1. Patent Search
  2. Details

SMARTPHONES BASED VEHICLE ACCESS

20200099522 ยท 2020-03-26

    Inventors

    Cpc classification

    International classification

    Abstract

    This invention relates to a symmetric key-based generation and distribution system and method for a vehicle access authentication framework comprising: a first device operated by a car owner, a second device operated by a delegated user, and a third device residing in a vehicle. The first device is configured to: request for an authentication key from the third device, the request for the authentication key comprising an ID of the first device, id.sub.O; receive an authentication key K.sub.id.sub.O from the third device;; and generate a delegated authentication key K.sub.id.sub.U based on authentication key K.sub.id.sub.O and an ID of the second device in response to receiving a request for delegated authentication key from the second device, the request for delegated authentication key comprising the ID of the second device.

    Claims

    1. A device for symmetric key-based generation and distribution; wherein the device comprising a non-transitory memory, a processor and instructions stored on the memory executable by the processor to: request for an authentication key from the third device, the request for the authentication key comprising an ID of the first device, id.sub.O; receive an authentication key K.sub.id.sub.O from the third device; wherein the authentication key K.sub.id.sub.O is used to access the vehicle; and generate a delegated authentication key K.sub.id.sub.U based on the authentication key K.sub.id.sub.O and an ID of the second device in response to receiving a request for delegated authentication key from the second device, the request for delegated authentication key comprising the ID of the second device; wherein the delegated authentication key K.sub.id.sub.U is used to access the vehicle.

    2. The symmetric key-based generation and distribution system according to claim 1 wherein the instruction further comprises instructions stored on the memory executable by the processor to: generate and transmit a request to generate a new secret key; receive authentication request from the third device; and transmit a superuser password, provided by the car owner, to the third device.

    3. The symmetric key-based generation and distribution system according to claim 1 wherein the instruction further comprises instructions stored on the memory executable by the processor to: receive an ID of the third device and a random number, r, from the third device; compute vd via a Message Authentication Code (MAC) using a MAC generation function with K.sub.id.sub.O and r as the input, MAC(K.sub.id.sub.O, r); and transmit the access request containing [0, id.sub.O, vd] to the third device where 0 denotes owner access.

    4. The symmetric key-based generation and distribution system according to claim 3 wherein the instruction further comprises instructions stored on the memory executable by the processor to: receive a new authentication key K.sub.id.sub.O from the third device; update the authentication key in memory with the new authentication key K.sub.id.sub.O.

    5. The symmetric key-based generation and distribution system according to claim 1 wherein K.sub.id.sub.O=h(K, id.sub.Car, id.sub.O), where h(.) is a cryptographic hash function, id.sub.Car is the ID of the third device and the first device is configured to store the K.sub.id.sub.O in a secured memory.

    6. The symmetric key-based generation and distribution system according to claim 1 wherein instruction to generate a delegated authentication key K.sub.id.sub.U comprises instructions stored on the memory executable by the processor to: receive the ID of the second device, id.sub.U, determine an access policy P.sub.U; and generate the delegated authentication key K.sub.id.sub.U, where K.sub.id.sub.U=h(K.sub.id.sub.O, id.sub.U, P.sub.U); store the K.sub.id.sub.U in the secured memory; and transmit the delegated authentication key to the second device.

    7. The symmetric key-based generation and distribution system according to claim 5 wherein access policy P.sub.U include one or more of validity period, speed limit, and mileage limit.

    8. The symmetric key-based generation and distribution system according to claim 1 wherein the instruction further comprises instructions stored on the memory executable by the processor to: update a blacklist in the third device.

    9. The symmetric key-based generation and distribution system according to claim 7 wherein the instruction to update the blacklist in the third device comprises instructions stored on the memory executable by the processor to: generates a revoke request containing an ID of the device to be revoked; and transmit the revoke request to the third device.

    10. A device for symmetric key-based generation and distribution, wherein the device comprising a non-transitory memory, a processor and instructions stored on the memory executable by the processor to: generate a new secret key (K) in response to receiving the request to initiate generating a car key from the first device; generate the authentication key K.sub.id.sub.O based on the ID of the first device in response to receiving the request for authentication key from the first device; verify a validity of information in the access request in response to receiving the access request; and unlock the vehicle in response to determining the request for access is valid.

    11. The device according to claim 10 wherein the instruction to generate the new secret key (K) comprises instructions stored on the memory executable by the processor to: transmit an authentication request containing a request for the superuser password in response to response to receiving the request to generate the new secret key; receive the superuser password from the first device; verify the superuser password with the password stored on a secured memory of the third device; generate the secret key (K) in response to verifying the superuser password being identity to the password stored on the secured memory of the third device; and store the secret key in the secured memory in response to generating the secret key; and transmit a confirmation message indicating the secret key has been successfully created.

    12. The device according to claim 10 wherein the instruction to generate the authentication key K.sub.id.sub.O comprises instructions stored on the memory executable by the processor to: generates the authentication key K.sub.id.sub.O, where K.sub.id.sub.O=h(K, id.sub.Car, id.sub.O); store the K.sub.id.sub.O in the secured memory; and transmit the authentication key to the first device.

    13. The device according to claim 12 wherein the instruction to verify the validity of information in the access request comprises instructions stored on the memory executable by the processor to: broadcast id.sub.Car and the random number r.

    14. The symmetric key-based generation and distribution system according to claim 10 wherein the instruction to verify the validity of information in the access request in response to receiving the access request comprises instructions stored on the memory executable by the processor to: identify whether the access request is owner access or delegated user access based on the first integer in the access request; determine the access request as owner access in response to the first integer in the access request being 0; and determine the access request as delegated user access in response to the first integer in the access request being 1.

    15. The device according to claim 14 wherein the instruction to verify the validity of information in the access request in response to receiving the access request further comprises instructions stored on the memory executable by the processor to:: in response to determining the access request as owner access, verify a blacklist to determine whether the ido is in the blacklist; verify vd is equal to MAC(h(K, id.sub.Car, id.sub.O), r) in response to the ido being not in the blacklist; and grant access to the car in response to vd being equal to MAC(h(K, id.sub.Car, id.sub.O), r).

    16. The device according to claim 14 wherein the instruction to verify the validity of information in the access request in response to receiving the access request further comprises instructions stored on the memory executable by the processor to:: generate and transmit a new authentication key to the first device.

    17. A symmetric key-based generation and distribution method for a vehicle access authentication framework having a first device operated by a car owner, a second device operated by a delegated user, and a third device residing in a vehicle; the method comprising the first device to: request for an authentication key from the third device, the request for the authentication key comprising an ID of the first device, id.sub.O; receive an authentication key K.sub.id.sub.O from the third device; wherein the authentication key K.sub.id.sub.O is used to access the vehicle; and generate a delegated authentication key K.sub.id.sub.U based on authentication key K.sub.id.sub.O and an ID of the second device in response to receiving a request for delegated authentication key from the second device, the request for delegated authentication key comprising the ID of the second device; wherein the delegated authentication key K.sub.id.sub.U is used to access the vehicle.

    18. The symmetric key-based generation and distribution method according to claim 17 wherein the method further comprises the first device to: generate and transmit a request to generate a new secret key; receive authentication request from the third device; and transmit a superuser password, provided by the car owner, to the third device.

    19. The symmetric key-based generation and distribution method according to claim 17 wherein the method further comprises the first device to: receive an ID of the third device and a random number, r, from the third device; compute vd via a Message Authentication Code (MAC) using a MAC generation function with K.sub.id.sub.O and r as the input, MAC(K.sub.id.sub.O, r); and transmit the access request containing [0, id.sub.O, vd] to the third device where 0 denotes owner access.

    20. The symmetric key-based generation and distribution method according to claim 19 wherein the method further comprises the first device to: receive a new authentication key K.sub.id.sub.O from the third device; update the authentication key in memory with the new authentication key K.sub.id.sub.O.

    21. The symmetric key-based generation and distribution method according to claim 17 wherein K.sub.id.sub.O=h(K, id.sub.Car, id.sub.O), where h(.) is a cryptographic hash function, id.sub.Car is the ID of the third device and the first device is configured to store the K.sub.id.sub.O in a secured memory.

    22. A symmetric key-based generation and distribution method for a vehicle access authentication framework having a first device operated by a car owner, a second device operated by a delegated user, and a third device residing in a vehicle; the method comprising the third device to:: generate a new secret key (K) in response to receiving the request to initiate generating a car key from the first device; generate the authentication key K.sub.id.sub.O based on the ID of the first device in response to receiving the request for authentication key from the first device; verify a validity of information in the access request in response to receiving the access request; and unlock the vehicle in response to determining the request for access is valid.

    23. The symmetric key-based generation and distribution method according to claim 22 wherein the step to generate the new secret key (K) comprises the third device to: transmit an authentication request containing a request for the superuser password in response to response to receiving the request to generate the new secret key; receive the superuser password from the first device; verify the superuser password with the password stored on a secured memory of the third device; generate the secret key (K) in response to verifying the superuser password being identity to the password stored on the secured memory of the third device; and store the secret key in the secured memory in response to generating the secret key; and transmit a confirmation message indicating the secret key has been successfully created.

    24. The symmetric key-based generation and distribution method according to claim 22 wherein the step to generate the authentication key K.sub.id.sub.O comprises the third device to: generates the authentication key K.sub.id.sub.O, where K.sub.id.sub.O=h(K, id.sub.Car, id.sub.O); store the K.sub.id.sub.O in the secured memory; and transmit the authentication key to the first device. Docket No. HW746776

    25. The symmetric key-based generation and distribution method according to claim 24 wherein the step to verify the validity of information in the access request comprises the third device to: first broadcast id.sub.Car and the random number r.

    26. The symmetric key-based generation and distribution method according to claim 22 wherein the step to verify the validity of information in the access request in response to receiving the access request comprises the third device to: identify whether the access request is owner access or delegated user access based on the first integer in the access request; determine the access request as owner access in response to the first integer in the access request being 0; and determine the access request as delegated user access in response to the first integer in the access request being 1.

    27. The symmetric key-based generation and distribution method according to claim 26 wherein the step to verify the validity of information in the access request in response to receiving the access request further comprises the third device to: in response to determining the access request as owner access, verify a blacklist to determine whether the id.sub.O is in the blacklist; verify vd is equal to MAC(h(K, id.sub.Car, id.sub.O), r) in response to the ido being not in the blacklist; and grant access to the car in response to vd being equal to MAC(h(K, id.sub.Car, id.sub.O), r).

    28. The symmetric key-based generation and distribution method according to claim 26 wherein the step to verify the validity of information in the access request in response to receiving the access request further comprises the third device to: generate and transmit a new authentication key to the first device.

    Description

    BRIEF DESCRIPTION OF THE DRAWINGS

    [0170] The above advantages and features in accordance with this invention are described in the following detailed description and are shown in the following drawings:

    [0171] FIG. 1 illustrating the architecture of the system in accordance with an embodiment of this disclosure;

    [0172] FIG. 2 illustrating an example of a processing system in the processing unit residing in the car or the mobile devices of car owners or delegated users that perform processes in accordance with an embodiment of this disclosure

    [0173] FIG. 3.1 illustrating a program stored in a memory in the processing unit residing in the car for performing the processes in accordance with an embodiment of this disclosure;

    [0174] FIG. 3.2 illustrating a program stored in a memory in the mobile device of a car owner for performing the processes in accordance with an embodiment of this disclosure;

    [0175] FIG. 3.3 illustrating a program stored in a memory in the mobile device of a delegated user for performing the processes in accordance with an embodiment of this disclosure;

    [0176] FIG. 3.4 illustrating a program stored in a memory in a remote server for performing the processes in accordance with an embodiment of this disclosure;

    [0177] FIG. 4 illustrating a timing diagram to illustrate the information flow between the car, car owner, delegated user and remote server in accordance with an embodiment of this disclosure;

    [0178] FIG. 5 illustrating a process performed by the mobile device of the master car owner in accordance with an embodiment of this disclosure;

    [0179] FIG. 6 illustrating a process performed by the processing unit residing in the car in accordance with an embodiment of this disclosure;

    [0180] FIG. 7 illustrating a process performed by the mobile device of the delegated user in accordance with an embodiment of this disclosure; and

    [0181] FIG. 8 illustrating a process performed by the remote server in accordance with an embodiment of this disclosure.

    DETAILED DESCRIPTION

    [0182] This disclosure relates to a vehicle access authentication framework. Particularly, this disclosure relates to a method and system for generating and distributing keys among various entities for vehicle access.

    [0183] This invention relates to a vehicle access system using a portable device-based electronic key system. In the system, users do not obtain physical keys, but use their portable devices such as smart phones to securely access vehicles with the help of electronic access credentials stored on the portable devices. Further, the vehicle owners' access rights can be delegated to other users at the owners' discretion, either temporarily or for long term, or bound to certain access policy.

    [0184] The targeted applications for this invention are vehicle sharing for family use or fleet management, and the proposed system is especially applicable in scenarios where a highly dynamic or large set of users exist such as in car rental services. The system allows for multiple owners sharing a car, and allows a car owner to flexibly delegate the access right to other people, governed by an access policy stipulated by the car owner.

    [0185] FIG. 1 illustrates the architecture of the system 100. The system 100 includes a mobile device of a car owner 110, processing unit residing in a car 120, mobile device of a delegated user 130, and a remote server 140. One skilled in the art will recognise that the processing unit in the car 120 may also be a mobile device without departing from the system.

    [0186] The mobile devices and processing unit are communicatively connected via short distance communication such as Bluetooth. The mobile devices and processing unit are communicatively connected to the remote server 140 via a connected network, in particular Internet. For purposes of this disclosure, we will use car owner 110, car 120 and delegated user 130 to describe the processes and interactions executed by the system 100.

    [0187] It should be noted that the system 100 is designed to allow for multiple car owners, but without loss of generality, we assume a master car owner who takes charge of administrating the car, e.g., manages a blacklist stored on the processing unit residing in the car.

    [0188] The system 100 consists of the following processes, where the car owner access protocol and the Delegated User access protocol are online processes shown in solid lines in FIG. 1 while the others are offline processes shown in dotted lines in FIG. 1.

    [0189] Car Key Generation

    [0190] The car 120 executes a process to generate car key 150. This process is initiated by the car owner in which a secret key (K) will be generated. This is the only secret key (K) securely kept by the car, and all other authentication keys are derivable from this secret key. In particular, the car would generate keys for an owner and the owner may use its key to further generate keys for delegated users.

    [0191] Car Owner Key Generation

    [0192] This process 160 is executed between a car owner and the car. As a result, the car issues an authentication key K.sub.id.sub.O to the car owner, based on the owner's identity (id.sub.O) and optionally an access policy (P.sub.O). The authentication key is securely managed on the car owner's portable device 110 such as a mobile device or a secure hardware such as a token. The access policy P.sub.O may, for example, stipulate the validity period of the authentication key.

    [0193] Owner Access Protocol

    [0194] This process 165 is essentially an authentication protocol between a car owner 110 and the car 120, where the car owner 110 uses its authentication key K.sub.id.sub.O and the car 120 uses its secret key (K). If the car 120 successfully verifies the authenticity of the car owner 110, then the car 120 grants access to the car owner 110. For purposes of this disclosure, granting access may refers to opening the car door and/or powering up the car engine. Otherwise, the car 120 refuses granting access to the car owner 160.

    [0195] Delegation

    [0196] This process 170 or 175 is executed between a car owner 110 and a delegated user 130. As a result, the car owner 110 generates a delegated authentication K.sub.id.sub.U based on the car owner's ID (id.sub.O), the delegated user's ID (id.sub.U), and an access policy (P.sub.U). The access policy (P.sub.U) can be fine-grained, e.g., stipulating the validity period of the delegation, the limit of driving speed, the range within which the car can be drove, and so on. Two ways are distinguished on how the car owner transmits K.sub.id.sub.U to the delegated user, namely, (1) direct delegation 170 and remote delegation 175. In direct delegation 170, the car owner directly sends K.sub.id.sub.U to the delegate user. This occurs where both car owner and delegated user meet in person and both of them may use their mobile devices to communication directly through short distance communication means such as Near Field Communication (NFC) or bluetooth. In remote delegation 175, the car owner first sends K.sub.id.sub.U to the remote server 140, and the delegated user retrieves the key (K.sub.id.sub.U) from the remote server 140.

    [0197] Delegated User Access Protocol

    [0198] This process 180 is essentially an authentication protocol between a mobile device of the delegated user and the processing unit in the car, where the delegated user uses its delegated authentication key K.sub.id.sub.U and the car uses its secret key K. If the car successfully verifies the authenticity of the delegated user, then the car grants access to the delegated user according to the policy. Otherwise, the car refuses granting access to the non-authorised user.

    [0199] User Revocation

    [0200] This process 190 enables the master car owner to administrate a blacklist maintained at the processing unit 120 in the car by adding an item on the revoked user, through the remote server 140. Both car owners and delegated users can be revoked.

    [0201] FIG. 2 illustrates an example of a processing system 200 in the processing unit 120 residing in the car or the mobile devices 110 and 130 of the car owner or delegated user. Processing system 200 represents the processing systems in the processing unit 120 residing in the car or the mobile devices 110 and 130 of the car owner or delegated user that execute instructions to perform the processes described below in accordance with embodiments of this invention. One skilled in the art will recognize that the instructions may be stored and/or performed as hardware, firmware, or software without departing from this invention. Further, one skilled in the art will recognize that the exact configuration of each processing system may be different and the exact configuration of the processing system executing processes in accordance with this invention may vary and processing system 200 shown in FIG. 2 is provided by way of example only.

    [0202] Processing system 200 includes a processor 210, a radio transceiver 220, an image capturing device 230, a display 240, a keypad 250, a memory 260, a Bluetooth module 270, a Near Field Communication (NFC) module 280, and an I/O device 290.

    [0203] The radio transceiver 220, image capturing device 230, display 240, keypad 250, memory 260, Bluetooth module 270, NFC module 280, I/O device 290 and any number of other peripheral devices connect to processor 210 to exchange data with processor 210 for use in applications being executed by processor 210.

    [0204] The radio transceiver 220 is connected to an antenna which is configured to transmit outgoing voice and data signals and receive incoming voice and data signals over a radio communication channel. The radio communication channel can be a digital radio communication channel such as a CDMA, GSM or LTE channels that employs both voice and data messages in a conventional techniques.

    [0205] The image capturing device 230 is any device capable of capturing still and/or moving images such as complementary metal-oxide semiconductor (CMOS) or charge-coupled sensor (CCD) type cameras. The display 240 receives display data from processor 210 and display images on a screen for a user to see. The display 240 may be a liquid crystal display (LCD) or organic light-emitting diode (OLED) display. The keypad 250 receives user input and transmits the input to processor 210. In some embodiments, the display 240 may be a touch sensitive surface that functions as a keypad to receive user input.

    [0206] The memory 260 is a device that transmits and receives data to and from processor 210 for storing data to a memory. The Bluetooth module 270 is a module that allows processing unit 110 to establish communication with another similar device based on Bluetooth technology standard. The NFC module 280 is a module that allows processing unit 110 to establish radio communication with another similar device by touching them together or by bringing the devices within a close proximity.

    [0207] Other peripheral devices that may be connected to processor 210 include a Wi-Fi transceiver, a Global Positioning System (GPS), a RFID transceiver, an ultra wideband transceiver and other positioning transceivers.

    [0208] The processor 210 is a processor, microprocessor, or any combination of processors and microprocessors that execute instructions to perform the processes in accordance with the present disclosure. The processor has the capability to execute various application programs that are stored in the memory 260. These application programs can receive inputs from the user via the display 240 having a touch sensitive surface or directly from a keypad 250. Some application programs stored in the memory 260 that can be performed by the processor 210 are application programs developed for Android, IOS, Windows Mobile, Blackberry or other mobile platforms.

    [0209] The remote server 140 is essentially a computing system or a virtual machine running on the computing system that is communicatively connected to the processing unit 120 residing in the car or the mobile devices 110 and 130 of the car owner or delegated user. The remote server 140 is able to receive and transmit information such that the processing unit 120 residing in the car or the mobile devices 110 and 130 of the car owner or delegated user are able to communicate with each other. The remote server is similar to the processing system 200 in that the remote server also includes a processor 210, a display 240, a keypad 250, a memory 260, and an I/O device 290. The remote server should also include a network device that connects the remote server to a network for transmission of data to and from other processing systems such as the processing unit 120 residing in the car or the mobile devices 110 and 130 of the car owner or delegated user.

    [0210] FIG. 3.1 illustrates a program 3100 stored in memory in processing unit residing in the car for performing the processes in accordance with the present disclosure. Program 3100 includes a Key Generation Module 3110, a Secure Storage module 3120, an Owner Key Generation module 3130, a Car Access Protocol module 3140 and a Blacklist module 3150. Briefly, the processes executed by 5 modules are as follows: [0211] 1) Key Generation Module 3110 implements the car's key generation process 150 initiated by the master car owner 110. [0212] 2) Secure Storage module 3120 manages generated secret key. [0213] 3) Owner Key Generation module 3130 implements the car owner's key generation process 160 initiated by the car owner 110. [0214] 4) Car Access Protocol module 3140 implements the owner access protocol 165 and the delegated user access protocol 180 initiated by either the car owner 110 or delegated user 130. [0215] 5) Blacklist module 3150 manages the blacklist containing revoked IDs.

    [0216] FIG. 3.2 illustrates a program 3200 stored in a memory in the mobile device of a car owner for performing the processes in accordance with the present disclosure. Program 3200 includes an Owner Key Generation module 3210, a Secure Storage module 3220, a Delegated User Key Generation module 3230, a Car Access Protocol module 3140 and a Blacklist administration module 3250. Briefly, the processes executed by 5 modules are as follows: [0217] 1) Owner Key Generation module 3210 implements the Owner's key generation process 160 [0218] 2) Secure storage module 3220 manages the generated secret key [0219] 3) Delegated User Key Generation module 3230 implements the delegation of access rights process 170 and 175. [0220] 4) Car access protocol module 3240 implements the car owner access protocol 165. [0221] 5) Blacklist administration module 3250 enables the master car owner to administrate the blacklist containing revoked IDs (only master car owner has the Blacklist administration module).

    [0222] FIG. 3.3 illustrates a program 3300 stored in memory in the mobile device of a delegated user for performing the processes in accordance with the present disclosure. Program 3300 includes a Delegated user Key Generation module 3310, a Secure Storage module 3320, and a Car Access Protocol module 3330. Briefly, the processes executed by 3 modules are as follows: [0223] 1) Delegated user Key Generation module 3310 implements the delegation of access rights process 170 and 175 [0224] 2) Secure storage module 3320 manages the generated secret key. [0225] 3) Car access protocol module 3330 implements the delegated user access protocol 180.

    [0226] FIG. 3.4 illustrates a program 3400 stored in memory in the remote server for performing the processes in accordance with the present disclosure. Program 3400 includes a Delegated user Key Generation module 3410, and a Blacklist administration module 3420. Briefly, the processes executed by 2 modules are as follows: [0227] 1) Delegated user Key Generation module 3410 implements the remote delivery scheme of the delegation of access right 175. [0228] 2) Blacklist administration module 3420 implements the user revocation process 190 to allow the master car owner to administer the blacklist containing revoked IDs.

    [0229] The following first embodiment presents a symmetric key based instantiation of the above processes, based on the idea of hierarchical identity-based key generation.

    [0230] FIG. 4 illustrates a timing diagram 400 to illustrate the information flow between the car, car owner, delegated user and remote server.

    [0231] A key generation Application is installed on the car and only the master car owner can initiate the key generation Application, which is governed by password such as a superuser password. The superuser password can be delivered to the master car owner in a sealed physical envelope, together with other documents related to the car. The master car owner should be allowed to change the password. When the car is resold, the new master car owner can run the key generation Application again to generate a new secret key, which will overwrite the old one. The process of generating the new secret key is as follows.

    [0232] Timing diagram 400 begins with step 405 where the car owner runs an application on his mobile device to initiate the car to run the key generation module 3110 to generate a new secret key. Particularly, the owner key generation module 3210 would generate and transmit a request to generate new secret key to the key generation module 3110 in step 410. In response to receiving the request, the car would perform an authentication with the car owner in step 415. In particular, the key generation module 3110 would request the owner key generation module 3210 for the superuser password. If authentication is successful, the key generation module 3110 would generate a secret key (K) in step 420. Otherwise, the car would not generate a secret key. The car manages the secret key securely in the secure storage module 3120, e.g., in a secure hardware.

    [0233] After the secret key is generated, the car owner would request for an authentication key in order to access the car. The authentication key for the car owner is generated in the following manner. In step 430, the owner key generation module 3210 sends a request to the owner key generation module 3130 for authentication key. The request includes the car owner's ID (id.sub.O). In response to receiving the request from the car owner, the owner key generation module 3130 generates an authentication key K.sub.id.sub.O=h(K, id.sub.Car, id.sub.O) in step 435, where h(.) is a cryptographic hash function, id.sub.Car is the ID of the car. The authentication key is transmitted to the owner key generation module 3210 in step 440. The car owner's mobile device manages the authentication key securely in the secure storage module 3220, e.g., in a secure hardware. For added security, a key rotation strategy can be implemented where after each car access or a fixed number of car accesses, the car generates a new authentication key for the car owner. Under the key rotation strategy, K.sub.id.sub.O would be computed as =h(K, id.sub.Car, id.sub.O, Seq), where Seq is an integer value, initially set to be 0.

    [0234] After the car owner received the authentication key, he/she is able to access the car with the authentication key. The process of accessing the car is as follows. The car access protocol module 3140 would trigger the NFC to broadcasts its ID id.sub.Car and a random number r in a fixed frequency. Based on the id.sub.Car and random number r, the car access protocol module 3240 computes vd=MAC(K.sub.id.sub.O, r), and then sends a request to access the car in step 445. The request includes [0, id.sub.O, vd] where 0 denotes owner access. In step 450, the car verifies the blacklist and vd. In particular, the car access protocol module 3140 checks the blacklist to determine whether id.sub.O is revoked, and aborts if it is. If the id.sub.O is not in the blacklist, the car access protocol module 3140 continues to check whether vd=MAC(h(K, id.sub.Car, id.sub.O), r). If the check passes, then the car access protocol module 3140 grants the access, e.g., open the car door. Otherwise, the car access protocol module 3140 rejects granting access. If the key rotation strategy is implemented, a new key is going to be generated for the car owner after each access. Alternatively, the new key can be generated after a certain number of accesses. Further details on the car owner access would be described below.

    [0235] In another embodiment where the communication channel between the car owner and the car is not that short, i.e. over Bluetooth, steps 445-450 may be modified as follows. The car access protocol module 3140 would broadcasts its ID id.sub.Car and a random number r in a fixed frequency, e.g., once every 2 seconds. Upon receiving the broadcast message, the car access protocol module 3240 chooses a random number r.sub.1, and then sends a message containing [0, id.sub.O, r.sub.1] to the car, where 0 denotes owner access. In response to receiving the message, the car access protocol module 3140 first checks the blacklist to determine whether id.sub.O is revoked, and aborts if it is. Otherwise, the car access protocol module 3140 computes K.sub.id.sub.O=h(K, id.sub.Car, id.sub.O) and vd.sub.1=MAC(K.sub.id.sub.O, r.sub.1, r) and transmits vd.sub.1 to the car owner. In response to receiving the message, the car access protocol module 3240 checks whether vd.sub.1 is equal to MAC(K.sub.id.sub.O, r.sub.1, r), and aborts if the check fails. Otherwise, the car access protocol module 3240 computes vd.sub.2=MAC(K.sub.id.sub.O, r) and transmits a message containing vd.sub.2 to the car access protocol module 3140. In response to receiving the message, the car access protocol module 3140 checks whether vd2 is equal to MAC(K.sub.id.sub.O, r), and if the check passes, the car access protocol module 3140 grants the access to the car, e.g., open the car door. Otherwise, the car access protocol module 3140 rejects granting access to the car.

    [0236] After the car owner received the authentication key, he/she is able to delegate access to the car with the authentication key. The process of delegation of access rights is as follows. The delegated user key generation module 3310 transmits his/her ID id.sub.U to the delegated user key generation module 3230 in step 460. In response to receiving the ID, the delegated user key generation module 3230 determines an access policy P.sub.U, and generates a delegated authentication key K.sub.id.sub.U=h(K.sub.id.sub.O, id.sub.U, P.sub.U) in step 465. Thereafter, the delegated user key generation module 3230 transmits the delegated authentication key to the delegated user key generation module 3310 via either direct delivery or remote delivery in step 470.

    [0237] After the delegated user received the delegated authentication key, he/she is able to access the car with the delegated authentication key. The process of accessing the car is as follows. The car access protocol module 3140 would trigger the NFC to broadcasts its ID id.sub.Car and a random number r in a fixed frequency. Based on the id.sub.Car and random number r, the car access protocol module 3330 computes vd=MAC(K.sub.id.sub.U, r), and then sends a request to access the car in step 480. The request includes [1, id.sub.U, id.sub.O, P.sub.U, vd] where 1 denotes delegated user access. In step 485, the car access protocol module 3140 verifies the P.sub.U, blacklist and vd. In particular, upon receipt of the message, the car access protocol module 3140 first checks whether P.sub.U is still valid, and aborts if P.sub.U does not hold any more. Otherwise, the car access protocol module 3140 checks the blacklist in the blacklist module 3150 to determine whether id.sub.O or id.sub.U is revoked, and aborts if it is. Otherwise, the car access protocol module 3140 continues to check whether vd is equal to MAC(h(h(K, id.sub.Car, id.sub.O), id.sub.U, P.sub.U), r). If the check passes, then the car access protocol module 3140 grants the access, e.g., open the car door. Otherwise, the car access protocol module 3140 rejects granting access.

    [0238] The master car owner can revoke a car owner or a delegated user from accessing the car by adding the ID of the car owner and delegated user in the blacklist. For revoking a car owner, the blacklist module 3250 transmits a revoke request containing ID of the car owner to the remote server or directly to the car. For revoking a delegated user, the blacklist module 3250 transmits a revoke request containing ID of the delegated user, ID of the car owner who delegated the ID, and the associated access policy P to the blacklist module 3420 of the remote server or directly to the blacklist module 3150 of the car. The master car owner can directly administer the blacklist in the blacklist module 3150 if an operational interface is provided within the car and the master car owner physically has access to the car. Under such scenario, the master car owner can transmit the revoke request directly to the blacklist module 3150 of the car in step 490. In an alternate scenario, the master car owner manages the blacklist via the remote server. In such a scenario, the master car owner transmits the revoke request to the blacklist module 3420 of the remote server in step 495. In response to receiving the revoke request, the blacklist module 3420 of the remote server updates the blacklist associated to the ID of the master car owner. The car would synchronize its blacklist with the remote server soonest possible. When the car request to synchronise its blacklist with the remote server, the remote server sends the updated blacklist to the car in step 498. In this scenario, it is assumed that the master car owner registers to the remote server and thus has an account with the remote server. In addition, the car also registers to the remote server and communicates with the server. Timing diagram ends after step 498.

    [0239] The processes performed by the mobile devices and processing unit of the car owner, delegated user, car and remote server would now be described below.

    [0240] FIG. 5 illustrates a process 500 performed by the mobile device of the master car owner in accordance with this disclosure. Process 500 begins with step 505 by requesting for the car owner to select an option. The options available are (1) access car, (2) add car owner, (3) new delegated user, (4) revoke key, and (5) new setup. If the option selected is option (1), process 500 proceeds to step 510 which is executed by the car access protocol 3240; if the option selected is option (2), process 500 proceeds to step 520 which is executed for the owner key generation module 3210; if the option selected is option (3), process 500 proceeds to step 530 which is executed for the delegated user key generation module 3230; if the option selected is option (4), process 500 proceeds to step 540 which is executed for the blacklist module 3250; and if the option selected is option (5), process 500 proceeds to step 550 which is executed for the owner key generation module 3210.

    [0241] In step 510, process 500 receives id.sub.Car and a random number r in a predetermined frequency via NFC. Based on the id.sub.Car and random number r, process 500 retrieves its authentication key K.sub.id.sub.O and computes vd=MAC(K.sub.id.sub.O, r) in step 512. vd is computed via a Message Authentication Code (MAC) using a MAC generation function with K.sub.id.sub.O and r as the input. After vd is computed, process 500 generates and transmits a request to access the car in step 512. The request includes [0, id.sub.O, vd] where 0 denotes owner access. With the correct information in the request, the car should grant access. Optionally, for added security, a key rotation strategy can be implemented where after each car access or a fixed number of car accesses, the car generates a new authentication key for the car owner. Under the key rotation strategy, process 500 would continue after step 514 by receiving K.sub.O from the processing unit residing in the car. K.sub.O is essentially authenticated encryption of new key K.sub.id.sub.O using the previous key K.sub.id.sub.O, i.e. K.sub.O=AEnc(K.sub.Id.sub.O, K.sub.id.sub.O). Process 500 would decrypt K.sub.O to get and verify the new key K.sub.id.sub.O. If the new K.sub.id.sub.O is authentic, process 500 updates its new authentication key, i.e. K.sub.id.sub.O=K.sub.id.sub.O is not authentic, process 500 generates and transmits a response res=MAC(K.sub.id.sub.O, FALSE, r) to the car. res is computed via a Message Authentication Code (MAC) using a MAC generation function with K.sub.id.sub.O, FALSE and r as the input.

    [0242] In step 520, process 500 generates and transmits a request for authentication key. The request includes the car owner's ID (id.sub.O). In step 522, process 500 receives an authentication key K.sub.id.sub.O=h(K, id.sub.Car, id.sub.O), where h(.) is a cryptographic hash function, id.sub.Car is the ID of the car. Process 500 then stores the authentication key in a secured memory in step 524. Optionally, for added security, a key rotation strategy can be implemented where after each car access or a fixed number of car accesses, the car generates a new authentication key for the car owner. Under the key rotation strategy, the authentication key would be K.sub.id.sub.O=h(K, id.sub.Car, id.sub.O, Seq), where Seq is an integer value initially set to be 0.

    [0243] In step 530, process 500 receives an ID of a delegated user id.sub.U. In response to receiving the ID, process 500 requests for input on the access policy P.sub.U in step 532. The access policy may include validity period of the delegated authentication key. Other access policy that may be added comprises speed limit, mileage, etc. In step 534, process 500 generates a delegated authentication key K.sub.id.sub.U=h(K.sub.id.sub.O, id.sub.U, P.sub.U) after receiving the access policy. Thereafter, process 500 transmits the delegated authentication key to the delegated user via either direct delivery or remote delivery in step 536.

    [0244] In step 540, process 500 request ID of the car owner or delegated user to be revoked. If the user wishes to revoke a car owner, process 500 generates a revoke request containing ID of the car owner in step 542. If the master car owner wishes to revoke a delegated user, process 500 generates a revoke request containing ID of the delegated user, ID of the car owner who delegated the ID, and the associated access policy P in step 542 instead. Depending on the connectivity, process 500 transmits the revoke request directly to the processing unit residing in the car if the mobile device of the master car owner is communicatively connected to the processing unit residing in the car via Bluetooth or NFC in step 544. Alternatively, process 500 transmits the revoke request to the remote server in step 544 instead.

    [0245] In step 550, process 500 generates and transmits a request to the processing unit residing in the car to generate new secret key. In step 552, process 500 receives a request from the processing unit residing in the car owner for the superuser password. In response to receiving the request, process 500 prompts the user to enter the superuser password in step 554. In step 556, process 500 receives the input from the user. In step 558, process 500 generates and transmits the superuser password to the processing unit residing in the car. In step 559, process 500 receives a confirmation message from the processing unit residing in the car. The confirmation message contains information on whether the secret key has been successfully created.

    [0246] Process 500 ends after steps 514, 524, 536, 544 and 559. Process 500 is also applicable for the mobile device of a car owner except that in option 4, it would only be able to revoke a delegated user.

    [0247] FIG. 6 illustrates a process 600 performed by the processing unit residing in the car in accordance with this disclosure. Before beginning with process 600, the processing unit residing in the car has to boot up and retrieve a blacklist associated to the ID of the car from the remote server. Process 600 begins with step 605 to receive a request. If the request is for generating a new secret key, process 600 proceeds to step 610 which is executed by the key generation module 3110; if the request is for generating an authentication key, process 600 proceeds to step 620 which is executed by the owner key generation module 3130; if the request is for accessing the car, process 600 proceeds to step 630 which is executed by the car access protocol 3140; and if the request for updating the blacklist, process 600 proceeds to step 640 which is executed by the blacklist module 3150.

    [0248] In step 610, process 600 transmits a request for the superuser password. In step 612, process 600 receives the superuser password from the mobile device of the master car owner. In step 614, process 600 verifies the superuser password with the password stored on its memory. If the superuser password is correct, the car would generate a secret key (K) in step 616. Otherwise, the car would not generate a secret key. In step 617, process 600 stores the new secret key securely in a secured hardware. In step 618, process 600 transmits a confirmation message to the mobile device of the master car owner. The confirmation message contains information on whether the secret key has been successfully created. The communication channel between the mobile device and the processing unit residing in the car is secured. This assumption is justified because this process is expected to be executed by the mobile device of the master car owner in a private environment, e.g., in the car owner's garage, and the distance between the mobile device and the processing unit is quite near via either NFC or Bluetooth.

    [0249] In step 620, process 600 generates an authentication key K.sub.id.sub.O=h(K, id.sub.Car, id.sub.O) with the car owner's ID (id.sub.O), the new secret key and its ID (id.sub.Car), where h(.) is a cryptographic hash function. In step 622, the authentication key is transmitted to the mobile device of the car owner. For added security, a key rotation strategy can be implemented where after each car access or a fixed number of car accesses, the car generates a new authentication key for the car owner. Under the key rotation strategy, K.sub.id.sub.O would be computed as =h(K, id.sub.Car, id.sub.O, Seq), where Seq is an integer value, initially set to be 0. In step 624, process 600 would be broadcasting its ID id.sub.Car and a random number r in a fixed frequency via either NFC or Bluetooth. One skilled in the art will recognise that process 600 may first be broadcasting its ID id.sub.Car and a random number r in a fixed frequency via either NFC or Bluetooth any time after step 624 and before step 630 without departing from the disclosure.

    [0250] In step 630, process 600 identifies whether this is an owner access or delegated user access based on the first integer in the request. If the first integer in the request is 0, process 600 determines that this is an owner access proceeds to step 634. If the first integer in the request is 1, process 600 determines that this is a delegated user access and proceeds to step 632.

    [0251] In step 632, process 600 checks whether P.sub.U is still valid, and aborts if P.sub.U does not hold any more. If P.sub.U is still valid, process 600 proceeds to step 634. P.sub.U contains the validity period.

    [0252] In step 634, process 600 verifies the blacklist to determine whether id.sub.O or id.sub.U is revoked. If the id.sub.O or id.sub.U is revoked, process 600 ends. If the id.sub.O or id.sub.U is not in the blacklist, the car continues to verify vd in step 636. For owner access, process 600 check whether vd=MAC(h(K, id.sub.Car, id.sub.O), r). For delegated user access, process 600 checks whether vd=MAC(h(h(K, id.sub.Car, id.sub.O), id.sub.U, P.sub.U), r). If the check passes, process 600 grants access to the car, e.g., open the car door. If the check fails, process 600 rejects granting access.

    [0253] If the key rotation strategy is implemented, a new authentication key is going to be generated and transmitted to mobile device of the car owner in step 638. The new authentication key is generated in the following manner. The process updates Seq=Seq+1 and computes a new key K.sub.id.sub.O=h(K, id.sub.Car, id.sub.O, Seq) and encrypts the new key K.sub.id.sub.O with the car owner's old key K.sub.id.sub.O under an authenticated encryption scheme K.sub.O=AEnc(K.sub.id.sub.O, K.sub.id.sub.O) and sends K.sub.O to the mobile device of the car owner. If a response is subsequently received by the processing unit, the processing unit verifies res. The response comprises MAC(K.sub.id.sub.O, FALSE, r). To verify the res, the processing unit generates a MAC using the same MAC generation function with K.sub.id.sub.O, FALSE and r as the input, and see whether MAC is equal to res. If verification is successful, the processing unit computes Seq=Seq1.

    [0254] One skilled in the art will recognise that steps 630-638 may be rearranged such that vd is verified first prior to verifying the blacklist. Further, other permutation may be implemented without departing from the disclosure. Still further, steps 630-638 may be implemented in a single step without departing from the disclosure.

    [0255] Steps 630-638 are based on NFC communication channel between the car owner or delegated user and the car. In another embodiment where the communication channel between the car owner and the car is not that short, i.e. over Bluetooth, steps 630-638 may be performed in the following manner instead. Process 600 receives a message containing [0, ido, ri] from the car owner, where 0 denotes owner access. Upon receipt of the message, process 600 checks the blacklist to determine whether id.sub.O is revoked, and aborts if it is. Otherwise, process 500 computes K.sub.id.sub.O=h(K, id.sub.Car, id.sub.O) and vd.sub.1=MAC(K.sub.id.sub.O, r.sub.1, r) and transmits vd.sub.1 to the car owner. Process 600 then receives a message containing vd2 from the car owner where vd.sub.2=MAC(K.sub.id.sub.O, r). Upon receiving the message, process 600 checks whether vd.sub.2 is equal to MAC(K.sub.id.sub.O, r), and if the check passes, process 600 grants access to the car, e.g., open the car door. Otherwise process 600 rejects granting access.

    [0256] In step 640, process 600 updates the blacklist accordingly. In particular, process 600 updates the blacklist by appending the ID of the car owner or ID of the delegated user, ID of the car owner who delegated access to the delegated user, and the associated access policy P.sub.U.

    [0257] FIG. 7 illustrates a process 700 performed by the mobile device of the delegated user in accordance with this disclosure. Process 700 begins with step 705 by requesting for a delegated authentication key. The request includes his/her ID id.sub.U. As mentioned above, the request for delegated authentication key may be via direct delivery or remote delivery. Hence, under direct delivery the request would be transmitted to the mobile device of the car owner via Bluetooth or NFC and no authentication is required. Under the remote delivery, the request for delegated authentication key is transmitted to the remote server in step 605. In the remote delivery scheme, prior to step 705, the mobile device of the delegated user has to first register with the remote server and setup an authentication password for subsequent login to request for delegated authentication key from a car owner. After the delegated user registers with the remote server, he/she can establish a connection with the remote server through a password authentication and transmits the request to the remote server. In the remote delivery, the request would also include the car ID or the car owner ID in order for the remote server to direct the request to the right user.

    [0258] In step 710, process 700 receives a delegated authentication key K.sub.id.sub.U=(K.sub.id.sub.O, id.sub.U, P.sub.u). Under direct delivery, the delegated authentication key would be received from the mobile device of the car owner via Bluetooth or NFC. Under the remote delivery, the request for delegated authentication key would be received from the remote server. Steps 705-710 are executable by the delegated user key generation module 3310.

    [0259] After the delegated user received the delegated authentication key, he/she is able to access the car with the delegated authentication key. To access the car, process 700 receives the car ID id.sub.Car and a random number r in a fixed frequency via either NFC or Bluetooth in step 715. Based on the id.sub.Car and random number r, the delegated user computes vd=MAC(K.sub.id.sub.U, r), and then transmits a request to access the car in step 720. vd is computed via a Message Authentication Code (MAC) using a MAC generation function with K.sub.id.sub.U and r as the input. The request includes [1, id.sub.U, id.sub.O, P.sub.U, vd] where 1 denotes delegated user access. With the correct request, the car should grant access to the car by opening the car door. Otherwise, the car would reject granting access. Process 700 ends after step 720. Steps 715-720 are executable by the car access protocol module 3330.

    [0260] FIG. 8 illustrates a process 800 performed by the remote server in accordance with this disclosure. Process 800 begins with step 805 by receiving a request from either the processing unit residing in the car or mobile devices of either car owners or delegated users. If the request is from the processing unit residing in the car to update blacklist, process 800 proceeds to step 810 which is executed by the blacklist module 3420. If the request is from the mobile device of the car owners and delegated user for remote delivery of delegated authentication key, process 800 proceeds to step 820 which is executed by the delegated user key generation module 3410. If the request is from the mobile device of the car owner to revoke a user, process 800 proceeds to step 830 which is executed by the blacklist module 3420.

    [0261] In step 810, process 800 retrieves the blacklist associated to the car ID upon receiving a request for blacklist from the processing unit residing in the car. The request includes the car ID and/or the ID of the car owner. In step 812, process 800 transmits the blacklist to the processing unit residing in the car.

    [0262] Step 820 involves handling the remote delivery of delegated authentication key between the delegated user and the car owner. In the remote delivery scheme, prior to step 820, the mobile devices of the delegated user and car owner have to be registered with the remote server and subsequently login with their respective password in order to transmit data to and receive data from the remote server. In step 820, process 700 receives a request from the delegated user comprising its ID together with the car ID or the car owner ID. In response to receiving the request, the remote server transmits a notification to the car owner in step 822. Upon receiving the notification from the remote server, the car owner would login to the remote server and request for information. Hence, in step 824, process 800 receives a request of information from the car owner. In response to receiving the request for information, process 800 generates and transmits information pertaining to the delegated user in step 826. The information may include, name of the delegated user and ID of the delegated user. In step 828, process 800 receives the delegated authentication key from the car owner. In step 829, process 800 transmits the delegated authentication key from the delegated user.

    [0263] Step 830 involves a request to revoke a user from is the mobile device of the car owner. In step 830, receives a revoke request from the mobile device of the car owner. If a master car owner wishes to revoke a car owner, the revoke request contains ID of the car owner in step 830. If the car owner wishes to revoke a delegated user, the revoke request contains ID of the delegated user, ID of the car owner who delegated the ID, and the associated access policy P.sub.U in step 830 instead. In response to receiving the revoke request from the car owner, process 800 retrieves the blacklist associated to the ID of the requestor and appends the blacklist accordingly in step 832. Particularly, if the revoke request contains ID of the car owner, process 800 appends the blacklist to include the ID of the car owner, i.e. [id.sub.O]. If the revoke request contains ID of the delegated user, ID of the car owner who delegated the ID, and the associated access policy P.sub.U, process 800 append the blacklist to include ID of the delegated user, ID of the car owner who delegated the ID, and the associated access policy P.sub.U, i.e. [id.sub.U, id.sub.O, P.sub.U].

    [0264] Process 800 ends after step 812, 829 or 832.

    [0265] The following second embodiment presents another instantiation based on hierarchical Identity Based Signature (IBS). In an IBS system, a user's identity acts as the user's public key, without the reliance on Public Key Infrastructure (PKI) and in turn public-key certificates. The user's private key corresponding to the user's identity is issued by a Key Generation Center (KGC) which has a global public key/private key pair.

    [0266] In hierarchical IBS, the KGC can be seen at level 0, and it issues level-1 private keys corresponding to user identities while a level-1 private key issues level-2 private keys, and so on. In particular, a hierarchical IBS scheme consists of the following algorithms:

    [0267] 1. HSetUp(1.sup.k).fwdarw.(GPK, GSK): This is a system setup algorithm that generates the global key pair GPK and GSK, where k is the security parameter.

    [0268] 2. HKeyGen(sk.sub.id.sub.i,L, id.sub.j,L+1, P.sub.id.sub.j,L+1).fwdarw.sk.sub.id.sub.j,L+1: This is a key generation algorithm, taking as input a level-L private key corresponding to id.sub.i,L, an identity id.sub.j,L+1 and a policy P.sub.id.sub.j,L+1 for id.sub.j,L+1, and outputting a level-(L+1) private key sk.sub.id.sub.j,L+1 corresponding to id.sub.j,L+1, and bounded by P.sub.id.sub.j,L+1. It is noted that GSK can be viewed as a level-0 private key corresponding to a special identity. The subscript L in id.sub.i,L is immaterial and it simply logically denotes that is a level-L identity.

    [0269] 3. HSign(sk.sub.id.sub.j,L, m).fwdarw.: This is a signing algorithm, taking as input a level-L private key corresponding to id.sub.j,L and a message m, outputting a signature on m.

    [0270] 4. HVerify(, m, id.sub.j,L, P.sub.id.sub.J,L, id.sub.i,L1, P.sub.id.sub.i,L1, id.sub.k,L2, P.sub.id.sub.k,L2, . . . , GPK).fwdarw.{0, 1}: This is a signature verification algorithm, taking as input a signature , the message m, and a chain of identities and the associated access policies including the identity corresponding to the level-L private key that generates the signature, and the identity corresponding to the level-(L1) private key that generates the level-L private key, and all the way down to GPK. The algorithm outputs a bit either 0 or 1.

    [0271] Based on a hierarchical IBS scheme, the instantiation can be described using FIG. 4. All the assumptions in the first embodiment remain, unless otherwise specified.

    [0272] Step 420 is modified such that the car would generate a secret key (GSK) by executing HSetUp(1.sup.k) to generate (GPK, GSK). The car then stores the GSK securely in the secure storage module while leaving GPK public. The car is at level 0.

    [0273] Step 435 is modified such that in response to receiving the request from the car owner, the car executes the key generation algorithm HKeyGen(GSK, id.sub.O,1, NULL), taking as input the GSK, the ID of the first device to generate a level 1 authentication key sk.sub.id.sub.O,1. It should be noted that the car owner is at level 1. The level 1 authentication key and the GPK are transmitted to the car owner in step 440.

    [0274] In step 445, instead of computing vd, the car owner generates instead. Particularly, the car owner taps his/her mobile device to the car and receives the broadcast message containing ID id.sub.Car and a random number r. Based on the id.sub.Car and random number r, the car owner executes the signing algorithm, HSign(sk.sub.id.sub.O,1, r), taking as input the first level authentication key of the car owner and the random number r, to generate , and then sends [0, id.sub.O, ] to the car, where 0 denotes owner access. In step 450, the car verifies the blacklist and . In particular, the car checks the blacklist to determine whether id.sub.O is revoked, and aborts if it is. If the id.sub.O is not in the blacklist, the car continues to execute the signature verification algorithm, HVerify(, r, id.sub.O,1, NULL, GPK), taking as input the signature , the random number r, the ID of the first device, and GPK and grant the access if the output is 1. Otherwise, the car rejects granting access.

    [0275] In step 465, in response to receiving the ID of the delegated user, the car owner determines an access policy P.sub.id.sub.U,2, and executes the key generation algorithm, HKeyGen(sk.sub.id.sub.O,1, id.sub.U,2, P.sub.id.sub.U,2) taking as input the first level authentication key, the ID of the second device and the access policy P.sub.id.sub.U,2 for id.sub.U,2 to generate a level 2 authentication key sk.sub.id.sub.U,2. Thereafter, the car owner transmits the level 2 authentication key and the GPK to the delegated user via either direct delivery or remote delivery in step 470.

    [0276] In step 480, instead of computing vd, the delegated user generates a instead. Particularly, the delegated user taps his/her mobile device to the car and receives the broadcast message containing ID id.sub.Car and a random number r. Based on the id.sub.Car and random number r, the delegated user computes =HSign(sk.sub.id.sub.U,2, r), and then sends a request containing [1, id.sub.U,2, id.sub.O,1, P.sub.id.sub.U,2, ] to the car, where 1 denotes delegated user access. Particularly, the delegated user execute the signing algorithm HSign(sk.sub.id.sub.U,2, r), taking as input the second level authentication key and the random number r, to generate the signature . In step 485, the car verifies the P.sub.id.sub.U,2, blacklist and . In particular, upon receipt of the message, the car first checks whether P.sub.id.sub.U,2 is still valid, and aborts if P.sub.id.sub.U,2 does not hold any more. Otherwise, the car checks the blacklist to determine whether id.sub.O,1 or id.sub.U,2 is revoked, and aborts if it is. Otherwise, the car continues to compute b=HVerify(, r, id.sub.U,2, P.sub.id.sub.U,2, id.sub.O,1, NULL, GPK). Particular, the car executes the signature verification algorithm, HVerify(, r, id.sub.U,2, P.sub.id.sub.U,2, id.sub.O,1, NULL, GPK), taking as input the signature a, the random number r, the ID of the second device, the P.sub.id.sub.U,2, the ID of the first device, and GPK. If b=1, the car grants the access, e.g., open the car door. Otherwise, the car rejects granting access.

    [0277] The user revocation remains the same as the first embodiment

    [0278] The following third embodiment presents another instantiation based on digital signature. The digital signature scheme consists of the following algorithms:

    [0279] 1. KeyGen(1.sup.k).fwdarw.(PK, SK): it is key generation algorithm, which takes as input security parameter 1.sup.k, and outputs a public/private key pair (PK, SK).

    [0280] 2. Sign(SK, m).fwdarw.: it is a signing algorithm, which takes as input private key SK and a message m, and outputs a signature on m.

    [0281] 3. Verify(, m, PK).fwdarw.{0, 1}: this is signature verification algorithm, which takes as input a signature , message m, and public key PK, and outputs a bit either 0 or 1.

    [0282] Based on the digital signature scheme, the instantiation can be described using FIG. 4. All the assumptions in the first embodiment remain, unless otherwise specified.

    [0283] Step 420 is modified such that the car would generate a secret key (SK.sub.C) by executing KeyGen(1.sup.k) to generate a pair of keys (PK.sub.C, SK.sub.C). The car then stores the SK.sub.C securely in the secure storage module while leaving PK.sub.C public.

    [0284] Step 430 is modified such that car owner executes KeyGen(1.sup.k) to generate a pair of keys (PK.sub.O, SK.sub.O) for the car owner; transmits the public key of the car owner, PK.sub.O, to car; and stores the private key, SK.sub.O, securely in secure storage module. Step 435 is modified such that in response to receiving the public key of the car owner PK.sub.O from the car owner, the car executes the signing algorithm, Sign(SK.sub.C, PK.sub.O) taking as input the SK.sub.C, and the public key of the car owner to generate .sub.C,O where .sub.C,O serves as a digital certificate for the PK.sub.O. The digital certificate is transmitted to the car owner in step 440. In an alternative embodiment, the car owner digital certificate .sub.C,O and the pair of keys for the car (PK.sub.C, SK.sub.C) are not required when a whitelist containing the public key of the car owner PK.sub.O is maintained in the car.

    [0285] In step 445, instead of computing vd, the car owner generates a instead. Particularly, the car owner taps his/her mobile device to the car and receives the broadcast message containing ID id.sub.Car and a random number r. Based on the id.sub.Car and random number r, the car owner executes the signing algorithm, Sign(SK.sub.O, r) taking as input the private key of the car owner, SK.sub.O and the random number r to generate a, and then sends [0, PK.sub.O, .sub.C,O, ] to the car, where 0 denotes owner access. In step 450, the car verifies the blacklist and . In particular, the car checks the blacklist to determine whether PK.sub.O is revoked, and aborts if it is. If the PK.sub.O is not in the blacklist, the car continues to execute both a first verification algorithm, Verify(.sub.C,O, PK.sub.O, PK.sub.C) taking as input the signature .sub.C,O, the public key of the car owner and the public key of the car and a second verification algorithm, Verify(, r, PK.sub.O) taking as input the signature , the random number r, the public key of the car owner, and grant the access if both output 1. Otherwise, the car rejects granting access. In the alternative embodiment, steps 445-450 would be modified such that the car owner sends [0, PK.sub.O, ] to the car, where =Sign(SK.sub.O, r). In response, the car would check whether PK.sub.O is in the whitelist. If PK.sub.O is in the whitelist, the car continues to verify by executing the second verification algorithm, Verify(, r, PK.sub.O) taking as input the signature , the random number r, the public key of the car owner, and grant the access result from the second verification algorithm is 1. Otherwise, the car rejects granting access.

    [0286] Step 460 is modified such that the delegated user executes KeyGen(1.sup.k) to generate a pair of keys (PK.sub.U, SK.sub.U); transmits public key PK.sub.U to car owner; and stores the private key SK.sub.U securely in secure storage module. Step 465 is modified such that in response to receiving PK.sub.U from the delegated user, the car owner determines an access policy P.sub.U and executes the signing algorithm Sign(SK.sub.O, PK.sub.UP.sub.U) taking as input the SK.sub.O, and the public key of the delegated user and the access policy PK.sub.UP.sub.U to generate .sub.O,U where .sub.O,U serves as a digital certificate for the PK.sub.U. The digital certificate .sub.O,U together with the PK.sub.O and .sub.C,O are transmitted to the delegated user via either direct delivery or remote delivery in step 470. In the alternative embodiment, step 470 would be modified such that the digital signature of the car owner .sub.C,O is not transmitted to the delegated user.

    [0287] In step 480, instead of computing vd, the delegated user generates a instead. Particularly, the delegated user taps his/her mobile device to the car and receives the broadcast message containing ID id.sub.Car and a random number r. Based on the id.sub.Car and random number r, the delegated user executes the signing algorithm, Sign(SK.sub.U, r) taking as input the private key of the delegated user, SK.sub.U and the random number r, to generate and then sends a request containing [1, PK.sub.U, P.sub.U, .sub.O,U, PK.sub.O, .sub.C,O, ] to the car, where 1 denotes delegated user access. In step 485, the car verifies the PK.sub.O, P.sub.U, blacklist and . In particular, upon receipt of the message, the car first checks whether P.sub.U is still valid, and aborts if P.sub.U does not hold any more. Otherwise, the car checks the blacklist to determine whether PK.sub.O or PK.sub.U is revoked, and aborts if it is. Otherwise, the car continues to execute a third signature verification algorithm Verify(.sub.C,O, PK.sub.O, PK.sub.C) taking as input the signature .sub.C,O, the public key of the car owner, and the public key of the car, a fourth signature verification algorithm Verify(.sub.O,U, PK.sub.UP.sub.U, PK.sub.O) taking as input the signature .sub.O,U, the public key of the delegated user and the policy PK.sub.UP.sub.U, and the public key of the car owner, and a fifth signature verification algorithm Verify(, r, PK.sub.U) taking as input the signature , the random number r, the public key of the delegated user. If all return 1, the car grants the access, e.g., open the car door. Otherwise, the car rejects granting access. In the alternative embodiment, step 480 would be modified such that the delegated user sends a request containing [1, PK.sub.U, P.sub.U, .sub.O,U, PK.sub.O, ]. In step 485, the car will first check: 1) whether PK.sub.O is in the whitelist; 2) whether P.sub.U is still valid; 3) whether PK.sub.O or PK.sub.U is in the blacklist. If the PK.sub.O is in the whitelist, P.sub.U is still valid and PK.sub.O or PK.sub.U is not in the blacklist, the car continues to verify .sub.O,U by executing a signature verification algorithm, Verify(.sub.O,U, PK.sub.U, PK.sub.O) taking as input the digital signature of the delegated user .sub.O,U, the public key of the delegated user PK.sub.U, the public key of the car owner PK.sub.O. and verify , by executing another signature verification algorithm, Verify(, r, PK.sub.U) taking as input the signature , the random number r, the public key of the user PK.sub.U. If all return 1, the car grants the access, e.g., open the car door. Otherwise, the car rejects granting access.

    [0288] The user revocation remains the same as the first embodiment except that for revoking a car owner, the car owner's public key is stored on the blacklist instead of ID. For revoking a delegated user, the user's public key PK.sub.U, the delegator owner's public PK.sub.O and the access policy P.sub.U are stored in the blacklist instead of car owner's ID and delegator user's ID. In the alternative embodiment, instead of adding car owner's public key onto the blacklist, the car owner's public key PK.sub.O are removed from the whitelist.

    [0289] The above is a description of embodiments of a method and system of a framework, implementing an identity-based cryptography for generating and distributing IDs and keys between a car, car owners, delegated users and a remote server for accessing a car. It is foreseeable that those skilled in the art can and will design alternative method and system based on this disclosure that infringe upon this invention as set forth in the following claims.