Description:Technical Field of Invention
[0001]
The present invention is generally related to security systems. Particularly, the present invention is related to a secured authorization protocol between two or more systems, pertaining to a vehicle.
5
Background
[0002]
Security of one’s property is of the primary concern of any person. In the present time, the property may be both tangible and intangible. When the security system of most items of value are based on electronics, it is imminent that a skilled person may try to gain unauthorized access to the same. Such objects may 10 be vehicles, vaults, external electronic data storage devices, etc. An electronic system may be secured in a number of ways. The most common method of securing a system is through a password, which identifies an authorized access of the system, as opposed to an attempt at an unauthorized access. This is most commonly used on personal electronic devices such as mobile phones, and 15 computers, where it is easier to input a pre-defined password, as most such devices come equipped with a keypad, in one form or another. In other kinds of devices, where providing a keypad itself can compromise the security of the device, it is important to provide a mechanical security mechanism to further secure the device physically. It is therefore Important to secure the entire locking 20 and unlocking mechanism of the system in a manner that it cannot be accessed by an unauthorized person very easily.
[0003]
As an example, a vault may include a system to detect any attempt at tampering with the physical locking mechanism. A vehicle, on the other hand, usually includes a physical key to lock the ignition system, as well as the steering 25 and other critical systems. In vehicles however, the physical keys are being replaced with electronic keys, which are usually configured to unlock one specific vehicle. Such systems are however prone to hacking, and are not completely secure. Additionally, an external electronic key which cannot easily hacked is also useful for other electronic security systems, such as vaults, home security systems, 30
3
or even personal luggage. If such items are configured with a locking an
unlocking mechanism which is hidden from the naked eye, and provided with enough physical protection that it is impregnable, a key fob may be used to securely access the same without any concern for break-ins. In that case however, the authorization protocol between the security system and the key fob has to be 5 secured beyond reproach, so that a skilled person cannot hack into the same, as is common in the case of vehicle key fobs. Electronic key fobs are most commonly used in vehicles in the present time, but the use of the same is not restricted to vehicles only, as explained above. It is therefore vital that a secured system be provided wherein the authorization protocol cannot be hacked by a skilled person 10 with the intent to do so.
[0004]
In a known prior art document, an example of existing key fobs is provided wherein the system does not seek consent of the user of the vehicle. The key fob establishes connection with the vehicle directly. Moreover, the user has to insert the fob in the vehicle, which is a time-consuming process. It further uses a 15 very simple encoding protocol, which can be easily hacked into. The system provided in the prior art does not consider the strength of the connection between the key fob and the vehicle. In another known prior art document, a system is provided wherein it is required that a key fob and a Bluetooth enabled device be paired to the vehicle control unit (VCU). This system only considers the 20 proximity of the key fob to the vehicle, and generally requires an unnecessary number of devices to be connected to the VCU, which makes the entire system unsafe. In a further example in another prior art document, it is provided that a single step modification of the vehicle identification number (VIN) is made upon receiving a request from the key fob, and matching the modified VIN with the 25 VIN stored in the vehicle’s telematics unit provides the result of whether the key fob is an authenticated device or not. This system can also be easily hacked into by a skilled person. Further, it does not provide enough information about the security and the privacy of the data communication between the two devices, and hence is not implementable to secure a modern device. In another prior art 30 document, a system is provided which includes a portable electronic device with a
4
transceiver
, which is a keyfob, and a vehicle with another transceiver. The vehicle performs action based on a signal received from the portable device, and the portable device requests a vehicle parameter from the vehicle. The vehicle parameter is transmitted to a controller inside the portable device which drives an indicator to change display states according to the signal received from vehicle. 5 The indicator then changes the display state to a default state on the portable device when it receives request from user or receives a new signal request from vehicle or when a certain amount of time has elapsed such that the display returns to the default state. The vehicle parameter or signal from vehicle is not stored into the memory of the portable device. The keyfob can act as a passive key or can be 10 configured with a mechanical key. The system does not include a secure way of establishing an authorized connection between the portable device and the vehicle. Also, it is mentioned that keyfob can act as a passive device which will not take user consent for performing an action.
[0005]
Therefore, it is required wherein a second system, which is a keyfob, 15 establishes an authorized connection with a first system, which can be a vehicle or any other secured system, via a two phase authentication protocol, so that it cannot be hacked.
Summary of the Invention 20
[0006]
This summary is illustrative only and is not intended to be in any way limiting. In addition to the illustrative aspects, embodiments, and features described below, further aspects, embodiments, and features will become apparent by reference to the drawings and the following detailed description.
[0007]
In an aspect, a method for secure communication between a first system 25 with a first processor and a second system with a second processor is disclosed. The method comprises the step of receiving, by the first processor, a first request for authentication of connection with the second processor. The method further comprises the step of generating, by the first processor, a primary key based on the first request for authentication of connection. The method further comprises 30 the step of transmitting, by the first processor, the primary key to the second
5
processor
. The method further comprises the step of receiving, by the first processor, a second request for authentication of connection with the second processor based on the primary key. The method further comprises the step of computing, by the first processor, a secondary key (plaintext) based on the primary key. The method further comprises the step of computing, by the first 5 processor, a tertiary key (cipher) based on the primary key, the secondary key, and a pre-defined key. The method further comprises the step of comparing, by the first processor, the tertiary key with the second request for authentication. The method further comprises the step of determining, by the first processor, the tertiary key being equal to the second request for authentication. The method 10 further comprises the step of generating, by the first processor, a validation certificate upon determining that the tertiary key is equal to the second request for authentication. The method further comprises the step of transmitting, by the first processor, the validation certificate to the second processor. The method further comprises the step of communicating, by the first processor, a signal indicative of 15 successful transmission of the validation certificate to an at least one third system configured to execute at least one predefined command upon receiving the signal
[0008]
In an embodiment, a method for secure communication between a first system with a first processor and a second system with a second processor further comprises the step of identifying, by the first processor, a request received from 20 the second processor being one of the first request for authentication and the second request for authentication.
[0009]
In an embodiment, a method for secure communication between a first system with a first processor and a second system with a second processor further comprises the step of generating, by the first processor, an invalidation certificate 25 when the second request for authentication is not received from the second processor within a first pre-defined duration of time. The method further comprises the step of transmitting, by the first processor, the invalidation certificate to the second processor. The method further comprises the step of communicating, by the first processor, a signal indicative of successful 30 transmission of the invalidation certificate to the at least one third system
6
configured not to execute at least one predefined command upon receiving the
signal.
[00010]
In an embodiment, a method for secure communication between a first system with a first processor and a second system with a second processor further comprises the step of generating, by the first processor, an invalidation certificate 5 upon determining that the second request for authentication is not equal to the tertiary key. The method further comprises the step of transmitting, by the first processor, the invalidation certificate to the second processor. The method further comprises the step of communicating, by the first processor, a signal indicative of successful transmission of the invalidation certificate to the at least one third 10 system configured not to execute at least one predefined command upon receiving the signal.
[00011]
In an embodiment, the second processor is configured to determine an input received for initiation of connection with the first system. The second processor is further configured to generate the first request for authentication of 15 connection. The second processor is further configured to transmit the first request for authentication of connection to the first processor. The second processor is further configured to receive the primary key from the first processor; compute the secondary key based on the primary key. The second processor is further configured to compute the tertiary key based on the primary key, the secondary 20 key, and a pre-defined key. The second processor is further configured to generate a second request for authentication of connection based on the primary key, the secondary key, and the tertiary key. The second processor is further configured to transmit the second request for authentication of connection to the first processor. The second processor is further configured to receive one of the validation 25 certificate and an invalidation certificate from the first processor.
[00012]
In an embodiment, the second processor is further configured to reset the process for enabling and disabling the first system when either of the of the validation certificate and the invalidation certificate is not received within a second pre-defined duration of time. 30
7
[00013]
In an embodiment, the second processor is further configured to store one of the validation certificate and the invalidation certificate in a memory unit of the second system when “the respective certificate” is received within the second pre-defined duration of time.
[00014]
In an embodiment, a method for secure communication between a first 5 system with a first processor and a second system with a second processor further comprises the step of determining, by the first processor, an input signal generated by one or more switches of the first system. The method further comprises the step of determining, by the first processor, the second system is within a pre-defined distance of the first system by a telemetry module in the first 10 system. The method further comprises the step of generating, by the first processor, a connection initiation request; transmitting, by the first processor, the connection initiation request to the second processor.
[00015]
In an embodiment, one or more transmissions of data between the first processor and the second processor is achieved using at least one wireless 15 communication module in the first system, and at least one wireless communication module in the second system.
[00016]
In an embodiment, the at least one wireless communication module in the first system and the at least one wireless communication module in the second system comprising one of a near field communication system, a Bluetooth system, 20 a wi-fi system, and a cellular system.
[00017]
In an embodiment, one of the first system and the second system is configured as an advertising device. The advertising device is configured to transmit a secured data for initiation of a wireless connection between the first system and the second system. In an embodiment, a system receiving the secured 25 data can determine that the advertising device is within a pre-defined distance of the system.
[00018]
In an embodiment, generating the primary key based on the first request for authentication of connection by the first processor comprises the step of generating, by the first processor, a string of data bits from electromagnetic noise. 30 Generating the primary key based on the first request for authentication of
8
connection by the first processor further comprises the step of
generating, by the first processor, a random number (n); Generating the primary key based on the first request for authentication of connection by the first processor further comprises the step of shifting, by the first processor, a string of data bits right by the random number (n); Generating the primary key based on the first request for 5 authentication of connection by the first processor further comprises the step of determining, by the first processor, a plaintext containing the shifted string of data bits.
[00019]
In an embodiment, generating the secondary key based on the primary key by the first processor comprises the step of generating, by the first processor, a 10 string of data bits from electromagnetic noise. Generating the secondary key based on the primary key by the first processor further comprises the step of generating, by the first processor, a random number (n). Generating the secondary key based on the primary key by the first processor further comprises the step of shifting, by the first processor, the string of data bits left by the random number 15 (n). Generating the secondary key based on the primary key by the first processor further comprises the step of determining, by the first processor, a plaintext containing the shifted string of data bits. In an embodiment, if the shifted string of data bits is greater in length that a pre-defined length of the shifted string of data bits, the excess data bits are masked. 20
[00020]
In an embodiment, a method for secure communication between a first system with a first processor and a second system with a second processor further comprises the step of determining, by the first processor, a secondary key based on the primary key. The method further comprises the step of receiving, by the first processor, a second request for authentication of connection with the second 25 processor based on the primary key. The method further comprises the step of computing, by the first processor, an underlying data string in the second request for authentication. The method further comprises the step of comparing, by the first processor, the secondary key with the underlying data string in the second request for authentication. The method further comprises the step of determining, 30 by the first processor, the secondary key being equal to the underlying data string
9
in the second request for authentication
. The method further comprises the step of generating, by the first processor, a validation certificate upon determining that the secondary key is equal to the underlying data string in the second request for authentication. The method further comprises the step of transmitting, by the first processor, the validation certificate to the second processor. 5
[00021]
In an embodiment, the second processor is configured to generate the first request for authentication of connection. The second processor is further configured to transmit the first request for authentication of connection to the first processor. The second processor is further configured to receive the primary key from the first processor. The second processor is further configured to compute 10 the secondary key based on the primary key. The second processor is further configured to compute the tertiary key based on the primary key, the secondary key, and a pre-defined key. The second processor is further configured to generate a second request for authentication of connection based on the tertiary key. The second processor is further configured to transmit the second request for 15 authentication of connection to the first processor. The second processor is further configured to receive one of the validation certificate and an invalidation certificate from the first processor.
[00022]
In an embodiment, the third system is configured to receive one of the validation certificate and an invalidation certificate from the first system. The 20 third system is further configured to select one of a plurality of predefined commands based on the received certificate from the first system. The third system is further configured to execute the selected command. In another embodiment, the third system selecting one of the plurality of predefined commands is based on the data transmitted by the second system to the first 25 system in one of the first request for authentication and the second request for authentication. In another embodiment, the third system is communicatively connected to the first system using one of a Local Interconnect Network (LIN) and a Control Area Network (CAN) communication protocol.
10
[00023]
In an embodiment, the first system is an instrument cluster in a vehicle. In an embodiment, the second system is an electronic key fob. In an embodiment, the third system is a vehicle control unit in a vehicle.
[00024]
In an aspect, a process for enabling and disabling a first system by a second system is disclosed. The first system comprising a first processor, a first 5 memory unit, a first set of input switches, and a first wireless communication unit. The second system comprising a second processor, a second memory unit, a second set of input switches, and a second wireless communication unit. The first processor is configured to receive a first request for authentication of connection with the second processor. The first processor is further configured to generate a 10 primary key based on the first request for authentication of connection. The first processor is further configured to transmit the primary key to the second processor. The first processor is further configured to receive a second request for authentication of connection with the second processor based on the primary key. The first processor is further configured to compute a secondary key based on the 15 primary key. The first processor is further configured to compute a tertiary key based on the primary key, the secondary key, and a pre-defined key. The first processor is further configured to compare the tertiary key with the second request for authentication. The first processor is further configured to determine the tertiary key being equal to the second request for authentication. The first 20 processor is further configured to generate a validation certificate upon determining that the tertiary key is equal to the second request for authentication. The first processor is further configured to transmit the validation certificate to the second processor.
[00025]
In an embodiment, the second processor is configured to determine an 25 input received for initiation of connection with the first system. The second processor is further configured to generate the first request for authentication of connection. The second processor is further configured to transmit the first request for authentication of connection to the first processor. The second processor is further configured to receive the primary key from the first processor. The second 30 processor is further configured to compute the secondary key based on the
11
primary key
. The second processor is further configured to compute the tertiary key based on the primary key, the secondary key, and a pre-defined key. The second processor is further configured to generate a second request for authentication of connection based on the primary key, the secondary key, and the tertiary key. The second processor is further configured to transmit the second 5 request for authentication of connection to the first processor. The second processor is further configured to receive one of the validation certificate and an invalidation certificate from the first processor.
[00026]
In an embodiment, the first processor is further configured to generate an invalidation certificate when the second request for authentication is not received 10 from the second processor within a first pre-defined duration of time. The first processor is further configured to transmit the invalidation certificate to the second processor.
[00027]
In an embodiment, the first processor is further configured to generate an invalidation certificate upon determining that the second request for 15 authentication is not equal to the tertiary key. The first processor is further configured to transmit the invalidation certificate to the second processor.
[00028]
In an embodiment, the first system further comprises at least one actuator. In an embodiment, the first processor is configured to enable the at least one actuator upon generating the validation certificate. 20
[00029]
In an embodiment, the first system is configured in an instrument cluster of a vehicle. In an embodiment, the second system is configured in a key fob.
Brief Description of Drawings
[0010]
Reference will be made to embodiments of the invention, examples of 25 which may be illustrated in accompanying figures. These figures are intended to be illustrative, not limiting. Although the invention is generally described in context of these embodiments, it should be understood that it is not intended to limit the scope of the invention to these particular embodiments.
12
[0011]
Figure 1 is an exemplary block diagram representing the security system and the electronic key according to the primary embodiment described in the present application.
[0012]
Figure 2 is an exemplary flow chart representing the logic being implemented by the first processor according to the primary embodiment of the 5 present invention.
[0013]
Figure 3 is an exemplary flow chart representing the logic being implemented by the first processor according to an alternate embodiment of the present invention represented in figure 2.
[0014]
Figure 4 is an exemplary flow chart representing the logic being 10 implemented by the first processor according to another alternate embodiment of the present invention represented in figure 2.
[0015]
Figure 5 is an exemplary flow chart representing the logic being implemented by the first processor according to another alternate embodiment of the present invention represented in figure 4. 15
[0016]
Figure 6 is an exemplary flow chart representing the logic being implemented by the first processor according to another alternate embodiment of the present invention represented in figure 2.
[0017]
Figure 7 is an exemplary flow chart representing the logic being implemented by the first processor according to another alternate embodiment of 20 the present invention represented in figure 2.
[0018]
Figure 8 is an exemplary flow chart representing the logic being implemented by the first processor according to another alternate embodiment of the present invention represented in figure 7.
[0019]
Figure 9 is an exemplary flow chart representing the logic being 25 implemented by the second processor according to the present invention represented in figure 2.
[0020]
Figure 10 is an exemplary flow chart representing the logic being implemented by the second processor according to another alternate embodiment of the present invention represented in figure 9. 30
13
[0021]
Figure 11 is an exemplary flow chart representing the logic being implemented by the second processor according to another alternate embodiment of the present invention represented in figure 10.
[0022]
Figure 12 is a representation of the generation of the secondary key and the tertiary key from the primary key according to an embodiment of the present 5 invention.
[0023]
Figure 13 is an exemplary flow chart representing the logic being implemented by the first processor according to an embodiment of the present invention represented in figure 2.
[0024]
Figure 14 is an exemplary flow chart representing the logic being 10 implemented by the second processor according to an embodiment of the present invention represented in figure 9, corresponding to the method represented in figure 13.
[0025]
Figure 15 is an exemplary illustration according to a working example of the present invention, of the communication between the first system, the second 15 system, and the third system.
[0026]
Figure 16 is another exemplary illustration of a logic flow chart according to a working example of the present invention, of the third system executing one or more predefined commands.
Detailed Description 20
[0027]
Various features and embodiments of the present invention here will be discernible from the following description thereof, set out hereunder.
[0028]
Figure 1 is an exemplary diagram for the electronic systems 100 being implemented in the secured device and the electronic key. For the sake of properly explaining the invention in the present application, as per an exemplary 25 embodiment, a first system 101 is considered which is configured in a vehicle. Furthermore, a second system 111 is considered, which is a keyfob. The first system 101 includes a first processor 102, a first wireless communication module 103, a first memory unit 104, and an input-output module 105. Further, the first system 101 is connected to a first power module 106. In an embodiment, the first 30
14
power module 106 is configured in the first system 101. The second system 111
includes a second processor 112, a second wireless communication module 113, a second memory unit 114, and a second input-output module 115. Further, the second system 111 has a second power module 116. According to the present embodiment, the second power module 116 is configured within the second 5 system 111. According to another embodiment, the second power module 116 may be removably connected to the second system 111. The first input output module 105 and the second input output module 115 may include one or more switches, one or more joysticks, one or more key pads, or one or more touch-screens. According to an embodiment of the present invention, the first system is 10 configured in the instrument cluster of a vehicle, and the and the input-output modules may be configured on the dashboard or the steering wheel or the handlebar of the vehicle. further, the first wireless communication module 103 and the second wireless communication module 113 include one of a near field communication system, a Bluetooth system, a wi-fi system, and a cellular system. 15 Also, according to an embodiment of the present invention, one of the first system 101 and the second system 111 is a broadcasting device and the other is a receiving device. the broadcasting device is usually configured to initiate the connection between the two systems. According to an embodiment, the second system is the broadcasting device. As per another embodiment, the first system 20 may also be a broadcasting device. Also, when using a Bluetooth wireless transceiver, the broadcasting device is known as the advertising system.
[0029]
Figure 2 is an exemplary flow chart representing the logic being implemented by the first processor 102 according to an embodiment of the present invention. The first processor is configured to execute a series of steps to 25 authorize the second system to establish a connection. The first processor is configured to receive 201 a first request for authentication of connection with the second processor. The first processor is further configured to generate 202 a primary key based on the first request for authentication of connection. The first processor is further configured to transmit 203 the primary key to the second 30 processor. The first processor is further configured to receive 204 a second
15
request for authentication of connection with the second processor based on the
primary key. The first processor is further configured to compute 205 a secondary key based on the primary key. The first processor is further configured to compute 206 a tertiary key based on the primary key, the secondary key, and a pre-defined key. The first processor is further configured to compare 207 the tertiary key with 5 the second request for authentication. The first processor is further configured to determine 208 the tertiary key being equal to the second request for authentication. The first processor is further configured to generate 209 a validation certificate upon determining that the tertiary key is equal to the second request for authentication. The first processor is further configured to transmit 210 10 the validation certificate to the second processor.
[0030]
According to an embodiment of the present invention, the first system 101 has a Bluetooth low energy (LE) ultra high frequency (UHF) transceiver on the vehicle and on the key-fob. When an input switch on the second system (keyfob) is actuated, the transceiver on the second system (keyfob) transmits the first 15 request for authentication to the vehicle, only if the second system (keyfob) is in near proximity to the vehicle. The first request for authentication is authenticated with the prestored command in the first system (vehicle). In case of a match between the first request for authentication and the prestored command, the transceiver on the first system (vehicle) sends a random challenge (the primary 20 key) to the second system (keyfob) generated from electromagnetic noise. As per an embodiment, both the first system and the second system are configured to perform a same method for encryption. As per an embodiment of the present invention, the encryption method is based on a block cipher, and has a mode of operation where a sequence of bits is encrypted as a single unit, or block, with a 25 cipher key applied to the entire block. As described above, the primary key is generated from electromagnetic noise. For generating the tertiary key by doing encryption, the secondary key on which encryption is performed is created first in a customized way by shifting the data bits of the received random challenge. With the second request for authentication, the key-fob sends the tertiary key generated 30 therein, and if the two match, the vehicle is unlocked. Generally, matching of the
16
tertiary key generated by the second system instructs the first system that the first
system may be unlocked. The system therefore follows 2 step authentication with cryptographically secure encryption, wherein a first step is used to determine whether the first system is within a predetermined distance of the second system, and the second step is verifying the authentication of the second system requesting 5 authentication from the first system. Elliptic-curve Diffie–Hellman (ECDH) cryptography is used to secure the transmission of data between the two systems. Thus, a two step authentication process is configured.
[0031]
Figure 3 is an exemplary flow chart representing the logic being implemented by the first processor according to an alternate embodiment of the 10 present invention represented in figure 2. It illustrates the first processor 102 initially identifies the nature of the signal transmitted by the second system. It determines whether the signal is a first request for authentication, or a second request for authentication. Depending on the nature of the signal received, the first processor resumes executing the logic at either step 201 or step 204. Between the 15 steps 201 and 204 however, the first processor is configured to generate the tertiary key from the primary key. At the first request for authentication, the first system detects a pre-defined code, which determines whether the second system is within a pre-defined proximal distance of the first system. At the second request for authentication however, the first system detects the tertiary key generated by 20 the keyfob (second system), and authorization is generated by the first system if the tertiary key received from the second system matches the tertiary key generated by the first system. According to this embodiment as described, the second system is configured as the broadcasting system, wherein a connection request is sent when one or more switches on the second system are actuated, 25 which is according to anembodiment of the present invention. As per another embodiment, the first system is the broadcasting system, which is described in the description of figure 6.
[0032]
Figure 4 is an exemplary flow chart representing the logic being implemented by the first processor according to another alternate embodiment of 30 the present invention represented in figure 2. Figure 5 is an exemplary flow chart
17
representing the logic being implemented by the first processor according to
another alternate embodiment of the present invention represented in figure 4. Both figures are representative of the primary embodiment of the present invention. As per the present embodiment, the first processor is configured to generate an invalidation certificate when the second request for authentication is 5 not received from the second system within a pre-defined duration of time; and transmit the invalidation certificate to the second system. Alternately, the first system is configured to generate the invalidation certificate upon determining that the tertiary key received from the second system does not match the tertiary key generated by the first system; and transmit the invalidation certificate to the 10 second system. These two situations illustrate the embodiments where the connection is unsuccessful between the first system and the second system.
[0033]
Figure 6 is an exemplary flow chart representing the logic being implemented by the first processor according to another alternate embodiment of the present invention represented in figure 2. As described above, figure 6 15 describes the embodiment of the present invention wherein the first systems acts as the broadcasting device. According to this embodiment, the first processor is configured to determine an input signal generated by one or more switches in the first input-output module. The first processor is further configured to determine that the second system is within a pre-defined distance of the first system by the 20 first wireless communication module (also commonly referred to as the telemetry module). The first processor is further configured to generate a connection initiation request. The first processor is further configured to transmit the connection initiation request to the second system. Following this, the system should revert to step 201 in figure 2 as per the present embodiment. As a working 25 example, when one or more switches of the first input-output module on the vehicle is pressed for executing a command, the button press event is sent to the keyfob only if the portable device is within safe proximity region. If the portable device is within safe proximity of the vehicle, then it requests the vehicle to start the challenge/response process for authentication. Upon reception of the request, 30 the vehicle creates the random challenge and sends it to the keyfob where device
18
and vehicle both performs the
cipher block encryption. Then the keyfob sends the shorthand of the result to the vehicle which the vehicle matches and executes the given command. The shorthand of the result referred herein is a bit masked version of the whole string of data. As an example, the complete data string may have a size of 16 bytes, where the shorthand may have a size of one of 4 bytes, 8 5 bytes, and 12 bytes. The starting and end bits of the data string which is to be matched with the shorthand data string is also stored in the transmitted data string.
[0034]
Figure 7 and Figure 8 represent an exemplary illustration of a logic flow diagram executed by the first system (and the second system, however, the present illustration is only with reference to the first system) to generate the primary key, 10 and the secondary key. According to the embodiment in figure 7, in the first step, the first processor generates 231 a string of data bits from electromagnetic noise. Generally, electronic devices are configured with various kinds of filters to eliminate noise from the systems, such as Kalman filters. However, in the present case, the noise is being used to generate random data, which is then sent to the 15 second system. Thus, it makes the system more robust and secure, as any hacking attempt generally relies on predictive patterns, and this makes the entire process unpredictable. In the second step, the first processor generates 232 a random number (n). there are many available methods of generating random numbers known in the common general knowledge, and the systems as described herein 20 may employ any such method. In the third step, the first processor right shifts 233 the generated string of data by n. in the fourth step, the first processor determines 234 a plaintext containing the shifted string of data bits. This plaintext is the secondary key, and the string of data bits generated from the electromagnetic noise is the primary key. The primary key is transmitted to the second system by 25 the first system upon receiving the first request of authentication, and the second system is also configured to generate the secondary key in an identical method. According to the embodiment in figure 8, in the first step, the first processor generates 235 a string of data bits from electromagnetic noise. In the second step, the first processor generates 236 a random number (n). In the third step, the first 30 processor left shifts 237 the generated string of data by n. in the fourth step, the
19
first processor determines 238 a plaintext containing the shifted string of data bits.
In the fifth step, if the shifted string of data bits is greater in length than a pre-defined length of the shifted string of data bits, the first processor performs 239 bit masking of the excess bits of data.
[0035]
Figure 9 is an exemplary flow chart representing the logic being 5 implemented by the second processor according to the present invention represented in figure 2. According to an embodiment of the present invention, the second processor is configured to determine 301 an input received for initiation of connection with the first system. The second processor is further configured to generate 302 the first request for authentication of connection. The second 10 processor is further configured to transmit 303 the first request for authentication of connection to the first processor. The second processor is further configured to receive 304 the primary key from the first processor. The second processor is further configured to compute 305 the secondary key based on the primary key. The second processor is further configured to compute 306 the tertiary key based 15 on the primary key, the secondary key, and a pre-defined key. The second processor is further configured to generate 307 a second request for authentication of connection based on the primary key, the secondary key, and the tertiary key. The second processor is further configured to transmit 308 the second request for authentication of connection to the first processor. The second processor is further 20 configured to receive 309 one of the validation certificate and an invalidation certificate from the first processor. This represents the corresponding methods being implemented in the second system while the method as described in figure 2 is being implemented in the first system.
[0036]
Figure 10 is an exemplary flow chart representing the logic being 25 implemented by the second processor according to another alternate embodiment of the present invention represented in figure 9. Figure 11 is an exemplary flow chart representing the logic being implemented by the second processor according to another alternate embodiment of the present invention represented in figure 10. These are two alternate embodiments of the primary embodiment of the present 30 invention. As per the embodiment given in figure 10, the second system is
20
configured to reset the process for enabling or disabling the first system when
either of the validation certificate and the invalidation certificate is not received within a second pre-defined duration of time. As per the embodiment given in figure 11, the second system is configured to store one of the validation certificate and the invalidation certificate in the second memory unit when the respective 5 certificate is received within the second pre-defined duration of time.
[0037]
Figure 12 represents a working example of how the tertiary key is generated from the primary key. The random number (R) is the primary key generated by the first system from the electromagnetic noise. The plaintext Pn is the secondary key, and the cipher Cn is the tertiary key. As described above, the 10 tertiary key is generated from the secondary key, which is generated from the primary key. This is represented in block 1 of figure 12. As another embodiment, n number of additional blocks may be incorporated in the method to further secure the process. As per this embodiment, the secondary key and the tertiary key generated in block 1 is used as an input in the encryption method for block 2 to 15 generate another tertiary key, and so on, n number of times. In the present working example, the secondary key is generated by using one of XOR and AND logic between two strings of input data. In block 1, one of the strings of input data is the primary key, and the other is a pre-defined key1. In the following blocks, the secondary key is generated by using the previous secondary key as one of the 20 input strings of data, and the corresponding pre-defined keyn. In order to generate the tertiary key, the secondary key generated is encrypted using a pre-defined encryption method.
[0038]
Figure 13 represents an exemplary flow chart representing the logic being implemented in the first system according to another embodiment of the present 25 invention represented in figure 2. Figure 14 represents the corresponding logic being implemented in the second system. As per the embodiment represented in these two figures, the second processor is configured to generate the tertiary key upon receiving the primary key from the first system. It is then configured to send the tertiary key to the first system, wherein the first processor is configured to 30 decrypt the received tertiary key to determine the underlying received secondary
21
key. The first processor is then configured to match the underlying received
secondary key with the secondary key determined by the first processor from the primary key. If the two values match, the authorization is granted. As per the embodiment represented in figure 13, the first processor is configured for determining a secondary key based on the primary key. The first processor is 5 further configured for receiving a second request for authentication of connection with the second processor based on the primary key. The first processor is further configured for computing an underlying data string in the second request for authentication. The first processor is further configured for comparing the secondary key with the underlying data string in the second request for 10 authentication. The first processor is further configured for determining the secondary key being equal to the underlying data string in the second request for authentication. The first processor is further configured for generating a validation certificate upon determining that the secondary key is equal to the underlying data string in the second request for authentication. The first processor is further 15 configured for transmitting the validation certificate to the second processor. As per the corresponding embodiment represented in figure 14, the second processor is configured to generate the first request for authentication of connection. The second processor is further configured to transmit the first request for authentication of connection to the first processor. The second processor is further 20 configured to receive the primary key from the first processor. The second processor is further configured to compute the secondary key based on the primary key. The second processor is further configured to compute the tertiary key based on the primary key, the secondary key, and a pre-defined key. The second processor is further configured to generate a second request for 25 authentication of connection based on the tertiary key. The second processor is further configured to transmit the second request for authentication of connection to the first processor. The second processor is further configured to receive one of the validation certificate and an invalidation certificate from the first processor.
[0039]
Figure 15 is an exemplary illustration according to a working example of 30 the present invention, of the communication between the first system, the second
22
system, and the third system. Figure 16 is another exemplary illustration of a logic
flow chart according to a working example of the present invention, of the third system executing one or more predefined commands. As per this working example, the first system 101 is a telematics unit 503 in a vehicle. Further, the second system 111 is a key fob 501. As per another embodiment of this working 5 example, the second system 111 is a mobile phone 502 or any other portable electronic communication device. For further explanation on the same, the second system is considered to be the key fob 501. Further according to this working example, the third system is a vehicle control unit (VCU) 504. As per this embodiment, the VCU 504 is communicatively connected to the telematics unit 10 503 using a Control Area Network (CAN) bus. The secured communication, as described above is established between the telematics unit 503 and the key fob 501. As per this embodiment, the key fob 501 is connected to the telematics unit 503 by Bluetooth (BLE). The keyfob 501 is first determined to be within a predefined distance of the telematics unit 503. If the connection is authorized, the 15 telematics unit 503 sends a validation certificate to the keyfob 501. Following that, the telematics unit 503 communicates to the VCU 504 that the VCU can execute the predefined commands. As per an embodiment, the keyfob 501 has a plurality of buttons. At least one of the buttons is configured for initiating the connection with the telematics unit, and the other buttons are configured for 20 communicating one or more commands to the telematics unit 503. As per another embodiment, there is no separate button configured for initiating the connection. Pressing any of the plurality of buttons enables the transmission of the first request for authentication, and transmits the intended predefined command as well. As per another embodiment, once the connection is authenticated, the 25 intended command is transmitted from the key fob to the telematics 503, which then transmits it to the VCU 504. Figure 16 specifically shows the various input signals that the telematics unit may receive from the keyfob 501. These may be a vehicle lock / unlock command, a vehicle ignition ON / activation command, a vehicle steering lock / unlock command, a solenoid engage / disengage command, 30 or a signal indicative of the keyfob 501 being out of range or connection time out.
23
According to the working example as illustrated in the figures 15 and 16, the
VCU, upon receiving one or more of these commands checks the preconditions that the engine speed is less than or equal to zero, and the rpm value is less than or equal to zero, or in other words, the VCU ensures that the predefined command is only executed if the vehicle is stationary. Also according to the working example, 5 the command is executed only after the authentication of the keyfob 501 with the telematics unit 503.
[0040]
The underlying advantages of the system as described in the various embodiments of the present invention grant a secured two step authentication protocol where the communication channel between the first system and the 10 second system are encrypted, and, the generation of the secondary key and tertiary key is encrypted, therefore making the process impregnable to hackers. Since the entire method depends on the primary key, and the primary key is generated from electromagnetic noise, there is unpredictability in the method, therefore, making it difficult for hackers to replicate the data being exchanged at any point of time. 15 Since block cipher encryption is used, the security is further increased. Currently, the plaintext which is encrypted is customized and generated from the random challenge sent by the vehicle so to chain the encryption ‘n’ number of times, ‘n’ multiple plaintext can be randomly customized and created using the random challenge received from vehicle and fed into each of the encryption blocks and by 20 the standard principle of the encryption protocol, the ciphertext of the previous block will be fed as the initialization vector of the next block. The bonding between the portable device and the vehicle has been done with the highest possible achievable security in a way that they will not talk to any unwanted source nor will they try to bond with un-authenticated source. The pairing 25 between the two devices is first verified by checking whether the second system is within a pre-defined distance from the first system, which is checked using a received signal strength indicator (RSSI). The entire communication between the two devices is encrypted as described above, and provides protection against passive eavesdropping and replay attacks. The auto-rejection of pairing in case of 30 failure of authentication on both the devices provides protection against man in
24
the middle attacks. The auto rejection of execution of a particular operation on
vehicle in case of unsafe distance between portable device and vehicle or failed authentication of secret key corresponding to a given command or cipher between portable device and vehicle adds safety against theft.
[0041]
Albeit the present embodiments have been described with respect to a 5 keyfob and a vehicle as the second system and the first system respectively, the application of the systems described herein are not limited to the same. The particular working examples in the form of a vehicle and a keyfob have been chosen as an electronic key is most widely used in such items. However, the application of the same may be extended to any such system wherein a physical 10 lock is provided on a first system, which can only be actuated by an electronic authentication with a second system. As mentioned above, such systems may include storage vaults, personal luggage items, home security, etc. , Claims:We claim:
1.
A method for secure communication between a first system with a first processor and a second system with a second processor, the method comprising:
receiving, by the first processor, a first request for authentication of 5 connection with the second processor;
generating, by the first processor, a primary key based on the first request for authentication of connection;
transmitting, by the first processor, the primary key to the second processor; 10
receiving, by the first processor, a second request for authentication of connection with the second processor based on the primary key;
computing, by the first processor, a secondary key based on the primary key;
computing, by the first processor, a tertiary key based on the primary key, 15 the secondary key, and a pre-defined key;
comparing, by the first processor, the tertiary key with the second request for authentication;
determining, by the first processor, the tertiary key being equal to the second request for authentication; 20
generating, by the first processor, a validation certificate upon determining that the tertiary key is equal to the second request for authentication;
transmitting, by the first processor, the validation certificate to the second processor; and
communicating, by the first processor, a signal indicative of successful 25 transmission of the validation certificate to an at least one third system configured to execute at least one predefined command upon receiving the signal.
2.
The method as claimed in claim 1 comprising:
26
identifying, by the first processor, a request received from the second processor being one of the first request for authentication and the second request for authentication.
3.
The method as claimed in claim 1 comprising:
generating, by the first processor, an invalidation certificate when the 5 second request for authentication is not received from the second processor within a first pre-defined duration of time;
transmitting, by the first processor, the invalidation certificate to the second processor; and,
communicating, by the first processor, a signal indicative of successful 10 transmission of the invalidation certificate to the at least one third system configured not to execute at least one predefined command upon receiving the signal.
4.
The method as claimed in claim 1 further comprising:
generating, by the first processor, an invalidation certificate upon 15 determining that the second request for authentication is not equal to the tertiary key;
transmitting, by the first processor, the invalidation certificate to the second processor; and,
communicating, by the first processor, a signal indicative of successful 20 transmission of the invalidation certificate to the at least one third system configured not to execute at least one predefined command upon receiving the signal.
5.
The method as claimed in claim 1, wherein the second processor is configured to: 25
determine an input received for initiation of connection with the first system;
generate the first request for authentication of connection;
transmit the first request for authentication of connection to the first processor; 30
receive the primary key from the first processor;
27
compute the secondary key based on the primary key;
compute the tertiary key based on the primary key, the secondary key, and a pre-defined key;
generate a second request for authentication of connection based on the primary key, the secondary key, and the tertiary key; 5
transmit the second request for authentication of connection to the first processor; and
receive one of the validation certificate and an invalidation certificate from the first processor.
6.
The method as claimed in claim 5, wherein the second processor is further 10 configured to reset the process for enabling and disabling the first system when either of the of the validation certificate and the invalidation certificate is not received within a second pre-defined duration of time.
7.
The method as claimed in claim 6, wherein the second processor is further configured to store one of the validation certificate and the invalidation 15 certificate in a memory unit of the second system when the respective certificate is received within the second pre-defined duration of time.
8.
The method as claimed in claim 1 further comprising,
determining, by the first processor, an input signal generated by one or more switches of the first system; 20
determining, by the first processor, the second system is within a pre-defined distance of the first system by a telemetry module in the first system;
generating, by the first processor, a connection initiation request; and,
transmitting, by the first processor, the connection initiation request to the second processor. 25
9.
The method as claimed in claim 1, wherein one or more transmissions of data between the first processor and the second processor is enabled using at least one wireless communication module in the first system, and at least one wireless communication module in the second system.
10.
The method as claimed in claim 9, wherein the at least one wireless 30 communication module in the first system and the at least one wireless
28
communication module in the second system comprising one of a near field
communication system, a Bluetooth system, a wi-fi system, and a cellular system.
11.
The method as claimed in claim 1, wherein one of the first system and the second system being configured as an advertising device, the advertising 5 device being configured to transmit a secured data for initiation of a wireless connection between the first system and the second system, wherein a system receiving the secured data can determine that the advertising device being within a pre-defined distance of the system.
12.
The method as claimed in claim 1, wherein generating the primary key based 10 on the first request for authentication of connection by the first processor comprises,
generating, by the first processor, a string of data bits from electromagnetic noise,
generating, by the first processor, a random number (n), 15
shifting, by the first processor, a string of data bits right by the random number (n),
determining, by the first processor, a plaintext containing the shifted string of data bits.
13.
The method as claimed in claim 1, wherein generating the secondary key 20 based on the primary key by the first processor comprises,
generating, by the first processor, a string of data bits from electromagnetic noise,
generating, by the first processor, a random number (n),
shifting, by the first processor, the string of data bits left by the random 25 number (n),
determining, by the first processor, a plaintext containing the shifted string of data bits,
wherein, if the shifted string of data bits is greater in length that a pre-defined length of the shifted string of data bits, the excess data bits are 30 masked.
29
14.
The method as claimed in claim 1 further comprising:
determining, by the first processor, a secondary key based on the primary key,
receiving, by the first processor, a second request for authentication of connection with the second processor based on the primary key, 5
computing, by the first processor, an underlying data string in the second request for authentication,
comparing, by the first processor, the secondary key with the underlying data string in the second request for authentication,
determining, by the first processor, the secondary key being equal to the 10 underlying data string in the second request for authentication,
generating, by the first processor, a validation certificate upon determining that the secondary key is equal to the underlying data string in the second request for authentication,
transmitting, by the first processor, the validation certificate to the second 15 processor.
15.
The method as claimed in claim 1, wherein the second processor is configured to:
generate the first request for authentication of connection,
transmit the first request for authentication of connection to the first 20 processor,
receive the primary key from the first processor,
compute the secondary key based on the primary key,
compute the tertiary key based on the primary key, the secondary key, and a pre-defined key, 25
generate a second request for authentication of connection based on the tertiary key,
transmit the second request for authentication of connection to the first processor,
receive one of the validation certificate and an invalidation certificate from 30 the first processor.
30
16.
The method as claimed in claim 1, wherein the third system is configured to:
receive one of the validation certificate and an invalidation certificate from the first system,
select one of a plurality of predefined commands based on the received certificate from the first system, 5
execute the selected command,
wherein,
the third system selecting one of the plurality of predefined commands is based on the data transmitted by the second system to the first system in one of the first request for authentication and the second 10 request for authentication,
and wherein,
the third system is communicatively connected to the first system using one of a Local Interconnect Network (LIN) and a Control Area Network (CAN) communication protocol. 15
17.
The method as claimed in claim 1, wherein the first system is an instrument cluster in a vehicle, the second system is an electronic key fob, and the third system is a vehicle control unit in the vehicle.
18.
A process for enabling and disabling a first system by a second system, the first system comprising a first processor, a first memory unit, a first set of 20 input switches, and a first wireless communication unit, and the second system comprising a second processor, a second memory unit, a second set of input switches, and a second wireless communication unit, wherein the first processor is configured to:
receive a first request for authentication of connection with the second 25 processor,
generate a primary key based on the first request for authentication of connection,
transmit the primary key to the second processor,
receive a second request for authentication of connection with the second 30 processor based on the primary key,
31
compute a secondary key based on the primary key,
compute a tertiary key based on the primary key, the secondary key, and a pre-defined key,
compare the tertiary key with the second request for authentication,
determine the tertiary key being equal to the second request for 5 authentication,
generate a validation certificate upon determining that the tertiary key is equal to the second request for authentication,
transmit the validation certificate to the second processor.
19.
The process for enabling and disabling the first system by the second system 10 as claimed in claim 15, wherein the second processor is configured to:
determine an input received for initiation of connection with the first system,
generate the first request for authentication of connection,
transmit the first request for authentication of connection to the first 15 processor,
receive the primary key from the first processor,
compute the secondary key based on the primary key,
compute the tertiary key based on the primary key, the secondary key, and a pre-defined key, 20
generate a second request for authentication of connection based on the primary key, the secondary key, and the tertiary key,
transmit the second request for authentication of connection to the first processor,
receive one of the validation certificate and an invalidation certificate from 25 the first processor.
20.
The process for enabling and disabling the first system by the second system as claimed in claim 15, wherein the first processor is further configured to:
generate an invalidation certificate when the second request for authentication is not received from the second processor within a first pre-30 defined duration of time,
32
transmit the invalidation certificate to the second processor.
21.
The process for enabling and disabling the first system by the second systemas claimed in claim 15, wherein the first processor is further configured to:
generate an invalidation certificate upon determining that the second request for authentication is not equal to the tertiary key, 5
transmit the invalidation certificate to the second processor.
22.
The process for enabling and disabling the first system by the second systemas claimed in claim 15, wherein the first system further comprises at least oneactuator, and wherein the first processor is configured to enable the at leastone actuator upon generating the validation certificate.10
23.
The process for enabling and disabling the first system by the second systemas claimed in claim 15, wherein the first system is configured in an instrumentcluster of a vehicle, and the second system is configured in a key fob.15
Dated this 7th day of December, 2023