Patent Grant
8863256
This invention relates in general to the field of electronic communications and, more particularly, to enabling secure transactions using flexible identity management in a vehicular environment.
Networking architectures have grown increasingly complex and have been designed for use in a wide variety of communications environments. Demand continues to rise among the subscriber base of end users, however, for network access across diverse network environments. In particular, configuring suitable network architecture for vehicular environments (e.g., automobiles, airplanes, trains, boats, etc.) presents unique difficulties. Vehicles can be mobile across a large geographic area, can have internal networks related to the vehicle itself, can include more than one end user at a time, and can have more than one owner during the life of the vehicle. Providing the ability to conduct transactions in vehicular network environments in a secure manner and providing a secure and flexible identity management framework for various agents conducting the transactions present significant challenges to system designers, automobile manufacturers, service providers, and the like.
To provide a more complete understanding of the present invention and features and advantages thereof, reference is made to the following description, taken in conjunction with the accompanying figures, wherein like reference numerals represent like parts, in which:
Overview
A method in one example embodiment includes detecting an event for a transaction on an on-board unit (OBU) of a vehicle, where the event has a trigger associated with an agent. The method also includes determining whether the transaction is authorized, identifying network credentials of the agent, and providing the network credentials to a transaction application corresponding to the transaction. The method further includes accessing a remote network using the network credentials. In one embodiment, the network credentials are identified in an identity profile associated with the agent. In specific embodiments, the method includes providing application programming interfaces (APIs) to the transaction application to enable the transaction application to access one or more of a plurality of pieces of information of the identity profile. In other specific embodiments, the method includes evaluating a memory element to determine whether the transaction application is mapped to the agent.
A method in an another example embodiment includes initiating a transaction on an on board unit (OBU) of a vehicle and selecting first network credentials for a transaction application associated with the transaction to establish a network connection between the OBU and a remote node. In this embodiment, the first network credentials are selected from a plurality of available network credentials that correspond to an agent associated with the transaction. In more specific embodiments, the first network credentials include one or more virtual subscriber identity modules (VSIMs). In other more specific embodiments, the first network credentials are selected based on a mapping of the first network credentials to one or more predefined criteria and the agent.
A method in yet another example embodiment includes authenticating a first agent to an on board unit (OBU) of a vehicle if the first agent validates a first set of one or more authentication requirements and identifying a first identity profile corresponding to the first agent. The method also includes determining a role of the first agent in the vehicle and configuring the vehicle with the first identity profile, where the vehicle is configured based on the role of the first agent. In the example method, the first identity profile is one of a plurality of identity profiles provisioned on the OBU.
Turning to
Elements of
Embodiments of communication system 10 can enable secure transactions in a vehicular environment by using flexible identity management for agents associated with the transactions. Given the plethora of transaction agents (e.g., machine devices, humans, software agents, mobile devices, and authorized entities) and possible transactions (e.g., accessing one or more wireless/mobile/cellular networks and using network bandwidth and services, gaining access to various resources of the vehicle based on an identity profile and/or associated databases, gaining access to transaction applications in the vehicle, and engaging in commercial activities), numerous transaction scenarios may occur over the life of the vehicle. Such transaction scenarios may encompass, for example, toll or parking payments, vehicle miles traveled (VMT) systems, Internet commerce, original equipment manufacturer (OEM), gas and electric charging stations, roadside and/or drive-through kiosks, banking applications, vehicle dealer systems, location based service (LBS) system, vehicle system and its resources, mobile network operator system, travel agencies, rental and leasing agencies, network connection to Internet sites, vehicle-to-vehicle commerce, vehicle-to-mobile-device commerce, in-vehicle commerce systems, etc. Accordingly, it is important to have a unified, flexible, and secure identity and access framework to ensure that appropriate transactions can be executed by different agents over time in a secure manner. A unified identity management framework enables aggregation and association of these agents and transactions.
Communication system 10 may include on-board unit (OBU) 30 that validates credentials of each agent, grants appropriate levels of access, manages potential conflicts (e.g., by assigning priority to different agents), and provisions the appropriate wireless/mobile connectivity. An agent may be provisioned for authentication and access to a particular vehicle by provisioning at least one virtual subscriber identity module (VSIM) and/or an identity profile in OBU 30 of communication system 10. For each agent, an individualized, multi-factor authorization process may be used to validate the particular agent's credentials for accessing OBU 30 and for authorizing transactions on OBU 30. Authentication and confidentiality schemes may be specified for transaction applications corresponding to the particular transactions. Finally, appropriate wireless/mobile connectivity may be dynamically determined by evaluating the transaction, the agent, and a current geographical location of the vehicle. Thus, vehicular transactions may be securely enabled by managing the identity and authentication of agents associated with transactions.
For purposes of illustrating the operational aspects of communication system 10, it is important to first understand the activities and problems that may be present in electronic communication scenarios in a vehicular environment such as the one shown in
Many useful, but disparate, networks may exist in today's vehicles. For example, a controller-area network (CAN) bus, a geographical positioning system (GPS), and personal mobile devices (e.g., mobile phones, smart mobile phones/devices, e-book readers, tablets, laptops/net books, portable navigation systems, multimedia devices, etc.) facilitate the coexistence of some of the many possible networks within a single vehicle such as a personal automobile. A CAN bus is a vehicle bus standard designed to allow microcontrollers, sensors, and other devices associated with a vehicle to communicate with each other within the vehicle (e.g., without a host computer). CAN is a message based protocol, designed for and typically used by automotive applications. With appropriate network access, the CAN bus can be used to provide real-time vehicle diagnostics from associated sensors and controls to a manufacturer of the vehicle or to any other authorized entity. A separate network in the vehicle may exist for IP devices involved in the vehicle navigation system (e.g., GPS) and, possibly, another network associated with simple content delivery. Other networks could be used for Internet access for end users through, for example, mobile devices. Hence, various levels of network usage, different purposes of network usage, and different agents (e.g., humans, machine devices, external devices, mobile devices) associated with the network usage may occur in a single vehicle. Network usage in each of the identified cases may have a different usage scope, different latency, different associated routing, different policy requirements, and the like.
In a vehicle that does not offer combined networking capabilities for the various possible networks, each of the devices associated with a particular network (e.g., CAN bus sensors, mobile devices, GPS, etc.) may have a one-to-one mapping to either a human agent or to the vehicle. Network access and any resulting fees from such access are typically dictated by the human agent or vehicle mapped to the particular device. While some of these devices may be used by other human agents (e.g., another human agent borrows a cell phone, has account privileges on a laptop, borrows an automobile with a GPS, etc.) network access and fee accrual does not ordinarily accommodate the preferences of the new user. In some cases, a mobile router used to facilitate network access among various agents associated with a vehicle, could provide predetermined network access and billing, without regard to the particular agent or transaction.
In a vehicle that provides networking capabilities between entities inside the vehicle and the external world (“connected vehicle”), the amount of possible transactions and the changeability of agents associated with those transactions require a flexible framework to ensure security and appropriate network access. In a real-life scenario for a connected vehicle, multiple agents may use the vehicle and perform transactions on or via the vehicle over any given time period. Individual users such as, for example, an owner, a driver, a passenger, a temporary driver (e.g., borrower or renter), or a new owner of a used automobile, may use the vehicle as a personal computing and communication platform for navigational, recreational, and/or business-related purposes. A manufacturer of the vehicle may want to collect vehicle centric data from the vehicle and send firmware/software upgrades to the vehicle. Government entities may want to identify and locate the vehicle for law enforcement or government regulation (e.g., emissions controls) purposes. Vehicle dealers may want to obtain sensor data and other vehicle diagnostic information for maintenance updates and/or scheduling. Thus, a one-to-one exclusive mapping between an agent (e.g., a human or a device) and a connected vehicle does not exist.
In a contrasting example, a one-to-one mapping is typically provided between a mobile phone and a single user. In a mobile phone, credentials that bind the user and the device may be stored in a physical subscriber identity module (SIM) or provisioning module. Thus, if the mobile device is subsequently operated by a new user (e.g., someone borrowing the mobile phone), the credentials in the current SIM, associated with the original user, will be used to access a cellular network and to bill for the network access usage. Thus, the original user mapped to the mobile phone will be billed for any network usage fees incurred by the new user. In some cases involving the same service provider, the mobile phone can be provisioned with the new user's credentials by physically replacing the existing SIM hardware with a SIM of the new user. However, SIM swapping or identity reassignment across different service providers is often problematic or simply not feasible in a mobile phone.
In a connected vehicle, agents may change over any given period of time, and it may be impossible or impractical to physically switch a SIM in the vehicle or to make a trip to a service center each time a new agent needs network access to or from the vehicle. In one example, a manufacturer of an automobile may want to use a transaction application to collect real time data from sensors in the vehicle. If the automobile is manufactured in one country and shipped to another country (e.g., manufactured in Japan and shipped to the United States), then before the automobile is even purchased it would have traveled across international boundaries and multiple telecom service provider areas. Thus, if the manufacturer (i.e., the agent) provisions the automobile with credentials for a first service provider usable in the first country, the manufacturer may prefer a different service provider to be provisioned in the automobile once the automobile is shipped to another country.
Another example of possible agent changes in a vehicle includes owners, drivers, renters, and passengers of a vehicle. When an automobile is sold to a customer, the new owner needs access rights to various transactions (e.g., toll payments, gas and charging stations, Internet commerce, personal vehicle settings, etc.) provided by the vehicle. In addition, the new owner may need wireless access to networks and devices external to the vehicle using an appropriate service provider and a desired billing scheme. These access rights may need to change each time the vehicle is driven by a different driver (e.g., another person in the owner's family, a current renter of a rental car, etc.). In addition, if the vehicle is sold again, a new owner and associated drivers and passengers also need access rights and the previously existing access rights need to be removed from the vehicle. Finally, multiple agents may want to access the vehicle concurrently, such as a driver and one or more passengers of the vehicle who desire access rights to at least some of the vehicle transactions. For example, a passenger may want to use an Internet commerce transaction to download music or videos, or the passenger may want to pay for transportation costs, such as toll expenses and/or gas and charging station expenses.
Supporting a multi-agent and multi-transaction vehicular environment may also require more protection layers than typically used in traditional authentication schemes such as a simple user identification (“user ID”) and password. In one example, additional protection layers may be necessary for certain transactions and agents to avoid compromising security (e.g., highly sensitive transactions such as transactions allowing modifications by a manufacturer of the vehicle itself) and/or regulatory compliance of a transaction. Thus, flexible agent identity management is needed with a strong authentication component that provides adequate security for dynamically changing agents and transactions, such that security, privacy, authenticity, accountability, and regulatory compliance are not compromised.
A system for enabling secure transactions in a vehicular environment using flexible identity management for agents associated with the transactions, outlined by
Note that in this Specification, references to various features (e.g., elements, structures, modules, components, steps, operations, characteristics, etc.) included in “one embodiment”, “example embodiment”, “an embodiment”, “another embodiment”, “some embodiments”, “various embodiments”, “other embodiments”, “alternative embodiment”, and the like are intended to mean that any such features are included in one or more embodiments of the present disclosure, but may or may not necessarily be combined in the same embodiments.
Turning to the infrastructure of
In-vehicle mobile devices 18a-b, and mobile devices external to vehicle 4, may communicate with OBU 30 of communication system 10 through any wired or wireless communication link and may be configured as a personal area network (PAN) or a wireless personal area network (WPAN) or any other appropriate architecture or system that facilitates communications in a network environment. Wired and wireless communication links may be inclusive of any electronic link such as Bluetooth, wireless technologies (e.g., IEEE 802.11x), a USB cable, an HDMI cable, etc. Connection between mobile devices and OBU 30 may be configured based on particular needs and logistics. In one particular example, an external mobile device may be connected to OBU 30 through a USB cable or wireless network when, for example, the external mobile device is a diagnostic tool used by a mechanic for servicing vehicle 4.
Networks 40 represent a series of points or nodes of interconnected communication paths for receiving and transmitting packets of information that propagate through communication system 10. Networks 40 offer communicative interfaces between any of the components of
Embodiments of OBU 30 may include one or more distinct interfaces, represented by network interfaces 26, to facilitate communication via the various networks described herein. Such network interfaces 26 may be inclusive of multiple wireless interfaces (e.g., WiFi, WiMax, 3G, 4G, white space, 802.11x, satellite, Bluetooth, LTE, GSM/HSPA, CDMA/EVDO, DSRC, CAN, GPS etc.). Other interfaces represented by network interfaces 26, may include physical ports (e.g., Ethernet, USB, HDMI, etc.), and the like. Similarly, each of the network elements and user equipment (e.g., mobile devices) of communication system 10 can also include suitable interfaces for receiving, transmitting, and/or otherwise communicating data or information in a network environment.
OBU 30 can include one or more memory elements (e.g., memory element 24) for storing information to be used in achieving operations associated with the enablement of secure transactions using flexible identity management, as outlined herein. Any of the memory or storage items discussed herein should be construed as being encompassed within the broad term ‘memory element’ as used herein in this Specification.
In example embodiments, the operations for enabling secure transactions using flexible identity management outlined herein may be implemented by logic encoded in one or more tangible media, which may be inclusive of non-transitory media (e.g., embedded logic provided in an ASIC, digital signal processor (DSP) instructions, software potentially inclusive of object code and source code to be executed by a processor or other similar machine, etc.). In some of these instances, one or more memory elements (e.g., memory element 24) can store data used for the operations described herein. This includes the memory elements being able to store software, logic, code, or processor instructions that are executed to carry out the activities described in this Specification.
Additionally, OBU 30 may include processing elements 21, including computing processor 22 and routing processor 23, that can execute software or algorithms to perform the activities to enable secure transactions, to use flexible identity management, and to route packets, using suitable routing protocols, associated with the secure transactions and identity management. A processor can execute any type of instructions associated with the data to achieve the operations detailed herein in this Specification. In one example, the processors (as shown in
Regarding a physical implementation of OBU 30, any suitable permutation may be applied based on particular needs and requirements, including the design of the particular vehicle in which OBU 30 is implemented. In example implementations, various components of OBU 30 may be installed in different physical areas of the vehicle or may be installed as single unit, with display 28 being positioned to allow driver access. Other displays may be provided in suitable locations for access by passengers in particular passenger seats. In one implementation, multimedia, networking, and communication components may be positioned at some distance from the vehicle engine (e.g., in or near the rear or trunk area if the engine is in the front area of the vehicle).
Communication system 10 may be configured to facilitate communication with machine devices (e.g., vehicle sensors, instruments, electronic control units (ECUs), embedded devices, actuators, etc.). OBU 30 may be implemented to provide one or more suitable communication interfaces (e.g., network interfaces 26) to legacy systems in vehicles such as, for example, a controller area network (CAN) a low speed network (LIN), a flexray communications protocol network, media oriented systems transport (MOST), and the like. Typically, multiple ECUs, with different embedded software, may be found in a single automobile and may communicate via a CAN bus. Sensors 14a-b may represent, for example, wheel and headlight sensors, respectively. Controls 16a-b may be inclusive of any embedded system or ECU that controls one or more of the electrical systems or subsystems in vehicle 4. Actuator 13 represents a vehicle setting device such as, for example, a seat positioning device for adjusting various seat positions (e.g., longitudinal position relative to the brake and gas pedals, tilt position, lumbar support, etc.). Actuator 13 and other similar vehicle setting devices (e.g., temperature controls, sunroof, door locks, power windows, etc.) may be configured for communications in a LIN bus, in one embodiment. Sensor 14c represents a type of sensor or device that may be configured for communications via flexray communications protocol (e.g., a radar collision sensor). Control 16c, representing one or more ECUs, may be suitably integrated for controlling the flexray network and sensors and other associated components. Additionally, OBU 30 may be implemented to provide one or more suitable communication interfaces (e.g., network interfaces 26) to an Internet Protocol (IP) network, user datagram protocol (UDP) network, or any other suitable protocol or communication architecture provided to enable network communication with machine devices in vehicle 4.
In this particular example, vehicle 4 includes capabilities associated with navigation system 17 and vehicle diagnostics 19. Navigation system 17 may be provided in various embodiments including, for example, a portable navigation system or, alternatively, a fixed navigation system, each of which may be configured for wireless or wired communications to OBU 30. Other more specific machine devices, not shown in
Turning to
Authorized entities 98 may include various entities having authorization to access a vehicle 4 such as, for example, a dealer of the vehicle, a manufacturer of the vehicle, OEMs associated with the vehicle, and public entities having an interest in the vehicle (e.g., State Departments of Transportation, local police departments, etc.). A network node of such authorized entities will typically be remotely located from OBU 30 and, therefore, accessible from OBU 30 through networks 40 such as the Internet or other WANs and any available communication link (e.g., 3G, 4G, local wireless, etc.) providing network access from OBU 30 to the Internet or other WAN. In some scenarios, however, OBU 30 may be locally accessible to an authorized entity such that Internet access is unnecessary. For example, when vehicle 4 is being manufactured and is located at one of the manufacturer's facilities, OBU 30 may be capable of directly accessing the manufacturer's network through a LAN or WLAN. Similarly, when a vehicle 4 is taken to a dealer for maintenance, the OBU 30 may connect to the dealer network through a communication link that does not include the Internet or any other wide area network.
Networks 40 may also facilitate communication between certain agents 90 (e.g., machine devices 92, humans 94, software agents 95, mobile devices 96) and transaction systems 50. By way of example, transaction systems 50 may include services transaction systems 52, commercial transaction systems 54, roadside transaction systems 56, and transportation transaction systems 58 on network nodes or other electronic devices. Each of the transaction systems can be associated with many different types of entities and many different transaction scenarios. Services transaction systems 52 can encompass numerous entities providing services such as identity service providers, mobile wireless service providers, banks and other financial institutions, location-based services (LBS), travel agencies, vehicle rental and leasing agencies, Internet websites, etc. In some implementations, however, a vehicle rental and leasing entity may be provisioned as an agent of the OBU, such as when the vehicle itself is owned by the rental and leasing entity. In this particular scenario, the rental and leasing agency could be an authorized entity of vehicle 4, and any authorized employees could be human agents of the vehicle. Commercial transaction systems 54 may include entities facilitating commercial transactions through the Internet (e.g., video and music download sites, online retailers, etc.), etc. Roadside transaction systems 56 may include various entities providing roadside services such as gas and electric charging stations, kiosks (both roadside and drive-through), etc. Transportation transaction systems 58 may include entities or devices facilitating vehicle charging transactions related to toll payments, ferry charges, bridge toll payments, parking, Vehicle Miles Traveled (VMT), and any other transportation costs incurred as a result of moving vehicle 4 from one location to another. The transaction systems 52, 54, 56, and 58, as categorized, are provided for purposes of illustration and ease of understanding, and it will be appreciated that certain entities may logically be included in multiple transaction systems (e.g., a bank could be described as both a services transaction system and a commercial transaction system) and that numerous types of transaction systems and entities other than those enumerated herein may also be possible.
Other commercial transactions may occur through OBU 30 by accessing other vehicles 59 (vehicle-to-vehicle commerce). An available network represented by networks 40, may provide a communicative pathway between vehicle 4 and other vehicles 59, where vehicle 4 includes OBU 30 and other vehicles 59 include a suitable communication device (e.g., mobile device, OBU or similar device). The communicative pathway between vehicle 4 and other vehicles 59 could be established as a single hop or multi-hop vehicle-to-vehicle network through WiFi, WiMax, or any other suitable wireless technologies allowing a sustained connection between vehicle 4 and other vehicles 59. Commercial transactions could occur between a mobile device in one vehicle (connected to an OBU) and an OBU in another vehicle, between mobile devices in separate vehicles with OBUs, or between OBUs of separate vehicles. Commercial transactions may also be conducted between OBU 30 and mobile devices 96 (vehicle-to-mobile device commerce), such as when a mobile device purchases content from OBU 30. Another type of commercial transaction can include in-vehicle commerce in which a user of a mobile device pays for the use of resources through OBU 30 (e.g., in the case of a passenger in a commercial vehicle such as a taxi cab) or when mobile devices within a vehicle use the network available through OBU 30 to conduct commercial transactions with each other. In addition to commercial transactions, these communicative pathways involving vehicles and mobile devices may also be established for any other suitable services or transactions, providing proper authentication and network credentials are obtained.
Turning to
In one embodiment, OBU 30 is equipped with a Universal Integrated Circuit Card (UICC) that allows for multiple universal subscriber identity module (USIM) applications to accommodate VSIMs 32. In this embodiment, one or more of VSIMs 32 having a desired mobile network operator may be opportunistically selected, if certain criteria are met, so that the desired one or more mobile network operators can be utilized for network access from OBU 30. In another implementation, multiple SIM cards may be connected to OBU 30 to accommodate a corresponding number of VSIMs. In this implementation involving multiple SIM cards, a software module could be configured to opportunistically select an appropriate one or more SIM cards corresponding to a desired one or more mobile network operators if certain criteria are met. In yet another implementation, VSIMs could be simply soft SIM information stored in a storage repository of OBU 30 such as part of an identity profile of a corresponding agent. Once downloaded, VSIMs 32 can reside in OBU 30 in accordance with whatever particular implementation is employed, until an expiration of the VSIM or until the VSIM is replaced, updated, or removed by an agent with appropriate authentication and authorization.
In accordance with embodiments of communication system 10, OBU 30 may also be provisioned with one or more identity profiles 34a, 34b, and 34c (referred to collectively herein as identity profiles 34), with each identity profile 34 corresponding to an agent that can authenticate to OBU 30. Identity profiles 34, as further detailed below, can include credentials and profile information for a particular agent. Credentials contain information that uniquely identifies an agent (e.g., a personal identifier (PID)) and that may be used for authentication purposes. Examples of credentials may include one or more of name, address, phone number, driver's license number, social security number, business license number, IP address, user ID/password, biometrics, personal device identifier (e.g., authentication information corresponding to key fob, access card, credit card, mobile phone, etc.), security keys, and certificates (e.g., public key infrastructure (PKI) certificate, trusted third party (TTP) certificate, etc.).
Profile information aggregates agent attributes, account information, preferences, and/or settings, which can enable appropriate transactions by authenticated agents. For example, profile information can include vehicle settings, dashboard preferences, wireless interface preferences (e.g., VSIM information, WiFi account information, etc.), web account information (e.g., multimedia, social networking, etc.), mobile device list (e.g., smartphones, mobile phones, tablets, laptops, etc.) including network configurations for mobile devices, network service provider membership account information, insurance information, credit card/payment account information, manufacturer web account information, network interface account information, GPS favorite locations, and phone contact list. The information included in a particular identity profile will be at least partially dependent upon the particular agent to which it corresponds. For example, an authorized entity (e.g., a manufacturer of the vehicle, etc.) would not need vehicle settings, GPS favorite locations, or multimedia information in its identity profile. In addition to agents, a profile identity may be provisioned for a vehicle itself including information to distinctly identity the vehicle (e.g., a vehicle identification number (VIN)). It will be apparent that the examples provided herein of credentials and profile information are not all-inclusive, and any other suitable information or data could be included as credentials or profile information.
Various implementations can accommodate identity profiles 34 in OBU 30. For example, in one embodiment identity profiles 34 are stored in dedicated hardware (e.g., physical SIM card, memory card, etc.). Software can be configured to virtually switch between different hardware or the hardware itself may be programmable to store different agent identity information over time. In another embodiment, identity profiles 34 are stored in a programmable storage module or virtual identity module that can store one or more identity profiles 34. Generally, identity profiles 34 may be kept in any suitable memory element, software, hardware, or in any other suitable component, device, element, or object where appropriate and based on particular needs. In addition, identity profiles 34 may be provided in any database, register, cache, queue, control list, or storage structure.
In example embodiments of the present disclosure, VSIMs 32 and identity profiles 34 may be provisioned and managed through one or more identity service providers, represented by identity service provider 60 in
Provisioning and managing an identity profile or VSIM through identity service provider 60 can be accomplished in various ways. In one scenario, a user could access identity service provider 60 through the Internet or other available network from computer 42 (e.g., home computer, publicly accessible computer, business computer, etc.) or mobile devices 96. Additionally, end user 2 could access identity service provider 60 by bootstrapping a communication link through OBU 30 (e.g., accessing a home WLAN through WiFi, using a preprogrammed VSIM in OBU 30, using another agent's VSIM already provisioned in OBU 30, etc.) In other scenarios, the identity service provider 60 may be accessed through a local network (e.g., manufacturer who is an identity service provider locally accessing provisioning modules of OBU 30 prior to shipping the vehicle, etc.) or other wireless networks (e.g., user accessing mobile network operator through a cellular network if the mobile network operator is its own identity service provider, etc.).
Identity service provider 60 may provide modules allowing the creation of an account with authentication credentials 66 (which may be saved for future access of the account) for an agent. A VSIM module 61 may be provided by identity service provider 60 to allow a user to provision a VSIM for an agent, with the VSIM being associated with a desired mobile network operator and stored, for example, in VSIM database 64. An identity profile module 63 may also be provided by identity service provider 60 to allow the user to provision an identity profile for the agent and to store the identity profile in, for example, identity profile database 62. In some scenarios, a user is the agent and provisions a VSIM and/or an identity profile for himself. In other scenarios, the user may provision a VSIM and/or an identity profile for another agent (e.g., a vehicle dealer provisioning a VSIM and/or an identity profile for a new vehicle owner, a vehicle rental agency provisioning a VSIM and/or an identity profile for an agent renting a vehicle, a user at an OEM provisioning a VSIM and identity profile for a software agent configured in the OBU to make network connections to the OEM from the OBU, etc.).
VSIM 32 and identity profile 34 may be dynamically added, removed, and updated via local or remote network access. After provisioning a VSIM and/or identity profile with identity service provider 60, the VSIM and/or identity profile may be downloaded using control channels or otherwise provided to OBU 30 if the agent associated with the VSIM and/or identity profile has been authenticated to OBU 30. In one example, to download VSIMs 32 and/or identity profiles 34, the agent (e.g., end user 2) may bootstrap a communication link in OBU 30 (e.g., WiFi, an available VSIM, etc.) to access identity service provider 60 using control channels through the Internet or other network. In another example, end user 2 may access a local network of an identity service provider if a vehicle is in close physical proximity to identity service provider 60. Once identity service provider 60 is accessed, the user can authenticate to identity service provider 60 via authentication credentials 66, access the desired account, and download one or more associated VSIMs 32 and/or identity profiles 34. Similarly, if a new VSIM for the same agent is provisioned or the identity profile is updated in identity service provider 60, then the associated agent can use an available VSIM or other available communication link in OBU 30 to access identity service provider 60 to download the new VSIM and/or updated identity profile. In another scenario, the VSIM and/or identity profile may be stored on a transportable memory element (e.g., USB stick, CD, etc.), which may be provided locally to OBU 30 by a user, such as end user 2. The VSIM and/or identity profile can then be downloaded to OBU 30 from the transportable memory element.
In other example scenarios, an identity profile may be dynamically created and managed (e.g., removed or updated) locally, directly through OBU 30. For example, OBU 30 may provide an identity profile creation tool through display 28 for a user to enter desired credentials and profile information and associate such information with an agent. In another embodiment, the identity profile creation tool may be accessible through a user's mobile device. In these scenarios, the identity profile would not be accessible through identity service provider 60 and could only be accessed in the particular vehicle containing the identity profile.
With reference now to
Agent provisioning module 71 provides the overall flow for provisioning and authenticating an agent to OBU 30. Agent provisioning module 71 allows provisioning new agents, provisioning new and updated VSIMs 32, provisioning new and updated identity profiles 34, authenticating agents to OBU 30, and activating any applicable identity profiles 34. In addition, agent provisioning module may also invoke payment association module to determine whether to associate a payment method available through the agent (e.g., in the identity profile or through an associated VSIM) to certain transaction applications not typically initiated by an agent having a payment method (e.g., automatic toll payment transactions, automatic parking transactions, etc.)
Multi-factor authentication module 74 provides a flow for using one or more predefined authentication credentials to authenticate an agent to OBU 30 and to ascertain that the agent is authorized to conduct a particular transaction on OBU 30. In one embodiment, multi-factor authentication module 74 may be invoked upon initial authentication of an agent to gain access to OBU 30 and in addition, when particular transactions are initiated on OBU 30. Authentication credentials may include who, what, and where criteria related to the agent. By way of example, authentication requirements for machine devices and some mobile devices could include one or more of machine hardware signature, challenge-response, predefined certificate (e.g., PKI certificate, TTP certificate, etc.), and physical location relative to OBU 30. Authentication requirements for a human agent 94 (accessing OBU 30 through a mobile device or directly through a user interface such as display 28) could include one or more of biometrics, (e.g., fingerprinting, etc.), challenge-response, key fob, access card, mobile phone, user ID and password, a one-time password (OTP), and physical location relative to OBU 30. Authentication requirements for authorized entities could include challenge-response, predefined certificate, and the like.
In one embodiment, the authentication requirements for each agent may be provided in an agents-to-multi-factor mapping database 83 of secure database/storage layer 80. In some embodiments, the predefined authentication credentials that are required to authenticate to OBU 30 are specific to the particular agent being authenticated. For example, a key fob may allow an owner agent to authenticate to a vehicle, but only a simple user name and password may be required for a child of the owner to authenticate. In this case, a lesser amount of security may be required for the child to authenticate because the child may have limited access to transaction applications and resources of OBU 30. Furthermore, authentication requirements to gain access to OBU 30 may be different than authentication requirements for a particular transaction. By way of example, an owner of a vehicle may only need to use a key fob to gain access to OBU 30, but additional authentication may be required for the owner to access various transaction applications and resources of OBU 30. Security can be strengthened as the number and diversity of authentication requirements mapped to a particular agent is increased.
Implementation of the authentication requirements can be accomplished with any appropriate hardware and/or software. For example, TPM 76 is a hardware approach that can authenticate an agent, once the agent has provided appropriate credentials. TPM 76 is a secure processor that performs cryptographic functions and can store cryptographic keys for protecting information. In another embodiment, a software container (e.g., a secure virtualized operating system container) could be provided with appropriate authentication logic to authenticate an agent once credentials are provided. Thus, any hardware, software, or suitable combination thereof can be implemented to accomplish the authentication requirements of multi-factor authentication module 74.
TPM 76 can also be used to protect data and transaction applications. For data, TPM 76 can be a safe store for an encryption key so that only an authorized agent who properly authenticates to TPM 76 can access the encryption key to decrypt protected data (e.g., data in secure database/storage layer 80). TPM 76 can also be used to ensure the integrity of transaction applications 78 executing on OBU 30, which can be achieved locally or remotely depending on the particular transaction application and associated agent. Locally, the OBU 30 can self-ensure that the operating system is on a trusted platform. Transaction applications 78 may each include a signature that can be verified prior to execution. Transaction applications 78 can also be verified remotely to third parties, such as authorized entities 98. For example, an authorized entity such as a manufacturer may access a transaction application that monitors the brakes and accelerator of vehicle 4. Before the transaction application executes, TPM 76 can be used to verify the integrity of the application to the manufacturer. Based on the information provided, the manufacturer can respond accordingly (e.g., process data received from the transaction application if the transaction application is verified, cease execution of the transaction application if the transaction application is not verified).
In one embodiment, TPM 76 has a permanent identity associated with vehicle 4 and does not change even if vehicle ownership changes. Similarly, a vehicle identity (vehicle ID) of vehicle 4, such as a vehicle identification number (VIN) is also a permanent identity associated with vehicle 4. A TPM endorsement key, which can be used to encrypt data, may have a public key part that can be used as a TPM identifier (TPM ID). Although vehicle ID and TPM ID do not ordinarily change, if TPM 76 or OBU 30 is replaced during the life of vehicle 4, then a new TPM ID would need to be associated to vehicle 4.
VSIM provisioning module 73 and identity profile provisioning module 75 allow the provisioning of new or updated VSIMs and or identity profiles on OBU 30. Such provisioning may include downloading new or updated VSIMs and identity profiles from an identity service provider either locally or remotely. Provisioning may also include downloading new or updated VSIMs and identity profiles from a transportable memory element or mobile device. In addition, identity profiles may also be manually created in OBU 30, without involving an identity service provider.
Authentication and secure transaction module 72 provides a flow for detecting an event for a transaction, determining whether the transaction is authorized, authenticating an associated agent if required, and obtaining network credentials and other profile information as needed. Network credentials may include one or more VSIMs' information, user ID and password, and/or security certificates (e.g., asymmetric/symmetric key pair, etc.), and any other information to facilitate vehicle internal network access or external network access via an available wired or wireless communication link. In order to perform necessary authentication and evaluations to ensure secure transaction processing, this module may be configured to query secured storage such as transaction-to-agents mapping database 82, transaction-to-authentication-and-confidentiality-schemes mapping database 84, agents-to-multi-factor-authentication mapping database 83, and agent identity profiles database 81. As used in this Specification, a mapping of data, elements, objects, or components is intended to mean an electronic association, correspondence, relationship, or correlation between the data, elements, objects, or components, provided in electronic devices and/or networks. In one embodiment, these databases, in addition to any other databases or memory elements in secure database/storage layer 80, can be maintained in a secure manner using the default security credentials obtained from TPM 76. Moreover, various confidentiality schemes can be used to protect the data stored in the various memory elements of secure database/storage layer 80 such as, for example, cryptographic algorithms including Data Encryption Standard (DES/3DES), Secure Hash Algorithm (SHA-1/2), Advanced Encryption Standard (AES), etc.
Transaction-to-agents mapping database 82 indicates which transactions are authorized for which agents. Mapping database 82 may include mappings of agent identities to user-level and system-level transaction applications corresponding to transactions and also to types of transactions (e.g., transactions requiring remote network credentials, transactions requiring payment information, etc.). Thus, once an agent has authenticated to OBU 30, only transaction applications that are mapped to the agent, or that correspond to a type of transaction that is mapped to the agent, are authorized and accessible to the agent. Example mappings that could be found in database 82 include: 1) a manufacturer mapped to transaction applications for accessing vehicle sensor data (e.g., in order to perform diagnostics), for performing software or firmware upgrades, and for accessing a “black box” of the vehicle, 2) a dealer mapped to transaction applications for accessing sensor data (e.g., read only access in order to schedule maintenance services), 3) an emergency service provider mapped to transaction applications for controlling the vehicle (e.g., opening a vehicle door, disabling a vehicle engine, etc.), 4) a public entity mapped to transaction applications for accessing sensor data or other vehicle diagnostic data (e.g., for inspection, security, surveillance, etc.), 5) an owner of the vehicle mapped to all transaction applications except those allowing “write” or “modify” access to vehicle software and/or firmware, 6) a passenger mapped to a subset of transaction applications and features available to an owner of the vehicle, and 7) a sensor mapped to a transaction application compiling diagnostic data.
Additionally, different agents may have different levels of authorization. For example, a dealer may only need to read vehicle sensor data for maintenance scheduling purposes. Consequently, the dealer would be mapped to a transaction application that only allows read operations of vehicle sensors to be performed. On the other hand, a manufacturer may need to read and update vehicle sensors and controls for performing firmware and/or software upgrades and fixes. Therefore, the transaction applications mapped to the manufacturer could allow read and update functions to be performed.
In one embodiment, a software agent may be a system-level transaction application that does not have a separate agent initiating its execution or otherwise associated with it. For example, the software agent could be a low level application that automatically initiates processing based upon predefined criteria (e.g., specific time periods, whenever network connectivity is detected, etc.). Accordingly, authorization for the software agent to execute could be provided in any suitable way, including an appropriate indication in transaction-to-agents mapping database 82 (e.g., mapping the software agent to a type of transaction, mapping the software agent to itself).
Authentication and secure transaction module 72 may also determine which authentication and confidentiality schemes to use for particular transactions for exchanging data between OBU 30 and transaction systems in the cloud. Examples of authentication protocols that can be used include secure socket layer (SSL), Internet Protocol Security (IP SEC), Extensible Authentication Protocol (EAP-*), Hypertext Transfer Protocol Authentication (HTTP Auth), Kerberos, Simple Authentication and Security Layer (SASL), Web Service Security (WS-Security), etc. Examples of confidentiality schemes that can be used include encryption or cryptographic algorithms such as DES/3DES, SHA-1/2, AES, etc. Accordingly, transaction-to-authentication-and-confidentiality-schemes mapping database 84 may provide a mapping of which types of transactions and particular transaction applications require which authentication and confidentiality schemes. One example database mapping could be a banking application's related data and other sensitive information mapped to a desired encryption mechanism. Furthermore, in certain implementations, the criticality of the communication may dictate the applicable authentication method (e.g., different types of authentication may be required for highly sensitive transaction applications). In some embodiments, mapping database 84 may also indicate which types of transactions and particular transaction applications require multi-factor authentication to be performed for an associated agent.
In scenarios in which multi-factor authentication is required for an agent, authentication and secure transaction module 72 may also access agents-to-multi-factor-authentication mapping database 83. For example, a human agent 94 accessing benign features such as gaming, video, and the like may require a simple user name and password during the initial authentication to OBU 30. However, once the human agent 94 decides to access a banking transaction application, additional authentication (e.g., physical presence in the form of biometric authentication, etc.) may be required. In another example, highly critical functions such as software/firmware changes by a manufacturer, or emergency services by an emergency service provider, may require multiple layers of authentication by the manufacturer or emergency services provider. These multiple layers of authentication could be satisfied by the agent in the initial authentication to OBU 30, or additional required layers may need to be satisfied when the agent initiates access to the particular transaction application requiring the additional authentication.
Secure database/storage layer 80 may also provide an agent identity profiles database 81, for storing identity profiles 34 provisioned locally (e.g., using a transportable memory element to download an identity profile, creating an identity profile directly through OBU 30) or remotely (e.g., downloading an identity profile from identity service provider 60). In addition, agent identity profiles database 81 may also include security keys, certificates, and credentials corresponding to various transaction applications and agents.
Secure communication module 77 of OBU 30 may enable secure communication to various networks (e.g., networks 40 as shown in
Multiple VSIMs and/or other wireless communication options can also be mapped to transaction applications or types of transactions, agents, and/or geographical locations to allow a network connection to be split among the designated multiple VSIMs and/or other wireless communication options. In one example scenario, a large file download may utilize multiple VSIMs (e.g., two different 3G mobile networks) in order to split the file to increase the speed of the download. To accomplish this, a transaction application and agent associated with the file download may be mapped to two or more VSIMs provisioned in OBU 30 for the agent.
In certain scenarios, one VSIM may be preferred over another VSIM due to the vehicle location because of the mobile network operator rate. To illustrate this case, assume Agent X and California are mapped to VSIM 1 and Agent X and New York are mapped to VSIM 2. If Agent X is traveling in California, then VSIM 1 will be used for any network access requested by Agent X. If Agent X is traveling in New York, then VSIM 2 will be used for any network access requested by Agent X. In another scenario, a human agent 94 may prefer to have particular types of transactions tied to different VSIMs or combinations of VSIMs (e.g., home transactions mapped to VSIM 1, work related transactions mapped to VSIM 2, child's transactions mapped to VSIM 1). Such mappings can be configured in VSIM selection rules mapping database 85 with appropriate authorization. The VSIM selection rules mapping could also be provided in any other suitable memory element including, for example, an identity profile associated with the agent. In this alternative implementation, only transaction application and/or location may need to be mapped to available VSIMs and/or other wireless communication options.
In addition to pre-specifying VSIM selection rules, VSIMs may also be opportunistically selected in real-time. A real-time VSIM selection may occur based on current network conditions/demands, mobile network rate plan of an agent, remaining data/minutes of a mobile network rate plan. In addition, network performance characteristics such as, for example, data rate, signal level, congestion, etc. may also be evaluated in real-time and used to opportunistically select a suitable one or more VSIMs, other wireless communication options, or any suitable combination thereof.
Transaction applications 78 represent a plethora of user-level and system-level transaction applications that may be configured on OBU 30. With proper authentication to OBU 30 and authorization through transaction-to-agents mapping database 82, however, numerous types of transactions using transaction applications 78 may be performed through OBU 30. Generally, types of transactions are inclusive of 1) accessing one or more wireless/mobile/cellular networks and using network bandwidth and services, 2) gaining access to various resources of the vehicle based on an identity profile and/or associated databases, 3) gaining access to applications in the vehicle, and 4) engaging in commercial activities (e.g., paying for receiving goods or services, or receiving payment for selling goods or services). These general transactions may overlap in certain cases, for example, where an agent accesses a cellular network in order to connect to an online retailer (e.g., commercial transaction system 54) in order to pay for purchased goods, and uses an Internet commerce transaction application to enable a secure transaction.
The user-level and system-level transaction applications of OBU 30 may be mapped to any appropriate agent 90 (e.g., machine devices 92, humans 94, software agents 95, mobile devices 96, and authorized entities 98) in transaction-to-agents mapping database 82. Example transaction applications 78 can include applications facilitating external network access such as banking applications, LBS applications, travel agency applications, vehicle rental & leasing agency applications, Internet commerce applications, kiosk applications, gas & electric charging applications, transportation charging applications, vehicle-to-vehicle applications, vehicle-to-mobile applications, dealer transaction applications, OEM transaction applications, and the like. Other transaction applications 78 may include hardware and/or software applications involving internal access of OBU 30 such as gaining access to various resources, vehicle subsystems, or software applications not involving remote network access. A unified identity management framework, as illustrated in
Authorized entities 98 may access appropriate transaction applications (e.g., dealer transaction application, OEM transaction application, etc.) after gaining access to OBU 30 through an authenticated software agent 95. The software agent 95 may first authenticate to OBU 30 and can then establish a network connection to the authorized entity using an appropriate VSIM (e.g., the manufacturer's VSIM). The authorized entity to which the software agent establishes a network connection may need to authenticate to OBU 30 before being able to access transaction applications on OBU 30, such as transactions applications related to vehicle sensor data, diagnostic data, firmware/software upgrades, emissions data, etc. Thus, for example, an OEM software agent on OBU 30 may be configured to establish a network connection to the OEM whenever internal connectivity to a network is detected on OBU 30. OEM software agent may first authenticate to OBU 30 and, for example, VSIM 1 may be selected for network access. Once a network connection is established between OBU 30 and the OEM using VSIM 1, the OEM may update the VSIM 1 to VSIM 2 if, for example, the OEM has negotiated a new rate with a different mobile network provider and wishes to update its VSIM. In some embodiments, a VSIM being updated (e.g., VSIM 1) may need to remain active and available for use by the associated agent for a specified period of time, until the new VSIM (e.g., VSIM 2) has been successfully provisioned (and possibly tested) in OBU 30. Additionally, the OEM may need to be authenticated to OBU 30 and authorized in transaction-to-agents mapping database 82 in order to update the VSIM or to access an OEM transaction application (e.g., one of transaction applications 78), which could be configured to access various vehicle components (e.g., vehicle sensors, vehicle firmware/software, etc.).
Machine devices 92 may also authenticate to OBU 30 and then provide an automatic network connection to an external entity or transaction system 50. For example, a machine device agent (e.g., a detector) may sense a toll system and initiate a transportation charging application. After the detector is authenticated to OBU 30, transaction-to-agents mapping database 82 may be evaluated to determine whether the detector is mapped to the transportation charging application. Once the detector is determined to be authorized to access the transportation charging application, network credentials and payment information may be obtained so that transportation charging application can connect to the toll system and provide appropriate payment.
Turning to
Identity profiles for human agents, such as parent/owner 502 and child 504 may also include vehicle settings, other wireless interfaces, device list, and web accounts. The vehicle settings may include items such as preferred seat positions as a driver and a passenger, temperature controls, music or radio settings, and the like. Other wireless interfaces and preferences may include, for example, a WiFi account established with a mobile network provider. Wireless interface information can be included in the identity profiles so that whenever the vehicle is near a hotspot of the mobile network operator, network connections by the parent/owner or child can be made through the WiFi interface. Identity profiles for the parent/owner 502 and child 504 may also include specific web accounts, such as those related to social networking and media.
Device lists may include any personal mobile devices of the parent/owner or child. The device list could include network interface accounts, passwords, and network configurations. Thus, the device list is essentially an identity profile for mobile devices within identity profiles of the parent/owner 502 and child 504. The device list information is provided to allow each of the identified mobile devices to be recognized and connected to the OBU 30 and to other networks in a desired manner. For example, if the child wants to download a movie from the Internet to a mobile device (e.g., a laptop, iPad, etc.) and the mobile device is included in the device list of the child's identity profile 504, then the mobile device could be connected to OBU 30 through a local wireless connection and OBU 30 could route traffic to the Internet through appropriate and available network connections from OBU 30 to the Internet (e.g., using a VSIM identified in the identity profile of the child 504). Thus, OBU 30 may be used as a communication link to the Internet for mobile devices identified in a device list of an identity profile of another agent.
Identity profile of parent/owner 502 may also include other profile information of a sensitive nature such as credit/payment information. Credit/payment information may be included in an identity profile to allow the agent of the identity profile to use his own credit/payment information for various charges/payments incurred during commercial transactions (e.g., transportation charging, gas and charging stations, kiosks, Internet commerce, rental and leasing, travel, etc.). The credit/payment information may be associated with authorized transaction applications during provisioning of the identity profile or at other times. By way of example, during the provisioning of an identity profile of an owner of vehicle 4, the owner's credit/payment information may be set as the default credit/payment method for various transaction applications. In a further example, payment information associated with transaction applications for transportation and gas and charging systems could be changed during a trip in vehicle 4 when a passenger offers to use his own credit/payment information to pay for such expenses. OBU 30 could provide an interface to allow modification to appropriate settings to effect such a change using proper authentication and authorization. In another example, each time a driver is authenticated to vehicle 4, the driver's credit/payment information may be associated with the various transportation and gas and charging transaction applications. However, if the driver is not the default payer/creditor, then OBU 30 could provide confirmation screens to notify the driver that his credit/payment information will be used and to receive confirmation and approval of this change.
Identity profile of parent/owner 502 may also include machine device access. While a manufacturer or an OEM may have access to vehicle machine devices to read and update or modify firmware or software of such machine devices, an owner of a vehicle may only be allowed to retrieve data from vehicle sensors. Accordingly, machine device access can indicate which machine devices the owner is authorized to access and what type of access is allowed. In addition, other passengers may not be allowed any type of access to the vehicle sensors and actuators, for example, and therefore, machine device access information may be omitted from identity profiles associated with other human agents.
Identity profile of child 504 may also contain parental controls and may not contain certain information that allows use of particular resources or transactions. Parental controls may be included to allow a parent to set desired limits on a child's use of OBU 30 resources and the vehicle itself. For example, any type of common computer parental controls related to accessing networks such as the Internet could be provided in parental controls. In addition parental controls could relate to particular activities of the vehicle. For example, if the child is authenticated as a driver, parental controls could require a notification be sent to the parent (e.g., via an email account, a text message, to a messaging center of the OBU 30, etc.) if the vehicle is driven beyond a specified boundary or perimeter or if the vehicle is driven beyond a specified speed. Parental controls could also be configured to limit certain vehicle functions (e.g., vehicle speed, entertainment systems, etc.). In addition, identity profile of child 504 may not have credit/payment information if the child is not allowed to engage in commercial transactions through OBU 30.
Identity profile of manufacturer 508 may also include machine device access information, which can indicate which machine devices the manufacturer is authorized to access and what type of access is allowed. In addition, the identify profile of manufacturer 508 may also include information related to diagnostics of vehicle 4 and a history of vehicle technical problems. Thus, when the manufacturer accesses vehicle 4, valuable historical information related specifically to vehicle 4 can be readily available for the manufacturer. Web accounts may also be provided in identity profile of manufacturer 508. Such information could allow the manufacturer to communicate with the driver/owner and provide information including, for example, marketing information such as coupons or sales events.
Turning to
Once an agent has been detected in step 602, flow passes to step 604 to perform authentication of the agent to the vehicle, which will be described in more detail with reference to
After the identity profile is activated in step 610, or if the agent does not have a corresponding identity profile in OBU 30, then flow passes to decision box 612 to determine whether the agent has an associated payment method (e.g., payment method information in identity profile, VSIM that can be used for payment). If the agent has an associated payment method, then flow passes to step 614 to invoke payment association module, which will be further described with reference to
In one embodiment, agent identity of a human can be inferred from a key fob used by the human agent to enter the vehicle. In certain embodiments, when a driver enters a vehicle, display 28 can prompt the driver to confirm that his identity matches the displayed owner identity (or provisioned default driver) of the vehicle. If other identities of human agents have been provisioned in the vehicle, then the display could also provide a list of provisioned identities from which the agent can choose to authenticate. Display 28 could also provide the option to select “New Driver”, “New Passenger”, or the like.
If the agent is determined to be a new agent in decision box 702, then flow may pass to decision box 720 where a query is made as to whether policies allow a new agent to be provisioned. In some embodiments, OBU 30 may include a policy module that allows various policy controls, including new agent provisioning. Thus, for example, for an added layer of security, an owner may set policies that by default block any new agents from being added to OBU 30. Thus, whenever a new agent needs to be added, the owner would have to reset or override the policy with credentials to allow the new agent to be provisioned. Such policy settings can be controlled through a policy settings interface by an appropriate agent (e.g., the owner or other superagent with a specified high level of authority for conducting transactions and configuring policies in OBU 30). If the policies do not allow new agents as determined in decision box 720, then authentication to vehicle flow 700 ends and flow returns to agent provisioning flow 600 with the agent not authenticated.
If policies allow new agents to be provisioned as determined in decision box 720, however, then flow passes to decision box 722 where a determination is made as to whether VSIM provisioning is requested. In the case of a human agent, a display screen may offer the choice to the agent to provision a VSIM. If VSIM provisioning is requested, then flow passes to step 724 to perform VSIM provisioning, which will be further described with reference to
After the one or more VSIMs are provisioned in step 724, or if VSIM provisioning was not requested, flow passes to decision box 726 to determine whether identity profile provisioning is requested. In the case of a human agent, a display screen may offer the choice to the agent to provision an identity profile. If identity profile provisioning is requested, then flow passes to step 728 to perform identity profile provisioning, which will be further described herein with reference to
After the identity profile is provisioned in step 728, or if identity profile provisioning was not requested, flow passes to step 730, where one or more authentication factors or requirements may be provisioned for the new agent in agents-to-multi-factor-authentication mapping database 83. Such factors could include user ID and password, biometrics, key fob, access card, etc., and one or more of these factors could be obtained by accessing the agent's identity profile credentials. For example, if an identity was provisioned and includes a user ID and password, the agent could be prompted to confirm that the user ID and password from the identity profile should be included as one of the authentication factors. After the authentication factors are provisioned in step 730, flow returns to agent provisioning flow 600 of
Referring again to decision box 702, if the detected agent is determined to be an existing agent (e.g., with authentication credentials, VSIMs, identity profile), then flow passes to step 704 to perform multi-factor authentication, which will be described in more detail herein with reference to
If in decision box 706, it is determined that the detected agent passed the multi-factor authentication, however, then flow passes to steps 710 through 718. These steps essentially perform the same function as steps 722 through 728 with regard to VSIM and identity profile provisioning. Thus, the existing, authenticated agent is allowed to provision (by creating or updating) one or more VSIMs and/or an identity profile and to download such data to OBU 30.
Turning to
Flow then passes to decision box 806 where a determination is made as to whether the agent passes the authentication requirement (e.g., entering a correct user ID and password, providing a matching fingerprint, providing a valid PKI certificate, etc.). If the agent passes the authentication requirement, then flow moves to decision box 810 where a determination is made as to whether more authentication requirements are identified in agents-to-multi-factor-authentication mapping database 83. If additional requirements are necessary to authenticate the agent, flow passes to step 812 to identify the next requirement, and then passes back to decision box 806 to repeat the steps determining whether the agent passes the authentication requirement. This processing continues until the agent has passed all of the authentication requirements or until the agent fails one of the authentication requirements. If the agent passes all of the authentication requirements, then the agent is authenticated to the vehicle, as indicated in step 814, and multi-factor authentication flow 800 ends. If, however, the agent fails one of the authentication requirements, then the agent is not authenticated to the vehicle, as indicated in step 808, and the multi-factor authentication flow 800 ends.
Turning to
Flow begins at step 906 where an available communication link is identified. Various communication links may be used to provision a VSIM, including some form of wireless communication (e.g., WiFi, WiMax, 3G, 4G, white space, 802.11x, satellite, etc.) to connect to identity service provider 60, a local network within vehicle 4 (e.g., local WiFi, Bluetooth, Ethernet, etc.) to connect to a mobile device, or a direct connection to a transportable medium (e.g., USB, CD, etc.). Flow passes to decision box 908 to determine whether the identified link is for local provisioning. If the identified communication link is not for local provisioning, then flow passes to step 910 to access identity service provider 60 via an available network. Example processing of identity service provider 60 will be described in more detail herein with reference to
When a network connection has been established to identity service provider 60 in step 910, or if the available communication link was identified for local provisioning, flow passes to decision box 912. In decision box 912 a determination is made with regard to what VSIM action to perform. If a VSIM is to be removed from OBU 30, then flow passes to step 914 to remove the VSIM. If a VSIM on OBU 30 is to be updated, then flow passes to step 918 to download a VSIM using the identified communication link (e.g., from identity service provider 60, from a transportable storage medium directly connected to OBU 30, from a mobile device) to update an existing VSIM. Finally, if a new VSIM is to be added to OBU 30, flow passes to step 916 to download the new VSIM using the identified communication link (e.g., from identity service provider 60, from a transportable storage medium directly connected to OBU 30, from a mobile device). Once the desired action (i.e., remove, update, or add) has been performed, flow passes to decision box 920 to determine whether more VSIM actions are to be performed. If more VSIM actions are to be performed, then flow passes back to decision box 912 to repeat the determination of whether to remove, update, or add a VSIM and to perform the desired action accordingly. This processing may continue until all VSIM actions have been completed. In one embodiment, an agent may be associated with multiple VSIMs provisioned in OBU 30. Therefore, multiple VSIM actions may occur during a single VSIM provisioning process.
Turning to
If the user is authenticated to identity service provider 60, then flow passes to decision box 924 to determine whether there is a VSIM action to perform. If, for example, a VSIM was previously created by the user (e.g., a user on a computer or mobile device creating a VSIM through identity service provider 60), then the user may simply need to access and download the existing VSIM to OBU 30. However, if the user needs to create, update, and/or remove a VSIM, then flow passes to decision box 926 to determine whether to add a new VSIM to OBU 30. If a request is made to add a new VSIM (e.g., to VSIM database 64), then flow passes to step 928 to add the new VSIM. If adding a new VSIM is not requested, as determined in decision box 926, then flow passes to decision box 930 to determine whether a request was made to update an existing VSIM. If an update request was made, then flow passes to step 932 where an existing VSIM is updated. If an update request is not made, as determined in decision box 930, however, then flow passes to step 934 where an identified VSIM is removed.
After a VSIM is either added (step 928), updated (step 932), or removed (step 934), flow passes to decision box 936 where it is determined whether there are more VSIM actions to perform. If more VSIM actions are requested, then flow passes back to decision box 926 and steps 926 through 936 continue to be processed until no more VSIM actions are requested. Once no more VSIM actions are requested, or after it is determined that there are no VSIM actions to perform, then the connection to identity service provider 60 from OBU 30 may continue until one or more VSIMs are downloaded to OBU 30. In addition, it will be apparent that flow 900B may also occur when a user establishes a network connection to identity service provider 60 from a remote computer or mobile device to manage his associated VSIMs.
Turning to
Flow begins at decision box 1002 where a determination is made as to whether an agent is locally creating an identity profile. In one embodiment, an agent can manually create an identity profile on OBU 30 by entering profile information directly into OBU 30 through an appropriate user interface. If the agent is locally creating an identity profile, then flow passes to step 1004 where the agent is permitted to manually create an identity profile, and then flow ends.
If it is determined that the agent is not locally creating an identity profile, then flow passes to step 1006 where an available communication link is identified. Various communication links may be used to provision a identity profile, including some form of wireless communication (e.g., WiFi, WiMax, 3G, 4G, white space, 802.11x, satellite, etc.) to connect to identity service provider 60, a local network within vehicle 4 (e.g., local WiFi, Bluetooth, Ethernet, etc.) to connect to a mobile device, or a direct connection to a transportable medium (e.g., USB, CD, etc.). If the identified communication link is not for local provisioning, then flow passes to step 1010 to access identity service provider 60 via an available network. Example processing of identity service provider 60 will be described herein in more detail with reference to
When a network connection has been established to identity service provider 60 in step 1010, or if the available communication link was identified for local provisioning, flow passes to decision box 1012. In decision box 1012 a determination is made with regard to what identity profile action to perform. If an identity profile is to be removed from OBU 30, then flow passes to step 1014 to remove the identity profile. If a identity profile on OBU 30 is to be updated, then flow passes to step 1018 to download a identity profile using the identified communication link (e.g., from identity service provider 60, from a transportable storage medium directly connected to OBU 30, or from a mobile device) to update an existing identity profile. Finally, if a new identity profile is to be added to OBU 30, flow passes to step 1016 to download the new identity profile using the identified communication link (e.g., from identity service provider 60, from a transportable storage medium directly connected to OBU 30, or from a mobile device). Once the desired action (i.e., remove, update, or add) has been performed, flow passes to decision box 1020 to determine whether more identity profile actions are to be performed. If more identity profile actions are to be performed, then flow passes back to decision box 1012 to repeat the determination of whether to remove, update, or add a identity profile and to perform the desired action accordingly. This processing may continue until all identity profile actions have been completed.
Turning to
If the user is authenticated to identity service provider 60, then flow passes to decision box 1024 to determine whether there is an identity profile action to perform. If, for example, an identity profile was previously created by the user (e.g., a user on a computer or mobile device creating an identity profile through identity service provider 60), then the user may simply need to access and download the existing identity profile to OBU 30. However, if the user needs to create, update, and/or remove an identity profile, then flow passes to decision box 1026 to determine whether to add a new identity profile to OBU 30. If a request is made to add a new identity profile (e.g., to identity profile database 64), then flow passes to step 1028 to add the new identity profile. If adding a new identity profile is not requested, as determined in decision box 1026, then flow passes to decision box 1030 to determine whether a request was made to update an existing identity profile. If an update request was made, then flow passes to step 1032 where an existing identity profile is updated. If an update request is not made, as determined in decision box 1030, however, then flow passes to step 1034 where an identified identity profile is removed.
After an identity profile is either added (step 1028), updated (step 1032), or removed (step 1034), flow passes to decision box 1036 where it is determined whether there are more identity profile actions to perform. If more identity profile actions are requested, then flow passes back to decision box 1026 and steps 1026 through 1036 continue to be processed until no more identity profile actions are requested. Once no more identity profile actions are requested, or after it is determined that there are no identity profile actions to perform, then the connection to identity service provider 60 from OBU 30 may continue until one or more identity profiles are downloaded to OBU 30. In addition, it will be apparent that flow 1000B may also occur when a user establishes a network connection to identity service provider 60 from a remote computer or mobile device to manage his identity profiles.
After the limitations are applied, or if no limitations exist for the agent, then flow may pass to step 1105 to determine the role and priority of the agent in the vehicle. For human agents, role can be determined based on which seat of the vehicle the agent occupies (e.g., driver seat, front passenger seat, rear left passenger seat, rear right passenger seat, etc.). Once the role and priority of the agent are determined, flow passes to step 1106 to configure the vehicle settings based on the agent's role in the vehicle. Depending on the role of the agent, OBU 30 may communicate the agent's identity profile parameters corresponding to actuators and software applications of the particular seat occupied by the agent. For example, seat positioning, air temperature settings, seat heater/cooler, dashboard features, and the like may be configured for the agent if the agent is the driver. If the agent is a passenger, however, the seat positioning, seat heater/cooler, and temperature settings may be applied to the agent's particular passenger seat, if such settings are available for the passenger seat.
Once the vehicle settings are applied in step 1106, flow may pass to step 1108 to configure other identity profile parameters based on an agent's priority. Depending on the agent's priority, OBU may communicate the agent's identity profile parameters corresponding to any appropriate actuators, software applications, and the like related to agent preferences (e.g., radio channel list, phonebook, address book, GPS favorite locations, etc.). For purposes of illustration, it is assumed that a driver has highest priority and driver preferences will override any conflicting passenger preferences. It should be understood, however, that a passenger could be configured with a higher priority and override the driver's preferences for preferences not pertaining to the safety of the vehicle. Additionally, OBU 30 may also configure network interface accounts and network configurations for other mobile devices identified in the agent's identity profile (e.g., in a device list). Moreover, while examples have been provided for human agents, activating an identity profile of other types of agents authenticated to the OBU may also occur for any appropriate identity profile parameters in an authenticated agent's identity profile.
Generally, payment association flow 1200 of
Flow begins in step 1202 where a transaction application is identified. The identified transaction application may be an application that is not associated with or initiated by an agent that has an associated payment method. Flow then passes to decision box 1204 where a determination is made as to whether the agent attempting to make the payment association is authorized to change payment association for the identified transaction application (e.g., if the agent is being provisioned but is not the driver then the agent may not be authorized, if policies do not allow the agent to change payment associations then the agent will not be authorized, etc.). If the agent is not authorized as determined in decision box 1204, then flow 1200 ends and payment associations are not made.
If is determined in decision box 1204 that the agent is authorized to change payment association for the identified transaction application, then flow passes to step 1206. In step 1206 a new payment method is identified from the agent's identity profile payment information or from the agent's corresponding VSIM. The agent's identity profile payment information may include information for a credit card, a debit card, a bank account, or other payment service providers. Alternatively, a VSIM associated with the agent could be used to provide payment. The VSIM could be used to connect to the associated mobile network operator, the payment could be received from the mobile network operator, and then the mobile network operator could bill the agent on the back end (e.g., with a set periodic or stand-alone bill to the agent). In a manual process of payment association, the agent can simply be provided with suitable options to select a desired payment method from options associated with the agent. In the automatic payment association, however, priority of available payment options can be pre-specified in any suitable way (e.g., an indication provided in the identity profile, etc.).
Once the payment method is determined in step 1206, flow passes to step 1208 to associate the selected payment method to the identified transaction application. In one embodiment, a separate mapping database may be provided to map identified transaction applications to selected payment methods. In another embodiment, an existing mapping database, such as transaction-to-agents mapping database 82, may be used and may include any suitable mechanism (e.g., pointer, link list, additional field, etc.) to indicate which agent to select to retrieve an associated payment method for the transaction application.
After the selected payment method is associated to the identified transaction application, flow passes to decision box 1210 to determine whether another transaction application has been identified. If another transaction application has been identified (e.g., parking transaction application), then flow passes back to decision box 1204 to process the newly identified transaction application. Steps 1204 through 1210 can be repeated until no more transaction applications are identified, and flow ends.
Turning to
When an event occurs, the event is detected in step 1302 and then flow moves to step 1304 to evaluate transaction-to-agents mapping database 82. In decision box 1306, a determination is made as to whether the transaction is authorized. If the mapping database 82 does not indicate the transaction is authorized (e.g., the agent is not mapped to a transaction application corresponding to the transaction), then flow passes to 1307 where the transaction is blocked. Flow then passes back to step 1301 to wait for another event.
If transaction-to-agents mapping database 82 indicates the transaction is authorized (e.g., the agent is mapped to a transaction application corresponding to the transaction), as determined in decision box 1306, then flow may pass to step 1308 to identify authentication and confidentiality schemes by evaluating transaction-to-authentication/confidentiality-schemes mapping database 84. Mapping database 84 may include which transactions require authentication of the associated agent. Although the agent should already be provisioned and authenticated to the vehicle when transaction processing occurs, some transactions may be of a sensitive nature, and authentication must be provided again. In addition, in one embodiment, initial authentication to the vehicle may be provided with a single authentication requirement, whereas authentication to conduct certain transactions may require multiple authentication requirements as indicated in agent-to-multi-factor-authentication mapping database 83 and transaction-to-authentication-and-confidentiality-schemes mapping database 84. For example, access to a banking transaction application that facilitates transactions to personal bank accounts of agents, may require re-authenticating the agent with multiple authentication requirements (e.g., biometrics in addition to a key fob used to initially authenticate to OBU 30). In addition, mapping database 84 may also indicate other authentication and confidentiality schemes to be used by a transaction application such as, for example, a particular encryption mechanism for data associated with the transaction application. Additionally, any authentication protocols required for establishing network connections may also be provided in mapping database 84.
After authentication and confidentiality schemes are identified in step 1308, flow passes to decision box 1309 to determine whether agent authentication is required for the transaction. In one embodiment, if authentication is required, then multifactor authentication module 74 may be invoked in step 1310, as previously discussed herein with reference to
If the agent passes authentication, as determined in decision box 1312, or if authentication of the agent was not required, as determined in decision box 1309, then flow passes to step 1316 in which the identity profile may be accessed to obtain network credentials and any other needed profile information such as payment information for commercial transactions. Accessing the identity profile will be described in more detail herein with reference to
Turning now to
Flow then moves to step 1404 to determine the identity of the agent to be used to provide network credentials and/or other profile information such as payment information. In a simple case, a human agent who initiates a commercial transaction by triggering an Internet commerce transaction application on OBU 30 may have an identity profile that can be used to obtain network credentials and payment information. In other transaction scenarios, however, the agent associated with the event may not have payment information and/or network credentials. Therefore, the determination in step 1404 accommodates certain transaction applications that need profile information from an agent other than the agent associated transaction. For example, a driver or other passenger may want to pay for toll transactions that occur automatically when a detector (agent) senses the toll system and initiates a toll transaction application. Therefore, the identity of the particular agent with the payment information needs to be determined. This can be accomplished in various ways including, for example, a display screen offering a human agent the option to pay the toll using identity profile information. Alternatively, a human agent could preconfigure the payment information through, for example, payment association module 79.
Once the determination is made in step 1404, flow passes to decision box 1408 to determine whether the identity profile of the agent is needed. In some transaction scenarios, network credentials for remote network access (e.g., VSIM, WiFi, etc.) may not be required for a transaction application. For example, a transaction application merely accessing in-vehicle networks and having no commercial component may not need any identity profile information. In this case, flow passes to step 1410 to get network credentials for in-vehicle networks, if the transaction application accesses an in-vehicle network. Flow then passes to step 1420 to provide the in-vehicle network credentials to the transaction application, if needed.
If the identity profile is needed for a transaction application requiring remote network access or a transaction application occurring internally (e.g., not requiring remote network access), as determined in decision box 1408, then flow passes to step 1412. In step 1412, network credentials are obtained from identity profile, if needed. Flow may then pass to step 1414 to perform opportunistic selection of VSIM, if needed, which will be further described herein with reference to
After the VSIM is selected, then flow passes to decision box 1416 to determine whether other profile information is needed from the agent's identity profile. Other information includes, for example, payment information, which could be necessary if the transaction application has a commercial component. If other profile information is needed, then flow passes to step 1418 to get the other profile information and provide such information to the transaction application. Finally, after the profile information is provided to the transaction application in step 1418, or if other profile information is not needed as determined in decision box 1416, flow passes to step 1420 to provide any obtained network credentials, including the VSIM, to the transaction application.
Flow may begin in steps 1504 through 1508 where the set of criteria are determined. In step 1504 an agent associated with the network access/attempt may be identified. In step 1506, a transaction application associated with the network access/attempt may be identified. Finally, in step 1508, a current location of the vehicle may determined (e.g., by navigation system 17). Flow then passes to step 1510 where one or more preferred VSIMs are identified from VSIM selection rules mapping database 85. In decision box 1512 a determination is made as to whether the current VSIM(s), which could include one or more VSIMs, are equivalent to the preferred VSIM(s) identified from VSIM selection rules mapping database 85. When opportunistic VSIM selection flow 1500 is processing to evaluate an established network connection associated with a transaction application, the current VSIM(s) could be one or more VSIMs currently being used for the established network connection. However, when opportunistic VSIM selection flow 1500 is processing during identity profile access flow 1400 at step 1414, then the current VSIM(s) could be one or more VSIMs selected from an identity profile for a transaction application waiting to receive network credentials. If the preferred VSIM(s) are different than the current VSIM(s), then flow passes to step 1514 where the current VSIM(s) are changed to the preferred VSIM(s). In the case of an established network connection, the network connection may be moved to network access links enabled by the preferred VSIM(s).
After the current VSIM(s) are changed to the preferred VSIM(s) in step 1514, or if the current VSIM(s) are equivalent to the preferred VSIM(s) as determined in decision box 1512, then flow passes to step 1516 to evaluate network conditions. In the next decision box 1518, a determination is made as to whether any policies override the current VSIM(s) because, in one embodiment, various network conditions and policies related to such network conditions may override a VSIM preference. For example, a VSIM preference based on a particular location, such as a preference for using mobile network operator X in New York because it is more cost effective than using mobile network operator Y, may be overridden if the network conditions of mobile network operator X are not suitable. Similarly, multiple VSIMs, or a VSIM associated with another agent may be selected, depending on network conditions and authorization to use the other agent's network credentials. Thus, if policies based on network conditions override the current VSIM(s), then flow passes to step 1520 where the current VSIM(s) are changed to one or more VSIMs consistent with the policy. After the current VSIM(s) are changed in step 1520, or if policies and network conditions did not require a change to the current VSIM(s) as determined in decision box 1518, flow ends, and the associated transaction application may establish a network connection using the current VSIM(s) or may continue network access with the current VSIM(s), as appropriate.
By using the infrastructure described above, a connected vehicle can opportunistically switch between multiple VSIM identities to allow for multiple identity profiles to be used during the vehicle's lifecycle. Thus, the infrastructure enables multiple agents to source communication from the vehicle. To illustrate these features, an example scenario will now be described of a possible lifecycle of a connected vehicle and identities associated with the connected vehicle.
In the beginning of the life of a vehicle (e.g., vehicle 4), a manufacturer of the vehicle may provision an OBU (e.g., OBU 30) configured within vehicle 4 with a physical UICC card that is initialized with an identity associated with the vehicle manufacturer, which can be used for authentication to download soft SIM or VSIM identities issued by mobile network operators. A software agent may also be provisioned in OBU 30 to connect to a desired an identity service provider 60 (e.g., third party identity service provider, mobile network operator, manufacturer identity service provider, etc.) to obtain the VSIM. For example, if vehicle 4 is manufactured in Japan, then software agent may use the manufacturer VSIM to authenticate vehicle 4 to the identity service provider, and then download a VSIM to be used during quality assurance testing before vehicle 4 is exported from Japan to an automotive dealer in the United States (U.S.).
After vehicle 4 is shipped and crosses an international border such as the U.S., the software agent can use manufacturer VSIM identity to download a VSIM of a local mobile network operator (e.g., Verizon, AT&T, T-Mobile, SPRINT, PCS, etc.), by accessing an identity service provider 60 through which the manufacturer has provisioned VSIMs. This may be desirable for the manufacturer to avoid expensive roaming charges. Thus, the manufacturer may be able to negotiate a better rate (e.g., for a particular area) with different mobile network operators at any time and simply update the associated VSIM on vehicle 4.
When a consumer purchases vehicle 4 from the automotive dealer and becomes an owner of vehicle 4, he may provision one or more different VSIMs on the OBU of vehicle 4 for his own network access. The owner may authenticate to a desired identity service provider 60 and download a desired one or more VSIMs to be used for connectivity (e.g., 3G or 4G) by the owner. The owner may also download an identity profile to allow personalization of contacts and various preferences provided in the identity profile, as previously described herein (e.g., personalized contacts, vehicle settings, payment methods, device lists, etc.). The owner may also configure authentication requirements to authenticate to vehicle 4 (e.g., set up as desired via key fob, user ID and password, biometrics, etc.).
If another member of the owner's family drives vehicle 4, another VSIM may be provisioned. The family member may authenticate to the same or different identity service provider and download his own one or more VSIMs, which could correspond to the same or different mobile network operators. In addition, a separate identity profile for the family member may also be downloaded to allow for personalization of preferences, subject to policies implemented by the owner or other superagent and subject to priorities related to the role of an agent at a particular time (e.g., driver vs. passenger). The family member may also configure authentication requirements, which could be provided in identity profile, in order to authenticate to vehicle 4 each time the family member is in the vehicle as a driver or a passenger.
Finally, if vehicle 4 is sold, the new owner can download his particular one or more VSIMs and/or identity profile from an appropriate identity service provider, and can create authentication requirements for authenticating to the vehicle. The VSIMs and identity profiles associated with the previous owner, any human agent associated with the previous owner, and any mobile devices may be removed from OBU 30. However, other identity profiles and VSIMs associated with agents such as authorized entities, machine devices, and software agents may remain on OBU 30, if appropriate.
In certain implementations and numerous examples provided herein, vehicle 10 is described with reference to an automobile. Communication system 10, however, is not limited to automobiles, but can be applied to a myriad of other types of vehicles (e.g., airplanes, boats, trains, etc.). It will be appreciated that the broad teachings disclosed herein are intended to include any type of vehicle used to move from one location to another location, including vehicles that are not designed to transport humans.
In certain example implementations, at least some portions of enabling secure transactions and flexible identity management activities outlined herein may be implemented in software. This could be inclusive of software provided in transaction security framework 70 of OBU 30 and in other modules and elements such as secure communication module 77. These elements and/or modules can cooperate with each other in order to perform the enabling secure transactions and flexible identity management activities as discussed herein. In other embodiments, one or more of these features may be implemented in hardware, provided external to these elements, or consolidated in any appropriate manner. For example, some of the processors associated with the various elements may be removed, or otherwise consolidated such that a single processor and a single memory location are responsible for certain activities. In a general sense, the arrangements depicted in
Any of the memory items discussed herein should be construed as being encompassed within the broad term ‘memory element.’ Similarly, any of the potential processing elements, modules, and machines described in this Specification should be construed as being encompassed within the broad term ‘processor.’ Furthermore, OBU 30, and each separate component of OBU 30, may also include suitable interfaces for receiving, transmitting, and/or otherwise communicating data or information in a network environment.
Note that with the numerous examples provided herein, interaction may be described in terms of two, three, four, or more network elements. However, this has been done for purposes of clarity and example only. It should be appreciated that the system can be consolidated in any suitable manner. Along similar design alternatives, any of the illustrated computers, modules, components, and elements of
It is also important to note that the operations and steps described with reference to the preceding FIGURES illustrate only some of the possible scenarios that may be executed by, or within, the system. Some of these operations may be deleted or removed where appropriate, or these steps may be modified or changed considerably without departing from the scope of the discussed concepts. In addition, the timing of these operations may be altered considerably and still achieve the results taught in this disclosure. The preceding operational flows have been offered for purposes of example and discussion. Substantial flexibility is provided by the system in that any suitable arrangements, chronologies, configurations, and timing mechanisms may be provided without departing from the teachings of the discussed concepts.
Although the present disclosure has been described in detail with reference to particular arrangements and configurations, these example configurations and arrangements may be changed significantly without departing from the scope of the present disclosure. For example, although the present disclosure has been described with reference to particular communication exchanges involving certain network access and protocols, communication system 10 may be applicable to other exchanges or routing protocols in which packets are exchanged in order to provide mobility data, connectivity parameters, access management, etc. Moreover, although communication system 10 has been illustrated with reference to particular elements and operations that facilitate the communication process, these elements and operations may be replaced by any suitable architecture or process that achieves the intended functionality of communication system 10.
Numerous other changes, substitutions, variations, alterations, and modifications may be ascertained to one skilled in the art and it is intended that the present disclosure encompass all such changes, substitutions, variations, alterations, and modifications as falling within the scope of the appended claims.
This application claims the benefit of priority under 35 U.S.C. §119(e) of U.S. Provisional Application Ser. No. 61/433,138, filed Jan. 14, 2011, by Sateesh K. Addepalli, et al., entitled “SYSTEM, METHOD, AND PROCESSES ASSOCIATED WITH CONNECTED VEHICLES,” which is hereby incorporated by reference in its entirety.
| Number | Name | Date | Kind |
|---|---|---|---|
| 5428666 | Fyfe et al. | Jun 1995 | A |
| 5604787 | Kotzin et al. | Feb 1997 | A |
| 5737215 | Schricker et al. | Apr 1998 | A |
| 5763862 | Jachimowicz et al. | Jun 1998 | A |
| 5933773 | Barvesten | Aug 1999 | A |
| 5987325 | Tayloe | Nov 1999 | A |
| 6002929 | Bishop et al. | Dec 1999 | A |
| 6078652 | Barak | Jun 2000 | A |
| 6169387 | Kaib | Jan 2001 | B1 |
| 6175789 | Beckert et al. | Jan 2001 | B1 |
| 6285869 | Shannon et al. | Sep 2001 | B1 |
| 6320351 | Ng et al. | Nov 2001 | B1 |
| 6427072 | Reichelt | Jul 2002 | B1 |
| 6427073 | Kortesalmi et al. | Jul 2002 | B1 |
| 6484082 | Millsap et al. | Nov 2002 | B1 |
| 6490679 | Tumblin et al. | Dec 2002 | B1 |
| 6516357 | Hamann et al. | Feb 2003 | B1 |
| 6526272 | Bansal et al. | Feb 2003 | B1 |
| 6574734 | Colson et al. | Jun 2003 | B1 |
| 6587127 | Leeke et al. | Jul 2003 | B1 |
| 6604140 | Beck et al. | Aug 2003 | B1 |
| 6643504 | Chow et al. | Nov 2003 | B1 |
| 6668179 | Jiang | Dec 2003 | B2 |
| 6714799 | Park et al. | Mar 2004 | B1 |
| 6721580 | Moon | Apr 2004 | B1 |
| 6735506 | Breed et al. | May 2004 | B2 |
| 6757262 | Weisshaar et al. | Jun 2004 | B1 |
| 6823244 | Breed | Nov 2004 | B2 |
| 6868282 | Carlsson | Mar 2005 | B2 |
| 6914517 | Kinsella | Jul 2005 | B2 |
| 6925425 | Remboski et al. | Aug 2005 | B2 |
| 6928299 | Rinne et al. | Aug 2005 | B1 |
| 6934391 | Linkola et al. | Aug 2005 | B1 |
| 6957199 | Fisher | Oct 2005 | B1 |
| 6980830 | Ahonen | Dec 2005 | B2 |
| 7039221 | Tumey et al. | May 2006 | B1 |
| 7050897 | Breed et al. | May 2006 | B2 |
| 7064711 | Strickland et al. | Jun 2006 | B2 |
| 7069144 | Yoshihara et al. | Jun 2006 | B2 |
| 7082359 | Breed | Jul 2006 | B2 |
| 7096316 | Karr et al. | Aug 2006 | B1 |
| 7171460 | Kalavade et al. | Jan 2007 | B2 |
| 7178724 | Tamagno et al. | Feb 2007 | B2 |
| 7185161 | Kang | Feb 2007 | B2 |
| 7218930 | Ko et al. | May 2007 | B2 |
| 7222783 | Merrien | May 2007 | B2 |
| 7259469 | Brummett et al. | Aug 2007 | B2 |
| 7363056 | Faisy | Apr 2008 | B2 |
| 7389178 | Raz et al. | Jun 2008 | B2 |
| 7558110 | Mizushima et al. | Jul 2009 | B2 |
| 7564842 | Callaway et al. | Jul 2009 | B2 |
| 7593605 | King et al. | Sep 2009 | B2 |
| 7603107 | Ratert et al. | Oct 2009 | B2 |
| 7606643 | Hunt et al. | Oct 2009 | B2 |
| 7630802 | Breed | Dec 2009 | B2 |
| 7631033 | Zehler | Dec 2009 | B2 |
| 7636626 | Oesterling et al. | Dec 2009 | B2 |
| 7689231 | Mardiks et al. | Mar 2010 | B2 |
| 7689251 | Bae | Mar 2010 | B2 |
| 7729725 | Stenmark | Jun 2010 | B2 |
| 7738891 | Tenhunen et al. | Jun 2010 | B2 |
| 7755472 | Grossman | Jul 2010 | B2 |
| 7778227 | Gibbs | Aug 2010 | B2 |
| 7787602 | Pearson et al. | Aug 2010 | B2 |
| 7791310 | Luz et al. | Sep 2010 | B2 |
| 7792618 | Quigley et al. | Sep 2010 | B2 |
| 7808375 | Bertness et al. | Oct 2010 | B2 |
| 7844817 | Mueller et al. | Nov 2010 | B2 |
| 7849020 | Johnson | Dec 2010 | B2 |
| 7904569 | Gelvin et al. | Mar 2011 | B1 |
| 7917251 | Kressner et al. | Mar 2011 | B2 |
| 7957729 | Roter et al. | Jun 2011 | B2 |
| 7957744 | Oesterling et al. | Jun 2011 | B2 |
| 8054038 | Kelty et al. | Nov 2011 | B2 |
| 8061140 | Harmon | Nov 2011 | B2 |
| 8063797 | Sonnabend et al. | Nov 2011 | B1 |
| 8081643 | Sonoda et al. | Dec 2011 | B2 |
| 8086395 | Mino | Dec 2011 | B2 |
| 8095184 | Hiltunen et al. | Jan 2012 | B2 |
| 8100206 | Kressner et al. | Jan 2012 | B2 |
| 8131317 | Lee | Mar 2012 | B2 |
| 8135443 | Aleksic et al. | Mar 2012 | B2 |
| 8140064 | Mardiks | Mar 2012 | B2 |
| 8143741 | Funakoshi et al. | Mar 2012 | B2 |
| 8144596 | Veillette | Mar 2012 | B2 |
| 8180400 | Shin et al. | May 2012 | B2 |
| 8195233 | Morikuni et al. | Jun 2012 | B2 |
| 8195235 | Montes | Jun 2012 | B2 |
| 8207642 | Lafontaine et al. | Jun 2012 | B2 |
| 8233389 | Yim et al. | Jul 2012 | B2 |
| 8244468 | Scalisi et al. | Aug 2012 | B2 |
| 8249087 | Takada et al. | Aug 2012 | B2 |
| 8294420 | Kocher | Oct 2012 | B2 |
| 8296373 | Bosworth et al. | Oct 2012 | B2 |
| 8335493 | Angelhag | Dec 2012 | B2 |
| 8364959 | Bhanoo et al. | Jan 2013 | B2 |
| 8378623 | Kusch et al. | Feb 2013 | B2 |
| 20020006139 | Kikkawa et al. | Jan 2002 | A1 |
| 20020072388 | Korneluk et al. | Jun 2002 | A1 |
| 20020097855 | Neudeck et al. | Jul 2002 | A1 |
| 20020103964 | Igari | Aug 2002 | A1 |
| 20020165008 | Sashihara et al. | Nov 2002 | A1 |
| 20020174360 | Ikeda | Nov 2002 | A1 |
| 20020198632 | Breed et al. | Dec 2002 | A1 |
| 20030005435 | Nelger et al. | Jan 2003 | A1 |
| 20030009271 | Akiyama | Jan 2003 | A1 |
| 20030028763 | Malinen et al. | Feb 2003 | A1 |
| 20030046228 | Berney | Mar 2003 | A1 |
| 20030051041 | Kalavade et al. | Mar 2003 | A1 |
| 20030083968 | Marsh et al. | May 2003 | A1 |
| 20030152038 | Oshima et al. | Aug 2003 | A1 |
| 20030191939 | Tsai et al. | Oct 2003 | A1 |
| 20040008677 | Cen | Jan 2004 | A1 |
| 20040022216 | Shi | Feb 2004 | A1 |
| 20040023689 | Ahonen | Feb 2004 | A1 |
| 20040024670 | Valenzuela et al. | Feb 2004 | A1 |
| 20040042604 | Hiltunen et al. | Mar 2004 | A1 |
| 20040073339 | Ruoppolo | Apr 2004 | A1 |
| 20040083043 | Akiyama et al. | Apr 2004 | A1 |
| 20040087305 | Jiang et al. | May 2004 | A1 |
| 20040137890 | Kalke | Jul 2004 | A1 |
| 20040143386 | Yoshihara et al. | Jul 2004 | A1 |
| 20040162653 | Ban et al. | Aug 2004 | A1 |
| 20040165656 | Shiue et al. | Aug 2004 | A1 |
| 20040171386 | Mitjana | Sep 2004 | A1 |
| 20040204087 | Carlsson | Oct 2004 | A1 |
| 20040229601 | Zabawskyj et al. | Nov 2004 | A1 |
| 20040230345 | Tzamaloukas | Nov 2004 | A1 |
| 20040249915 | Russell | Dec 2004 | A1 |
| 20040256451 | Goman et al. | Dec 2004 | A1 |
| 20050009563 | Stenmark | Jan 2005 | A1 |
| 20050018883 | Scott | Jan 2005 | A1 |
| 20050020250 | Chaddha et al. | Jan 2005 | A1 |
| 20050039027 | Shapiro | Feb 2005 | A1 |
| 20050065678 | Smith et al. | Mar 2005 | A1 |
| 20050075137 | Reemtsma | Apr 2005 | A1 |
| 20050101323 | De Beer | May 2005 | A1 |
| 20050124288 | Karmi et al. | Jun 2005 | A1 |
| 20050162687 | Lee | Jul 2005 | A1 |
| 20050239504 | Ishi et al. | Oct 2005 | A1 |
| 20050266883 | Chatrath | Dec 2005 | A1 |
| 20050271037 | Habaguchi et al. | Dec 2005 | A1 |
| 20050282554 | Shyy et al. | Dec 2005 | A1 |
| 20060020783 | Fisher | Jan 2006 | A1 |
| 20060031590 | Monette et al. | Feb 2006 | A1 |
| 20060059340 | Eldenmalm et al. | Mar 2006 | A1 |
| 20060068786 | Florence | Mar 2006 | A1 |
| 20060075242 | Aissi et al. | Apr 2006 | A1 |
| 20060076420 | Prevost et al. | Apr 2006 | A1 |
| 20060079237 | Liu et al. | Apr 2006 | A1 |
| 20060079254 | Hogan | Apr 2006 | A1 |
| 20060089157 | Casey | Apr 2006 | A1 |
| 20060129848 | Paksoy et al. | Jun 2006 | A1 |
| 20060160532 | Buckley et al. | Jul 2006 | A1 |
| 20060172772 | Bjorkner | Aug 2006 | A1 |
| 20060181521 | Perreault et al. | Aug 2006 | A1 |
| 20060183500 | Choi | Aug 2006 | A1 |
| 20060218337 | Hashimoto | Sep 2006 | A1 |
| 20060224887 | Vesikivi et al. | Oct 2006 | A1 |
| 20060234693 | Isidore et al. | Oct 2006 | A1 |
| 20060277589 | Margis et al. | Dec 2006 | A1 |
| 20060282554 | Jiang et al. | Dec 2006 | A1 |
| 20060285538 | Oommen | Dec 2006 | A1 |
| 20060291455 | Katz et al. | Dec 2006 | A1 |
| 20070004457 | Han | Jan 2007 | A1 |
| 20070021847 | Hyodo et al. | Jan 2007 | A1 |
| 20070027583 | Tamir et al. | Feb 2007 | A1 |
| 20070060200 | Boris et al. | Mar 2007 | A1 |
| 20070067085 | Lu et al. | Mar 2007 | A1 |
| 20070077966 | Huang | Apr 2007 | A1 |
| 20070094337 | Klassen et al. | Apr 2007 | A1 |
| 20070105531 | Schroeder, Jr. | May 2007 | A1 |
| 20070124490 | Kalavade et al. | May 2007 | A1 |
| 20070129072 | Yamato et al. | Jun 2007 | A1 |
| 20070130156 | Tenhunen et al. | Jun 2007 | A1 |
| 20070139216 | Breed | Jun 2007 | A1 |
| 20070149170 | Bloebaum et al. | Jun 2007 | A1 |
| 20070167161 | Cheng et al. | Jul 2007 | A1 |
| 20070177562 | Castrogiovanni et al. | Aug 2007 | A1 |
| 20070198144 | Norris et al. | Aug 2007 | A1 |
| 20070202895 | Benco et al. | Aug 2007 | A1 |
| 20070218947 | Buckley | Sep 2007 | A1 |
| 20070223031 | Kitada et al. | Sep 2007 | A1 |
| 20070225873 | Toya et al. | Sep 2007 | A1 |
| 20070238449 | Park et al. | Oct 2007 | A1 |
| 20070254713 | Lagnado et al. | Nov 2007 | A1 |
| 20070255797 | Dunn et al. | Nov 2007 | A1 |
| 20070265735 | Chigusa | Nov 2007 | A1 |
| 20070266428 | Downes et al. | Nov 2007 | A1 |
| 20070271014 | Breed | Nov 2007 | A1 |
| 20070273492 | Hara et al. | Nov 2007 | A1 |
| 20080020755 | Liu et al. | Jan 2008 | A1 |
| 20080020773 | Black et al. | Jan 2008 | A1 |
| 20080027606 | Helm | Jan 2008 | A1 |
| 20080028230 | Shatford | Jan 2008 | A1 |
| 20080040005 | Breed | Feb 2008 | A1 |
| 20080051062 | Lee | Feb 2008 | A1 |
| 20080072299 | Reiher | Mar 2008 | A1 |
| 20080087720 | Levitov | Apr 2008 | A1 |
| 20080120504 | Kirkup et al. | May 2008 | A1 |
| 20080147265 | Breed | Jun 2008 | A1 |
| 20080147271 | Breed | Jun 2008 | A1 |
| 20080169350 | Audebert et al. | Jul 2008 | A1 |
| 20080205416 | DeChiara | Aug 2008 | A1 |
| 20080209545 | Asano | Aug 2008 | A1 |
| 20080220743 | Mora et al. | Sep 2008 | A1 |
| 20080226074 | Sammour et al. | Sep 2008 | A1 |
| 20080227604 | Daniel | Sep 2008 | A1 |
| 20080254766 | Craven | Oct 2008 | A1 |
| 20080261561 | Gehrmann | Oct 2008 | A1 |
| 20080265024 | Tracy et al. | Oct 2008 | A1 |
| 20080284575 | Breed | Nov 2008 | A1 |
| 20080289018 | Kawaguchi | Nov 2008 | A1 |
| 20080290161 | Blake | Nov 2008 | A1 |
| 20080311912 | Balasubramanian et al. | Dec 2008 | A1 |
| 20090003283 | Meyland | Jan 2009 | A1 |
| 20090007250 | Pouzin et al. | Jan 2009 | A1 |
| 20090019528 | Wei et al. | Jan 2009 | A1 |
| 20090037207 | Farah | Feb 2009 | A1 |
| 20090043441 | Breed | Feb 2009 | A1 |
| 20090061839 | Zimmerman et al. | Mar 2009 | A1 |
| 20090077643 | Schmidt et al. | Mar 2009 | A1 |
| 20090138136 | Natsume | May 2009 | A1 |
| 20090163175 | Shi et al. | Jun 2009 | A1 |
| 20090215449 | Avner | Aug 2009 | A1 |
| 20090225736 | Patarkazishvili | Sep 2009 | A1 |
| 20090227230 | Camilleri et al. | Sep 2009 | A1 |
| 20090312850 | Higuchi et al. | Dec 2009 | A1 |
| 20100005313 | Dai | Jan 2010 | A1 |
| 20100037057 | Shim et al. | Feb 2010 | A1 |
| 20100085868 | Guo et al. | Apr 2010 | A1 |
| 20100088401 | DeGraeve et al. | Apr 2010 | A1 |
| 20100112997 | Roundtree | May 2010 | A1 |
| 20100167724 | Haran et al. | Jul 2010 | A1 |
| 20100183016 | Bonk et al. | Jul 2010 | A1 |
| 20100202346 | Sitzes et al. | Aug 2010 | A1 |
| 20100215043 | Hisada | Aug 2010 | A1 |
| 20100232404 | Chen et al. | Sep 2010 | A1 |
| 20100234009 | Antani et al. | Sep 2010 | A1 |
| 20100248690 | Biggs et al. | Sep 2010 | A1 |
| 20100279653 | Poltorak | Nov 2010 | A1 |
| 20100280956 | Chutorash et al. | Nov 2010 | A1 |
| 20100291924 | Antrim et al. | Nov 2010 | A1 |
| 20100294750 | Hogenmueller et al. | Nov 2010 | A1 |
| 20100311391 | Siu et al. | Dec 2010 | A1 |
| 20100311404 | Shi et al. | Dec 2010 | A1 |
| 20100311418 | Shi et al. | Dec 2010 | A1 |
| 20100311444 | Shi et al. | Dec 2010 | A1 |
| 20110034201 | Hamada et al. | Feb 2011 | A1 |
| 20110055292 | Madau et al. | Mar 2011 | A1 |
| 20110059738 | Waller | Mar 2011 | A1 |
| 20110071718 | Norris et al. | Mar 2011 | A1 |
| 20110106375 | Gurusamy | May 2011 | A1 |
| 20110149982 | Hwang et al. | Jun 2011 | A1 |
| 20120004933 | Foladare et al. | Jan 2012 | A1 |
| 20120089299 | Breed | Apr 2012 | A1 |
| 20120109418 | Lorber | May 2012 | A1 |
| 20120109446 | Yousefi et al. | May 2012 | A1 |
| 20120182935 | Addepalli et al. | Jul 2012 | A1 |
| 20130018575 | Birken et al. | Jan 2013 | A1 |
| 20130159466 | Mao | Jun 2013 | A1 |
| Number | Date | Country |
|---|---|---|
| 10146664 | Feb 2003 | DE |
| 1337119 | Aug 2003 | EP |
| 1696357 | Aug 2006 | EP |
| 1727383 | Nov 2006 | EP |
| 1737160 | Dec 2006 | EP |
| 1758335 | Feb 2007 | EP |
| 2294787 | May 1996 | GB |
| 2313257 | Nov 1997 | GB |
| 2386803 | Sep 2003 | GB |
| 2406925 | Oct 2003 | GB |
| 2406925 | Apr 2005 | GB |
| 2000194660 | Jul 2000 | JP |
| WO 9219078 | Oct 1992 | WO |
| WO 9924938 | May 1999 | WO |
| WO 9927730 | Jun 1999 | WO |
| WO 9946682 | Sep 1999 | WO |
| WO 0079368 | Dec 2000 | WO |
| WO 0111577 | Feb 2001 | WO |
| WO 02067563 | Aug 2002 | WO |
| WO 02089449 | Nov 2002 | WO |
| WO 03007639 | Jan 2003 | WO |
| WO 2004021296 | Mar 2004 | WO |
| WO 2005029890 | Mar 2005 | WO |
| WO 2006094564 | Sep 2006 | WO |
| WO 2007143342 | Dec 2007 | WO |
| WO 2008040964 | Apr 2008 | WO |
| WO 2009082759 | Jul 2009 | WO |
| Entry |
|---|
| U.S. Appl. No. 13/071,367, entitled “System and Method for Wireless Interface Selection and for Communication and Access Control of Subsystems, Devices, and Data in a Vehicular Environment,” filed Mar. 24, 2011, Inventors: Sateesh K. Addepalli et al. |
| U.S. Appl. No. 13/111,425, entitled “System and Method for Providing Resource Sharing, Synchronizing, Media Coordination, Transcoding, and Traffic Management in a Vehicular Environment,” filed May 19, 2011, Inventors: Sateesh K. Addepalli et al. |
| U.S. Appl. No. 13/117,860, entitled “System and Method for Analyzing Vehicular Behavior in a Network Environment,” filed May 27, 2011, Inventors: Sateesh K. Addepalli et al. |
| U.S. Appl. No. 13/108,631, entitled “System and Method for Real-Time Synthesis and Performance Enhancement of Audio/Video Data, and Noise Cancellation and Gesture Based User Interfaces in a Vehicular Environment,” filed May 16, 2011, Inventors: Sateesh K. Addepalli et al. |
| U.S. Appl. No. 13/118,220, entitled “System and Method for Routing, Mobility, Application Services, Discovery, and Sensing in a Vehicular Network Environment,” filed May 27, 2011, Inventors: Sateesh K. Addepalli et al. |
| U.S. Appl. No. 13/087,884, entitled 'System and Method for Discovery, Trusted Execution, and Admission Control in a Vehicular Environment, filed Apr. 15, 2011, Inventors: Sateesh K. Addepalli et al. |
| U.S. Appl. No. 13/083,305, entitled “System and Method for Applications Management in a Networked Vehicular Environment,” filed Apr. 8, 2011, Inventors: Sateesh K. Addepalli et al. |
| U.S. Appl. No. 13/118,024, entitled “System and Method for Enabling a Vehicular Access Network in a Vehicular Environment,” filed May 27, 2011, Inventors: Sateesh K. Addepalli et al. |
| U.S. Appl. No. 13/104,737, entitled “System and Method for Internal Networking, Data Optimization and Dynamic Frequency Selection in a Vehicular Environment,” filed May 10, 2011, Inventors: Sateesh K. Addepalli et al. |
| U.S. Appl. No. 13/114,659, entitled “System and Method for Transport, Network, Translation, and Adaptive Coding in a Vehicular Network Environment,” filed May 24, 2011, Inventors: Sateesh K. Addepalli et al. |
| EPO May 22, 2012 European Search Report and Written Opinion from EP 12150208.2. |
| EPO Jan. 21, 2013 EPO Response to Communication regarding Written Opinion from EP 12150208.2. |
| PCT Apr. 22, 2009 International Search Report for PCT/US08/88320; 3 pages. |
| PCT Jun. 29, 2010 International Preliminary Report on Patentability and Written Opinion of the International Searching Authority for PCT/US08/88320; 10 pages. |
| EPO Jul. 1, 2013 EPO Communication regarding EP 12150208.2; 5 pages. |
| “Cisco Mobile Network Solutions for Commercial Transit Agencies,” Cisco.com, © 2008 Cisco Systems, Inc., 8 pages; http://www.cisco.com/en/US/prod/collateral/routers/ps272/white—paper—c11-4921115.html. |
| “Cisco Mobile Network Solutions for Public Safety,” Cisco.com, 2008 Cisco Systems, Inc., 7 pgs; http://www.cisco.com/en/US/prod/collateral/routers/ps272/prod—white—paper0900aecd806 220af.html. |
| “TCG Mobile Trusted Module Specification.” Trusted Computing Group, Specification version 1.0, Revision 6, Jun. 2008, 105 pages; http://www.trustedcomputinggroup.org/files/resource—files/87852F33-1D09-3519-ADOCOF141CC6B10D/Revision—6-tcg-mobile-trusted-module-1—0.pdf. |
| Alves, T., et al., “TrustZone: Integrated Hardware and Software Security,” Information Quarterly, vol. 3, No. 4, 2004, pp. 18-24; http://www.iqmagazineonline.com/magazine/pdf/v—3—4—pdf/Pg18—24—custZone—Secur.pdf. |
| Arsenault, A., et al., “Securely Available Credentials—Requirements,” IETF, Network Working Group, RFC 3157, Baltimore Technologies, Aug. 2001, 20 pages. |
| Autonet Mobile, “Autonet Mobile Features, Technology Specifications,” autonetmobile.com, 1 page; [retrieved and printed Apr. 8, 2011] http://www.autonetmobile.com/service/anmdev.html. |
| Autonet Mobile, “CARFI Features, Technology Specifications,” autonetmobile.com, 1 page; [retrieved and printed Apr. 8, 2011] http://autonetmobile.com/service/carfidev.html. |
| Autonet Mobile, “It's What Your Car has been Waiting for,” autonetmobile.com, 2 pages; [retrieved and printed Apr. 8, 2011] http://www.autonetmobile.com/service/. |
| Bickhart, Ryan W., et al., “Transparent TCP-to-SCTP Translation Shim Layer,” EuroBSDCon 2007, Copenhagen, Denmark; 14 pages. |
| Bilstrup, “A Survey Regarding Wireless Communication Standards Intended for a High-Speed Vehicle Environment,” Technical Report IDE0712, Feb. 2007, 51 pages. |
| Blazevic, Ljubica, et al., “A Location-Based Routing Method for Mobile Ad Hoc Networks,” IEEE Transactions on Mobile Computing, vol. 4, No. 2, Mar./Apr. 2005; 14 pages. |
| Boman, K., Niemi, V. et al. “UMTS Security,” Electronics and Communication Engineerying Journal, Oct. 2002, 14 pages; http://www.it.iitb.ac.in/˜kavita/GSM—Security—Papers/New%20papers/umts—security.pdf. |
| Dierks, T., et al., “The Transport Layer Security (TLS) Protocol,” (Version 1.1), Network Working Group, RFC 4346, Apr. 2006, 87 pages; http://www.rfc-editor.org/rfc/pdfrfc/rfc4346.txt.pdf. |
| Farinacci, D. et al., “LISP Mobile Node,” Network Working Group Internet Draft, Feb. 1, 2010, 22 pages; http://tools.ietf.org/id/draft-meyer-lisp-mn-01.txt. |
| Harkins, D., et al., “The Internet Key Exchange (IKE),” Network Working Group, RFC 2409, Nov. 1998, 41 pages; http://www.rfc-editor.org/rfc/pdfrfc/rfc2409.txt.pdf. |
| HSU, WAVE/DSRC Development and Standardization, Industrial Technology Research Institute, 2010, 84 pages. |
| Ibars, Christian et al., “Radio Resource Allocation for a High Capacity Vehicular Access Network,” 4th International Symposium on Wireless Vehicular Communications: WIVEC2011, Sep. 5-6, 2011, San Francisco, CA; U.S., 5 pages, http://www.ieeevtc.org/wivec2011/. |
| Ibars, Christian et al., “Wireless Services in the Connected Vehicle Era,” IEEE Communications Magazine, Dec. 23, 2010, 13 pages. |
| Kent, S., et al., “Security Architecture for the Internet Protocol,” Network Working Group, RFC 2401, Nov. 1998, 66 pages; http://www.rfc-editor.org/rfc/pdfrfc/rfc2401.txt.pdf. |
| Lillian Lei Dai, “Proactive Mobile Wireless Networks: an infrastructureless wireless network architecture for delay-sensitive applications,” Massachusetts Institute of Technology, Jun. 2008 (two parts submitted: Part 1-105 pages; Part 2-97 pages). |
| Robert Bosch GmbH, Automotive Electrics Automotive Electronics, Systems and Components, New: Networking Hybrid Drive, 5th Edition, Nov. 2007, BentleyPublishers.com, 255 pages (two parts submitted: Part 1-121 pages; Part 2-131 pages). |
| Scarfone, Karen et al., “Guide to Instrusion Detection and Prevention Systems (IDPS),” NIST (National Institute of Standards and Technology), Special Publication 800-94, Feb. 2007, 127 pages; http://csrc.ncsl.nist.gov/publications/nistpubs/800-94/SP800-94.pdf. |
| Shevade, Updendra et al., “Enabling High-Bandwidth Vehicular Content Distribution,” ACM CoNEXT 2010, Philadelphia, PA, Nov. 2010, 12 pages http://www.cs.utexas.edu/˜lili/papers/pub/conext10.pdf. |
| Weigle, Dr. Michele, “Standards: WAVE/DSCRC/802.11p, CS 795/895 Vehicular Networks,” Old Dominion University, Spring 2008, 19 pages. |
| Zeldovich, Nickalai et al., “Making Information Flow Explicit in HiStar,” OSDI '06: 7th USENIX Symposium on Operating Systems Design and Implementation, Nov. 2006, 16 pages. |
| Zeldovich, Nickolai et al., “Securing Distributed Systems with Information Flow Control,” NSDI '08: 5th USENIX Symposium on Networked Systems Design and Implementation, Apr. 2008, 16 pages. |
| U.S. Appl. No. 13/943,114 , entitled “System and Method for Enabling a Vehicular Access Network in a Vehicular Environment,” filed Jul. 16, 2013, Inventors: Sateesh K. Addepalli et al. |
| Freeman, Shanna, “How OnStar Works,” HowStuffWorks.com, a Discovery Company; [Retrieved and printed Jul. 19, 2013] http://auto.howstuffworks.com/onstar2.htm/printable. |
| Wahab, et al.,“Driving Profile Modeling and Recognition Based on Soft Computer Approach,” IEEE Transactions on Neural Networks, vol. 20, No. 4, Apr. 2009. |
| Number | Date | Country | |
|---|---|---|---|
| 61433138 | Jan 2011 | US |
