The invention relates to a method for configuring a mobile terminal to control vehicle functions of a vehicle and to a server and to a vehicle.
It is known that a vehicle can be unlocked with an NFC device via an NFC reader in the external handle of a door. Furthermore, a travel release can be produced with this NFC device by means of an NFC reader in the passenger compartment. In particular, document DE 10 2014 217 899 describes a system which comprises configuring restricted access to a vehicle, with a first mobile unit, a second mobile unit and a central unit, wherein the first mobile unit is configured to generate data for addressing the access and data for authenticating the access, and the first mobile unit and the central unit are configured to transmit this data in a first message. In this context, the central unit is further configured to make available a second message for authorizing the access, which message has the data for authentication, on the basis of the data for addressing the at least one second mobile unit. Furthermore, the second mobile unit is configured to store the data for authentication and to transmit it directly to the vehicle by means of short range radio technology. The vehicle is configured to compare the data received from the second mobile unit for authentication with the data which is accessible to the vehicle in some other way for authentication and to release the access by means of the vehicle if the data for authentication correspond during the comparison.
An object of the invention is therefore to improve access to a vehicle, in particular an object of the invention is to improve access to a vehicle for mobile terminals.
According to one aspect, the invention is distinguished by a method for configuring a mobile terminal to control vehicle functions of a vehicle, wherein the mobile terminal and the vehicle each have a short range radio system. The mobile terminal can be a near field communication, referred to for short as NFC, device. The short range radio system may be, for example, NFC. A vehicle function can comprise opening a vehicle door, starting an engine, releasing an immobilizer, releasing driver assistance system and/or further vehicle functions. The method comprises receiving a request to a server to issue a vehicle key for the use of vehicle functions of the vehicle for a mobile terminal, generating the vehicle key by means of the server, transmitting the vehicle key to a secure element of the mobile terminal, and storing the vehicle key in the secure element of the mobile terminal.
The server can execute one or more services. For example, the server can execute a backend service for communication with the NFC device, a trusted service manager for communication with the secure element of the NFC device and/or the NFC device and further services. For example, the trusted service manager can be arranged logically between the backend or a service of the backend and a device manufacturer or a service of the device manufacturer. The trusted service manager can be operated by a device manufacturer, a vehicle manufacturer and/or a trustworthy third party. The vehicle key, also referred to below for short as key, can be a master key or a slave key. The master key can be, for example, the key of the owner of the vehicle, a keeper of the vehicle and/or an authorized user, e.g. an authorized main user. By means of the master key, the owner of the vehicle can permit, for example, a slave key to be produced in order to share vehicle functions with users.
Transmitting and storing the vehicle key in the secure element of the mobile terminal makes it possible to improve the vehicle access for mobile terminals efficiently. A hardware key is no longer necessary for the vehicle access. The vehicle access can therefore be simplified.
According to one advantageous refinement, the secure element and the short range radio system of the mobile terminal can be connected for direct communication, in particular connected for direct communication in such a way that software which can be changed without a physical connection to the terminal cannot influence the communication. In this way, the security during the communication within the mobile terminal can be increased.
According to a further advantageous refinement, the vehicle key can represent cryptographically processed data. This can prevent the vehicle key for a specific vehicle from being able to be simulated by unauthorized third parties.
According to a further advantageous refinement, the method can also comprise sending the vehicle key by means of the mobile terminal to the vehicle using the direct communication inside the mobile terminal, verifying the vehicle key by means of the vehicle, and if the vehicle key was successfully verified by the vehicle: executing a vehicle function, in particular the vehicle function of activating a vehicle locking system. In this way, access to a vehicle can be made possible by means of a mobile terminal in a quick and simple manner.
According to a further advantageous refinement, the mobile terminal can be configured to provide secure cryptographical proof of its identity. The mobile terminal can also send the cryptographically secured identity to the vehicle. By using a secured cryptographical identity it is possible to identify the mobile device in a falsification proof fashion. The security of the vehicle access is therefore further increased.
According to a further advantageous refinement, the method can comprise receiving a request to delete the vehicle key of the mobile terminal at the server, and/or transmitting a command to delete the vehicle key to the vehicle, and/or transmitting a command to delete the vehicle key to the mobile terminal. This can improve the security of the vehicle access efficiently. The vehicle key can be controlled in a centralized fashion both at the mobile terminal and at the vehicle, e.g. can be deleted by means of a backend service or a trusted service manager. The vehicle access can therefore be protected efficiently.
According to a further aspect, the invention is distinguished by a server which is configured to receive a request to the server to issue a vehicle key for the use of vehicle functions of the vehicle for a mobile terminal, generate the vehicle key by means of the server, transmit the vehicle key to a secure element of the mobile terminal, and store the vehicle key in the secure element of the mobile terminal. The server can further be configured to execute the method described above.
According to a further aspect, the invention is distinguished by a vehicle which is configured to send an authentication request to a mobile terminal, receive a response to the sent authentication request, wherein the response to the sent authentication request was generated by means of a vehicle key stored on a secure element of the mobile terminal, verify the response to the sent authentication request, and if the vehicle successfully verifies the response, to execute a vehicle function.
Further features of the invention can be found in the claims, the figures and the description of the figures. All the features and combinations of features specified in the description and the features and combinations of features specified below in the description of the figures and/or only shown in the figures can be used not only in the respectively given combination but also in other combinations or else alone.
The invention is based on the considerations presented below:
In the text which follows, a system and/or a method for the issuing, management and use of driving authorizations on NFC devices are described, also taking into account automotive specific aspects. The description of the invention relates below, in particular, to the short range radio technology, near field communication, known for short as NFC, which is currently widely commercially available, but can also be transferred to other technologies such as e.g. Bluetooth low energy. A user is typically registered at the backend/server.
For example, the system can execute a method for configuring a mobile terminal, e.g. an NFC device, one or more servers which form the backend and on which one or more (backend) services are executed, and a vehicle to control vehicle functions, wherein the mobile terminal and the vehicle each have a short range radio system, e.g. NFC. The method can send to the server a request to issue an authentication, e.g. a key or a vehicle key, for the use of vehicle functions of the vehicle for a mobile terminal, and can generate the authentication by means of the server and send it to the mobile terminal. The authentication can optionally be received and stored at the vehicle. The authentication can optionally be received at the mobile terminal and stored in a secure element of the mobile terminal. The secure element and the short range radio system of the terminal can be connected for direct communication, in particular connected for direction communication in such a way that software which can be changed without a physical connection to the terminal cannot influence the communication. The authentication can represent cryptographically processed data.
The authentication can be sent by means of the mobile terminal to the vehicle using the direct communication within the mobile terminal, and the authentication can be checked by means of the vehicle. In the case of successful authentication, a vehicle function, in particular the activation of a vehicle locking system, can be executed. The mobile terminal can be configured to provide secure cryptographical proof of its identity. The cryptographically secured identity can be sent to the vehicle by means of the mobile terminal, wherein the authentication is, for example, a public cryptographic certificate, a chip card, e.g. a smartcard or an RFID card, a transition number and/or a key code.
A request that the authentication of the mobile terminal is no longer to be valid can be received at the server. Furthermore, a message can be sent to the vehicle that the authentication of the mobile terminal is no longer valid and a message can be sent to the mobile terminal that the authentication of the mobile terminal is no longer valid.
In the text which follows, a preferred exemplary embodiment of the invention will be described on the basis of the appended drawings. This reveals further details, preferred embodiments and developments of the invention. In particular, in the schematic drawings:
Other objects, advantages and novel features of the present invention will become apparent from the following detailed description of one or more preferred embodiments when considered in conjunction with the accompanying drawings.