Securing a command path between a vehicle and personal wireless device

The invention claimed is: 1. A method of establishing a secure communication channel between a vehicle and a mobile device, comprising the steps of: providing to a call center a unique mobile device identifier and a unique vehicle telematics unit (VTU) identifier; receiving at the mobile device a first private key that is associated at least in part with the unique mobile identifier and that is associated at least in part with the unique VTU identifier, wherein the first private key is generated at a wireless service provider (WSP) and received by the mobile device within a first cryptographic envelope signed with a first cryptographic key by the WSP; and establishing a secure communication channel between the VTU and mobile device, wherein the mobile device transmits message(s) to the VTU signed with the first private key and the mobile device receives message(s) from the VTU which are signed with a second private key, wherein the second private key is associated at least in part with the unique mobile identifier and at least in part with the unique VTU identifier, wherein the VTU received the second private key from the call center or the WSP within a second cryptographic envelope signed with a second cryptographic key, wherein the second cryptographic envelope is different than the first cryptographic envelope. 2. The method of claim 1 wherein the mobile device provides to the call center the unique mobile device identifier and the unique VTU identifier. 3. The method of claim 2 wherein the mobile device receives the VTU identifier from the VTU using short range wireless communication (SRWC). 4. The method of claim 1 wherein the unique mobile device identifier includes a first international mobile subscriber identity (IMSI), wherein the unique VTU identifier includes a second IMSI. 5. The method of claim 1 wherein the call center provides the unique mobile identifier to the WSP which in turn generates the first private key, wherein the second private key is generated at the call center or the WSP, wherein, when the WSP generates the second private key, the call center provides the unique VTU identifier to the WSP. 6. The method of claim 1 wherein the first and second private keys are identical according to a shared key infrastructure or are different according to a public key infrastructure (PKI). 7. The method of claim 1 wherein the first and second cryptographic keys are based on one of a private key infrastructure or a public key infrastructure. 8. A method of receiving a secure communication at a vehicle from a mobile device, comprising the steps of: establishing short range wireless communication (SRWC) between a mobile device and a vehicle telematics unit (VTU); receiving at the VTU at least one communication via SRWC from the mobile device, wherein the at least one communication is digitally signed using a first private key, wherein the first private key is associated at least in part with a unique identifier associated with a first subscriber identity module (SIM) within the mobile device, wherein the at least one communication includes a first public key associated with the first private key; and decrypting the at least one communication at the VTU using the first public key, wherein the first private key was received by the mobile device previous to the receiving step in a first cryptographic envelope signed by a wireless service provider (WSP) using a first cryptographic key and transmitted from the WSP to the mobile device via cellular transmission, wherein the WSP provides cellular services using infrastructure associated with a wireless carrier system. 9. The method of claim 8 wherein the at least one communication is a command to perform at least one vehicle function, wherein the at least one vehicle function includes one of unlocking a vehicle door or starting the vehicle's engine. 10. The method of claim 8 wherein the first cryptographic key is based on private key infrastructure between the WSP and the mobile device that existed prior to generating the first private key. 11. The method of claim 8 wherein the at least one communication received at the VTU is enabled by a user actuation of a hard switch on the mobile device at the time of the at least one communication. 12. The method of claim 11 wherein the switch actuation enables a transmission antenna on the mobile device or enables the first SIM in the mobile device to an operative state. 13. A method of receiving a secure communication at a vehicle from a mobile device, comprising the steps of: establishing short range wireless communication (SRWC) between a mobile device and a vehicle telematics unit (VTU); receiving at the VTU at least one communication from the mobile device, wherein the at least one communication is digitally signed using a first private key, wherein the first private key is associated at least in part with a unique identifier associated with a first subscriber identity module (SIM) within the mobile device, wherein the at least one communication includes a first public key associated with the first private key; decrypting the at least one communication at the VTU using the first public key, wherein the first private key was received by the mobile device previous to the receiving step in a first cryptographic envelope signed with a first cryptographic key from a wireless service provider (WSP); and validating the at least one communication by sending a challenge message from the VTU to the mobile device via SRWC, wherein the challenge message is digitally signed using a second private key, wherein the second private key was received by the VTU previous to the receiving step in a second cryptographic envelope signed with a second cryptographic key, wherein the challenge message includes a challenge query and a second public key associated with the second private key whereby the mobile device may decipher the challenge message. 14. The method of claim 13 wherein the second cryptographic envelope is associated with a private key infrastructure between either the VTU and the call center or the VTU and the WSP that existed prior to generating the second private key. 15. The method of claim 13 wherein the challenge query includes a nonce challenge. 16. The method of claim 13 further comprising receiving a response message from the mobile device in response to the challenge query, wherein the response message is signed using the first private key. 17. The method of claim 16 wherein the at least one communication received at the VTU from the mobile device has a first time stamp, the challenge message has a second time stamp, and the response message has a third time stamp, wherein the validating step further comprises the duration of time between any two of time stamps is less than or equal to a predetermined value. 18. The method of claim 13 wherein the second private key is associated at least in part with a unique identifier associated with a first subscriber identity module (SIM) having a computer processing unit (CPU) within the VTU, wherein the digital signature is based on the second private key and random data accessible to the SIM CPU. 19. The method of claim 18 wherein second private key accessible only to the SIM CPU. 20. A method of secure communication between a vehicle and a mobile device, comprising the steps of: (a) establishing short range wireless communication (SRWC) between a mobile device and a vehicle telematics unit (VTU); (b) receiving at the VTU a command communication to perform a vehicle fun