1
FORM 2
THE PATENTS ACT 1970
[39 OF 1970]
&
THE PATENTS RULES, 2003
COMPLETE SPECIFICATION
[See section 10; rule 13]
“METHOD AND SYSTEM FOR SECURELY ACCESING A
VEHICLE”
Name and address of the Applicant(s):
1. MINDA CORPORATION LIMITED of the address Survey No.
254(P), Phase 1, Rajiv Gandhi Infotech Park, Hinjewadi, TalukaMulshi, Pimpri-Chinchwad, Pune, Maharashtra 411057 India.
AND:
2. REVA University of the address Rukmini Knowledge Park,
Yelahanka, Kattigenahalli, Bengaluru, Sathanur, Karnataka
560064, India.
The following specification particularly describes the invention and the manner in
which it is to be performed.
2
TECHNICAL FIELD
[0001] The present disclosure relates to the field of automobiles. More particularly,
the present disclosure relates to a method and a system for providing enhanced ranging
accuracy in vehicle access systems.
BACKGROUND
[0002] Increasing prevalence of vehicle thefts using Relay Station or Man-in-theMiddle (MITM) attacks has underscored the necessity for precise and secure distance
measurement between an owner/authorized device, such as a key fob or smartphone,
and the vehicle. Accurate ranging is essential for ensuring security and preventing
unauthorized access. Ultra-Wideband (UWB) technology offers highly accurate
distance measurement capabilities, but due to its high cost, it is not a practical solution
for mass deployment in vehicle access systems. Bluetooth Low Energy (BLE), on the
other hand, presents an excellent, cost-effective alternative with widespread adoption,
particularly in consumer devices, but faces challenges that must be addressed to achieve
secure and reliable ranging.
[0003] Security of Bluetooth-based vehicle access systems can be compromised by
MITM attacks, where an attacker intercepts communication between the vehicle and the
owner's device. To mitigate such risks, precise localization and distance estimation are
critical to ensure that the authentication device is genuinely in proximity to the vehicle,
thus preventing unauthorized access. Existing vehicle access systems utilizing the BLE
for ranging suffer from inherent limitations, such as interference from other wireless
protocols operating within the crowded 2.4 GHz Industrial Scientific and Medical(ISM)
band (e.g., Wi-Fi, RFID) and the limitations of BLE’s narrow bandwidth, which restricts
the accuracy of distance estimation.
[0004] BLE Channel Sounding (BLE-CS), as defined in the latest BLE 6.0
specification, offers a promising solution to these challenges. BLE-CS combines PhaseBased Ranging (PBR) and Round-Trip Time (RTT) measurements to estimate the
distance between two devices. These techniques leverage the physical layer and data
link layer to assess channel conditions, improving the precision and reliability of
distance measurements.
[0005] However, BLE-based ranging faces challenges due to limited bandwidth
(only 80 MHz of usable bandwidth in the 2.4 GHz ISM band), which limits temporal
resolution and reduces the ability to distinguish between closely spaced signals.
Furthermore, multipath reflections, which occur when radio signals bounce off objects
3
or surfaces, can cause significant errors in distance estimation, particularly in complex
environments like those encountered in vehicle access scenarios. Interference from
other devices operating within the same frequency band further exacerbates these issues.
[0006] To address these limitations, various algorithms, such as weighted least
squares methods and robust channel sounding algorithms, have been proposed to
improve the accuracy of BLE-based ranging. These approaches aim to enhance the
reliability of distance estimation while minimizing computational complexity and
power consumption. Despite these advances, achieving high accuracy in the presence
of multipath reflections and interference remains a key challenge. Further, using
measurement techniques like the PBR and the RTT may consume more power when
compared with conventional low power measurement techniques.
[0007] In view of these challenges, there exists a need for a technique for
minimising power consumption thereby maximising battery life of handheld owner
device, while offering enhanced security for accessing the vehicle against the Man in
the Middle Attack.
[0008] The above-mentioned drawbacks/difficulties/disadvantages of conventional
techniques are explained just for exemplary purpose and this disclosure and description
mentioned below would never limit its scope to only such problem. Person skilled in
the art may understand that this disclosure and below mentioned description may also
solve other problems or overcome the above-mentioned
drawbacks/difficulties/disadvantages of the conventional arts which are not explicitly
captured above.
SUMMARY
[0009] The present disclosure overcomes one or more shortcomings of the prior art
and provides additional advantages discussed throughout the present disclosure.
Additional features and advantages are realized through the techniques of the present
disclosure. Other embodiments and aspects of the disclosure are described in detail
herein and are considered a part of the claimed disclosure.
[0010] It is to be understood that the aspects and embodiments of the disclosure
described below may be used in any combination with each other. Several of the aspects
and embodiments may be combined together to form a further embodiment of the
disclosure.
[0011] The method and system of the present disclosure integrates a hybrid
approach to access a vehicle by combining RSSI-based coarse ranging with advanced
4
distance estimation techniques, including Phase-Based Ranging (PBR) and Round-Trip
Time (RTT), to enhance both accuracy and security. The hybrid approach further
ensures that power consumption is minimised and thus the battery life can be
maximised.
[0012] In one non-limiting embodiment of the present disclosure, a method for
securely accessing the vehicle, is disclosed. The method comprises determining, by an
Electronic Control Unit (ECU) of the vehicle, whether an authorized device for
accessing the vehicle is in a proximity of the vehicle, wherein the determining the
proximity of the authorized device comprises sending a first signal with a random
transmission power over a random advertisement channel from the vehicle to the
authorized device, wherein a combination of the random transmission power over the
random advertisement channel is prestored in the vehicle and the authorized device.
Further, in response to the first signal, receiving a second signal with the random
transmission power over the random advertisement channel from the authorized device
by the vehicle. Furthermore, determining whether upon comparing a first Received
Signal Strength Indicator (RSSI) value of the first signal with a second RSSI value of
the second signal falls within a predetermined RSSI range. The method further
comprises establishing a connection, by the ECU of the vehicle, between the vehicle
and the authorized device based on the determining that the authorized device is in the
proximity of the vehicle. Furthermore, the method comprises, upon successfully
establishing the connection, continuously measuring a coarse distance between the
vehicle and the authorized device till a distance between the vehicle and the authorized
device reduces to a predefined coarse distance range. Subsequently, the method
comprises activating a Phase-Based Ranging (PBR) technique for calculating an actual
distance between the vehicle and the authorized device once the distance between the
vehicle and the authorized device reduces to the predefined coarse distance range.
Consequently, authenticating the actual distance by using a Round-Trip Time (RTT)
technique and providing the secure access to the vehicle based on the authenticated
actual distance.
[0013] In another non-limiting embodiment of the present disclosure, the vehicle and
device communicate over Bluetooth Low Energy Channel Sounding (BLE-CS) mode
of communication.
[0014] In another non-limiting embodiment of the present disclosure, for
continuously measuring the coarse distance, the method further comprises sending a
third signal value with the random transmission power over the random advertisement
5
channel from the vehicle to the authorized device, wherein the RSSI value of the third
signal is filtered to remove outliers. In response to the third signal, receiving a fourth
signal with the random transmission power over the random advertisement channel
from the authorized device to the vehicle, wherein the RSSI value of the fourth signal
is filtered to remove the outliers. Further the method comprises comparing the filtered
RSSI values of the third signal and the fourth signal for determining the coarse distance
between the vehicle and the authorized device.
[0015] In another non-limiting embodiment of the present disclosure, the PBR
technique uses phase shifts in the signal for calculating the actual distance.
[0016] In another non-limiting embodiment of the present disclosure, the RTT
technique measures the time taken by the signal to come back from the vehicle to the
authorized device or from the authorized device to the vehicle.
[0017] In one non-limiting embodiment of the present disclosure, a system for
securely accessing a vehicle. The system comprises at least one processor and a memory
electronically coupled to the processor. The at least one processor is configured to
determine whether an authorized device for accessing the vehicle is in a proximity of
the vehicle, wherein the proximity of the authorized device is determined to send a
first signal with a random transmission power over a random advertisement channel
from the vehicle to the authorized device, wherein a combination of the random
transmission power over the random advertisement channel is prestored in the vehicle
and the authorized device. Further, in response to the first signal, the at least one
processor is configured to receive a second signal with the random transmission power
over the random advertisement channel from the authorized device by the vehicle.
Furthermore, the at least one processor is configured to determine whether upon
comparing a first Received Signal Strength Indicator (RSSI) value of the first signal
with a second RSSI value of the second signal falls within a predetermined RSSI
range. The at least one processor is further configured to establish a connection between
the vehicle and the authorized device based on the determining that the authorized
device is in the proximity of the vehicle. Furthermore, upon successfully establishing
the connection, the at least one processor is configured to continuously measure a coarse
distance between the vehicle and the authorized device till a distance between the
vehicle and the authorized device reduces to a predefined coarse distance range.
Subsequently, the at least one processor is further configured to activate the PBR
technique for calculating an actual distance between the vehicle and the authorized
device once the distance between the vehicle and the authorized device reduces to the
6
predefined coarse distance range. Consequently, the at least one processor is configured
to authenticate the actual distance by using the RTT technique and provide the secure
access to the vehicle based on the authenticated actual distance.
[0018] Thus, the method and the system improve security by ensuring that the
distance measurements are reliable and difficult to spoof, leveraging the combination of
coarse ranging and fine ranging methods. The hybrid approach effectively balances
accuracy, power consumption, and protection against unauthorized access to the vehicle.
[0019] The foregoing summary is illustrative only and is not intended to be in any
way limiting. In addition to the illustrative aspects, embodiments, and features described
above, further aspects, embodiments, and features will become apparent by reference to
the drawings and the following detailed description. For a better understanding of
exemplary embodiments of the present disclosure, together with other and further
features and advantages thereof, reference is made to the following description, taken
in conjunction with the accompanying drawings.
BRIEF DESCRIPTION OF THE DRAWINGS
[0020] The embodiments of the disclosure itself, as well as a preferred mode of use,
further objectives, and advantages thereof, will best be understood by reference to the
following detailed description of an illustrative embodiment when read in conjunction
with the accompanying drawings. One or more embodiments are now described, by way
of example only, with reference to the accompanying drawings in which:
[0021] FIG. 1 depicts an exemplary environment for enhanced ranging accuracy in
vehicle access systems using Bluetooth low energy (BLE) channel sounding, in
accordance with some embodiments of the present disclosure;
[0022] FIG. 2 depicts an exemplary block diagram illustrating details of the system 200
for enhancing ranging accuracy in a vehicle using Bluetooth low energy (BLE) channel
sounding, in accordance with an embodiment of the present disclosure;
[0023] FIG. 3 depicts an exemplary block diagram illustrating details of a device 300
for enhancing ranging accuracy in a vehicle using Bluetooth low energy (BLE) channel
sounding, in accordance with an embodiment of the present disclosure;
[0024] FIG. 4 depicts an exemplary signaling diagram of secure pairing using
Received Signal Strength Indicator (RSSI) measurement, in accordance with an
embodiment of the present disclosure; and
7
[0025] FIG. 5 depicts an exemplary method flow diagram illustrating a method for
securely accessing a vehicle, in accordance with an embodiment of the present
disclosure.
[0026] The figures depict embodiments of the disclosure for purposes of illustration
only. One skilled in the art will readily recognize from the following description that
alternative embodiments of the structures and methods illustrated herein may be
employed without departing from the principles of the disclosure described herein.
DETAILED DESCRIPTION
[0027] In the present document, the word “exemplary” is used herein to mean “serving
as an example, instance, or illustration.” Any embodiment or implementation of the
present subject matter described herein as “exemplary” is not necessarily to be construed
as preferred or advantageous over other embodiments.
[0028] While the disclosure is susceptible to various modifications and alternative
forms, specific embodimentsthereof has been shown by way of example in the drawings
and will be described in detail below. It should be understood, however, that it is not
intended to limit the disclosure to the particular forms disclosed, but on the contrary, the
disclosure is to cover all modifications, equivalents, and alternative falling within the
spirit and the scope of the disclosure.
[0029] The terms “comprises”, “comprising”, or any other variations thereof, are
intended to cover a non-exclusive inclusion, such that a setup, device, or method that
comprises a list of components or steps does not include only those components or steps
but may include other components or steps not expressly listed or inherent to such setup
or device or method. In other words, one or more elements in a device or system or
apparatus proceeded by “comprises… a” does not, without more constraints, preclude
the existence of other elements or additional elements in the device or system or
apparatus.
[0030] In the following detailed description of the embodiments of the disclosure,
reference is made to the accompanying drawings that form a part hereof, and in which
are shown by way of illustration specific embodiments in which the disclosure may be
practiced. These embodiments are described in sufficient detail to enable those skilled
in the art to practice the disclosure, and it is to be understood that other embodiments
may be utilized and that changes may be made without departing from the scope of the
present disclosure. The following description is, therefore, not to be taken in a limiting
sense.
8
[0031] The terms “keyfob”, “smartphone”, “communication device”, “authorized
device” and “device” have been alternatively throughout the specification.
[0032] System for accessing a vehicle which rely on Bluetooth Low Energy (BLE) for
distance estimation face significant challenges in ensuring both security and accuracy.
While BLE is a cost-effective and widely adopted technology, its performance in
ranging can be compromised by interference from other devices operating in the
crowded 2.4 GHz ISM band, such as Wi-Fi and RFID. The limited bandwidth of BLE
further restricts the precision of distance measurements, making it vulnerable to issues
like Man-in-the-Middle (MITM) attacks, where an attacker intercepts communication
between the vehicle and the owner’s device. Additionally, multipath reflections, which
occur when radio signals bounce off nearby objects, can distort the measurement of
proximity, complicating the task of reliably determining whether the owner’s device is
close to the vehicle. These challenges highlight the need for solutions that can improve
the accuracy and security of BLE-based vehicle access systems.
[0033] The present disclosure seeks to address these needs by utilizing BLE Channel
Sounding techniques in conjunction with innovative techniques to enable precise and
secure distance estimation, thereby mitigating the risks associated with the MITM
attacks and ensuring robust vehicle access solutions with low power consumption.
[0034] FIG. 1 depicts an exemplary environment for enhanced ranging accuracy in
vehicle access systems using Bluetooth low energy (BLE) channel sounding, in
accordance with some embodiments of the present disclosure. The environment 300
depicts a communication device 300 and a vehicle 101.
[0035] The communication device 300 shown in fig. 1 may be used for keyless entry
inside the vehicle 101. The communication device 300 may be used for a plurality of
operations, for example, but not limited to, unlocking the vehicle, locking the vehicle,
finding the vehicle from a distance. In one of the embodiments of the present disclosure,
the communication device 300 may be a key fob. In one of the additional embodiments
of the present disclosure, the communication device 300 may be a smart phone.
However, the communication device 300 is not limited to the above example and any
other communication device for locking/unlocking of vehicle is well within the scope
of present disclosure.
[0036] A user may press a button from a plurality of buttons present on the
communication device 300. The communication device 300 may be used to remotely
access the vehicle 101 from a distance. The pressing of the button may either lock the
vehicle 101, unlock the vehicle 101 or find the vehicle 101. In another embodiment, a
9
system 200 of the vehicle 101 may detect the presence of the communication device
300 and accordingly perform different operations like locking, unlocking the vehicle
101 but not limited thereto. As shown in fig 1, the communication device 300 may be
operated from a distance based on a communication protocol used for communication
with the vehicle 101. Detailed operation of the communication device 100 for operating
the vehicle 101 is discussed in further detail in the embodiments below.
[0037] FIG. 2 depicts an exemplary block diagram illustrating details of the system 200
for enhancing ranging accuracy in a vehicle using Bluetooth low energy (BLE) channel
sounding, in accordance with an embodiment of the present disclosure.
[0038] In one or more embodiments, the system 200 may comprise a processor 201, a
memory 202, a transceiver 203, and an input/output (I/O) interface 204
communicatively coupled to each other.
[0039] In one or more embodiments, the processor 201 may be implemented as one or
more microprocessors, microcomputers, microcontrollers, digital signal processors,
central processing units, an Electronic Control Unit (ECU), state machines, logic
circuitries, and/or any devices that manipulate signals based on operational instructions.
The processor 201 may include at least one processor or an array of processors Among
other capabilities, the processor 201 may be configured to fetch and execute computerreadable instructions and other information stored in the memory 202.
[0040] In one or more embodiments, the memory 202 may include one or more nontransitory computer-readable storage media, such as RAM, ROM, EEPROM, EPROM,
one or more memory devices, flash memory devices, etc., and combinations thereof. In
an embodiment, data/information related to a combination of the random transmission
power over the random advertisement channel may be stored within the memory 202.
The memory 202 may also store other data such as temporary data and temporary files,
generated by the processor 201 or any other parts of the system 200 for performing the
various operations of the present disclosure.
[0041] In one or more embodiments, the transceiver 203 of the vehicle may perform
several functions like periodically emitting radio frequency (RF) signals or receiving
polls for signals from the authorized device, detects the presence and proximity of the
authorized device based on signal strength, initiates a secure authentication process by
exchanging encrypted challenge-response signals with the authorized device, and upon
successful authentication, triggers vehicle access functions such as unlocking the doors,
enabling interior lights, or activating welcome modes. The transceiver may also support
bidirectional communication to confirm commands from the authorized device, and
10
depending on the configuration, may work with multiple antennas to perform directional
or zone-based localization to distinguish between interior and exterior proximity.
[0042] In one or more embodiments, the I/O interface 204 of the vehicle 101 facilitates
communication between various ECUs and peripheral systems by receiving signals
from the vehicle’s transceiver or a central control unit indicating successful device
authentication and proximity detection. It then relays appropriate control commands to
actuators and components responsible for access-related functions, such as unlocking
the doors, illuminating entry lights, folding out mirrors, or sounding a confirmation
chime. Additionally, the I/O interface 204 may receive inputs from door sensors or
handle touch sensors to trigger proximity polling, and output signals to infotainment or
display systems to visually or audibly confirm access authorization, thereby serving as
a central conduit for coordinating access control based on presence of the device 300.
[0043] In an embodiment, the processor 201 may be configured to send the system’s
physical address to a vehicle manufacturer server. This helps the server to identify the
system 200 and ensure that the server has the necessary vehicle-specific data for the
pairing process. Steps involved with secure pairing has been further elaborated in detail
in FIG. 4.
[0044] The processor 201 may check in predefined intervals whether the device 300
is in the proximity of the vehicle. For determining the proximity, the processor
201 may send a first signal with the random transmission power over a random
advertisement channel from the vehicle to the device 300. Further the processor 201
receives a second signal with the random transmission power over the random
advertisement channel from the device 300. The randomization of the transmission
power and the advertisement channel is performed o avoid interference from other
devices operating in the same frequency range. The processor 201 then compare
corresponding RSSI values of the first signal with the second signal and if the
corresponding RSSI values falls within a predetermined RSSI range then establish
a Low Energy (LE) secure connection between the vehicle 101 and the device 300.
[0045] In an example, pre-defined discrete values for transmit power may be [0, 5, 10]
dB, which may be selected randomly for performing channel sweep. Further, BLE
advertising channels are predefined which may fall under following advertisement
channels [37, 38, 39]. Combinations of the transmit power and advertisement channels
may be selected randomly. The random selection of the combination may be like [5,
39], [10, 38], [10, 39], etc. Such random selections are stored in the memory 202 of the
vehicle 101 and the device 300.
11
[0046] After establishing the connection between the vehicle 101 and the device
300, the processor 201 then continuously measures a coarse distance between the
vehicle 101 and the device 300 till a distance between the vehicle and the device
reduces to a predefined coarse distance range. In an example, the predefined
coarse distance range may be of 5 meters but can be set to any other value.
[0047] When the distance between the vehicle 101 and the device 300 reduces to the
predefined coarse distance range, the processor 201 activates a Phase-Based
Ranging (PBR) technique for calculating an actual distance between the vehicle
and the authorized device. Afterwards, the processor 201 may authenticate the
actual distance by using a Round-Trip Time (RTT) technique. Use of the RTT
technique and PBR technique ensures security against Man-in-the-Middle (MITM) and
Relay Station attacks, as it detects any abnormal delays that may indicate such an attack.
The processor 201 may provide the secure access to the vehicle once the actual
distance has been authenticated. The performance of such steps by the processor
201 improves the accuracy of distance estimation and battery life optimization. This
layered verification mechanism not only strengthens the security integrity of the vehicle
access system but also contributes to improved accuracy in distance estimation and
optimized power consumption, as unnecessary communication attempts are minimized.
The processor (201) grants secure access to the vehicle only upon successful
authentication, ensuring that access is limited to genuinely proximate and authorized
devices.
[0048] FIG. 3 depicts an exemplary block diagram illustrating details of the device
300 for enhancing ranging accuracy in a vehicle using the BLE-CS, in accordance with
an embodiment of the present disclosure. In an embodiment, the device 300 may be
similar to the communication device of fig. 1.
[0049] It may be noted that, in some embodiments, the device 300 may include more
or fewer components than those depicted herein. The various components of the device
300 may be implemented using hardware, software, firmware or any combinations
thereof. Further, the various components of the device 300 may be operably coupled
with each other. More specifically, various components of the device 300 may be
capable of communicating with each other using communication channel media (such
as buses, interconnects, etc.).
[0050] The device 300 may comprise the plurality of buttons, a processor 301, a
memory 302, a transceiver 303, and a battery 304.
12
[0051] In an embodiment, the processor 301 of the device 300 may be configured to
respond to a pairing request from the processor 201 of the vehicle 101. Upon receiving
the pairing request, the processor 301 may be configured to initiate the RSSI
measurement to estimate the proximity between the device 300 and the vehicle 101.
This RSSI coarse distance measurement allows to confirm whether the device 300 is
within the required proximity for secure communication.
[0052] In another embodiment, the processor 301 of the device 300 may be configured
to initiate the pairing request and further to establish the connection between the device
300 and the vehicle 101.
[0053] In one or more embodiments, the memory 302 may include one or more nontransitory computer-readable storage media, such as RAM, ROM, EEPROM, EPROM,
one or more memory devices, flash memory devices, etc., and combinations thereof. In
an embodiment, data/information related to a combination of the random transmission
power over the random advertisement channel may be stored within the memory 302 of
the device 300. The memory 302 may also store other data such as temporary data and
temporary files, generated by the processor 301 of the device 300 or any other parts of
the device 300 for performing the various operations of the present disclosure.
[0054] In one or more embodiments, the transceiver 303 of the device 300 may perform
functions such as periodically transmitting identification signals or responding to
polling signals from the transceiver 203 of the vehicle, participating in a secure
authentication process by receiving a challenge from the vehicle and transmitting an
encrypted response based on stored cryptographic credentials, and confirming its
presence and proximity based on signal strength or timing data. The transceiver 303 of
the device 300 may also support passive entry functionality by operating without user
interaction, waking up upon detecting specific signals from the vehicle, and enabling or
triggering access-related operations such as unlocking the doors or enabling start
authorization once authenticated and determined to be within the permitted range.
[0055] In one or more embodiment, the battery 304 of the device 300 may be
responsible for powering the internal circuitry to continuously or intermittently transmit
identification signals. The battery 304 should also support wake-up operations when
triggered by near-field signals received from the vehicle, ensure reliable operation over
extended periods.
[0056] FIG. 4 depicts an exemplary signaling diagram of secure pairing using RSSI
measurement, in accordance with an embodiment of the present disclosure.
13
[0057] A pairing process between the system 200 of the vehicle 101 and the authorized
device 300 precedes a ranging process to prevent security breaches. As part of the
ranging process, coarse ranging using RSSI is integrated to ensure secure proximity
detection. The proposed method employs a filtering method, which includes but not
restricted to, an Extended Kalman Filter (EKF) to filter out outliers from the RSSI
values, enhancing the reliability of the RSSI measurements.
[0058] As shown in FIG. 2, for proximity-based pairing, at step S1, the vehicle’s ECU
information such as physical address, vehicle Identification (Id) etc., may be stored in a
cloud location, like vehicle manufacturer server, but not limited thereto.
[0059] At step S2, the physical QR code of the device like key fob, from the vehicle
manufacturer server corresponding to the particular vehicle, may be scanned to retrieve
essential information, such as the device’s unique physical address and manufacturing
details using any suitable scanning mechanism. This step may help ensure that the
device is legitimate and will be paired with the corresponding vehicle capable of
participating in the secure pairing process.
[0060] At step S3, once the physical address and manufacturing information are
obtained from the device, this data may be securely stored in the vehicle manufacturer
server. The server may act as a centralized repository, ensuring that the vehicle’s system
has access to the necessary data for future interactions and authentication.
[0061] Further, at step S4, the vehicle manufacturer server may then share the stored
device information with the vehicle’s Electronic Control Unit (ECU). This allows the
ECU to retrieve the necessary details about the device, which may be used during the
pairing process. The ECU may ensure that only authorized devices with corresponding
records are allowed to initiate pairing with the vehicle.
[0062] At step S5, using the physical addresses of both the device and the vehicle ECU,
the vehicle manufacturer server may generate public keys. These public keys may be
crucial for encryption and used to establish secure communication between the devices
during the pairing process.
[0063] Furthermore, at step S6, once the public keys are generated, the vehicle’s ECU
may start discovering nearby devices, like the key fob or smartphone. This step may
ensure that the ECU can detect and identify devices attempting to pair with the vehicle
and are already being paired with the vehicle in the previous steps at the time of sharing
physical address and manufacturing data.
[0064] Next, at step S7, the vehicle ECU may then send a formal pairing request to the
device. This request may signify the start of the secure connection process. The pairing
14
request may prompt the key fob or smartphone to respond, indicating the device’s
willingness to connect and share information securely.
[0065] At step S8, both the vehicle’s ECU and the device may use their respective
physical addresses to generate unique public keys. These keys may be exchanged
between the device and the vehicle’s ECU to enable secure communication. Public keys
may be part of an encryption process, ensuring that any information shared during the
pairing process remains private and protected from unauthorized access.
[0066] At step S9, as part of the pairing process, both the vehicle’s ECU and the device
may perform a mutual RSSI measurement. This measurement may estimate the distance
between the two devices, providing coarse proximity detection. The RSSI value may
help determine whether the vehicle’s ECU and the device are within the intended range
for pairing.
[0067] At step S10, after performing the RSSI measurement, the vehicle’s ECU and the
device may exchange information confirming their proximity. This step may help verify
that the device and the vehicle ECU are indeed close enough to securely establish a
connection. If the proximity threshold is met, the device and the vehicle’s ECU may
proceed with the secure pairing and authentication process.
[0068] Next, at step S11, once proximity is confirmed, an appropriate authentication
method (e.g., Pass key or another secure protocol) may be selected to verify the identity
of the device and the vehicle’s ECU. This step may ensure that both the vehicle and the
device can authenticate each other and prevent unauthorized access.
[0069] At step S12, the public keys that were previously generated may now be
exchanged between the vehicle’s ECU and the device using Elliptic Curve DiffieHellman (ECDH) cryptography. The ECDH may allow both the vehicle’s ECU and the
device to independently compute a shared secret key that is used to encrypt further
communication. This may ensure that even if an attacker intercepts the public keys, they
cannot easily decrypt the communication between the devices. However, the key
exchange mechanism is not limited to the above example of ECDH cryptography and
any mechanism for exchanging public keys is well within the scope of present
disclosure.
[0070] At step S13, using the shared secret derived from the ECDH exchange, both the
vehicle’s ECU and the device may generate encryption keys. These keys may be used
to encrypt the subsequent communication between the vehicle’s ECU and the device.
[0071] At step S14, both the vehicle ECU and the device may perform mutual
authentication. Each of the device and the vehicle ECU may verify the identity of the
15
other, ensuring that only authorized entities can pair and interact with the vehicle. This
step may prevent Man-in-the-Middle (MITM) attacks by confirming the authenticity of
both the vehicle’s ECU and the device before any sensitive data is exchanged.
[0072] Lastly, at step S15, after successful authentication, bonding information may be
stored on both the vehicle’s ECU and the device. This information may allow for future
secure connections without needing to go through the full pairing process again. Finally,
the vehicle’s ECU may send a confirmation to the vehicle manufacturer server,
indicating that the secure pairing process has been successfully completed, and the
device is now authorized for vehicle access.
[0073] FIG. 5 depicts an exemplary method flow diagram illustrating a method for
securely accessing the vehicle, in accordance with an embodiment of the present
disclosure.
[0074] The method 500 depicted in the flow diagram may be executed by, for example,
the device 300 or the authorized device 300. Operations of the flow diagram, and
combinations of operation in the flow diagram, may be implemented by, for example,
hardware, firmware, a processor, circuitry and/or a different device associated with the
execution of software that includes one or more computer program instructions.
[0075] At step 501, the method 500 may comprise determining, by the ECU of the
vehicle, whether the authorized device for accessing the vehicle is in a proximity
of the vehicle, wherein the determining the proximity of the authorized device
comprises of following process. The process may include sending the first signal
with the random transmission power over the random advertisement channel from the
vehicle to the authorized device, wherein a combination of the random transmission
power over the random advertisement channel is prestored in the vehicle and the
authorized device. Further, in response to the first signal, receiving the second signal
with the random transmission power over the random advertisement channel from the
authorized device by the vehicle. The process further includes determining whether
upon comparing the first RSSI value of the first signal with the second RSSI value
of the second signal falls within the predetermined RSSI range.
[0076] In an embodiment, the method 500 disclose that the vehicle and device
communicate over BLE-CS mode of communication.
[0077] At step 502, the method 500 may comprise establishing the connection, by
the ECU of the vehicle, between the vehicle and the authorized device based on
the determining that the authorized device is in the proximity of the vehicle.
16
[0078] At step 503, the method 500 may further comprise upon successfully
establishing the connection, continuously measuring a coarse distance between
the vehicle and the authorized device till the distance between the vehicle and the
authorized device reduces to the predefined coarse distance range.
[0079] In an embodiment, for continuously measuring the coarse distance, the
method 500 may further comprise sending a third signal value with the random
transmission power over the random advertisement channel from the vehicle to the
authorized device, wherein the RSSI value of the third signal is filtered to remove
outliers. In response to the third signal, receiving a fourth signal with the random
transmission power over the random advertisement channel from the authorized device
to the vehicle, wherein the RSSI value of the fourth signal is filtered to remove the
outliers. Further the method 500 may comprise comparing the filtered RSSI values of
the third signal and the fourth signal for determining the coarse distance between the
vehicle and the authorized device.
[0080] At step 504, the method 500 may further comprise activating the PBR
technique for calculating the actual distance between the vehicle and the
authorized device once the distance between the vehicle and the authorized device
reduces to the predefined coarse distance range.
[0081] In an embodiment, the method 500 may further disclose that the PBR
technique uses phase shifts in the signal for calculating the actual distance.
[0082] At step 505, the method 500 may further comprise authenticating the actual
distance by using the RTT technique.
[0083] In an embodiment, the method 500 may further disclose that the RTT
technique measures the time taken by the signal to come back from the vehicle to
the authorized device or from the authorized device to the vehicle.
[0084] At step 506, the method 500 may further comprise providing the secure access
to the vehicle based on the authenticated actual distance.
[0085] Advantages of the embodiments of the present disclosure are illustrated
herein-
[0086] Aspects of the present disclosure are designed to optimize power
efficiency by minimizing unnecessary signal exchanges and computations,
thereby extending the battery life of the authorized device. This is achieved
through intelligent activation of ranging and authentication techniques only when
proximity thresholds are met. The system enhances distance measurement
accuracy by employing a multi-stage verification process—starting with RSSI-
17
based coarse proximity detection, followed by Phase-Based Ranging (PBR) for
fine-grained distance estimation, and concluding with Round-Trip Time (RTT)
analysis for temporal validation. This layered approach ensures that the authorized
device is not only physically close but also temporally synchronized, which is
critical for defending against Relay Station and Man-in-the-Middle (MITM)
attacks. Furthermore, the use of random transmission power and random
advertisement channels introduces unpredictability in signal characteristics,
making it extremely difficult for unauthorized entities to intercept, replay, or
spoof communication. This randomization strategy, combined with proximitybased access control, ensures that secure communication is maintained and
unauthorized access is effectively prevented, thereby reinforcing the integrity,
confidentiality, and reliability of the vehicle access system.
[0087] The order in which the method is described is not intended to be construed as a
limitation, and any number of the described method blocks can be combined in any
order to implement the method. Additionally, individual blocks may be deleted from
the methods without departing from the scope of the subject matter described herein.
Furthermore, the method can be implemented in any suitable hardware, software,
firmware, or combination thereof.
[0088] It will be understood by those within the art that, in general, terms used herein,
and are generally intended as “open” terms (e.g., the term “including” should be
interpreted as “including but not limited to,” the term “having” should be interpreted as
“having at least,” the term “includes” should be interpreted as “includes but is not
limited to,” etc.). For example, as an aid to understanding, the detail description may
contain usage of the introductory phrases “at least one” and “one or more” to introduce
recitations. However, the use of such phrases should not be construed to imply that the
introduction of a recitation by the indefinite articles “a” or “an” limits any particular
part of description containing such introduced recitation to disclosures containing only
one such recitation, even when the introductory phrases “one or more” or “at least one”
and indefinite articles such as “a” or “an” (e.g., “a” and/or “an” should typically be
interpreted to mean “at least one” or “one or more”) are included in the recitations; the
same holds true for the use of definite articles used to introduce such recitations.
[0089] In addition, even if a specific part of the introduced description recitation is
explicitly recited, those skilled in the art will recognize that such recitation should
typically be interpreted to mean at least the recited number (e.g., the bare recitation of
18
“two recitations,” without other modifiers, typically means at least two recitations, or
two or more recitations).
[0090] While various aspects and embodiments have been disclosed herein, other
aspects and embodiments will be apparent to those skilled in the art. The various aspects
and embodiments disclosed herein are for purposes of illustration and are not intended
to be limiting, with the true scope and spirit being indicated by the following detailed
description.

We claim:

1. A method for securely accessing a vehicle, the method comprising:
determining, by an Electronic Control Unit (ECU) of the vehicle, whether an
authorized device for accessing the vehicle is in a proximity of the vehicle, wherein
the determining the proximity of the authorized device comprises:
sending a first signal with a random transmission power over a random
advertisement channel from the vehicle to the authorized device, wherein a
combination of the random transmission power over the random advertisement
channel is prestored in the vehicle and the authorized device;
in response to the first signal, receiving a second signal with the
random transmission power over the random advertisement channel from the
authorized device, by the vehicle; and
determining whether upon comparing a first Received Signal Strength
Indicator (RSSI) value of the first signal with a second RSSI value of the
second signal falls within a predetermined RSSI range;
establishing a connection, by the ECU of the vehicle, between the vehicle and
the authorized device based on the determining that the authorized device is in the
proximity of the vehicle;
upon successfully establishing the connection, continuously measuring a
coarse distance between the vehicle and the authorized device till a distance between
the vehicle and the authorized device reduces to a predefined coarse distance range;
activating a Phase-Based Ranging (PBR) technique for calculating an actual
distance between the vehicle and the authorized device once the distance between the
vehicle and the authorized device reduces to the predefined coarse distance range;
authenticating the actual distance by using a Round-Trip Time (RTT)
technique; and
providing the secure access to the vehicle based on the authenticated actual
distance.
2. The method as claimed in claim 1, wherein the vehicle and device
communicate over Bluetooth Low Energy Channel Sounding (BLE-CS) mode of
communication.
3. The method as claimed in claim 1, wherein the continuously measuring the
coarse distance comprises:
sending a third signal value with the random transmission power over the
random advertisement channel from the vehicle to the authorized device, wherein the
RSSI value of the third signal is filtered to remove outliers;
in response to the third signal, receiving a fourth signal with the random
transmission power over the random advertisement channel from the authorized device
to the vehicle, wherein the RSSI value of the fourth signal is filtered to remove the
outliers; and
comparing the filtered RSSI values of the third signal and the fourth signal for
determining the coarse distance between the vehicle and the authorized device.
4. The method as claimed in claim 1, wherein the PBR technique uses phase
shifts in the signal for calculating the actual distance.
5. The method as claimed in claim 1, wherein the RTT technique measures the
time taken by the signal to come back from the vehicle to the authorized device or
from the authorized device to the vehicle.
6. A system for securely accessing a vehicle, the system comprises:
at least one processor and a memory operatively coupled with the at
least one processor, wherein the at least one processor is configured to:
determine whether the authorized device for accessing the vehicle is in
a proximity of the vehicle, wherein the proximity of the authorized device is
determined to:
send a first signal with a random transmission power over a
random advertisement channel from the vehicle to the authorized
device, wherein a combination of the random transmission power over
the random advertisement channel is prestored in the vehicle and the
authorized device;
in response to the first signal, receive a second signal with the
random transmission power over the random advertisement channel
from the authorized device by the vehicle; and
determine whether upon comparing a first Received Signal
Strength Indicator (RSSI) value of the first signal with a second RSSI
value of the second signal falls within a predetermined RSSI range;
establish a connection between the vehicle and the authorized device based on
the determination that the authorized device is in the proximity of the vehicle;
upon successfully establishing the connection, continuously measure a coarse
distance between the vehicle and the authorized device till a distance between the
vehicle and the authorized device reduces to a predefined coarse distance range;
activate a Phase-Based Ranging (PBR) technique for calculating an actual
distance between the vehicle and the authorized device once the distance between the
vehicle and the authorized device reduces to the predefined coarse distance range;
authenticate the actual distance by using a Round-Trip Time (RTT) technique;
and
provide the secure access to the vehicle based on the authenticated actual
distance.
7. The system as claimed in claim 6, wherein the vehicle and device
communicate over Bluetooth Low Energy Channel Sounding (BLE-CS) mode of
communication.
8. The system as claimed in claim 6, wherein for the continuous measurement
the coarse distance, the at least one processor is configured to:
send a third signal value with the random transmission power over the
random advertisement channel from the vehicle to the authorized device,
wherein the RSSI value of the third signal is filtered to remove outliers;
in response to the third signal, receive a fourth signal with the random
transmission power over the random advertisement channel from the authorized
device to the vehicle, wherein the RSSI value of the fourth signal is filtered to
remove the outliers; and
compare the filtered RSSI values of the third signal and the fourth signal
for determining the coarse distance between the vehicle and the authorized
device.
9. The system as claimed in claim 6, wherein the PBR technique uses phase shifts
in the signal for calculating the actual distance.
10. The system as claimed in claim 6, wherein the RTT technique measures the
time taken by the signal to come back from the vehicle to the authorized device or
from the authorized device to the vehicle.