Increasingly, vehicles are being configured with vehicular communications systems (VCSs) that enable them to communicate with one or more remote devices via an electronic network. For example, a VCS may communicate with an Internet server, or other network server, belonging to the manufacturer of the vehicle, the dealership for the vehicle, or a third party. The VCS and the remote device may communicate regarding a variety of issues, including the current position of the vehicle, the current operational state of the vehicle, and/or input that is provided by the user of the vehicle.
Many VCSs are configured to use a secure communication protocol, such as the Transport Layer Security (TLS) protocol, for communicating with the remote device. Such protocols use digital certificates that are issued by a trusted certificate authority to enable the VCS and remote device to authenticate each other. For example, a VCS and a remote device may establish a one-way TLS session requiring the remote device to transmit a digital certificate to the VCS. The VCS uses this digital certificate to verify that the remote device is a trusted entity. However, the one-way TLS session does not require the VCS to transmit a digital certificate to the remote device. Thus, the remote device is not able to verify that the VCS is a trusted entity, enabling a third-party to pose as the VCS for the purpose of communicating with the remote device.
To decrease the possibility that a third-party could pose as a valid VCS for the purpose of communicating with a remote device, a two-way TLS session may be established. During the creation of a two-way TLS session the VCS and the remote device exchange digital certificates enabling the VCS to verify that the remote device is a trusted entity and the remote device to verify that the VCS is a trusted entity. However, the use of a two-way TLS session requires that each VCS be provisioned with its own digital certificate, requiring the manufacturer of the vehicle to maintain a certificate authority or purchase a large number of digital certificates from a third-party certificate authority and resulting in significant costs.
Accordingly, it is desirable to provide a method for establishing a secure connection between a VCS and a remote device in which both devices exchange digital certificates. In addition, it is further desirable to provide a method for provisioning multiple VCSs with digital certificates without requiring the manufacturer to maintain a certificate authority or purchase a large number of digital certificates from a third-party. Furthermore, other desirable features and characteristics of the present invention will become apparent from the subsequent detailed description and the appended claims, taken in conjunction with the accompanying drawings and the foregoing technical field and background.