Dismiss
InnovationQ will be updated on Sunday, Oct. 22, from 10am ET - noon. You may experience brief service interruptions during that time.
Browse Prior Art Database

System and Method for Using a Mobile Device and/or Bluetooth Smart-Card Reader for Car Authentication

IP.com Disclosure Number: IPCOM000131897D
Publication Date: 2005-Nov-21
Document File: 2 page(s) / 47K

Publishing Venue

The IP.com Prior Art Database

Abstract

Some cars currently have the following features: 1) Bluetooth capabilities with which mobile devices are capable of communicating to use the hands-free speaker phone. 2) Key pads on the outside of the door to unlock the doors 3) Remote car starters 4) Wireless key chains to unlock card doors How can a mobile device and/or Bluetooth smart-card reader be used to enhance the above features while also enhancing security and helping prevent auto theft? The government already uses smart cards to unlock weapons systems, armed vehicles, and building doors. They currently have to insert their smart card into the system they are trying to activate. How can we improve on these systems? The proposed solution is to use the mobile device or smart card to authenticate to the car. When a user first purchases a car with Bluetooth authentication capabilities, the user pairs their mobile device with the car. The mobile device generates a certificate with corresponding public and private keys (all of which are stored in the key store protected with the user’s key-store password) and sends the certificate to the car. The car and mobile device both show the hash of the certificate so the user can ensure the correct certificate has been downloaded. The following operations can now be initiated by authenticating with the mobile device: 1) To unlock the doors. When the user goes near their car, the car detects they have entered into Bluetooth range and sends a random challenge to the mobile device. When the mobile device receives the notification, the user is prompted for their key-store password in order to unlock the doors. If the user correctly enters their password, the system is able to access the user’s private key, which it uses to sign the random challenge. The signed response is sent back to the car. The car uses the user’s public key to verify the challenge response. If the challenge response is verified, the car automatically unlocks the doors. 2) To start the car. The same sequence of events would occur in order to start the car as was used to unlock the doors. These two events could be combined so in a single challenge the car could unlock the doors and start the car. To combine the two operations, the user could be prompted to enter their key-store password and be given the buttons: "Unlock Doors, Start Car, Unlock and Start". The user would enter their password and click the button corresponding to the operation the desired action. The user could also initiate either of these actions instead of the action being initiated from the car. The user would enter an application, choose the operation, and send a message to the car. The car would respond with a random challenge, which the Mobile device would have to sign in order for the action to be completed. This allows the user to do a remote car start from within Bluetooth range. In the two systems described above, the mobile device generates and stores the certificates and private key. To further enhance security, the user could use the private key and certificate stored on their smart card. The car would still communicate with the mobile device, but any access to the private key would be redirected to the smart card reader. The user would have to import the certificate on the smart card onto the mobile device. To pair with the car, the user downloads the certificate from the smart card and stores it in the mobile-device key store; the private key always remains on the smart card. The certificate contains a pointer to the private key on the smart card. The certificate is then sent to the car, and both sides show the hash of the certificate to ensure the correct certificate was sent/received. When an operation needs to take place, the car sends a random challenge to the mobile device. The mobile device attempts to access the private key and detects that it is on the smart card. The mobile device prompts the user for their smart-card password and sends the random challenge to the smart card reader, which sends it to the smart card to sign. The challenge response is then sent back to the mobile device and then back to the car to verify. There is a secure channel between both the mobile device and car and between the car and smart-card reader. Now in the government, they can keep their smart card in their Bluetooth reader and activate wirelessly, in a secure manner. The same ideas could be used for any doors, not just car doors. It could be used for entrance into buildings or your home. You could even use it to open your garage door. The uniqueness of this solution is a secure Bluetooth wireless solution to open doors using a certificate-based system using the mobile device or a mobile device and smart-card reader wherein the mobile device acts as a proxy for the smart-card reader (to comminicate with, show UI and enter the smart-card password).

This text was extracted from a Microsoft Word document.
At least one non-text object (such as an image or picture) has been suppressed.
This is the abbreviated version, containing approximately 53% of the total text.

BLUETOOTH CAR AUTHENTICATION

System and Method for Using a

Mobile

Device and/or Bluetooth Smart-Card Reader for Car Authentication

Disclosed Anonymously

Some cars currently have the following features:

1) Bluetooth capabilities with which mobile devices are capable of communicating to use the hands-free speaker phone.

2) Key pads on the outside of the door to unlock the doors

3) Remote car starters

4) Wireless key chains to unlock card doors

How can a mobile device and/or Bluetooth smart-card reader be used to enhance the above features while also enhancing security and helping prevent auto theft?

The government already uses smart cards to unlock weapons systems, armed vehicles, and building doors. They currently have to insert their smart card into the system they are trying to activate. How can we improve on these systems?

The proposed solution is to use the mobile device or smart card to authenticate to the car. When a user first purchases a car with Bluetooth authentication capabilities, the user pairs their mobile device with the car.  The mobile device generates a certificate with corresponding public and private keys (all of which are stored in the key store protected with the user’s key-store password) and sends the certificate to the car.  The car and mobile device both show the hash of the certificate so the user can ensure the correct certificate has been downloaded.

The following operations can now be initiated by authenticating with the mobile device:

1) To unlock the doors.

When the user goes near their car, the car detects they have entered into Bluetooth range and sends a random challenge to the mobile device.  When the mobile device receives the notification, the user is prompted for their key-store password in order to unlock the doors.  If the user correctly enters their password, the system is able to access the user’s private key, which it uses to sign the random challenge.  The signed response is sent back to the car. The car uses the user’s public key to verify the challenge response.  If the challenge response is verified, the car automatically unlocks the doors.

2) To start the car.

The same sequence of events would occur in order to start the car as was used to unlock the doors.

These two events could be combined so in a single challenge the car could unlock the doors and start the car.  To combine the two operations, the user could be prompted to enter their key-store password and be given the buttons: "Unlock Doors, Start Car, Unlock and Start". The user would enter their password and click the button corresponding to the operation the desired action.

The...