The present invention relates generally to vehicle security systems and specifically to a key-based security system for providing security for data stored in a vehicle.
In traditional xe2x80x9csite-basedxe2x80x9d computing, critical data is protected by locating the computer in a secure location in a building. With local, physical access to the computer limited, unauthorized remote access to the computer""s data, say via the Internet, may be prevented by a xe2x80x98firewallxe2x80x99 program or the like.
Advances in computers and in wireless technologies that allow attaching computers to each other have made xe2x80x9csite-independentxe2x80x9d or mobile computing practical.
One implementation of a mobile computer combines a personal digital assistant (xe2x80x9cPDAxe2x80x9d) with a cellular telephone to provide a hand-held multipurpose computing device.
Such hand-held computing devices have significant shortcomings. First, the computer hardware, and particularly that devoted to human-machine interface, including the keyboards, display, microphones and speakers, must be substantially reduced in size with an unavoidable reduction in capability. Power constraints caused by limitations in battery technology significantly limit the range and operating time of such mobile devices.
In addition, hand-held mobile devices can be inconvenient to carry and to keep track of. Then too, their portability makes them susceptible to being misplaced or stolen and this makes the data stored in these devices insecure.
The present invention offers an alternative model for mobile computing that avoids many of the problems of hand-held computing devices. The invention makes use of the automobile as an xe2x80x9cinformation nodexe2x80x9d to store data, provide additional computer hardware, and relay information to other locations. As the natural instrument of our mobility, the automobile provides a platform with ample electrical power and hardware carrying capacity to support the most intensive mobile computing needs.
In this capacity, the automobile may be an xe2x80x9cend information nodexe2x80x9d providing a display terminal and input device, or may be an xe2x80x9cintermediary information nodexe2x80x9d for use as a relay by local hand-held or other computing devices. In this latter capacity, the automobile can conserve the operating power and storage capabilities of the local device.
Critical to this use of the automobile as an information node is a reconciliation of divergent levels of authority over the automobile: the authority to operate the vehicle versus the authority to access vehicle information and its information resources. Unfettered use of the vehicle as a mobile computing resource requires security for the data held within the vehicle. The present invention uses the automotive key, a traditional symbol of authority for operating a vehicle to provide selective access both to vehicle functions and to vehicle data or computing capabilities in the form of application programs.
Specifically, the present invention provides a key-based security system for a vehicle usable with a plurality of coded keys, each having a key value. A key switch receives one of the coded keys to provide a signal indicating a key value for the received key, and an engine control module responds to the key value from the key switch to allow starting of an engine of the vehicle when the key value matches a predetermined car authorization value. A data access filter responds to the key value from the key switch to communicate data with an on-board memory when the key value matches the predetermined data authorization value.
Thus it is one object of the invention to provide security for the data held in a vehicle in its role as an information node. Access to data intuitively follows the same paradigm as access to vehicle functions through the use of a key.
The data access filter may encrypt data communicated to the on-board memory and decrypt data communicated from the on-board memory according to the key value.
Thus it is another object of the invention to recognize the problems of data security inherent in any mobile computing platform and to provide a high degree of data security in the event that possession of the vehicle is lost and/or parts are removed from it in an attempt to gain access to the stored data.
The data access filter may provide a local radio link to a portable terminal or connections to on-board terminals or wireless connection to the Internet or the like, or to a remote computer.
It is therefore another object of the invention to provide a means to leverage the functionality of low-powered, hand-held computing devices with the greater power and hardware capacity offered by the automobile as a mobile computing platform.
The security system may include an off-board subsystem activated by a password. Such a subsystem may be, for example, a residential door lock, a debit terminal, a local or long distance information carrier, or a dedicated residential computer system. The on-board memory may contain the password of the subsystem.
Thus it is another object of the invention to allow seamless communication between the automobile as an information node, and a variety of spatially separated computerized devices as activated and possibly linked by the mobile agent of the automobile. In this latter capacity, the automobile may effectively collect and transport information, normally specific to the driver, between local networks. For example, sensitive banking information downloaded to the car may be uploaded to the home computer when the car returns.
The system may include a second key switch receiving one of the coded keys to provide a signal indicating a key value from the received key, where the second key switch communicates with the engine control module so that the engine control module does not respond to the key value from the second key switch that would allow starting of the engine of the vehicle, but wherein the memory access filter responds to the key value from the second key switch to communicate data with the on-board memory only if the data authorization value matches the key code value.
Thus it is another object of the invention to allow remote access of the vehicle stored data through the key-based system without allowing access to the engine control functions, thereby recognizing different levels of authorization for use of the vehicle. Such a key switch may be associated with a home computer, for example, from which vehicle operation functions should not be accessed.
The key may include a first key code field and a second key code field, each holding a key value. The key switch receiving the coded key may provide a first and second key value of the first and second key code fields of the received key. The engine control module may respond to the first key value to allow starting of the engine of the vehicle when the first key value matches a predetermined car authorization value. The on-board memory may have a plurality of partitions identified, each to different data authorization values and the data access filter may respond to the second key code value to communicate data only with a partition of the on-board memory having a data authorization value matching the second key value.
Thus, it is yet another object of the invention to provide for shared use of the vehicle for different drivers while preserving each driver""s exclusive use of the vehicle as an information node. By using keys with identical first key fields and differing second key fields, multiple users of the vehicle may preserve unique data partitions for their data. This allows the use of the vehicle for storage of personal data such as passwords, vehicle preference data and vehicle usage logs.
At least one coded key may also have a third key code field and the partitions on the on-board memory may include sub-partitions identified each to different data authorization values. The data access filter may respond to the third key code value to communicate data only with the sub-partition of the on-board memory having a data authorization value matching the third key value.
Thus it is another object of the invention to provide for a hierarchy of access levels for the memory such as may allow, in effect, a xe2x80x9cmaster keyxe2x80x9d viewing more than one partition of the on-board memory as may be appropriate in some circumstances.
The foregoing and other objects and advantages of the invention will appear from the following description. In the description, reference is made to the accompanying drawings which form a part hereof, and in which there is shown by way of illustration a preferred embodiment of the invention. Such embodiment does not necessarily represent the full scope of the invention, however, and reference must be made to the claims herein for interpreting the scope of the invention.