MOBILE PHONE AS A CAR KEY

Abstract

A method performed by a vehicle of enabling access to the vehicle using a wireless communication device as a key includes advertising a random number required to access the vehicle, and receiving, from the wireless communication device approaching the vehicle, a request to access the vehicle, the request including authentication data, a signature of the wireless communication device, and booking data required to access the vehicle. The method also includes determining that the received authentication data matches the advertised random number, and verifying correctness of the signature of the wireless communication device in response to determining that the received authentication data matches the advertised random number. The method also includes determining that the booking data is valid in response to verifying correctness of the signature of the wireless communication device, and allowing access to the vehicle in response to determining that the booking data is valid.

Claims

1. A method performed by a vehicle of enabling access to the vehicle using a wireless communication device as a key, the method comprising: advertising a random number required to access the vehicle; receiving, from the wireless communication device approaching the vehicle, a request to access the vehicle, the request comprising authentication data, a signature of the wireless communication device, and booking data required to access the vehicle; determining that the received authentication data matches the advertised random number; verifying correctness of the signature of the wireless communication device in response to determining that the received authentication data matches the advertised random number; determining that the booking data is valid in response to verifying correctness of the signature of the wireless communication device; and allowing access to the vehicle in response to determining that the booking data is valid.

2. The method of claim 1 wherein a new random number is advertised after a currently advertised random number is received from the wireless communication device.

3. The method of claim 1 wherein the booking data comprises a signature of a party issuing the booking data, and wherein determining that the booking data is valid comprises verifying correctness of the signature of the party issuing the booking data.

4. The method of claim 1 wherein the booking data comprises a public key of the wireless communication device and/or a public key of the vehicle.

5. The method of claim 1 wherein the advertising of a random number is performed using Bluetooth Low Energy (BLE).

6. The method of claim 1 wherein the vehicle comprises a processing unit and a non-transitory computer readable medium having stored computer executable instructions for execution by the processing unit for enabling the access to the vehicle using the wireless communication device as the key.

7. A method performed by a wireless communication device of enabling access to a vehicle using the wireless communication device as a key, the method comprising: obtaining, from a party providing access to the vehicle, booking data required to access the vehicle; receiving, from the vehicle, a random number required to access the vehicle; and transmitting, to the vehicle, a request to access the vehicle, the request comprising the received random number, a signature provided by the wireless communication device, and the booking data, wherein, in response to the vehicle determining that the random number received from the wireless communication device matches the random number currently being advertised by the vehicle, that the provided signature is correct, and that the booking data is valid, access is allowed to the vehicle.

8. The method of claim 7 wherein the wireless communication device comprises a processing unit and a non-transitory computer readable medium having stored computer executable instructions for execution by the processing unit for enabling the access to the vehicle using the wireless communication device as the key.

9. A vehicle configured to enable a user to access the vehicle using a wireless communication device as a key, the vehicle comprising a processing unit operative to cause the vehicle to: advertise a random number required to access the vehicle; receive, from the wireless communication device approaching the vehicle, a request to access the vehicle, the request comprising authentication data, a signature of the wireless communication device, and booking data required to access the vehicle; determine that the received authentication data matches the advertised random number; verify correctness of the signature of the wireless communication device in response to a determination that the received authentication data matches the advertised random number; determine that the booking data is valid in response to a verification of correctness of the signature of the wireless communication device; and allow the user access to the vehicle in response to a determination that the booking data is valid.

10. The vehicle of claim 9 wherein a new random number is advertised after a currently advertised random number is received from the wireless communication device.

11. The vehicle of claim 9 wherein the booking data comprises a signature of a party issuing the booking data, and wherein, to determine that the booking data is valid, the vehicle is further operative to verify correctness of the signature of the party issuing the booking data.

12. The vehicle of claim 9 further operative to advertise the random number using Bluetooth Low Energy (BLE).

13. The vehicle of claim 9 further comprising a non-transitory computer readable medium having stored computer executable instructions for execution by the processing unit for enabling the access to the vehicle using the wireless communication device as the key.

14. A wireless communication device configured to enable access to a vehicle using the wireless communication device as a key, the wireless communication device comprising a processing unit being operative to cause the wireless communication device to: obtain, from a party providing access to the vehicle, booking data required to access the vehicle; receive, from the vehicle, a random number required to access the vehicle; and transmit, to the vehicle, a request to access the vehicle, the request comprising the received random number, a signature provided by the wireless communication device, and the booking data, wherein, in response to a determination by the vehicle that the random number received from the wireless communication device matches the random number currently being advertised by the vehicle, that the provided signature is correct, and that the booking data is valid, access is allowed to the vehicle.

15. The wireless communication device of claim 14 further comprising a non-transitory computer readable medium having stored computer executable instructions for execution by the processing unit for enabling the access to the vehicle using the wireless communication device as the key.

Description

BRIEF DESCRIPTION OF THE DRAWINGS

[0024] The disclosure is now described, by way of example, with reference to the accompanying drawings, in which:

[0025] FIG. 1 shows an infrastructure enabling the use of a wireless communication device as a car key;

[0026] FIG. 2 shows a signaling diagram illustrating a method of accessing a vehicle in the form of the car using a mobile phone as a key according to an embodiment;

[0027] FIG. 3 shows a flowchart illustrating the method described with the signaling diagram of FIG. 2, seen from the perspective of the car to be accessed;

[0028] FIG. 4 shows a vehicle according to an embodiment; and

[0029] FIG. 5 shows a wireless communication device according to an embodiment.

DETAILED DESCRIPTION

[0030] As required, detailed embodiments are disclosed herein. However, it is to be understood that the disclosed embodiments are merely exemplary and that various alternative forms may be employed. The figures are not necessarily to scale. Some features may be exaggerated or minimized to show details of particular components. Therefore, specific structural and functional details disclosed herein are not to be interpreted as limiting, but merely as a representative basis for teaching one skilled in the art.

[0031] The disclosure will now be described more fully hereinafter with reference to the accompanying drawings, in which certain embodiments of the disclosure are shown. This disclosure may, however, be embodied in many different forms and should not be construed as limited to the embodiments set forth herein; rather, these embodiments are provided by way of example so that this disclosure will be thorough and complete, and will fully convey the scope of the disclosure to those skilled in the art. Like numbers refer to like elements throughout the description.

[0032] FIG. 1 illustrates a user 100 approaching a car 101. The user 100 holds a wireless communication device (WCD, 102), in this case a mobile phone. Alternatively, the wireless communication device 102 may be embodied by a tablet, a smart watch, a laptop, etc.

[0033] The car 101 is typically equipped with an Electronic Control Unit (ECU, 103), which may be implemented by one or more microprocessors executing appropriate software for controlling various systems and components in the vehicle. A car may contain a great number of interconnected ECUs for controlling all properties of the car such as a brake control module (BCM) or a speed control module (SCM).

[0034] When using the phone 102 as a means for accessing the car, the ECU 103 is typically the device responsible for authenticating the user 102 and thus giving the user 100 access to the car 101 by unlocking the car.

[0035] Now, the phone 102 may communicate with the ECU 103 using any appropriate near-field communication (NFC) technology such as radio-frequency identification (RFID) or Bluetooth Low Energy (BLE). In the following exemplifying embodiments, the communication between the phone 102 and the ECU 103 will be performed using BLE.

[0036] In order for the user 100 to be able to access the car 102, the user 100 is required to have access to valid booking data.

[0037] Assuming for instance that the user 100 rents the car 102 from a car rental firm, or is member of a car pool and wishes to access the car during a given time period, the user 100 will obtain the booking data from the party providing access to the car 102, i.e. the car rental firm or the car pool provider.

[0038] In its simplest forum, the booking data may indicate an identifier of the renter of the car 102 and the time period for which the rental is valid:

[0039] booking=[Alan Smith; Pick-up: 1 May 2018, 13:00; Drop-off: 3 May 2018, 13:00].

[0040] The user 100 may e.g. be provided with the booking data via an online reservation service of the car rental firm or by making a car pool reservation via an App in her phone, thus connecting via the Internet to a cloud service 104 provided by the party giving the user access to the car 102.

[0041] It may also be envisaged that the concept of booking data is utilized for a permanently owned car. For instance, each of the members of a family owning a car may, using their respective phone, log onto an App provided by the car manufacturer to have their individual booking data issued:

[0042] booking1=[Alan Smith; permanent],

[0043] booking2=[Jane Smith; permanent]; and

[0044] booking3=[Julie Smith; permanent].

[0045] Hence, the three family members Alan, Jane and June will have permanently valid booking data (until being nullified) downloaded on their phones for accessing the family car.

[0046] In the following, the exemplifying scenario where the user 100 books the car 102 via an App on her phone 101 will be used.

[0047] FIG. 2 shows a signaling diagram illustrating a method of accessing a vehicle, in the form of the car 102, using a mobile phone 101 according to an embodiment. It is noted that the method may be used for any appropriate vehicle, such as a bus, a truck, a motorcycle, or even a bike being equipped with some form of processing unit, etc.

[0048] FIG. 3 shows a flowchart illustrating the method described with the signaling diagram of FIG. 2, seen from the perspective of the ECU 103 arranged in the car 102 to be accessed.

[0049] Hence, in a first step S100, the user 100 will via her phone 101 (denoted WCD in FIG. 2), obtain, from a party providing access to the car 102, booking data required to attain access to the car 102. The party providing the access is in this exemplifying embodiment a car pool provider (CPP, 104).

[0050] The ECU 103 will advertise (i.e. repeatedly transmit) a unique identifier required to unlock the vehicle, which unique identifier the phone 101 will receive when the user 100 approaches the car 102, For instance, the identifier may be embodied by a random number commonly referred to as a nonce, i.e. an arbitrary number that can be used just once. Hence, a new nonce is advertised each time the currently advertised nonce is used by a WCD to access the car 102. Advantageously, the use of a nonce ensures that replay attacks are not possible.

[0051] Hence, the ECU 103 repeatedly advertisesi.e. broadcastsa nonce and any phone within BLE range of the car 102 will be able to pick up the advertised nonce. The ECU 103 may for instance transmit a nonce every second using BLE. In this particular example, the ECU 103 advertises, say 67234, to the phone 101 in step S101.

[0052] In an optional embodiment, the phone 101 may record the instant of time at which it was received with a resolution of e.g. one second, say at 13:42:12.

[0053] In step S102, the phone 101 sends a request to the ECU 103 to access the car 102, which request comprises authentication data (67234) for accessing the car 102, a signature provided by the phone 101, and the booking data.

[0054] The phone 101 may for instance use its private key to provide the authentication data with a digital signature, in which case the ECU 103 will use the corresponding public key of the phone 101 to subsequently verify the digital signature. The public key may e.g. be provided to the ECU 103 upon a user registering the phone 101 with the booking service, or may be included in the booking data. Alternatively, the phone 101 may encrypt the authentication data with a secret symmetric key shared with the ECU 103. In any case, the ECU 103 is ensured that the access request originates from a trusted WCD.

[0055] In case a time stamp (13:42:12) is recorded by the phone 101, the time stamp is provided with the access request, such that correctness of the time stamp can be verified by the ECU 103,

[0056] Upon receiving the request to access the car 102, the ECU 103 determines in step S103 if the received authentication data (67234) matches the nonce previously transmitted to the phone 101 in step S101, which it indeed does in this example, and the ECU 103 will proceed to verifying correctness in step S104 of the signature included in the access request, for instance by means of using the public key of the phone corresponding to the private key of the phone 101 utilized to provide the signature. A next advertisement from the ECU 103 will comprise a new nonce. Hence, a new nonce (e.g. 48931) is advertised by the ECU 103 after a currently advertised nonce has been used by a WCD when trying to access the car 102. That is, when the ECU 103 has received the nonce from the phone 101 and attempted a match, a new nonce will be advertised. This has as an advantageous effect that the currently advertised nonce used to access the car cannot be replayed. It is noted that a new nonce will be advertise even if the matching is not successful (thereby not giving the user access to the car).

[0057] If the provided signature is verified to be correct, the ECU 103 is ensured that the access request originates from a trusted WCD, and thus advantageously that the access request is provided with authenticity.

[0058] As can be concluded from the flowchart of FIG. 3, if the phone 101 cannot present the nonce being advertised by the ECU 103 in step S101, the unlocking process is aborted. Further, if the correctness of the signature cannot be verified, the unlocking process is aborted.

[0059] However, since the received authentication data (67234) in this particular example matches the nonce advertised by the ECU 103 and the signature provided by the phone 101 is verified to be correct, the ECU 103 proceeds to step S105 and determines if the booking data is valid.

[0060] In a basic embodiment, the ECU 103 verifies that the booking data has a predetermined format, for instance an 8-bit data field where all bits are set to 1, in which case the booking data is considered valid. If not, the unlocking process is aborted. It is noted that steps S103, S104 and S105 may be performed in a reverse order.

[0061] In an embodiment providing a higher level of security, the ECU 103 will acquire the booking data, either by submitting a request to the car pool provider 104 inquiring whether the received booking data [Alan Smith; Pick-up: 1 May 2018, 13:00; Drop-off: 3 May 2018, 13:00] is valid, or by comparing the received booking data to booking data fetched from a local storage in the ECU 103 to which the booking data previously has been transmitted from the car pool provider 104.

[0062] Finally, in step S106, since all of the verifying steps S103-S105 are successful, the user 100 is given access to the car 102, and the locked car 102 is unlocked.

[0063] Optionally, with reference to step S107 of FIG. 2, the ECU 103 transmits a confirmation message displayed on the screen of the phone 101 informing the user 100 that the car 102 is unlocked.

[0064] The vehicle-unlocking process illustrated with reference to FIGS. 2 and 3 has a number of advantages.

[0065] Firstly, if a nonce provided by the ECU 103 is used as a means required to access the car 102, security is enhanced, since the nonce is for one-time use and thus cannot be reused or replayed; the currently advertised nonce must be presented by the phone 101 to the ECU 103. Each time a new vehicle-unlocking process commences, a new nonce is transmitted by the ECU 103.

[0066] Secondly, a signature is provided by the phone 101 thereby ensuring the ECU 103 that the access request originates from a trusted WCD.

[0067] As a result, the ECU 103 will only allow access to the car 102, and possibly send a confirmation to the phone 101 accordingly to notify the user 100, if the access request transmitted by the phone comprises the nonce and the signature is correct (and of course that the booking data is valid). If not, the ECU 103 will discontinue its communication with the phone 101 resulting in no information leakage to a potentially malicious third party.

[0068] With the disclosure, in contrast to e.g. the TLS protocol, the phone 101 can just passively receive access credentials in the form of the nonce from the ECU 103 via BLE, and the ECU 103 will only send data back to the phone 101 in case of successful verification, otherwise the ECU 103 will disconnect, whereas in the TLS protocol some bidirectional handshaking would be required even if the phone 101 is not given access to the car 102.

[0069] In yet an embodiment, the car pool provider 104 signs the booking data with a private key when issuing the booking data to the user 100, and the ECU 103 uses a corresponding public key of the car pool provider 104 to verify the signature. The public key may be transmitted with the booking data, or the car 102 may be configured with the public key upon being incorporated in the car pool. As previously mentioned, the (signed) booking data may further comprise the public key of the phone 101, and even the public key of the car 102.

[0070] In such an embodiment the ECU 103 will in step S105 not only determine whether the booking data is valid or not, but also verify correctness of the signature provided by the issuer of the booking data (i.e. the car pool provider 104). If the verification of the signature provided by the car pool provider 104 fails, the process will be aborted.

[0071] This is advantageous, since it is ensured that the booking data originates from a trusted source. It is further advantageous since the public key of the phone 101 and possible also the public key of the car 102 may be included in the booking data, and the phone 101 and the ECU 103 may thus implicitly trust the public keys comprised in the booking since the booking data is signed by a trusted source (i.e. the car pool provider 104).

[0072] FIG. 4 illustrates a vehicle 102 in the form of a car. The steps of the method performed by the car 102 for enabling a user to access the car 102 using a wireless communication device as a key according to embodiments are in practice performed by an ECU 103 as previously has been described. The ECU 103 includes a processing unit 105 embodied in the form of one or more microprocessors arranged to execute a computer program 106 downloaded to a suitable storage volatile medium 107 associated with the microprocessor, such as a Random Access Memory (RAM), or a non-volatile storage medium such as a Flash memory or a hard disk drive. The processing unit 105 is configured to cause the car 102 to carry out the method according to embodiments when the appropriate computer program 106 comprising computer-executable instructions is downloaded to the storage medium 107 and executed by the processing unit 105. The storage medium 107 may also be a computer program product comprising the computer program 106. Alternatively, the computer program 106 may be transferred to the storage medium 107 by means of a suitable computer program product, such as a Digital Versatile Disc (DVD) or a memory stick. As a further alternative, the computer program 106 may be downloaded to the storage medium 107 over a network. The processing unit 105 may alternatively be embodied in the form of a digital signal processor (DSP), an application specific integrated circuit (ASIC), a field-programmable gate array (FPGA), a complex programmable logic device (CPLD), etc., causing the car 102 to perform the method of embodiments of the disclosure.

[0073] FIG. 5 illustrates a wireless communication device 101 in the form of a phone. The steps of the method performed by the phone 101 for enabling a user to access a car 102 using the phone 101 as a key according to embodiments are in practice performed by a processing unit 115 embodied in the form of one or more microprocessors arranged to execute a computer program 116 downloaded to a suitable storage volatile medium 117 associated with the microprocessor, such as a RAM, or a non-volatile storage medium such as a Flash memory or a hard disk drive. The processing unit 105 is configured to cause the phone 101 to carry out the method according to embodiments when the appropriate computer program 116 comprising computer-executable instructions is downloaded to the storage medium 117 and executed by the processing unit 115. The storage medium 117 may also be a computer program product comprising the computer program 116. Alternatively, the computer program 116 may be transferred to the storage medium 117 by means of a suitable computer program product, such as a DVD or a memory stick. As a further alternative, the computer program 116 may be downloaded to the storage medium 117 over a network. The processing unit 115 may alternatively be embodied in the form of a DSP, an ASIC, an FPGA, a CPLD, etc., causing the phone 101 to perform the method of embodiments of the disclosure.

[0074] The disclosure has mainly been described above with reference to a few embodiments. However, as is readily appreciated by a person skilled in the art, other embodiments than the ones disclosed above are equally possible within the scope of the disclosure, as defined by the appended patent claims.

[0075] While exemplary embodiments are described above, it is not intended that these embodiments describe all possible forms of the disclosure. Rather, the words used in the specification are words of description rather than limitation, and it is understood that various changes may be made without departing from the spirit and scope of the disclosure. Additionally, the features of various implementing embodiments may be combined to form further embodiments of the disclosure.

MOBILE PHONE AS A CAR KEY

Assignee

Inventors

Cpc classification

Classification Explorer

H04W4/40

ELECTRICITY

Classification Explorer

G07C2209/08

PHYSICS

Classification Explorer

H04L2209/80

ELECTRICITY

Classification Explorer

G07C2009/00396

PHYSICS

Classification Explorer

G07C2009/00507

PHYSICS

Classification Explorer

G07C9/00309

PHYSICS

Classification Explorer

H04L9/3271

ELECTRICITY

Classification Explorer

H04W12/08

ELECTRICITY

Classification Explorer

H04L2209/84

ELECTRICITY

Classification Explorer

B60R25/20

PERFORMING OPERATIONS; TRANSPORTING

Classification Explorer

H04W12/069

ELECTRICITY

Classification Explorer

G07C2009/00388

PHYSICS

Classification Explorer

B60R25/24

PERFORMING OPERATIONS; TRANSPORTING

Classification Explorer

G07C2009/00468

PHYSICS

Classification Explorer

G07C2209/63

PHYSICS

International classification

Classification Explorer

B60R25/24

PERFORMING OPERATIONS; TRANSPORTING

Classification Explorer

G07C9/00

PHYSICS

Abstract

Claims

Description