Patent Grant
11664993
This invention relates to the field of vehicle tracking devices. More particularly, this invention relates to a system for communicating with a vehicle tracking device using a secured Short Message Service communication protocol.
Typical automotive tracking devices include a GPS receiver and a cellular modem module. Communications with such tracking devices can be through a backend server via a data connection or via a Short Message Service (SMS) message. SMS is a text messaging service that uses standardized communication protocols to allow mobile devices to exchange relatively short (no more than 160 characters) alphanumeric text messages.
When a wireless data connection is used for communicating with a tracking device, standard and well known methods of authenticating the data can be used. However, there are some remote locations in which wireless data connections are not available, but SMS is available. SMS is often used to command a tracking device to perform a critical action when a wireless data connection is not available, such as setting up cellular connections and commanding a firmware update.
Currently, the only secure aspect of an SMS communication is the requirement of knowledge of the unique phone number of the cellular modem in the tracking device. However, if that phone number is known to a hacker, a message can be sent to a tracking device via a phone or a computer to command the device to perform some unwanted action. This is a significant security vulnerability.
What is needed, therefore, is a system for securely communicating with a vehicle tracking device using the SMS protocol.
To resolve security vulnerabilities, embodiments described herein provide a single-use credential value for authenticating an SMS communication link before it can be used to command a vehicle tracking device. The single-use credential value is also referred to herein as a One-Time Personal Identification Number (OTPIN). The OTPIN is preferably time-based so that it can be used only once, similar to techniques described in the Request for Comments (RFC) 6238 promulgated by the Internet Engineering Task Force (IETF). In a preferred embodiment, a shared key “K” is set up in the tracking device and the backend server before the tracking device is put into service. When the backend server wishes to contact the tracking device, it must use the OTPIN to authenticate itself. This can be done in one of several ways, as described hereinafter.
A first embodiment described herein is directed to a method for providing secure communications between a backend server and a vehicle tracking device. This first embodiment includes steps of:
In some embodiments, the first expected credential value matches the single-use credential value only if the second time value falls within the first time window.
In some embodiments, if the first expected credential value does not match the single-use credential value, the method further comprises:
In some embodiments, the preceding time window corresponds to the first time window.
In some embodiments, the second time value corresponds to a time at which the command message is received at the vehicle tracking device.
In some embodiments, the time at which the command message is received at the vehicle tracking device is determined based on reference to timing signals from Global Positioning System (GPS) satellites.
A second embodiment described herein includes steps of:
A third embodiment described herein includes steps of:
In some embodiments, the processor of the vehicle tracking device is able to decrypt the command message only if the expected credential value matches the single-use credential value attached to the command message.
Other embodiments of the invention will become apparent by reference to the detailed description in conjunction with the figures, wherein elements are not to scale so as to more clearly show the details, wherein like reference numbers indicate like elements throughout the several views, and wherein:
As shown in
A preferred embodiment of the vehicle tracking device 12 includes a Global Positioning System (GPS) module 16, a central processing unit (CPU) 18, a wireless modem 20, and a power supply 24. The GPS module 16 determines location coordinates of the vehicle tracking device 12 based on timing signals received from GPS satellites. These location coordinates may be communicated to the CPU 18 for storage in associated memory or to the wireless modem 20 to be transmitted to the backend server 26 of the monitoring service provider. In some embodiments, the location of the vehicle tracking device 12 may be determined based on the presence of a given Wi-Fi network or a particular cellular tower detected by the wireless modem 20.
The CPU 18 of the vehicle tracking device 12 executes instructions to make decisions and direct communications between the vehicle tracking device 12 and the backend server 26. In preferred embodiments, memory associated with the CPU 18 stores a unique identification/serial number (such as cellular telephone number) assigned to the vehicle tracking device 12.
The wireless modem 20 of the vehicle tracking device 12 comprises a wireless RF transceiver, such as cellular modem, a satellite modem and/or a Wi-Fi modem, for providing two-way wireless communications between the vehicle tracking device 12 and the backend server 26.
The vehicle tracking device 12 includes a power supply 24 that may receive and condition power from the vehicle power supply when the device 12 is connected to the vehicle's OBD bus. The power supply 24 may include a backup battery for providing power to the vehicle tracking device 12 when no power is being provided by the vehicle power supply.
After the vehicle tracking device 12 has been installed in a vehicle, the backend server 26 generates an SMS message that includes a command to be executed by the vehicle tracking device 12 (step 104), such as a command to acquire and transmit its current GPS coordinates. Using the shared key and a first time value corresponding to the current time, the backend server 26 also generates the OTPIN (step 106). In a preferred embodiment, the first time value identifies a specific time window referenced to standard UNIX time, also referred to herein as the first time window. Preferably, the OTPIN is valid only during this first time window after its generation. For example, the width of the first time window may be specified by the value X, which in a preferred embodiment is 30 seconds. The first time window has a begin time TO that is preferably referenced to the current UNIX time. The backend server 26 prepends the OTPIN to the SMS message (step 108), and transmits the SMS message via the communication networks 32 and 28 to the vehicle tracking device 12 (step 112).
Upon receipt of the SMS message (step 114), the CPU 18 of the vehicle tracking device 12 calculates an expected value of the OTPIN based on the shared key and a second time value corresponding to a second time window during which the vehicle tracking device 12 received the SMS message (step 116). The CPU 18 compares the expected value of the OTPIN to the OTPIN appended to the SMS message (step 118). If the expected value of the OTPIN matches the OTPIN appended to the SMS message, the vehicle tracking device 12 executes the command included in the SMS message (step 120).
An alternative embodiment implements the process depicted in
It should be noted that the OTPIN prepended to the SMS message is valid only for the duration of the first time window defined by the value X (such as 30 seconds) that began at the time TO at which the OTPIN was generated. Due to latency issues, by the time the SMS message is received at the vehicle tracking device 12, the first time window during which the OTPIN is valid may have expired. Timing errors can also occur due to clock drift in the GPS module 16 of the vehicle tracking device 12 if it is unable to acquire GPS timing signals due to loss of communication with the GPS satellites. In such situations, the expected value of the OTPIN may have been calculated by the CPU 18 during a time window subsequent to the first time window in which the OTPIN prepended to the SMS message was calculated, and the expected OTPIN will therefore not match the received OTPIN.
As depicted in
It should be noted that the embodiment of
As depicted in
Some embodiments may be implemented using a separate library in the vehicle tracking device 12, allowing for integration into third party systems without revealing the method by which the SMS message is encrypted. A library may be created which has the functions of:
The foregoing description of preferred embodiments for this invention have been presented for purposes of illustration and description. They are not intended to be exhaustive or to limit the invention to the precise form disclosed. Obvious modifications or variations are possible in light of the above teachings. The embodiments are chosen and described in an effort to provide the best illustrations of the principles of the invention and its practical application, and to thereby enable one of ordinary skill in the art to utilize the invention in various embodiments and with various modifications as are suited to the particular use contemplated. All such modifications and variations are within the scope of the invention as determined by the appended claims when interpreted in accordance with the breadth to which they are fairly, legally, and equitably entitled.
This application claims priority to U.S. provisional patent application Ser. No. 62/808,051, filed Feb. 20, 2019, titled One-Time Personal Identification Number (PIN) for Secured Short Message Service (SMS) Communications, the entire contents of which are incorporated herein by reference.
| Number | Name | Date | Kind |
|---|---|---|---|
| 7366551 | Hartley | Apr 2008 | B1 |
| 7546151 | Hartley | Jun 2009 | B2 |
| 8626208 | Oesterling | Jan 2014 | B2 |
| 9332404 | Boling et al. | May 2016 | B2 |
| 9516394 | Carlo et al. | Dec 2016 | B2 |
| 9779449 | Meyer | Oct 2017 | B2 |
| 9894493 | Chun | Feb 2018 | B2 |
| 10037631 | Berkobin | Jul 2018 | B2 |
| 10089598 | Reeder et al. | Oct 2018 | B2 |
| 11283793 | Khanna | Mar 2022 | B2 |
| 20020087704 | Chesnais et al. | Jul 2002 | A1 |
| 20050203892 | Wesley et al. | Sep 2005 | A1 |
| 20070050332 | Grenzberg et al. | Mar 2007 | A1 |
| 20080288768 | Barowski et al. | Nov 2008 | A1 |
| 20090112630 | Collins, Jr. et al. | Apr 2009 | A1 |
| 20090167524 | Chesnutt | Jul 2009 | A1 |
| 20090287369 | Nielsen | Nov 2009 | A1 |
| 20110227722 | Salvat | Sep 2011 | A1 |
| 20140052607 | Park | Feb 2014 | A1 |
| 20160048846 | Douglas | Feb 2016 | A1 |
| 20160096402 | Carlin | Apr 2016 | A1 |
| 20160099927 | Oz | Apr 2016 | A1 |
| 20160240050 | Block | Aug 2016 | A1 |
| 20160294562 | Oberheide | Oct 2016 | A1 |
| 20170201515 | Clark | Jul 2017 | A1 |
| 20170364912 | Ross | Dec 2017 | A1 |
| 20180103036 | Fox | Apr 2018 | A1 |
| 20180265038 | Lei | Sep 2018 | A1 |
| 20180302223 | Benson | Oct 2018 | A1 |
| 20180302228 | Hergesheimer | Oct 2018 | A1 |
| 20180310174 | Rougier | Oct 2018 | A1 |
| 20180338241 | Li | Nov 2018 | A1 |
| 20190013945 | Hamlin | Jan 2019 | A1 |
| 20190036914 | Tzur-David | Jan 2019 | A1 |
| 20190036915 | Burch | Jan 2019 | A1 |
| 20190043281 | Aman | Feb 2019 | A1 |
| 20190097804 | Parikh | Mar 2019 | A1 |
| 20190297075 | Kaladgi | Sep 2019 | A1 |
| 20200050442 | Sakurai | Feb 2020 | A1 |
| 20200151744 | Chopra | May 2020 | A1 |
| 20200186560 | Ben-Noon | Jun 2020 | A1 |
| 20200266990 | Dechgan | Aug 2020 | A1 |
| 20210061223 | Fuke | Mar 2021 | A1 |
| 20210234850 | Vogt | Jul 2021 | A1 |
| 20210287500 | Conlon | Sep 2021 | A1 |
| 20220166766 | Madjitey, Jr. | May 2022 | A1 |
| Number | Date | Country | |
|---|---|---|---|
| 20200266990 A1 | Aug 2020 | US |
| Number | Date | Country | |
|---|---|---|---|
| 62808051 | Feb 2019 | US |
