Out of the roughly 1 billion light vehicles currently on the road, new key devices for vehicle access and start may be programmed by a consumer without any dealer involvement for up to about 30-50% of those vehicles. Vehicles built until 2006-2010 typically allow the owner to add additional keys, which the owner can “learn” to their vehicle. An owner would have to have a valid key that came with the car, and, perhaps go through a predefined sequence, such as turning on and off the ignition multiple times within a predefined period of time (e.g., 4 times within 30 seconds) or unlocking and locking the power door locks a predetermined number of times within a predetermined period of time. The vehicle will then typically give an indication that it is in a mode to learn additional keys. For example, the vehicle may provide an audible indication, such a chime. A new unprogrammed key (also referred to as a virgin key) may then be recognized by the vehicle through a process in which the virgin key transmits a radio frequency (“RF”) telegram, and the vehicle accepts the credentials from the key and stores those credentials in an electronic control unit, such as the vehicle's body controller. On newer models, a similar procedure may also be performed over a low frequency (“LF”) immobilizer interface by putting the new key into the ignition or near a pushbutton used for starting the vehicle or some other predefined location within the vehicle. In this way, the secrets and the rolling-code counter, which are required to synchronize a new key with the vehicle may be provided to, and stored in, the new key.
Generally, there are three types of access control systems for vehicles. First, a mechanical blade to both unlock the door and start the engine. Second, came Remote Keyless Entry (RKE), which allows users to press a key on a fob to unlock the door. An anti-theft option also was introduced with RKE. Anti-theft is typically implemented with a coil around the ignition switch. The coil is connected to an immobilizer, which prevents unauthorized starting of the vehicle's engine. The coil communicates an LF signal to a transponder in the head of the key, which changes or validates a secret code, which allows the engine to start. Third, passive systems work without actively operating the authorization device. The key can remain in the vehicle operator's pocket, for example. When a door handle or a button on the door handle is touched, the vehicle sends a signal to the fob, which responds with a proper signal, and then the vehicle unlocks, which is essentially hands-free operation with respect to the fob. Similarly, once inside the vehicle, upon pressing a start button, for example, antennas within the vehicle send a signal to the fob, which responds via RF thereby allowing the vehicle's engine to be started. This replaces the need, in the RKE systems with anti-theft, to place the place the fob or a key close to the immobilizer coil in order to start the engine. Passive mode only works when the fob battery is charged. If the fob battery is flat (i.e., discharged), a mechanical key would have to be used to unlock the car. That is so-called limp-home mode for unlocking a car that has passive entry. Limp-home mode for starting the engine for a car with passive start is the same as the RKE system with anti-theft, which means that the fob will be placed near the immobilizer coil, which will provide energy to the microcontroller in the fob to respond with a secret code so that the vehicle can be started even when the fob battery is discharged.
Vehicle access (i.e., unlocking a vehicle's door) involves a unidirectional communication. A button is pressed on a remote-control key fob, which causes the fob to send out a telegram to the vehicle. The vehicle and the key share a common secret. The algorithm that generates an appropriate code is called a rolling code. The algorithm is known to both the key and the car. A command, such as lock or unlock, is transmitted along with the next valid rolling code. The most recently used rolling code gets stored. Then an algorithm is used to generate the next rolling code based on the most recently used rolling code. The vehicle then accepts only future rolling codes, relative to the most recently used rolling code, which prevents a so-called replay attack.
For start authorization, the communication scheme that is implemented on every car is a so-called challenge-response scheme. The car and the legitimate key, once it is programmed, share one secret, which is a bit pattern that is identical and which is referred to as a secret key. Both have the same secret key. The vehicle generates a random number, which is called a challenge, and sends the random number to the key. The vehicle then takes the random number that it just generated and runs it through a cryptology algorithm, e.g., HITAG 2, which uses the secret key to produce a result. The key does the same thing. The key also runs the random number received from the vehicle through the cryptology algorithm, which uses the secret key to produce a result, which is called a response. The key then sends this response back to the car, which checks whether the response matches the expected value calculated by the vehicle. If the response is correct, then the vehicle allows the key to start the vehicle.
Vehicle implementations for RKE, PASE (Passive Start and Entry), and Immobilizer are highly fragmented between different vehicle models in their respective RF protocols, LF protocols, learning procedures, and the like. Conventional vehicle keys, therefore, will typically work with only one particular vehicle model. Such keys have a single communications protocol, for example, adapted for use with a single vehicle model.
As such, a smartphone having embedded electronics that can be configured to act as a legitimate access and start authorization device for many different vehicle models would be an improvement over the prior art.