U ® , and Ouya ® .
  • the device includes a storage and/or memory device.
  • the storage and/or memory device is one or more physical apparatuses used to store data or programs on a temporary or permanent basis.
  • the device is volatile memory and requires power to maintain stored information.
  • the device is non-volatile memory and retains stored information when the digital processing device is not powered.
  • the non-volatile memory comprises flash memory.
  • the non-volatile memory comprises dynamic random-access memory (DRAM).
  • the non-volatile memory comprises ferroelectric random access memory (FRAM).
  • the non-volatile memory comprises phase-change random access memory (PRAM).
  • the device is a storage device including, by way of non-limiting examples, CD-ROMs, DVDs, flash memory devices, magnetic disk drives, magnetic tapes drives, optical disk drives, and cloud computing based storage.
  • the storage and/or memory device is a combination of devices such as those disclosed herein.
  • the digital processing device includes a display to send visual information to a user.
  • the display is a liquid crystal display (LCD).
  • the display is a thin film transistor liquid crystal display (TFT-LCD).
  • the display is an organic light emitting diode (OLED) display.
  • OLED organic light emitting diode
  • on OLED display is a passive-matrix OLED (PMOLED) or active-matrix OLED (AMOLED) display.
  • the display is a plasma display.
  • the display is a video projector.
  • the display is a head- mounted display in communication with the digital processing device, such as a VR headset.
  • suitable VR headsets include, by way of non-limiting examples, HTC Vive, Oculus Rift, Samsung Gear VR, Microsoft HoloLens, Razer OSVR, FOVE VR, Zeiss VR One, Avegant Glyph, Freefly VR headset, and the like.
  • the display is a combination of devices such as those disclosed herein.
  • the digital processing device includes an input device to receive information from a user.
  • the input device is a keyboard.
  • the input device is a pointing device including, by way of non-limiting examples, a mouse, trackball, track pad, joystick, game controller, or stylus.
  • the input device is a touch screen or a multi-touch screen.
  • the input device is a microphone to capture voice or other sound input.
  • the input device is a video camera or other sensor to capture motion or visual input.
  • the input device is a Kinect, Leap Motion, or the like.
  • the input device is a combination of devices such as those disclosed herein.
  • a digital processing device 1101 is programmed or otherwise configured to grant authorization to control a vehicle.
  • the digital processing device 1101 includes a central processing unit (CPU, also "processor” and “computer processor” herein) 1105, which is optionally a single core, a multi core processor, or a plurality of processors for parallel processing.
  • CPU central processing unit
  • processor also "processor” and “computer processor” herein
  • the digital processing device 1101 also includes memory or memory location 1110 (e.g., random-access memory, read-only memory, flash memory), electronic storage unit 1115 (e.g., hard disk), communication interface 1120 (e.g., network adapter) for communicating with one or more other systems, and peripheral devices 1125, such as cache, other memory, data storage and/or electronic display adapters.
  • memory or memory location 1110 e.g., random-access memory, read-only memory, flash memory
  • electronic storage unit 1115 e.g., hard disk
  • communication interface 1120 e.g., network adapter
  • peripheral devices 1125 such as cache, other memory, data storage and/or electronic display adapters.
  • the memory 1110, storage unit 1115, interface 1120 and peripheral devices 1125 are in
  • the storage unit 1115 comprises a data storage unit (or data repository) for storing data.
  • the digital processing device 1101 is optionally operatively coupled to a computer network ("network") 1130 with the aid of the communication interface 1120.
  • the network 1130 in various cases, is the internet, an internet, and/or extranet, or an intranet and/or extranet that is in communication with the internet.
  • the network 1130 in some cases, is a telecommunication and/or data network.
  • the network 1130 optionally includes one or more computer servers, which enable distributed computing, such as cloud computing.
  • the network 1130 in some cases, with the aid of the device 1101, implements a peer-to-peer network, which enables devices coupled to the device 1101 to behave as a client or a server.
  • the CPU 1105 is configured to execute a sequence of machine-readable instructions, embodied in a program, application, and/or software.
  • the instructions are optionally stored in a memory location, such as the memory 1110.
  • the instructions are directed to the CPU 105, which subsequently program or otherwise configure the CPU 1105 to implement methods of the present disclosure. Examples of operations performed by the CPU 1105 include fetch, decode, execute, and write back.
  • the CPU 1105 is, in some cases, part of a circuit, such as an integrated circuit. One or more other components of the device 1101 are optionally included in the circuit. In some cases, the circuit is an application specific integrated circuit (ASIC) or a field programmable gate array (FPGA).
  • ASIC application specific integrated circuit
  • FPGA field programmable gate array
  • the storage unit 1115 optionally stores files, such as drivers, libraries and saved programs.
  • the storage unit 1115 optionally stores user data, e.g., user preferences and user programs.
  • the digital processing device 1101 optionally communicates with one or more remote computer systems through the network 1130.
  • the device 1101 optionally communicates with a remote computer system of a user.
  • remote computer systems include personal computers (e.g., portable PC), slate or tablet PCs (e.g., Apple ® iPad, Samsung ® Galaxy Tab, etc.), smartphones (e.g., Apple ® iPhone, Android-enabled device, Blackberry ® , etc.), or personal digital assistants.
  • Methods as described herein are optionally implemented by way of machine (e.g., computer processor) executable code stored on an electronic storage location of the digital processing device 101, such as, for example, on the memory 1110 or electronic storage unit 1115.
  • the machine executable or machine readable code is optionally provided in the form of software.
  • the code is executed by the processor 1105.
  • the code is retrieved from the storage unit 1115 and stored on the memory 1110 for ready access by the processor 1105.
  • the electronic storage unit 1115 is precluded, and machine- executable instructions are stored on the memory 1110.
  • Non-transitory computer readable storage medium
  • the platforms, systems, media, and methods disclosed herein include one or more non-transitory computer readable storage media encoded with a program including instructions executable by the operating system of an optionally networked digital processing device.
  • a computer readable storage medium is a tangible component of a digital processing device.
  • a computer readable storage medium is optionally removable from a digital processing device.
  • a computer readable storage medium includes, by way of non-limiting examples, CD-ROMs, DVDs, flash memory devices, solid state memory, magnetic disk drives, magnetic tape drives, optical disk drives, cloud computing systems and services, and the like.
  • the program and instructions are permanently, substantially permanently, semi-permanently, or non- transitorily encoded on the media.
  • the platforms, systems, media, and methods disclosed herein include at least one computer program, or use of the same.
  • a computer program includes a sequence of instructions, executable in the digital processing device's CPU, written to perform a specified task.
  • Computer readable instructions may be implemented as program modules, such as functions, objects, Application Programming Interfaces (APIs), data structures, and the like, that perform particular tasks or implement particular abstract data types.
  • APIs Application Programming Interfaces
  • a computer program may be written in various versions of various languages.
  • a computer program comprises one sequence of instructions. In some embodiments, a computer program comprises a plurality of sequences of instructions. In some embodiments, a computer program is provided from one location. In other embodiments, a computer program is provided from a plurality of locations. In various embodiments, a computer program includes one or more software modules. In various embodiments, a computer program includes, in part or in whole, one or more web applications, one or more mobile applications, one or more standalone applications, one or more web browser plug-ins, extensions, add-ins, or add-ons, or combinations thereof.
  • a computer program includes a web application.
  • a web application in various embodiments, utilizes one or more software frameworks and one or more database systems.
  • a web application is created upon a software framework such as Microsoft ® .NET or Ruby on Rails (RoR).
  • a web application utilizes one or more database systems including, by way of non-limiting examples, relational, non-relational, object oriented, associative, and XML database systems.
  • suitable relational database systems include, by way of non-limiting examples, Microsoft ® SQL Server, mySQLTM, and Oracle ® .
  • a web application in various embodiments, is written in one or more versions of one or more languages.
  • a web application may be written in one or more markup languages, presentation definition languages, client-side scripting languages, server-side coding languages, database query languages, or combinations thereof.
  • a web application is written to some extent in a markup language such as Hypertext Markup Language (HTML), Extensible Hypertext Markup Language (XHTML), or extensible Markup Language (XML).
  • a web application is written to some extent in a presentation definition language such as Cascading Style Sheets (CSS).
  • CSS Cascading Style Sheets
  • a web application is written to some extent in a client-side scripting language such as Asynchronous Javascript and XML (AJAX), Flash ® Actionscript, Javascript, or Silverlight ® .
  • AJAX Asynchronous Javascript and XML
  • Flash ® Actionscript Javascript
  • Javascript or Silverlight ®
  • a web application is written to some extent in a server-side coding language such as Active Server Pages (ASP), ColdFusion ® , Perl, JavaTM, JavaServer Pages (JSP), Hypertext Preprocessor (PHP), PythonTM, Ruby, Tel, Smalltalk, WebDNA ® , or Groovy.
  • a web application is written to some extent in a database query language such as Structured Query Language (SQL).
  • SQL Structured Query Language
  • a web application integrates enterprise server products such as IBM ® Lotus Domino ® .
  • a web application includes a media player element.
  • a media player element utilizes one or more of many suitable multimedia technologies including, by way of non-limiting examples, Adobe ® Flash ® , HTML 5, Apple ® QuickTime ® , Microsoft ® Silverlight ® , JavaTM, and Unity ® .
  • an application provision system comprises one or more databases 1200 accessed by a relational database management system (RDBMS) 1210. Suitable RDBMSs include Firebird, MySQL, PostgreSQL, SQLite, Oracle Database, Microsoft SQL Server, IBM DB2, IBM Informix, SAP Sybase, SAP Sybase, Teradata, and the like.
  • the application provision system further comprises one or more application severs 1220 (such as Java servers, .NET servers, PHP servers, and the like) and one or more web servers 1230 (such as Apache, IIS, GWS and the like).
  • the web server(s) optionally expose one or more web services via app application programming interfaces (APIs) 1240.
  • APIs app application programming interfaces
  • an application provision system alternatively has a distributed, cloud-based architecture 1300 and comprises elastically load balanced, auto-scaling web server resources 1310, and application server resources 1320 as well synchronously replicated databases 1330.
  • a computer program includes a mobile application provided to a mobile digital processing device.
  • the mobile application is provided to a mobile digital processing device at the time it is manufactured.
  • the mobile application is provided to a mobile digital processing device via the computer network described herein.
  • a mobile application is created by techniques known to those of skill in the art using hardware, languages, and development environments known to the art. Those of skill in the art will recognize that mobile applications are written in several languages. Suitable programming languages include, by way of non-limiting examples, C, C++, C#, Objective-C, JavaTM, Javascript, Pascal, Object Pascal, PythonTM, Ruby, VB.NET, WML, and XHTML/HTML with or without CSS, or combinations thereof.
  • Suitable mobile application development environments are available from several sources. Commercially available development environments include, by way of non-limiting examples, AirplaySDK, alcheMo, Appcelerator®, Celsius, Bedrock, Flash Lite, .NET Compact Framework, Rhomobile, and WorkLight Mobile Platform. Other development environments are available without cost including, by way of non-limiting examples, Lazarus, MobiFlex, MoSync, and Phonegap. Also, mobile device manufacturers distribute software developer kits including, by way of non-limiting examples, iPhone and iPad (iOS) SDK, AndroidTM SDK, BlackBerry® SDK, BREW SDK, Palm® OS SDK, Symbian SDK, webOS SDK, and Windows® Mobile SDK.
  • iOS iPhone and iPad
  • a computer program includes a standalone application, which is a program that is run as an independent computer process, not an add-on to an existing process, e.g., not a plug-in.
  • standalone applications are often compiled.
  • a compiler is a computer program(s) that transforms source code written in a programming language into binary object code such as assembly language or machine code. Suitable compiled programming languages include, by way of non-limiting examples, C, C++,
  • a computer program includes one or more executable complied applications.
  • the computer program includes a web browser plug-in (e.g., extension, etc.).
  • a plug-in is one or more software components that add specific functionality to a larger software application. Makers of software applications support plug-ins to enable third-party developers to create abilities which extend an application, to support easily adding new features, and to reduce the size of an application. When supported, plug-ins enables customizing the functionality of a software application. For example, plug-ins are commonly used in web browsers to play video, generate interactivity, scan for viruses, and display particular file types. Those of skill in the art will be familiar with several web browser plug-ins including, Adobe ® Flash ® Player, Microsoft ® Silverlight ® , and Apple ® QuickTime ® .
  • plug-in frameworks are available that enable development of plug-ins in various programming languages, including, by way of non-limiting examples, C++, Delphi, JavaTM, PHP, PythonTM, and VB .NET, or combinations thereof.
  • Web browsers are software applications, designed for use with network-connected digital processing devices, for retrieving, presenting, and traversing information resources on the World Wide Web. Suitable web browsers include, by way of non- limiting examples, Microsoft ® Internet Explorer ® , Mozilla ® Firefox ® , Google ® Chrome, Apple ® Safari ® , Opera Software ® Opera ® , and KDE Konqueror. In some embodiments, the web browser is a mobile web browser.
  • Mobile web browsers are designed for use on mobile digital processing devices including, by way of non-limiting examples, handheld computers, tablet computers, netbook computers, subnotebook computers, smartphones, music players, personal digital assistants (PDAs), and handheld video game systems.
  • Suitable mobile web browsers include, by way of non-limiting examples, Google ® Android ® browser, RFM BlackBerry ® Browser, Apple ® Safari ® , Palm ® Blazer, Palm ® WebOS ® Browser, Mozilla ® Firefox ® for mobile, Microsoft ® Internet Explorer ® Mobile, Amazon ® Kindle ® Basic Web, Nokia ® Browser, Opera Software ® Opera ® Mobile, and Sony ® PSPTM browser.
  • the platforms, systems, media, and methods disclosed herein include software, server, and/or database modules, or use of the same.
  • software modules are created by techniques known to those of skill in the art using machines, software, and languages known to the art.
  • the software modules disclosed herein are implemented in a multitude of ways.
  • a software module comprises a file, a section of code, a programming object, a programming structure, or combinations thereof.
  • a software module comprises a plurality of files, a plurality of sections of code, a plurality of programming objects, a plurality of programming structures, or combinations thereof.
  • the one or more software modules comprise, by way of non-limiting examples, a web application, a mobile application, and a standalone application.
  • software modules are in one computer program or application. In other embodiments, software modules are in more than one computer program or application. In some embodiments, software modules are hosted on one machine. In other embodiments, software modules are hosted on more than one machine. In further embodiments, software modules are hosted on cloud computing platforms. In some embodiments, software modules are hosted on one or more machines in one location. In other embodiments, software modules are hosted on one or more machines in more than one location.
  • the platforms, systems, media, and methods disclosed herein include one or more databases, or use of the same.
  • suitable databases include, by way of non-limiting examples, relational databases, non-relational databases, object oriented databases, object databases, entity- relationship model databases, associative databases, and XML databases. Further non-limiting examples include SQL, PostgreSQL, MySQL, Oracle, DB2, and Sybase.
  • a database is internet-based.
  • a database is web-based.
  • a database is cloud computing-based.
  • a database is based on one or more local computer storage devices.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Mechanical Engineering (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Selective Calling Equipment (AREA)
  • Lock And Its Accessories (AREA)

Abstract

Described are mobile device based systems and methods for granting authorization to control a vehicle and allow a user to open and start the vehicle by a mobile device, which are currently carried by a vast majority of vehicle owners, and which allows a user to grant access to vehicle to others without physical device transference. Some embodiments of the mobile device bases systems are able to function when the mobile device does or does not have access to a wireless or cellular data.

Description

METHODS AND DEVICES FOR MANAGING ACCESS TO A VEHICLE
CROSS-REFERENCE
[0001] This application claims the benefit of U.S. Provisional Application No. 62/568,242, filed October 4, 2017, which application is incorporated herein by reference.
BACKGROUND OF THE INVENTION
[0002] In recent years, the usage of conventional keys in the automotive industry has diminished as new methods for enabling access to vehicles are being developed. Typical vehicle keys may be easily lost, misplaced, and forgotten, and are costly and burdensome to replace.
[0003] Many currently available vehicles have been configured for remote keyless entry, wherein the vehicle is capable of being wirelessly opened by a keyfob, but requires a key, that is usually attached to the keyfob, to start the vehicle. Additionally, many passive entry/start systems such as push-to start cars can be opened and started by a keyfob, as long as the vehicle detects that a keyfob is within, or within a set distance from, the vehicle. These systems, however, still require a user to carry a keyfob at all times, and do not allow a user to grant access to others without physically relinquishing the keyfob. As such, there is a current unmet need for a secure vehicle system capable of being opened and started by a mobile device, which are currently carried by a vast majority of vehicle owners, which allows a user to grant access to vehicle to others without physical device transference.
SUMMARY OF THE INVENTION
[0004] A first aspect provided herein is a mobile device based system for granting
authorization to control a vehicle comprising: a communication unit; a vehicle control module that is separate and distinct from the communication unit; and a mobile device capable of receiving a user input and a first signal, and sending a second signal, wherein the mobile device comprises at least one mobile application including executable instructions to control the vehicle, wherein the executable instructions comprise: receiving the first signal from an internet, a cellular network, a server, or any combination thereof; storing the first signal; receiving the user input; and sending the second signal to the communication unit in response to receiving the user input; wherein the first and second signals both comprise a common unique identifier; wherein the communication unit is capable of receiving the second signal from the mobile device and sending a third signal to the vehicle control module; and wherein the vehicle control module is capable of receiving the third signal and sending a command to a receiver within the vehicle. [0005] In some embodiments, the mobile device is capable of performing the executable instruction of sending the second signal to the communication unit without access to the internet, the cellular network, or the server. In some embodiments, the mobile device is capable of receiving and storing the first signal before receiving the user input. In some embodiments, the communication unit is capable of receiving the second signal from a variety of mobile devices. In some embodiments, the communication unit is capable of sending the third signal to a variety of vehicle control modules. In some embodiments, the vehicle control module is capable of functionally communicating with both the communication unit and the receiver. In some embodiments, at least one of the vehicle control module and the receiver are associated with a specific vehicle. In some embodiments, at least one of the communication unit and the vehicle control module is removably or non-removably mounted to the vehicle. In some embodiments, at least one of the communication unit and the vehicle control module is removably or non- removably mounted to an OBD port of the vehicle. In some embodiments, at least one of the communication unit and the vehicle control module are powered by the OBD port of the vehicle, a primary battery, a rechargeable battery, an energy generator, or any combination thereof. In some embodiments, the communication unit is further capable of receiving a fourth signal comprising a vehicle status, from the vehicle. In some embodiments, the communication unit is capable of receiving the fourth signal from the OBD port of the vehicle. In some embodiments, the communication unit is capable of receiving the fourth signal from a variety of specific vehicles. In some embodiments, the vehicle status comprises an OBD code. In some
embodiments, the unique identifier is associated with the vehicle, the receiver, the mobile device, the communication unit, the vehicle control module, or any combination thereof. In some embodiments, the unique identifier comprises an encrypted identifier. In some embodiments, the unique identifier comprises a signed identifier. In some embodiments, the communication unit is further capable of decrypting the encrypted identifier. In some embodiments, the communication unit is capable of decrypting the encrypted identifier without access to the internet, the cellular network, or the server. In some embodiments the communication unit is further capable of validating the identifier. In some embodiments the communication unit is capable of validating the encrypted identifier without access to the internet, the cellular network, or the server. In some embodiments the mobile device is capable of receiving the first signal, storing the first signal, and sending the second signal without generating, validating, or decrypting the unique identifier. In some embodiments the executable instructions further comprises authenticating the first signal. In some embodiments at least one of the first signal and the second signal further comprises an access time range. In some embodiments the mobile device is capable of receiving and storing the first signal before receiving the user input. In some embodiments the executable instructions of the mobile application are configured to receive and store the first signal before receiving the user input. In some embodiments the communication unit is further capable of receiving a fifth signal, equivalent to the second signal, from a source other than the mobile device. In some embodiments the source comprises the internet, the cellular network, the server, or any combination thereof. In some embodiments the mobile device receives the first signal from the internet, the cellular network, the server, or any combination thereof. In some embodiments the mobile application is capable of performing the executable instruction of sending the second signal to the communication unit without access to the internet, the cellular network, or the server. In some embodiments, the communication unit is further capable of sending a sixth signal to a user, the sixth signal comprising at least one of the sensor data, and a status data correlated to the fourth signal. In some embodiments the communication unit sends the sixth signal to the user via the internet, the cellular network, the server, the mobile device, or any combination thereof. In some embodiments, wherein the communication unit comprises a sensor capable of measuring a sensor data, In some embodiments the sensor comprises a GPS sensor, an accelerometer, an inclinometer, a vibration sensor, a motion detector, a microphone, a camera, or any combination thereof. In some embodiments, the sixth signal further comprises a sensor data measured by the sensor. In some embodiments the authorization to control the vehicle comprises authorization to unlock a vehicle door, lock the door, open the door, close the door, open a vehicle trunk, close the trunk, open a vehicle window, close the window, start a vehicle engine, stop the engine, enable a vehicle keyless start, disable the keyless start, start a vehicle air conditioning, stop the air conditioning, sound a vehicle alarm, disarm the alarm, honk a vehicle horn, turn on a vehicle headlight, turn off the headlight, or any combination thereof. In some embodiments the mobile application further comprises an executable instruction of granting a second user the authorization to control the vehicle. In some embodiments, the vehicle is a push-to-start vehicle. The system of any one of the preceding claims, wherein the second signal further comprises a request from the mobile device to the communication unit for a challenge. In some embodiments, the second signal further comprises the challenge sent from the communication unit to the mobile device. In some embodiments, the first signal further comprises a request to sign the challenge from the mobile device to the internet, cellular network, server, or any combination thereof. In some embodiments, the first signal further comprises a signed challenge from the internet, cellular network, server, or any combination thereof to the mobile device. In some embodiments, the second signal further comprises the signed challenge. In some embodiments, the first signal further comprises a key, and wherein the mobile device signs the challenge with the key. [0006] A second aspect provided herein is method of granting authorization to control a vehicle comprising: a mobile device receiving a first signal, and sending a second signal; the mobile device storing the first signal; a user submitting an input to the mobile device; the mobile device sending a second signal to a communication unit; the communication unit receiving the second signal from the mobile device; the communication unit sending a third signal to a vehicle control module; the vehicle control module receiving the third signal; and the vehicle control module sending a command to a receiver within the vehicle; wherein the first and second signals both comprise a common unique identifier; and wherein the vehicle control module is in wired or wireless connection with the communication unit and the vehicle. In some embodiments, the mobile device sends the second signal to the communication unit without accessing the internet, the cellular network, or the server. In some embodiments, the mobile device receives and stores the first signal before the user submits the input. In some embodiments, the mobile device comprises a variety of one or more mobile devices. In some embodiments, at least one of the vehicle control module and the receiver are associated with a specific vehicle. Some
embodiments further comprise charging at least one of the communication unit and the vehicle control module with an OBD port of the vehicle, a primary battery, a rechargeable battery, an energy generator, or any combination thereof. Some embodiments further comprise the communication unit receiving a fourth signal comprising a vehicle status, from the vehicle. In some embodiments, the communication unit receives the fourth signal from the OBD port of the vehicle. In some embodiments, the vehicle status comprises an OBD code. In some
embodiments, the unique identifier is associated with the vehicle, the receiver, the mobile device, the communication unit, the vehicle control module, or any combination thereof. In some embodiments, the unique identifier comprises an encrypted identifier. In some embodiments, the unique identifier comprises a signed identifier. Some embodiments further comprise the communication unit decrypting the encrypted identifier. In some embodiments the
communication unit is capable of decrypting the encrypted identifier without access to the internet, the cellular network, or the server. Some embodiments further comprise the
communication unit validating the identifier. In some embodiments the communication unit is capable of validating the encrypted identifier without access to the internet, the cellular network, or the server. Some embodiments further comprise the communication unit authenticating the first signal. In some embodiments the mobile device receives the first signal, stores the first signal, and sends the second signal without generating, validating, or decrypting the unique identifier. In some embodiments at least one of the first signal and the second signal further comprises an access time range. In some embodiments the mobile device receives and stores the first signal before receiving the user input. Some embodiments further comprise the communication unit receiving a fifth signal, equivalent to the second signal, from a source other than the mobile device. In some embodiments the source comprises the internet, the cellular network, the server, or any combination thereof. In some embodiments the mobile device receives the first signal from the internet, the cellular network, the server, or any combination thereof. Some embodiments further comprise the communication unit sending a sixth signal to a user, the sixth signal comprising at least one of the sensor data, and a status data correlated to the fourth signal. In some embodiments the communication unit sends the sixth signal to the user via the internet, the cellular network, the server, the mobile device, or any combination thereof. In some embodiments, the sixth signal further comprises a sensor data measured by a sensor. In some embodiments the authorization to control the vehicle comprises authorization to unlock a vehicle door, lock the door, open the door, close the door, open a vehicle trunk, close the trunk, open a vehicle window, close the window, start a vehicle engine, stop the engine, enable a vehicle keyless start, disable the keyless start, start a vehicle air conditioning, stop the air conditioning, sound a vehicle alarm, disarm the alarm, honk a vehicle horn, turn on a vehicle headlight, turn off the headlight, or any combination thereof. Some embodiments further comprise granting a second user the authorization to control the vehicle. In some embodiments the vehicle is a push-to-start vehicle. In some embodiments, the second signal further comprises a request from the mobile device to the communication unit for a challenge. In some
embodiments, the second signal further comprises the challenge sent from the communication unit to the mobile device. In some embodiments, the first signal further comprises a request to sign the challenge from the mobile device to the internet, cellular network, server, or any combination thereof. In some embodiments, the first signal further comprises a signed challenge from the internet, cellular network, server, or any combination thereof to the mobile device. In some embodiments, the second signal further comprises the signed challenge. In some embodiments, the first signal further comprises a key, and wherein the mobile device signs the challenge with the key.
[0007] A third aspect provided herein is a mobile device based system for granting
authorization to control a vehicle comprising: a communication unit; a vehicle control module that is separate and distinct from the communication unit; and a mobile device capable of receiving a user input and a first signal, and sending a second signal, wherein the mobile device comprises at least one mobile application including executable instructions to control the vehicle, wherein the executable instructions comprise: receiving the first signal from an internet, a cellular network, a server, or any combination thereof; storing the first signal; receiving the user input; and sending the second signal to the communication unit in response to receiving the user input; wherein the first and second signals both comprise a common unique identifier; wherein the communication unit is capable of receiving the second signal from the mobile device and sending a third signal to the vehicle control module; and wherein the vehicle control module is capable of receiving the third signal and sending a command to a receiver within the vehicle; and wherein the mobile device is capable of performing the executable instruction of sending the second signal to the communication unit without access to the internet, the cellular network, or the server. In some embodiments, the mobile device is capable of receiving and storing the first signal before receiving the user input. In some embodiments, the communication unit is capable of receiving the second signal from a variety of mobile devices. In some embodiments, the communication unit is capable of sending the third signal to a variety of vehicle control modules. In some embodiments, the vehicle control module is capable of functionally communicating with both the communication unit and the receiver. In some embodiments, at least one of the vehicle control module and the receiver are associated with a specific vehicle. In some embodiments, at least one of the communication unit and the vehicle control module is removably or non- removably mounted to the vehicle. In some embodiments, at least one of the communication unit and the vehicle control module is removably or non-removably mounted to an OBD port of the vehicle. In some embodiments, at least one of the communication unit and the vehicle control module are powered by the OBD port of the vehicle, a primary battery, a rechargeable battery, an energy generator, or any combination thereof. In some embodiments, the communication unit is further capable of receiving a fourth signal comprising a vehicle status, from the vehicle. In some embodiments, wherein the communication unit is capable of receiving the fourth signal from the OBD port of the vehicle. In some embodiments, the communication unit is capable of receiving the fourth signal from a variety of specific vehicles. In some embodiments, the vehicle status comprises an OBD code. In some embodiments, the unique identifier is associated with the vehicle, the receiver, the mobile device, the communication unit, the vehicle control module, or any combination thereof. In some embodiments, the unique identifier comprises an encrypted identifier. In some embodiments, the unique identifier comprises a signed identifier. In some embodiments, the communication unit is further capable of decrypting the encrypted identifier. In some embodiments, the communication unit is capable of decrypting the encrypted identifier without access to the internet, the cellular network, or the server. In some embodiments, the communication unit is further capable of validating the identifier. In some embodiments, the communication unit is capable of validating the identifier without access to the internet, the cellular network, or the server. In some embodiments, the executable instructions further comprises authenticating the first signal. In some embodiments, the mobile device is capable of receiving the first signal, storing the first signal, and sending the second signal without generating, validating, or decrypting the unique identifier. In some embodiments, at least one of the first signal and the second signal further comprises an access time range. In some embodiments, the mobile device is capable of receiving and storing the first signal before receiving the user input. In some embodiments, the executable instructions of the mobile application are configured to receive and store the first signal before receiving the user input. In some embodiments, the communication unit is further capable of receiving a fifth signal, equivalent to the second signal, from a source other than the mobile device. In some
embodiments, source comprises the internet, the cellular network, the server, or any combination thereof. In some embodiments, the mobile device receives the first signal from the internet, the cellular network, the server, or any combination thereof. In some embodiments, the mobile application is capable of performing the executable instruction of sending the second signal to the communication unit without access to the internet, the cellular network, or the server. In some embodiments, the communication unit is further capable of sending a sixth signal to a user, the sixth signal comprising at least one of the sensor data, and a status data correlated to the fourth signal. In some embodiments, the communication unit sends the sixth signal to the user via the internet, the cellular network, the server, the mobile device, or any combination thereof. In some embodiments, the communication unit comprises a sensor capable of measuring a sensor data. In some embodiments, the sensor comprises a GPS sensor, an accelerometer, an
inclinometer, a vibration sensor, a motion detector, a microphone, a camera, or any combination thereof. In some embodiments, the sixth signal further comprises a sensor data measured by the sensor. In some embodiments, the authorization to control the vehicle comprises authorization to unlock a vehicle door, lock the door, open the door, close the door, open a vehicle trunk, close the trunk, open a vehicle window, close the window, start a vehicle engine, stop the engine, enable a vehicle keyless start, disable the keyless start, start a vehicle air conditioning, stop the air conditioning, sound a vehicle alarm, disarm the alarm, honk a vehicle horn, turn on a vehicle headlight, turn off the headlight, or any combination thereof. In some embodiments, the mobile application further comprises an executable instruction of granting a second user the
authorization to control the vehicle. In some embodiments, the vehicle is a push-to-start vehicle. The system of any one of the preceding claims, wherein the second signal further comprises a request from the mobile device to the communication unit for a challenge. In some
embodiments, the second signal further comprises the challenge sent from the communication unit to the mobile device. In some embodiments, the first signal further comprises a request to sign the challenge from the mobile device to the internet, cellular network, server, or any combination thereof. In some embodiments, the first signal further comprises a signed challenge from the internet, cellular network, server, or any combination thereof to the mobile device. In some embodiments, the second signal further comprises the signed challenge. In some embodiments, the first signal further comprises a key, and wherein the mobile device signs the challenge with the key.
[0008] A fourth aspect provided herein is a method of granting authorization to control a vehicle comprising: a mobile device receiving a first signal, and sending a second signal; the mobile device storing the first signal; a user submitting an input to the mobile device; the mobile device sending a second signal to a communication unit; the communication unit receiving the second signal from the mobile device; the communication unit sending a third signal to a vehicle control module; the vehicle control module receiving the third signal; and the vehicle control module sending a command to a receiver within the vehicle; wherein the first and second signals both comprise a common unique identifier; wherein the vehicle control module is in wired or wireless connection with the communication unit and the vehicle; and wherein the mobile device sends the second signal to the communication unit without accessing the internet, the cellular network, or the server In some embodiments, the mobile device receives and stores the first signal before the user submits the input. In some embodiments, the mobile device comprises a variety of one or more mobile devices. In some embodiments, at least one of the vehicle control module and the receiver are associated with a specific vehicle. Some embodiments further comprise charging at least one of the communication unit and the vehicle control module with an OBD port of the vehicle, a primary battery, a rechargeable battery, an energy generator, or any combination thereof. Some embodiments further comprise the communication unit receiving a fourth signal comprising a vehicle status, from the vehicle. In some embodiments, the communication unit receives the fourth signal from the OBD port of the vehicle. In some embodiments, the vehicle status comprises an OBD code. In some embodiments, the unique identifier is associated with the vehicle, the receiver, the mobile device, the communication unit, the vehicle control module, or any combination thereof. In some embodiments, the unique identifier comprises an encrypted identifier. In some embodiments, the unique identifier comprises a signed identifier. Some embodiments further comprise the communication unit decrypting the encrypted identifier. In some embodiments, the communication unit is capable of decrypting the encrypted identifier without access to the internet, the cellular network, or the server. Some embodiments further comprise the communication unit validating the identifier. In some embodiments, the communication unit is capable of validating the identifier without access to the internet, the cellular network, or the server. Some embodiments further comprise the communication unit authenticating the first signal. In some embodiments, the mobile device receives the first signal, stores the first signal, and sends the second signal without generating, validating, or decrypting the unique identifier. In some embodiments, at least one of the first signal and the second signal further comprises an access time range. In some embodiments, the mobile device receives and stores the first signal before receiving the user input. Some embodiments further comprise the communication unit receiving a fifth signal, equivalent to the second signal, from a source other than the mobile device. In some embodiments, the source comprises the internet, the cellular network, the server, or any combination thereof. In some embodiments, the mobile device receives the first signal from the internet, the cellular network, the server, or any combination thereof. Some embodiments further comprise the communication unit sending a sixth signal to a user, the sixth signal comprising at least one of the sensor data, and a status data correlated to the fourth signal. In some embodiments, the communication unit sends the sixth signal to the user via the internet, the cellular network, the server, the mobile device, or any combination thereof. In some embodiments, the sixth signal further comprises a sensor data measured by a sensor. In some embodiments, the authorization to control the vehicle comprises authorization to unlock a vehicle door, lock the door, open the door, close the door, open a vehicle trunk, close the trunk, open a vehicle window, close the window, start a vehicle engine, stop the engine, enable a vehicle keyless start, disable the keyless start, start a vehicle air conditioning, stop the air conditioning, sound a vehicle alarm, disarm the alarm, honk a vehicle horn, turn on a vehicle headlight, turn off the headlight, or any combination thereof.
[0009] Some embodiments further comprise granting a second user the authorization to control the vehicle. In some embodiments, the vehicle is a push-to-start vehicle.
[0010] In another aspect, disclosed herein are computer-implemented methods of granting authorization to control a vehicle comprising: a mobile device receiving a first signal, and sending a second signal; the mobile device storing the first signal; a user submitting an input to the mobile device; the mobile device sending a second signal to a communication unit; the communication unit receiving the second signal from the mobile device; the communication unit sending a third signal to a vehicle control module; the vehicle control module receiving the third signal; and the vehicle control module sending a command to a receiver within the vehicle;
wherein the first and second signals both comprise a common unique identifier; and wherein the vehicle control module is in wired or wireless connection with the communication unit and the vehicle. In some embodiments, the mobile device sends the second signal to the communication unit without accessing the internet, the cellular network, or the server. In some embodiments, the mobile device receives and stores the first signal before the user submits the input. In some embodiments, the mobile device comprises a variety of one or more mobile devices. In some embodiments, at least one of the vehicle control module and the receiver are associated with a specific vehicle. Some embodiments further comprise charging at least one of the
communication unit and the vehicle control module with an OBD port of the vehicle, a primary battery, a rechargeable battery, an energy generator, or any combination thereof. Some embodiments further comprise the communication unit receiving a fourth signal comprising a vehicle status, from the vehicle. In some embodiments, the communication unit receives the fourth signal from the OBD port of the vehicle. In some embodiments, the vehicle status comprises an OBD code. In some embodiments, the unique identifier is associated with the vehicle, the receiver, the mobile device, the communication unit, the vehicle control module, or any combination thereof. In some embodiments, the unique identifier comprises an encrypted identifier. In some embodiments, the unique identifier comprises a signed identifier. Some embodiments further comprise the communication unit decrypting the encrypted identifier. In some embodiments the communication unit is capable of decrypting the encrypted identifier without access to the internet, the cellular network, or the server. Some embodiments further comprise the communication unit validating the identifier. In some embodiments the
communication unit is capable of validating the encrypted identifier without access to the internet, the cellular network, or the server. Some embodiments further comprise the
communication unit authenticating the first signal. In some embodiments the mobile device receives the first signal, stores the first signal, and sends the second signal without generating, validating, or decrypting the unique identifier. In some embodiments at least one of the first signal and the second signal further comprises an access time range. In some embodiments the mobile device receives and stores the first signal before receiving the user input. Some embodiments further comprise the communication unit receiving a fifth signal, equivalent to the second signal, from a source other than the mobile device. In some embodiments the source comprises the internet, the cellular network, the server, or any combination thereof. In some embodiments the mobile device receives the first signal from the internet, the cellular network, the server, or any combination thereof. Some embodiments further comprise the communication unit sending a sixth signal to a user, the sixth signal comprising at least one of the sensor data, and a status data correlated to the fourth signal. In some embodiments the communication unit sends the sixth signal to the user via the internet, the cellular network, the server, the mobile device, or any combination thereof. In some embodiments, the sixth signal further comprises a sensor data measured by a sensor. In some embodiments the authorization to control the vehicle comprises authorization to unlock a vehicle door, lock the door, open the door, close the door, open a vehicle trunk, close the trunk, open a vehicle window, close the window, start a vehicle engine, stop the engine, enable a vehicle keyless start, disable the keyless start, start a vehicle air conditioning, stop the air conditioning, sound a vehicle alarm, disarm the alarm, honk a vehicle horn, turn on a vehicle headlight, turn off the headlight, or any combination thereof. Some embodiments further comprise granting a second user the authorization to control the vehicle. In some embodiments the vehicle is a push-to-start vehicle. In some embodiments, the second signal further comprises a request from the mobile device to the communication unit for a challenge. In some embodiments, the second signal further comprises the challenge sent from the communication unit to the mobile device. In some embodiments, the first signal further comprises a request to sign the challenge from the mobile device to the internet, cellular network, server, or any combination thereof. In some embodiments, the first signal further comprises a signed challenge from the internet, cellular network, server, or any combination thereof to the mobile device. In some embodiments, the second signal further comprises the signed challenge. In some embodiments, the first signal further comprises a key, and wherein the mobile device signs the challenge with the key.
BRIEF DESCRIPTION OF THE DRAWINGS
[0011] The novel features of the disclosure are set forth with particularity in the appended claims. A better understanding of the features and advantages of the present disclosure will be obtained by reference to the following detailed description that sets forth illustrative
embodiments, in which the principles of the disclosure are utilized, and the accompanying drawings of which:
[0012] FIG. 1 shows a non-limiting illustration of an exemplary first mobile device based system for granting authorization to control a vehicle.
[0013] FIG. 2 shows a non-limiting illustration of an exemplary second mobile device based system for granting authorization to control a vehicle.
[0014] FIG. 3 shows an exemplary flowchart for a process of communication unit
configuration.
[0015] FIG. 4 shows an exemplary flowchart for a first process for a new owner activating a communication unit after installation in a vehicle.
[0016] FIG. 5 shows an exemplary flowchart for a first process of connecting to,
authenticating the communication unit.
[0017] FIG. 6 shows an exemplary flowchart for a process of locking and unlocking doors.
[0018] FIG. 7 shows an exemplary flowchart for a second process of connecting to and authenticating the communication unit.
[0019] FIG. 8 shows an exemplary flowchart for a second process for a new owner activating a communication unit after installation in a vehicle.
[0020] FIG. 9 shows an exemplary flowchart for a second process of connecting to and authenticating the communication unit. [0021] FIG. 10 shows an exemplary flowchart of communication signals between an internet or cellular network, a mobile device, a communications unit, a vehicle module, and a receiver within a vehicle.
[0022] FIG. 11 shows a non-limiting example of a digital processing device; in this case, a device with one or more CPUs, a memory, a communication interface, and a display.
[0023] FIG. 12 shows a non-limiting example of a web/mobile application provision system; in this case, a system providing browser-based and/or native mobile user interfaces.
[0024] FIG. 13 shows a non-limiting example of a cloud-based web/mobile application provision system; in this case, a system comprising an elastically load balanced, auto-scaling web server and application server resources as well synchronously replicated databases.
DETAILED DESCRIPTION OF THE INVENTION
[0025] The disclosure provided herein provides for aftermarket devices and systems for car sharing, car rental and ride sharing that are far more scalable and easier to install than current solutions. The disclosure herein further provides a higher level of security by eliminating or reducing the risk of hacking of cellular transmission to a vehicle. The methods and systems herein are applicable for use with all makes and models of vehicles, and minimize the battery drain on the vehicle by utilizing alternative wireless technologies, such Bluetooth Low Energy.
Mobile device based systems for granting authorization to control a vehicle
[0026] Per FIGs. 1 and 2, a mobile device based system for granting authorization to control a vehicle 105 is presented herein comprising a communication unit 103, a vehicle control module 104 that is separate and distinct from the communication unit 103, and a mobile device 102 capable of receiving a user input and a first signal, and sending a second signal. In some embodiments, the mobile device comprises at least one mobile application including executable instructions to control the vehicle 105, wherein the executable instructions comprise receiving the first signal from an internet, a cellular network, a remote server 101, or any combination thereof; storing the first signal; receiving the user input; and sending the second signal to the communication unit 103 in response to receiving the user input. In some embodiments, the first and second signals both comprise a common unique identifier, wherein the communication unit 103 is capable of receiving the second signal from the mobile device 102 and sending a third signal to the vehicle control module 104; and wherein the vehicle control module 104 is capable of receiving the third signal and sending a command to a receiver within the vehicle 105. In some embodiments, per FIG. 1, the communication unit 103 is capable of sending a command to open or close a digital lock 106. [0027] FIG. 1 shows a non-limiting illustration of an exemplary "direct wired" first mobile device based system for granting authorization to control a vehicle. In some embodiments, the remote server 101 comprises a secure web-based service. In some embodiments, the mobile device 102 is carried by the owner or renter and runs an application "app" that is capable of communicating with the remote server 101 and the communication unit 103. The mobile device 102 is not considered trusted and only stores, receives, or transmits encrypted and/or signed data from the remote server 101 and communication unit 103. In some embodiments, established cryptography practices are used to ensure that secure data is not tampered with, stored and sent again later, or copied and sent from an unauthorized mobile device. In some embodiments, the mobile device 102 communicates with the remote server 101 over the internet using secure HTTP or HTTPS with the strongest available TLS version and cipher suite.
[0028] In some embodiments, the communication unit 103, control module 104, and digital lock 106 are installed in the vehicle 105 and are capable of secure data communication and storage. The communication unit 103 validates communication from the mobile unit 102 and controls features of the vehicle 105 through the control module 104.
[0029] In some embodiments, the mobile device 102 communicates with the communication unit 103 using Bluetooth Low Energy (BLE), near-field communication (NFC) or any other short-range wireless technology. This communication path is not considered secure and may be susceptible to sniffing, tampering, and jamming. All data sent over this communication path is thus encrypted and/or signed to prevent spoofing, tampering, or information loss commonly associated with such means of communication.
[0030] In some embodiments, the communication unit 103 is wired to the vehicle 105 to supply power and ground, and comprises an integrated GPS module for tracking vehicle 105 position and speed, and an optional long-range wireless (GSM or LTE) module for reporting position, speed, or other diagnostic or status information to the remote server, either periodically or in real time.
[0031] In some embodiments, the control module 104 is capable of unlocking and locking the doors and controlling other vehicle 105 functions. Some control modules 104 are installed with aftermarket remote starters and car alarms. Bypass modules support a wide range of vehicle 105 models and model years. In some embodiments, the digital lock 106 is a circuit that prevents the vehicle 105 from being started if not authorized by the communication unit 103.
[0032] FIG. 2 shows a non-limiting illustration of an exemplary "plug-and-play" second mobile device based system for granting authorization to control a vehicle. In some
embodiments, the second mobile device based system for granting authorization to control a vehicle is capable of enhanced security during factory configuration, employs a Diffie-Hellman key exchange algorithm to ensure that the potentially insecure manufacturing station does not see the admin key, provides protection against rogue apps and mobile device cloning, and employs strong encryption and hashing algorithms using a true random number generator for enhanced device tampering prevention.
[0033] In the second mobile device based system for granting authorization to control a vehicle, the roles of the remote server 101, mobile device 102, and communication unit 103 are the same as in the first mobile device based system for granting authorization to control a vehicle.
[0034] In some embodiments, the communication unit 103 and vehicle control module 104 are wired to the vehicle control module 104 or connected using a secure wireless technology in the vehicle 105, and are inaccessible to people outside of the vehicle 103. In some embodiments, the communication unit 103 is plugged into the vehicle's OBD-II port for power and also possibly for reading diagnostic and status information such as fuel levels, speed, etc. from the vehicle's communication networks (e.g. CAN bus).
[0035] In some embodiments, the vehicle control module 104 contains similar circuitry that is present in a vehicle's OEM key fob, exposing an interface to enable the communication unit 103 to control the functionality present in the key fob circuitry of locking and unlocking doors, opening the trunk, and/or starting the vehicle. In some embodiments, the interface also allows the communication unit 103 to control the passive start functionality of the key fob circuitry to prevent the vehicle 103 from being started if not authorized by the communication unit 103. In some embodiments, during installation, the vehicle control module is programmed with the vehicle 103 in the same way that a new OEM key fob is added to the vehicle 103, by a dealer or locksmith.
[0036] As the vehicle control module 104 is physically separate from the communication unit 103, the vehicle control module 104 may be manufactured separately by the original equipment manufacturer (OEM), wherein the communication unit 103 does not need to implement proprietary security technology that may be specific to particular vehicle's models or model years.
[0037] In some embodiments, although it is possible to unplug the communication unit 103 and the vehicle control module 104, doing so will prevent the vehicle from being started because the passive start functionality will no longer be powered.
[0038] Per FIG. 10, a mobile device based system for granting authorization to control a vehicle 1005 is presented herein comprising a communication unit 1002, a vehicle control module 1003 that is separate and distinct from the communication unit 1002, and a mobile device 1001 capable of receiving a user input and a first signal 1011, and sending a second signal 1012. In some embodiments, the mobile device 1001 comprises at least one mobile application including executable instructions to control the vehicle 1005, wherein the executable instructions comprise receiving the first signal 1011 from an internet, a cellular network, a server 1006, or any combination thereof; storing the first signal 1011; receiving the user input; and sending the second signal 1012 to the communication unit 1001 in response to receiving the user input. In some embodiments, the first and second signals 1011 1012 both comprise a common unique identifier, wherein the communication unit 1002 is capable of receiving the second signal 1012 from the mobile device 1001 and sending a third signal 1013 to the vehicle control module 1003; and wherein the vehicle control module 1003 is capable of receiving the third signal 1013 and sending a command 1017 to a receiver 1004 within the vehicle 1005.
[0039] In some embodiments, the mobile device 1001 is capable of performing the executable instruction of sending the second signal 1012 to the communication unit 1002 without access to the internet, the cellular network, or the server. In some embodiments, the mobile device 1001 is capable of receiving and storing the first signal 1011 before receiving the user input. In some embodiments, the communication unit 1002 is capable of receiving the second signal 1012 from a variety of mobile devices 1001. In some embodiments, the communication unit 1002 is capable of sending the third signal 1013 to a variety of vehicle control modules 1003. In some embodiments, the vehicle control module 1003 is capable of functionally communicating with both the communication unit 1002 and the receiver 1004. In some embodiments, at least one of the vehicle control module 1003 and the receiver 1004 are associated with a specific vehicle 1005. In some embodiments, at least one of the communication unit 1002 and the vehicle control module 1003 is removably or non-removably mounted to the vehicle 1005. In some
embodiments, at least one of the communication unit 1002 and the vehicle control module 1003 is removably or non-removably mounted to an OBD port of the vehicle 1005. In some embodiments, at least one of the communication unit 1002 and the vehicle control module 1003 are powered by the OBD port of the vehicle 1005, a primary battery, a rechargeable battery, an energy generator, or any combination thereof. In some embodiments, the communication unit 1002 is further capable of receiving a fourth signal 1014 comprising a vehicle status, from the vehicle 1005. In some embodiments, the communication unit 1002 is capable of receiving the fourth signal 1014 from the OBD port of the vehicle 1005. In some embodiments, the communication unit 1002 is capable of receiving the fourth signal 1014 from a variety of specific vehicles 1005. In some embodiments, the vehicle status comprises an OBD code. In some embodiments, the unique identifier is associated with the vehicle 1005, the receiver 1004, the mobile device 1001, the communication unit 1002, the vehicle control module 1003, or any combination thereof. In some embodiments, the unique identifier comprises an encrypted identifier. In some embodiments, the unique identifier comprises a signed identifier. In some embodiments, the communication unit 1002 is further capable of decrypting the encrypted identifier. In some embodiments, the communication unit 1002 is capable of decrypting the encrypted identifier without access to the internet, the cellular network, or the server. In some embodiments, the communication unit 1002 is further capable of validating the identifier. In some embodiments, the communication unit 1002 is capable of validating the encrypted identifier without access to the internet, the cellular network, or the server. In some
embodiments, the mobile device 1001 is capable of receiving the first signal 1011, storing the first signal 1011, and sending the second signal 1012 without generating, validating, or decrypting the unique identifier. In some embodiments, the executable instructions further comprise authenticating the first signal 1011. In some embodiments, at least one of the first signal 1011 and the second signal 1012 further comprises an access time range. In some embodiments, the mobile device 1001 is capable of receiving and storing the first signal 1011 before receiving the user input. In some embodiments, the executable instructions of the mobile application are configured to receive and store the first signal 1011 before receiving the user input. In some embodiments, the communication unit 1002 is further capable of receiving a fifth signal 1015, equivalent to the second signal 1012, from a source other than the mobile device 1001, wherein the source comprises the internet, the cellular network, the server, or any combination thereof. In some embodiments, the mobile device 1001 receives the first signal 1011 from the internet, the cellular network, the server, or any combination thereof. In some embodiments, the mobile application is capable of performing the executable instruction of sending the second signal 1012 to the communication unit 1002 without access to the internet, the cellular network, or the server. In some embodiments, the communication unit 1002 is further capable of sending a sixth signal 1016 to a user, the sixth signal 1016 comprising at least one of the sensor data, and a status data correlated to the fourth signal 1014. In some embodiments, the communication unit 1002 sends the sixth signal 1016 to the user via the internet, the cellular network, the server, the mobile device, or any combination thereof. In some embodiments, the communication unit 1002 comprises a sensor capable of measuring a sensor data comprising a GPS sensor, an accelerometer, an inclinometer, a vibration sensor, a motion detector, a microphone, a camera, or any combination thereof. In some embodiments, the sixth signal 1016 further comprises a sensor data measured by the sensor. In some embodiments, the authorization to control the vehicle 1005 comprises authorization to unlock a vehicle door, lock the door, open the door, close the door, open a vehicle trunk, close the trunk, open a vehicle window, close the window, start a vehicle engine, stop the engine, enable a vehicle keyless start, disable the keyless start, start a vehicle air conditioning, stop the air conditioning, sound a vehicle alarm, disarm the alarm, honk a vehicle horn, turn on a vehicle headlight, turn off the headlight, or any combination thereof. In some embodiments, the mobile application further comprises an executable instruction of granting a second user the authorization to control the vehicle 1005. In some embodiments, the vehicle 1005 is a push-to-start vehicle.
[0040] In some embodiments, unlike many commercially available vehicle control systems, the communication unit does not require a direct communication link with the remote server because a remote link to control door locks or other vehicle functions may be compromised if the remotely server is hacked. As Bluetooth communications may not be secure, data sent over Bluetooth is signed and/or encrypted to prevent a potential attacker from trying to capture and replay, jam, or otherwise tamper with the wireless signals. Further, because a mobile device may be compromised, security policies are enforced within the remote server and the communication unit, and not on the app running on the mobile. As such, in some embodiments, unencrypted data is not stored, received, or sent on the mobile device.
Configuration of the communication unit
[0041] FIG. 3 shows an exemplary flowchart for a process for communication unit configuration, comprising the communication generating a random admin key 301 on its first boot, a manufacturing station connecting to the communication unit 302, and reading the admin key 303, the communication unit sending the admin key 304 to the manufacturing station, the manufacturing station provisioning a new unit in its database 305 and sending a MAC ID and the admin key to a remote server for storage in a database 306, and the manufacturing station sending a lockdown command 307 to the communication unit, which enters production mode and prevents the admin key from being read 308.
[0042] On first boot, the communication unit generates a pseudorandom 128-bit administrative key 301. During the configuration process, the manufacturing station wirelessly connects to the communication unit 302, reads the admin key 303, and sends a request, comprising the unit's unique MAC ID and the admin key that was read, to the remote server to provision the new unit in the database 304. In some embodiments, a visible identifier such as a unit's serial number may also be sent. In some embodiments, the MAC ID is a unique and difficult to spoof identifier that is assigned to the wireless interface when the interface chip is manufactured and presented to other devices over the wireless network.
[0043] In some embodiments, the manufacturing station authenticates with the remote server using a secret API key which is also IP whitelisted by the server, to prevent others from creating fake devices. In some embodiments, prior to shipment, a lockdown command is sent to the unit 307 which enters the unit into production mode 307. In some embodiments, the admin key may no longer be read by anyone, ensuring that it remains secret.
[0044] FIG. 7 shows an exemplary flowchart for a second process of connecting to and authenticating the communication unit comprising the communication generating a random admin key 701 on its first boot, a manufacturing station connecting to the communication unit 702, and reading the admin key 703, the communication unit sending the admin key 704, the manufacturing station creating a new unit in its database 705 and sending a MAC ID and the admin key to a remote server that generates random admin keys, calculates an admin shared secret, and sends a public key 706, the manufacturing station writing a server public key 707, and the communications unit calculating and sorting the admin shared secret 708.
[0045] In some embodiments, the method shown in the exemplary flow chart per FIG. 7 employs the Elliptic Curve Diffie-Hellman key agreement protocol to establish a shared secret between the communication unit and remote server over an insecure channel.
[0046] In some embodiments, on first boot, the communication unit generates random public and private keys using a true random number generator 701. In some embodiments, during the factory configuration process, the manufacturing station connects to the communication unit 702 wirelessly and reads the unit's public key 703, and sends a request to the remote server to provision the new unit in the database 705. In some embodiments, the request comprises the unit's unique MAC ID and the public key that was read, and a visible identifier such as a unit's serial number.
[0047] In some embodiments, the remote server then generates its own random public and private keys for the unit, calculates the admin key using the server's public and private keys and the communication unit's public key, and sends back the server's public key 706. In some embodiments, the mobile device then forwards the server's public key to the communication unit 707, enabling the unit to calculate and store the admin key 708.
New owner post-installation activation
[0048] FIG. 4 shows an exemplary flowchart for a first "owner claim" process for new owner post-installation activation, comprising a mobile device receiving user credentials and logging into the server 401, the remote server authenticating the user and sending a token 402 to the mobile device which scans for nearby communication units and obtains their MAC IDs 403, receives a user pin 404, establishes connection with the communication unit 405, and requests an admin authentication challenge 406, the communication unit generating a random challenge 407, the mobile devices sending a MAC ID. PIN to request that the challenge is signed 408, the remote server signing the challenge with the admin key 409, the mobile device authenticating the signed challenge 410, the communication unit validating the signature 411, the mobile device downloading a key 412, the remote server generating random keys, which are stored in the database and sent in encrypted form to the mobile device 413, which assigns the keys 414, and the communication unit decrypting and storing the keys 415.
[0049] Per the owner claim process in FIG. 4, where a newly installed unit is activated, after installation, the owner may be provided with a welcome card identifying the communication unit's MAC ID and unique PIN code. In some embodiments, the owner claim process is executed when the owner has Internet connectivity and is within short-range wireless range of the communication unit. In some embodiments, the owner begins the process by logging into the app on the mobile device 401. In addition to the user credentials, the app also sends the mobile device's AppID in the login request to the remote server. In some embodiments, the AppID is a unique identifier for the app running on the particular mobile device, wherein the contents of the mobile device are backed up and restored on a different mobile device, or if the mobile device is wiped and the app is reinstalled, the AppID will change. In some embodiments, if the remote server detects a user login with a new AppID, it assumes the user is logging in with a different mobile device and triggers re-verification of the user's email address and phone number.
[0050] After a successful login, the remote server responds with a session token after validating the owner's credentials 402, the app scans for nearby communication units 403, and the owner identifies the unit with the matching MAC ID and enters the PIN from the welcome card 404.
[0051] In some embodiments, the app then establishes a wireless connection to the
communication unit 405. The app requests an admin-level authentication challenge from the communication unit 406 which the unit generates pseudorandomly 407. The app then asks the remote server to sign the challenge, passing along the challenge, MAC ID, and PIN 408. If the PIN matches the expected value for the corresponding MAC ID, the server signs the challenge 409 with the unit's admin key and returns the signature to the app. The app then sends the signature to the communication unit 410. If the unit verifies that the signature matches the expected signature (as calculated internally by the unit), the connection is considered authenticated with the admin access level 410. During this process the admin key may not disclosed to the mobile device.
[0052] In some embodiments, the challenge-response approach avoids having to send keys in plain text. In some embodiments, a challenge is 128 bits in length and expires after about ten seconds. In some embodiments, challenges are signed using a keyed-hash message
authentication code (HMAC). In some embodiments, each message (characteristic) type that the communication unit supports has a required access level for read operations and a required access level for write operations, wherein the four possible access levels comprise admin, primary, secondary, and shared levels. In some embodiments, admin keys are used during the owner claim process, primary keys are used by the owner, and secondary keys and shared keys are similar, except that shared keys are time-limited.
[0053] In some embodiments, after authenticating with the communication unit, the app downloads the primary, secondary, and shared keys from the remote server 411, the remote server generates the keys pseudorandomly, stores the keys in the database, and sends the keys back to the app in encrypted form 412. In some embodiments, the keys are encrypted using AES- 128 with the admin key, to prevent the keys from being disclosed to the app or during wireless transmission to the communication unit. In some embodiments, the app sends the encrypted keys to the communication unit 413 which then decrypts and stores the keys 414.
[0054] FIG. 8 shows an exemplary flowchart for a second "owner claim" process wherein a new owner activates a communication unit after installation in a vehicle comprising the user entering credentials and logging into the server 801 through the mobile device, the remote server authenticating the user and sending a token 802, the mobile device scanning for nearby communications units and obtaining lists of MAC IDs 803, receiving a user unit selection and pin 804, establishing connection to the communication unit 805, creating a communication session 806, and sending a MAC ID to the remote server which generates a random owner key, encrypts a package containing the owner key and the AppID using an admin shared secret 807, the mobile device forwarding the encrypted admin package and signing the package with the AppID 808, the communication unit verifying that the AppID matches the signature 809, storing the owner key, and encrypting the package 810, and the mobile device forwarding the package 811 to the remote server, which stores the owner's AppID and MAC ID 812.
[0055] In some embodiments, the second "owner claim" process, per FIG. 8, up to the wireless connection being established between the mobile device and the communication unit 805, is identical to the second "owner claim" process. In some embodiments, after the connection to the communication unit is established, the app requests the remote server to establish a new encrypted communication session with the communication unit 806, passing along the MAC ID and PIN. In some embodiments, if the PIN matches the expected value for the corresponding MAC ID, the server generates a random primary key then encrypts a package containing the primary key and owner's current AppID using the admin key generated during the factory configuration process 807.
[0056] In some embodiments, a package comprises a message sent between the remote server and communication unit that cannot be inspected by the mobile device, wherein the mobile device passes the package along to the communication unit. In some embodiments, during the owner claim process the package that initiates the communication session is signed with the admin key, wherein subsequent packages are signed using the primary key.
[0057] In some embodiments, after the mobile device receives the encrypted package the mobile devices signs the package with its AppID and sends the package to the communication unit 808, wherein the communication unit decrypts the package using the admin key and verifies that the AppID in the package matches the AppID in the signature 809 to ensure that the package was sent by the same mobile device that was authorized by the remote server.
[0058] In some embodiments, the communication unit then stores the primary key and encrypts a new package containing the mobile device's MAC ID 8010. The package is encrypted using the primary key. In some embodiments, the app forwards the package to the remote server
8011 which then stores the association between the AppID and the mobile device's MAC ID in the database.
Connecting the communications unit
[0059] FIG. 5 shows an exemplary flowchart for a first process of connecting to and authenticating the communication unit comprising the mobile device receiving user credentials and logging into the server 501, the server authenticating the user and sending a token and a vehicle key 502 to the mobile device, which stores the key 503, the mobile device connecting to a vehicle 504, establishing a connection to the communication unit 505 and requesting an authentication challenge 506, the communication unit generating a random challenge 507, the mobile device signing the challenge with the key 508 and authenticating the key with the signed challenge 509, and the communications unit validating the signature 510 and authenticating the connection 511.
[0060] In some embodiments, the exemplary connection processes shown in flowchart of FIG. 5, is followed for all connections to the communication unit except for during the owner claim process.
[0061] In some embodiments, the user initiates the process by logging into the app on the mobile device 501. In some embodiments, the remote server responds with a session token after validating the user's credentials 502, and sends back all of the vehicle keys to the user. In some embodiments, the app encrypts and stores the keys in the app's secure storage 503 for potential later offline use.
[0062] In some embodiments, the rest of the connection process in FIG. 5 may occur with or without the mobile device having an Internet connection as long as the user has logged in and downloaded his or her keys, which is advantageous because a vehicle may be parked
underground or in a remote location without cell connectivity. [0063] In some embodiments, after the user selects the vehicle and initiates connection 504, the app establishes a wireless connection to the communication unit 505 and requests an authentication challenge from the communication unit 506,which the communications unit generates pseudorandomly 507. In some embodiments, the challenge is specific to the access level of the user's key. In some embodiments, the app then signs the challenge using the key that was downloaded from the server 508 and sends the signature to the communication unit 509. In some embodiments, if the communications unit verifies that the signature matches the expected signature 510, the connection is considered authenticated with the appropriate access level 511.
[0064] In some embodiments, shared keys are intended to be temporary and not reusable, even if the app or mobile device are compromised, wherein when shared keys are shared, the key is hashed together with an index by the remote server using a HMAC, which is incremented each time the key is shared. In some embodiments, during the owner claim process, the original (non- indexed) base key is encrypted and sent to the communication unit. In some embodiments of the shared key connection process, the hashed key is downloaded to the mobile device. In some embodiments, the communication unit independently maintains its own index based on the previously verified index, and increments its internal index up to 256 iterations past the current index when the signature is verified, generating a signature, and comparing it to the app's signature at each iteration. In some embodiments, if any of the generated signatures match, the app's signature is considered valid, otherwise, if the app sends a signature generated with a lower index value, validation will fail. Due to the mathematical nature of the HMAC algorithm, it is practically impossible to recover the base shared key from the signature or to change the index after the signature has been calculated. This effectively prevents past renters from reusing their key.
[0065] FIG. 9 shows an exemplary flowchart for a second process of connecting to and authenticating the communication unit comprising the mobile device receiving user credentials and AppID, and logging into the server 901, the remote server authenticating the user, sending a visual token and vehicle keys 902, and encrypting a package containing the access control list (ACL) and the phone's AppID using the owner's key 903, the mobile device storing the keys and ACL packages 904, the mobile device connecting to a vehicle 905, establishing connection to a communication unit 906, and forwarding the encrypted ACL package that is signed with the AppID 907, the communications unit decrypting the package and updating the ACL 908, verifying that the AppID matches the signature 909, verifying the phone's MAC ID if the ACL contains the MAC ID 910, authenticating the connection 911, encrypting the package containing the phone's MAC ID using the owner's key if the MAC ID is not in the ACL 912, the mobile device forwarding the encrypted package 913, and the remote server storing the user's AppID and MAC ID 914.
Locking and unlocking methods
[0066] FIG. 6 shows an exemplary flowchart for a process of locking a door comprising a user generating a lock doors command 601 through the mobile device, which generates a random challenge 602, and sends a lock door command 603 comprising a challenge to the
communication unit which, upon receiving the lock doors command 604, sends an instruction to the vehicle control module to lock the doors 605, and signs the challenge with a key 606, wherein the mobile device validates the signature 607.
[0067] FIG. 6 further shows an exemplary flowchart for a process of unlocking a door comprising a user generating a lock doors command 608 through the mobile device, which requests a random challenge 609, the communication unit generating a random challenge 610, the mobile device signing the challenge with the key 611 and sending an unlock door command 612 comprising a signature to the communication unit which validates the signature 613 and sends an unlock door command 614 to the vehicle control module to unlock the doors 615.
[0068] As Bluetooth connections may not be secure, a challenge and response protocol is used in some embodiments for locking and unlocking doors. This approach prevents jamming and replay attacks and attempts to tamper with the data from being successful. For example, an unlock command might be captured over the air by an attacker and replayed later to unlock the vehicle. As another example, a lock command might be jammed, preventing the command from reaching the communication unit and leaving the vehicle unlocked.
[0069] In some embodiments, during the lock process 601, the app generates a pseudorandom challenge 602 and sends it to the communication unit 603. In some embodiments, after the communications unit instructs the vehicle control module to lock the doors 604, the
communications unit signs the challenge with same key used in the connection process 606, and the app validates the signature 607. In some embodiments, if the app fails to validate the signature the app may conclude that a "man-in-the-middle" intercepted or jammed the command and that the doors were not locked as intended.
[0070] In some embodiments, during the unlock process 608, the app requests an unlock challenge from the communication unit 609. In some embodiments, the communications unit generates a pseudorandom challenge 610 which the app then signs 611 and sends back 612, wherein if the communications unit successfully validates the signature 612, the communications unit sends the command to the vehicle control module to unlock the doors 614. By involving a pseudorandom challenge with a ten-second timeout, an attacker capturing and replaying the signature will fail to unlock the doors. Similar processes may be used for enabling and disabling the digital lock that prevents the vehicle from being started.
[0071] FIG. 9 shows an exemplary flowchart for a second process of connecting to and authenticating the communication unit comprising the mobile device receiving user credentials and AppID, and logging into the server 901, the remote server authenticating the user, sending a visual token and vehicle keys 902, and encrypting a package containing the access control list (ACL) and the phone's AppID using the owner's key 903, the mobile device storing the keys and ACL packages 904, the mobile device connecting to a vehicle 905, establishing connection to a communication unit 906, and forwarding the encrypted ACL package that is signed with the AppID 907, the communications unit decrypting the package and updating the ACL 908, verifying that the AppID matches the signature 909, verifying the phone's MAC ID if the ACL contains the MAC ID 910, authenticating the connection 911, encrypting the package containing the phone's MAC ID using the owner's key if the MAC ID is not in the ACL 912, the mobile device forwarding the encrypted package 913, and the remote server storing the user's AppID and MAC ID 914.
[0072] In some embodiments, the second process of connecting to and authenticating the communication unit comprises the logging into the app on the mobile device 901, The remote server responding with a session token after validating the user's credentials 902, and the remote server sending back data for all of the vehicle keys to which the user has access 903.
[0073] In some embodiments, the key data also includes encrypted packages containing an access control list (ACL) for each communication unit along with the user's current AppID, wherein the ACL comprises a table of multiple records, each consisting of an AppID, the mobile device's MAC ID, and the access level, and wherein the ACL is tagged with an incrementing version number. In some embodiments, a record would be included for the owner and all keys that have been shared, wherein the MAC ID is only included if it is known; that is, if a communication unit has previously communicated with the specific mobile device.
[0074] Storing the AppID to MAC ID associations in the database and including them in the ACL provides additional assurance that user data is not being transferred between mobile devices without authorization from the remote server. Both the AppID and MAC ID are required because some mobile device operating systems do not allow apps to query their own MAC IDs.
[0075] In some embodiments, the key data is stored on the mobile device 904 for potential later offline use, wherein the sensitive data is no longer encrypted (and not decryptable by the app) we no longer need to rely on the app to store it securely. In some embodiments, steps 905 to 913 may occur with or without the mobile device having an Internet connection. [0076] In some embodiments, after the user selects the vehicle and initiates connection 905, the app establishes a wireless connection to the communication unit 906. The app then forwards the encrypted ACL to the communication unit, signing the package with its AppID 907. The communication unit decrypts the package and stores the ACL if the version number is higher than the last version number that was received 908. In some embodiments, the unit also verifies that the AppID in the package matches the AppID in the signature 909, wherein if the MAC ID corresponding to the current mobile device's AppID is included in the ACL, the unit verifies that the connected mobile device's MAC ID matches the ACL MAC ID 910. If these verification steps are successful, the connection is considered authenticated with the appropriate access level 911
[0077] In some embodiments, if the MAC ID corresponding to the current mobile device's AppID is not included in the ACL, the communication unit encrypts a new package containing the mobile device's MAC ID 912, and the app forwards this package to the remote server 913 and the remote server stores the association between the AppID and the mobile device's MAC ID in the database.
[0078] In some embodiments, the above mentioned methods and systems for locking and unlocking a vehicle can be employed with the first or second mobile device based systems for granting authorization to control a vehicle.
Terms and Definitions
[0079] Unless otherwise defined, all technical terms used herein have the same meaning as commonly understood by one of ordinary skill in the art to which this disclosure belongs.
[0080] As used herein, the singular forms "a," "an," and "the" include plural references unless the context clearly dictates otherwise. Any reference to "or" herein is intended to encompass "and/or" unless otherwise stated.
[0081] As used herein, the term "about" refers to an amount that is near the stated amount by about 10%, 5%, or 1%, including increments therein.
[0082] As used herein, the term "vehicle" refers to a mobile machine that transports people or cargo, such as, for example, a wagon, a bicycle, a motor vehicle, a motorcycle, a car, a truck, a bus, a railed vehicle, a train, a tram, a watercraft, a ship, a boat, an aircraft or a spacecraft. In some embodiments, a vehicle comprises a door, a trunk, a window, an engine, a window, an air conditioning system, a horn, and a headlight.
[0083] As used herein, the term "mobile device" refers to a mobile computing device such as, for example, a laptop computer, a notebook computer, a sub -notebook computer, a netbook computer, a netpad computer, a set-top computer, a media streaming device, a handheld computer, an Internet appliance, a mobile smartphone, a tablet computer, a personal digital assistant, or a video game console.
[0084] As used herein, the term "OBD port" refers to an on-board diagnostics port built into may vehicles that enables the vehicle to send a signal comprising a diagnosis or a status. In some embodiments, the OBD port is further capable of acting as a source of power.
[0085] As used herein, the term "access time range" refers to a specific time and/or date range wherein an item or resource can be accessed by a user.
[0086] As used herein, the term "push-to-start vehicle" refers to vehicle wherein ignition does not require a physical key, and wherein the engine can be turned on by the push of a button. In some embodiments, a push-to-start vehicle comprises a system to detect the proximity or signal from a key fob or authenticating device before starting the engine of the vehicle.
Digital processing device
[0087] In some embodiments, the platforms, systems, media, and methods described herein include a digital processing device, or use of the same. In further embodiments, the digital processing device includes one or more hardware central processing units (CPUs) or general purpose graphics processing units (GPGPUs) that carry out the device's functions. In still further embodiments, the digital processing device further comprises an operating system configured to perform executable instructions. In some embodiments, the digital processing device is optionally connected a computer network. In further embodiments, the digital processing device is optionally connected to the Internet such that it accesses the World Wide Web. In still further embodiments, the digital processing device is optionally connected to a cloud computing infrastructure. In other embodiments, the digital processing device is optionally connected to an intranet. In other embodiments, the digital processing device is optionally connected to a data storage device.
[0088] In accordance with the description herein, suitable digital processing devices include, by way of non-limiting examples, server computers, desktop computers, laptop computers, notebook computers, sub-notebook computers, netbook computers, netpad computers, set-top computers, media streaming devices, handheld computers, Internet appliances, mobile smartphones, tablet computers, personal digital assistants, video game consoles, and vehicles. Those of skill in the art will recognize that many smartphones are suitable for use in the system described herein. Those of skill in the art will also recognize that select televisions, video players, and digital music players with optional computer network connectivity are suitable for use in the system described herein. Suitable tablet computers include those with booklet, slate, and convertible configurations, known to those of skill in the art. [0089] In some embodiments, the digital processing device includes an operating system configured to perform executable instructions. The operating system is, for example, software, including programs and data, which manages the device's hardware and provides services for execution of applications. Those of skill in the art will recognize that suitable server operating systems include, by way of non-limiting examples, FreeBSD, OpenBSD, NetBSD®, Linux, Apple® Mac OS X Server®, Oracle® Solaris®, Windows Server®, and Novell® NetWare®. Those of skill in the art will recognize that suitable personal computer operating systems include, by way of non-limiting examples, Microsoft® Windows®, Apple® Mac OS X®, UNIX®, and UNIX- like operating systems such as GNU/Linux®. In some embodiments, the operating system is provided by cloud computing. Those of skill in the art will also recognize that suitable mobile smart phone operating systems include, by way of non-limiting examples, Nokia® Symbian® OS, Apple® iOS®, Research In Motion® BlackBerry OS®, Google® Android®, Microsoft® Windows Phone® OS, Microsoft® Windows Mobile® OS, Linux®, and Palm® WebOS®. Those of skill in the art will also recognize that suitable media streaming device operating systems include, by way of non-limiting examples, Apple TV®, Roku®, Boxee®, Google TV®, Google Chromecast®, Amazon Fire®, and Samsung® HomeSync®. Those of skill in the art will also recognize that suitable video game console operating systems include, by way of non-limiting examples, Sony® PS3®, Sony® PS4®, Microsoft® Xbox 360®, Microsoft Xbox One, Nintendo® Wii®, Nintendo® Wii U®, and Ouya®.
[0090] In some embodiments, the device includes a storage and/or memory device. The storage and/or memory device is one or more physical apparatuses used to store data or programs on a temporary or permanent basis. In some embodiments, the device is volatile memory and requires power to maintain stored information. In some embodiments, the device is non-volatile memory and retains stored information when the digital processing device is not powered. In further embodiments, the non-volatile memory comprises flash memory. In some embodiments, the non-volatile memory comprises dynamic random-access memory (DRAM). In some embodiments, the non-volatile memory comprises ferroelectric random access memory (FRAM). In some embodiments, the non-volatile memory comprises phase-change random access memory (PRAM). In other embodiments, the device is a storage device including, by way of non-limiting examples, CD-ROMs, DVDs, flash memory devices, magnetic disk drives, magnetic tapes drives, optical disk drives, and cloud computing based storage. In further embodiments, the storage and/or memory device is a combination of devices such as those disclosed herein.
[0091] In some embodiments, the digital processing device includes a display to send visual information to a user. In some embodiments, the display is a liquid crystal display (LCD). In further embodiments, the display is a thin film transistor liquid crystal display (TFT-LCD). In some embodiments, the display is an organic light emitting diode (OLED) display. In various further embodiments, on OLED display is a passive-matrix OLED (PMOLED) or active-matrix OLED (AMOLED) display. In some embodiments, the display is a plasma display. In other embodiments, the display is a video projector. In yet other embodiments, the display is a head- mounted display in communication with the digital processing device, such as a VR headset. In further embodiments, suitable VR headsets include, by way of non-limiting examples, HTC Vive, Oculus Rift, Samsung Gear VR, Microsoft HoloLens, Razer OSVR, FOVE VR, Zeiss VR One, Avegant Glyph, Freefly VR headset, and the like. In still further embodiments, the display is a combination of devices such as those disclosed herein.
[0092] In some embodiments, the digital processing device includes an input device to receive information from a user. In some embodiments, the input device is a keyboard. In some embodiments, the input device is a pointing device including, by way of non-limiting examples, a mouse, trackball, track pad, joystick, game controller, or stylus. In some embodiments, the input device is a touch screen or a multi-touch screen. In other embodiments, the input device is a microphone to capture voice or other sound input. In other embodiments, the input device is a video camera or other sensor to capture motion or visual input. In further embodiments, the input device is a Kinect, Leap Motion, or the like. In still further embodiments, the input device is a combination of devices such as those disclosed herein.
[0093] Referring to FIG. 11, in a particular embodiment, a digital processing device 1101 is programmed or otherwise configured to grant authorization to control a vehicle. In this embodiment, the digital processing device 1101 includes a central processing unit (CPU, also "processor" and "computer processor" herein) 1105, which is optionally a single core, a multi core processor, or a plurality of processors for parallel processing. The digital processing device 1101 also includes memory or memory location 1110 (e.g., random-access memory, read-only memory, flash memory), electronic storage unit 1115 (e.g., hard disk), communication interface 1120 (e.g., network adapter) for communicating with one or more other systems, and peripheral devices 1125, such as cache, other memory, data storage and/or electronic display adapters. The memory 1110, storage unit 1115, interface 1120 and peripheral devices 1125 are in
communication with the CPU 1105 through a communication bus (solid lines), such as a motherboard. The storage unit 1115 comprises a data storage unit (or data repository) for storing data. The digital processing device 1101 is optionally operatively coupled to a computer network ("network") 1130 with the aid of the communication interface 1120. The network 1130, in various cases, is the internet, an internet, and/or extranet, or an intranet and/or extranet that is in communication with the internet. The network 1130, in some cases, is a telecommunication and/or data network. The network 1130 optionally includes one or more computer servers, which enable distributed computing, such as cloud computing. The network 1130, in some cases, with the aid of the device 1101, implements a peer-to-peer network, which enables devices coupled to the device 1101 to behave as a client or a server.
[0094] Continuing to refer to FIG. 11, the CPU 1105 is configured to execute a sequence of machine-readable instructions, embodied in a program, application, and/or software. The instructions are optionally stored in a memory location, such as the memory 1110. The instructions are directed to the CPU 105, which subsequently program or otherwise configure the CPU 1105 to implement methods of the present disclosure. Examples of operations performed by the CPU 1105 include fetch, decode, execute, and write back. The CPU 1105 is, in some cases, part of a circuit, such as an integrated circuit. One or more other components of the device 1101 are optionally included in the circuit. In some cases, the circuit is an application specific integrated circuit (ASIC) or a field programmable gate array (FPGA).
[0095] Continuing to refer to FIG. 11, the storage unit 1115 optionally stores files, such as drivers, libraries and saved programs. The storage unit 1115 optionally stores user data, e.g., user preferences and user programs. The digital processing device 1101, in some cases, includes one or more additional data storage units that are external, such as located on a remote server that is in communication through an intranet or the internet.
[0096] Continuing to refer to FIG. 11, the digital processing device 1101 optionally communicates with one or more remote computer systems through the network 1130. For instance, the device 1101 optionally communicates with a remote computer system of a user. Examples of remote computer systems include personal computers (e.g., portable PC), slate or tablet PCs (e.g., Apple® iPad, Samsung® Galaxy Tab, etc.), smartphones (e.g., Apple® iPhone, Android-enabled device, Blackberry®, etc.), or personal digital assistants.
[0097] Methods as described herein are optionally implemented by way of machine (e.g., computer processor) executable code stored on an electronic storage location of the digital processing device 101, such as, for example, on the memory 1110 or electronic storage unit 1115. The machine executable or machine readable code is optionally provided in the form of software. During use, the code is executed by the processor 1105. In some cases, the code is retrieved from the storage unit 1115 and stored on the memory 1110 for ready access by the processor 1105. In some situations, the electronic storage unit 1115 is precluded, and machine- executable instructions are stored on the memory 1110.
Non-transitory computer readable storage medium
[0098] In some embodiments, the platforms, systems, media, and methods disclosed herein include one or more non-transitory computer readable storage media encoded with a program including instructions executable by the operating system of an optionally networked digital processing device. In further embodiments, a computer readable storage medium is a tangible component of a digital processing device. In still further embodiments, a computer readable storage medium is optionally removable from a digital processing device. In some embodiments, a computer readable storage medium includes, by way of non-limiting examples, CD-ROMs, DVDs, flash memory devices, solid state memory, magnetic disk drives, magnetic tape drives, optical disk drives, cloud computing systems and services, and the like. In some cases, the program and instructions are permanently, substantially permanently, semi-permanently, or non- transitorily encoded on the media.
Computer program
[0099] In some embodiments, the platforms, systems, media, and methods disclosed herein include at least one computer program, or use of the same. A computer program includes a sequence of instructions, executable in the digital processing device's CPU, written to perform a specified task. Computer readable instructions may be implemented as program modules, such as functions, objects, Application Programming Interfaces (APIs), data structures, and the like, that perform particular tasks or implement particular abstract data types. In light of the disclosure provided herein, those of skill in the art will recognize that a computer program may be written in various versions of various languages.
[00100] The functionality of the computer readable instructions may be combined or distributed as desired in various environments. In some embodiments, a computer program comprises one sequence of instructions. In some embodiments, a computer program comprises a plurality of sequences of instructions. In some embodiments, a computer program is provided from one location. In other embodiments, a computer program is provided from a plurality of locations. In various embodiments, a computer program includes one or more software modules. In various embodiments, a computer program includes, in part or in whole, one or more web applications, one or more mobile applications, one or more standalone applications, one or more web browser plug-ins, extensions, add-ins, or add-ons, or combinations thereof.
Web application
[00101] In some embodiments, a computer program includes a web application. In light of the disclosure provided herein, those of skill in the art will recognize that a web application, in various embodiments, utilizes one or more software frameworks and one or more database systems. In some embodiments, a web application is created upon a software framework such as Microsoft® .NET or Ruby on Rails (RoR). In some embodiments, a web application utilizes one or more database systems including, by way of non-limiting examples, relational, non-relational, object oriented, associative, and XML database systems. In further embodiments, suitable relational database systems include, by way of non-limiting examples, Microsoft® SQL Server, mySQL™, and Oracle®. Those of skill in the art will also recognize that a web application, in various embodiments, is written in one or more versions of one or more languages. A web application may be written in one or more markup languages, presentation definition languages, client-side scripting languages, server-side coding languages, database query languages, or combinations thereof. In some embodiments, a web application is written to some extent in a markup language such as Hypertext Markup Language (HTML), Extensible Hypertext Markup Language (XHTML), or extensible Markup Language (XML). In some embodiments, a web application is written to some extent in a presentation definition language such as Cascading Style Sheets (CSS). In some embodiments, a web application is written to some extent in a client-side scripting language such as Asynchronous Javascript and XML (AJAX), Flash® Actionscript, Javascript, or Silverlight®. In some embodiments, a web application is written to some extent in a server-side coding language such as Active Server Pages (ASP), ColdFusion®, Perl, Java™, JavaServer Pages (JSP), Hypertext Preprocessor (PHP), Python™, Ruby, Tel, Smalltalk, WebDNA®, or Groovy. In some embodiments, a web application is written to some extent in a database query language such as Structured Query Language (SQL). In some embodiments, a web application integrates enterprise server products such as IBM® Lotus Domino®. In some embodiments, a web application includes a media player element. In various further embodiments, a media player element utilizes one or more of many suitable multimedia technologies including, by way of non-limiting examples, Adobe® Flash®, HTML 5, Apple® QuickTime®, Microsoft® Silverlight®, Java™, and Unity®.
[00102] Referring to FIG. 12, in a particular embodiment, an application provision system comprises one or more databases 1200 accessed by a relational database management system (RDBMS) 1210. Suitable RDBMSs include Firebird, MySQL, PostgreSQL, SQLite, Oracle Database, Microsoft SQL Server, IBM DB2, IBM Informix, SAP Sybase, SAP Sybase, Teradata, and the like. In this embodiment, the application provision system further comprises one or more application severs 1220 (such as Java servers, .NET servers, PHP servers, and the like) and one or more web servers 1230 (such as Apache, IIS, GWS and the like). The web server(s) optionally expose one or more web services via app application programming interfaces (APIs) 1240. Via a network, such as the internet, the system provides browser-based and/or mobile native user interfaces.
[00103] Referring to FIG. 13, in a particular embodiment, an application provision system alternatively has a distributed, cloud-based architecture 1300 and comprises elastically load balanced, auto-scaling web server resources 1310, and application server resources 1320 as well synchronously replicated databases 1330.
Mobile Application
[00104] In some embodiments, a computer program includes a mobile application provided to a mobile digital processing device. In some embodiments, the mobile application is provided to a mobile digital processing device at the time it is manufactured. In other embodiments, the mobile application is provided to a mobile digital processing device via the computer network described herein.
[00105] In view of the disclosure provided herein, a mobile application is created by techniques known to those of skill in the art using hardware, languages, and development environments known to the art. Those of skill in the art will recognize that mobile applications are written in several languages. Suitable programming languages include, by way of non-limiting examples, C, C++, C#, Objective-C, Java™, Javascript, Pascal, Object Pascal, Python™, Ruby, VB.NET, WML, and XHTML/HTML with or without CSS, or combinations thereof.
[00106] Suitable mobile application development environments are available from several sources. Commercially available development environments include, by way of non-limiting examples, AirplaySDK, alcheMo, Appcelerator®, Celsius, Bedrock, Flash Lite, .NET Compact Framework, Rhomobile, and WorkLight Mobile Platform. Other development environments are available without cost including, by way of non-limiting examples, Lazarus, MobiFlex, MoSync, and Phonegap. Also, mobile device manufacturers distribute software developer kits including, by way of non-limiting examples, iPhone and iPad (iOS) SDK, Android™ SDK, BlackBerry® SDK, BREW SDK, Palm® OS SDK, Symbian SDK, webOS SDK, and Windows® Mobile SDK.
[00107] Those of skill in the art will recognize that several commercial forums are available for distribution of mobile applications including, by way of non-limiting examples, Apple® App Store, Google® Play, Chrome WebStore, BlackBerry® App World, App Store for Palm devices, App Catalog for webOS, Windows® Marketplace for Mobile, Ovi Store for Nokia® devices, Samsung® Apps, and Nintendo® DSi Shop.
Standalone Application
[00108] In some embodiments, a computer program includes a standalone application, which is a program that is run as an independent computer process, not an add-on to an existing process, e.g., not a plug-in. Those of skill in the art will recognize that standalone applications are often compiled. A compiler is a computer program(s) that transforms source code written in a programming language into binary object code such as assembly language or machine code. Suitable compiled programming languages include, by way of non-limiting examples, C, C++,
Objective-C, COBOL, Delphi, Eiffel, Java™, Lisp, Python™, Visual Basic, and VB .NET, or combinations thereof. Compilation is often performed, at least in part, to create an executable program. In some embodiments, a computer program includes one or more executable complied applications.
Web Browser Plug-in
[00109] In some embodiments, the computer program includes a web browser plug-in (e.g., extension, etc.). In computing, a plug-in is one or more software components that add specific functionality to a larger software application. Makers of software applications support plug-ins to enable third-party developers to create abilities which extend an application, to support easily adding new features, and to reduce the size of an application. When supported, plug-ins enables customizing the functionality of a software application. For example, plug-ins are commonly used in web browsers to play video, generate interactivity, scan for viruses, and display particular file types. Those of skill in the art will be familiar with several web browser plug-ins including, Adobe® Flash® Player, Microsoft® Silverlight®, and Apple® QuickTime®.
[00110] In view of the disclosure provided herein, those of skill in the art will recognize that several plug-in frameworks are available that enable development of plug-ins in various programming languages, including, by way of non-limiting examples, C++, Delphi, Java™, PHP, Python™, and VB .NET, or combinations thereof.
[00111] Web browsers (also called Internet browsers) are software applications, designed for use with network-connected digital processing devices, for retrieving, presenting, and traversing information resources on the World Wide Web. Suitable web browsers include, by way of non- limiting examples, Microsoft® Internet Explorer®, Mozilla® Firefox®, Google® Chrome, Apple® Safari®, Opera Software® Opera®, and KDE Konqueror. In some embodiments, the web browser is a mobile web browser. Mobile web browsers (also called mircrobrowsers, mini-browsers, and wireless browsers) are designed for use on mobile digital processing devices including, by way of non-limiting examples, handheld computers, tablet computers, netbook computers, subnotebook computers, smartphones, music players, personal digital assistants (PDAs), and handheld video game systems. Suitable mobile web browsers include, by way of non-limiting examples, Google® Android® browser, RFM BlackBerry® Browser, Apple® Safari®, Palm® Blazer, Palm® WebOS® Browser, Mozilla® Firefox® for mobile, Microsoft® Internet Explorer® Mobile, Amazon® Kindle® Basic Web, Nokia® Browser, Opera Software® Opera® Mobile, and Sony® PSP™ browser. Software Modules
[00112] In some embodiments, the platforms, systems, media, and methods disclosed herein include software, server, and/or database modules, or use of the same. In view of the disclosure provided herein, software modules are created by techniques known to those of skill in the art using machines, software, and languages known to the art. The software modules disclosed herein are implemented in a multitude of ways. In various embodiments, a software module comprises a file, a section of code, a programming object, a programming structure, or combinations thereof. In further various embodiments, a software module comprises a plurality of files, a plurality of sections of code, a plurality of programming objects, a plurality of programming structures, or combinations thereof. In various embodiments, the one or more software modules comprise, by way of non-limiting examples, a web application, a mobile application, and a standalone application. In some embodiments, software modules are in one computer program or application. In other embodiments, software modules are in more than one computer program or application. In some embodiments, software modules are hosted on one machine. In other embodiments, software modules are hosted on more than one machine. In further embodiments, software modules are hosted on cloud computing platforms. In some embodiments, software modules are hosted on one or more machines in one location. In other embodiments, software modules are hosted on one or more machines in more than one location.
Databases
[00113] In some embodiments, the platforms, systems, media, and methods disclosed herein include one or more databases, or use of the same. In view of the disclosure provided herein, those of skill in the art will recognize that many databases are suitable for storing information regarding users, vehicles, mobile devices, communication units, and vehicle control modules. In various embodiments, suitable databases include, by way of non-limiting examples, relational databases, non-relational databases, object oriented databases, object databases, entity- relationship model databases, associative databases, and XML databases. Further non-limiting examples include SQL, PostgreSQL, MySQL, Oracle, DB2, and Sybase. In some embodiments, a database is internet-based. In further embodiments, a database is web-based. In still further embodiments, a database is cloud computing-based. In other embodiments, a database is based on one or more local computer storage devices.

Claims

CLAIMS WHAT IS CLAIMED IS:
1. A mobile device based system for granting authorization to control a vehicle
comprising:
a. a communication unit;
b. a vehicle control module that is separate and distinct from the communication unit; and
c. a mobile device capable of receiving a user input and a first signal, and
sending a second signal, wherein the mobile device comprises at least one mobile application including executable instructions to control the vehicle, the mobile application configured for:
i. receiving the first signal from an internet, a cellular network, a server, or any combination thereof;
ii. storing the first signal;
iii. receiving the user input; and
iv. sending the second signal to the communication unit in response to receiving the user input;
wherein the first and second signals both comprise a common unique identifier;
wherein the communication unit is capable of receiving the second signal from the mobile device and sending a third signal to the vehicle control module; and
wherein the vehicle control module is capable of receiving the third signal and sending a command to a receiver within the vehicle.
2. The system of claim 1, wherein the mobile application is configured for performing the executable instruction of sending the second signal to the communication unit with and without access to the internet, the cellular network, or the server.
3. The system of claim 1, wherein the communication unit is further capable of receiving a fourth signal comprising a vehicle status, from the vehicle^
4. The system of claim 1, wherein the unique identifier comprises an encrypted identifier, a signed identifier, or both.
5. The system of claim 4, wherein the communication unit is capable of decrypting the encrypted identifier, validating the identifier, or both without access to the internet, the cellular network, or the server.
6. The system of claim 4, wherein the mobile device is capable of receiving the first
signal, storing the first signal, and sending the second signal without generating, validating, or decrypting the unique identifier.
7. The system of claim 1, wherein the communication unit is further capable of receiving a fifth signal, equivalent to the second signal, from a source other than the mobile device.
8. The system of claim 1, wherein the mobile application further comprises an executable instruction of granting a second user the authorization to control the vehicle.
9. The system of claim 1, wherein the second signal further comprises a request for a challenge from the communication unit.
10. The system of claim 9, wherein the first signal further comprises a key, and wherein the mobile device signs the challenge with the key.
11. A method of granting authorization to control a vehicle comprising:
a. a mobile device receiving a first signal, and sending a second signal; b. the mobile device storing the first signal;
c. a user submitting an input to the mobile device;
d. the mobile device sending a second signal to a communication unit; e. the communication unit receiving the second signal from the mobile device; f. the communication unit sending a third signal to a vehicle control module; g. the vehicle control module receiving the third signal; and
h. the vehicle control module sending a command to a receiver within the
vehicle;
wherein the first and second signals both comprise a common unique identifier; and
wherein the vehicle control module is in wired or wireless connection with the communication unit and the vehicle.
12. The method of claim 11, wherein the mobile device sends the second signal to the communication unit with or without accessing the internet, the cellular network, or the server.
13. The method of claim 11, further comprising the communication unit receiving a fourth signal comprising a vehicle status, from the OBD port of the vehicle.
14. The method of claim 11, wherein the unique identifier comprises an encrypted
identifier a signed identifier, or both.
15. The method of claim 11, wherein the communication unit is capable of decrypting the encrypted identifier, validating the identifier, or both without access to the internet, the cellular network, or the server.
16. The method of claim 15, wherein the mobile device receives the first signal, stores the first signal, and sends the second signal without generating, validating, or decrypting the unique identifier.
17. The method of claim 11, further comprising the communication unit receiving a fifth signal, equivalent to the second signal, from a source other than the mobile device.
18. The method of claim 11, further comprising granting a second user the authorization to control the vehicle.
19. The method of claim 11, wherein the second signal further comprises a request for a challenge from the communication unit.
20. The method of claim 11 wherein the first signal further comprises a key, and wherein the mobile device signs the challenge with the key.
PCT/IB2018/001213 2017-10-04 2018-10-03 Methods and devices for managing access to a vehicle WO2019069129A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US201762568242P 2017-10-04 2017-10-04
US62/568,242 2017-10-04

Publications (1)

Publication Number Publication Date
WO2019069129A1 true WO2019069129A1 (en) 2019-04-11

Family

ID=65995019

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/IB2018/001213 WO2019069129A1 (en) 2017-10-04 2018-10-03 Methods and devices for managing access to a vehicle

Country Status (1)

Country Link
WO (1) WO2019069129A1 (en)

Cited By (14)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP3819878A1 (en) 2019-11-06 2021-05-12 Axtuator Oy Mobile digital locking technology
US11017621B1 (en) 2019-11-06 2021-05-25 Axtuator OY Mobile digital locking technology
WO2021168037A1 (en) * 2020-02-18 2021-08-26 Bae Systems Controls Inc. Authenticating devices over a public communication network
CN113459993A (en) * 2020-03-30 2021-10-01 北京新能源汽车股份有限公司 Vehicle control method, Internet of vehicles platform, terminal and vehicle control equipment
CN114205775A (en) * 2020-09-17 2022-03-18 华为技术有限公司 Vehicle control method, mobile terminal, vehicle-mounted equipment and network equipment
US11312207B1 (en) 2021-04-19 2022-04-26 Apple Inc. User interfaces for an electronic key
US11314395B2 (en) 2020-05-29 2022-04-26 Apple Inc. Sharing and using passes or accounts
US11414049B2 (en) 2020-09-08 2022-08-16 Ford Global Technologies, Llc Key delivery and connectivity management for phone-based keys
JP2022545130A (en) * 2020-01-27 2022-10-25 アップル インコーポレイテッド Mobile key registration and use
US11526591B1 (en) 2021-06-06 2022-12-13 Apple Inc. Digital identification credential user interfaces
CN115734189A (en) * 2022-10-31 2023-03-03 广州汽车集团股份有限公司 Vehicle control method and device, electronic equipment and storage medium
US11643048B2 (en) 2020-01-27 2023-05-09 Apple Inc. Mobile key enrollment and use
EP4246346A1 (en) * 2022-03-18 2023-09-20 Bayerische Motoren Werke Aktiengesellschaft Methods, computer programs, and apparatuses for a smart device, an administrative platform for vehicles, and a vehicle, and for binding a user account to a digital key
US11950101B2 (en) 2020-04-13 2024-04-02 Apple Inc. Checkpoint identity verification using mobile identification credential

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8736438B1 (en) * 2012-08-15 2014-05-27 Google Inc. Computing device as a vehicle key
US8831224B2 (en) * 2012-09-14 2014-09-09 GM Global Technology Operations LLC Method and apparatus for secure pairing of mobile devices with vehicles using telematics system

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8736438B1 (en) * 2012-08-15 2014-05-27 Google Inc. Computing device as a vehicle key
US8831224B2 (en) * 2012-09-14 2014-09-09 GM Global Technology Operations LLC Method and apparatus for secure pairing of mobile devices with vehicles using telematics system

Cited By (28)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US11017621B1 (en) 2019-11-06 2021-05-25 Axtuator OY Mobile digital locking technology
EP3951727A1 (en) 2019-11-06 2022-02-09 iLOQ Oy Mobile digital locking technology
EP3819878A1 (en) 2019-11-06 2021-05-12 Axtuator Oy Mobile digital locking technology
JP7317257B2 (en) 2020-01-27 2023-07-28 アップル インコーポレイテッド Mobile key registration and use
US11643048B2 (en) 2020-01-27 2023-05-09 Apple Inc. Mobile key enrollment and use
JP2023101413A (en) * 2020-01-27 2023-07-20 アップル インコーポレイテッド Mobile key registration and use
US12030458B2 (en) 2020-01-27 2024-07-09 Apple Inc. Mobile key enrollment and use
JP7236593B2 (en) 2020-01-27 2023-03-09 アップル インコーポレイテッド Mobile key registration and use
JP2022545130A (en) * 2020-01-27 2022-10-25 アップル インコーポレイテッド Mobile key registration and use
US11303455B2 (en) 2020-02-18 2022-04-12 Bae Systems Controls Inc. Authenticating devices over a public communication network
WO2021168037A1 (en) * 2020-02-18 2021-08-26 Bae Systems Controls Inc. Authenticating devices over a public communication network
CN113459993A (en) * 2020-03-30 2021-10-01 北京新能源汽车股份有限公司 Vehicle control method, Internet of vehicles platform, terminal and vehicle control equipment
US11950101B2 (en) 2020-04-13 2024-04-02 Apple Inc. Checkpoint identity verification using mobile identification credential
US11775151B2 (en) 2020-05-29 2023-10-03 Apple Inc. Sharing and using passes or accounts
US11853535B2 (en) 2020-05-29 2023-12-26 Apple Inc. Sharing and using passes or accounts
US11314395B2 (en) 2020-05-29 2022-04-26 Apple Inc. Sharing and using passes or accounts
US11526262B2 (en) 2020-05-29 2022-12-13 Apple Inc. Sharing and using passes or accounts
US11414049B2 (en) 2020-09-08 2022-08-16 Ford Global Technologies, Llc Key delivery and connectivity management for phone-based keys
EP4207835A4 (en) * 2020-09-17 2023-11-01 Huawei Technologies Co., Ltd. Vehicle control method, mobile terminal, vehicle-mounted device and network device
CN114205775A (en) * 2020-09-17 2022-03-18 华为技术有限公司 Vehicle control method, mobile terminal, vehicle-mounted equipment and network equipment
US11312207B1 (en) 2021-04-19 2022-04-26 Apple Inc. User interfaces for an electronic key
US11981181B2 (en) 2021-04-19 2024-05-14 Apple Inc. User interfaces for an electronic key
US11663309B2 (en) 2021-06-06 2023-05-30 Apple Inc. Digital identification credential user interfaces
US11526591B1 (en) 2021-06-06 2022-12-13 Apple Inc. Digital identification credential user interfaces
EP4246346A1 (en) * 2022-03-18 2023-09-20 Bayerische Motoren Werke Aktiengesellschaft Methods, computer programs, and apparatuses for a smart device, an administrative platform for vehicles, and a vehicle, and for binding a user account to a digital key
WO2023174568A1 (en) * 2022-03-18 2023-09-21 Bayerische Motoren Werke Aktiengesellschaft Methods, computer programs, and apparatuses for a smart device, an administrative platform for vehicles, and a vehicle, and for binding a user account to a digital key
CN115734189A (en) * 2022-10-31 2023-03-03 广州汽车集团股份有限公司 Vehicle control method and device, electronic equipment and storage medium
CN115734189B (en) * 2022-10-31 2024-06-11 广州汽车集团股份有限公司 Control method and device for vehicle, electronic equipment and storage medium

Similar Documents

Publication Publication Date Title
WO2019069129A1 (en) Methods and devices for managing access to a vehicle
JP7018109B2 (en) Secure provisioning and management of equipment
US11625460B1 (en) Security platform
US11463246B2 (en) Vehicle access systems and methods
US10270770B1 (en) Generic computing device attestation and enrollment
US9996679B2 (en) Methods and apparatus for device authentication and secure data exchange between a server application and a device
US9325683B2 (en) Mobile application management framework
US9660815B2 (en) Securing a computing device accessory
Das et al. A decentralized vehicle anti-theft system using Blockchain and smart contracts
US11356261B2 (en) Apparatus and methods for secure access to remote content
WO2019004097A1 (en) Maintenance system and maintenance method
CN111538961B (en) Method, device, equipment and storage medium for activating software
US9363266B2 (en) Secured electronic device
US10146916B2 (en) Tamper proof device capability store
US12043210B2 (en) System for managing access to a vehicle by a service provider that is to provide a service associated with the vehicle
US20180019870A1 (en) Device to limit access to storage to authenticated actors only
Li et al. Over-the-air upgrading for enhancing security of intelligent connected vehicles: a survey

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 18864001

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 18864001

Country of ref document: EP

Kind code of ref document: A1