No, you just get the dealer to plug something into the (possibly proprietary) port that's used by the alarm system.
The assumption that this kind of thing needs to be done via the OBD-II port is wacky from the get-go. It may have been easier for some lazy system integrators at BMW to do it that way, but it certainly wasn't necessary, or apparently advisable.
I'm not seeing how that will deter thieves. Instead of plugging into the ODB port they will just plug into the alarm system's port. Even if it's proprietary, they'll employ/bribe/coerce an official technician to figure out whatever Rube Goldberg sequence of events that are required to re-enable the vehicle.
Presumably there would be more opportunities for secure handshaking with a proprietary port. It doesn't need to involve security by obscurity -- it just needs not to be barkingly stupid.
The best practices in auto security are probably reflected by whatever the leading Japanese brands are doing these days. Traditionally Hondas have been the biggest theft targets, but a glance at the list of most-stolen cars in America ( http://editorial.autos.msn.com/article.aspx?cp-documentid=43... ) suggests that they've more or less solved the problem, as of the mid-1990s. I seriously doubt there's that much need for further innovation.
Yes, secure handshaking via PKI is a well known and already solved problem. However, as mentioned in the post you originally replied to: "Anti-competition legislation in Europe dictates that the manufacturer cannot stand in the way of the transfer of secret keys." Keys, here, referring to the private half of a public/private keypair.
This means that a manufacturer can't be the exclusive source of resetting a key much in the same way that Verisign isn't the exclusive source of SSL certificates. Due to the anti-competition legislation, you should be able to take your vehicle to any local garage and have it fully serviced whether for a tune-up or to get a key reset. And if a local garage can be employed to reset your key because they have access to the private key required to sign the key request, thieves can do it just as easily.
Are you speaking from knowledge of the anti-competition legislation, or just from the summaries we've seen upthread? It strikes me that we're taking a car blog's throwaway description of the law as a presumed engineering constraint.
Every reputable website with details beyond the "scary, scary news" headlines have made mention of the legal aspect. There's a lot of information in this thread over at Bimmerpost.com as well:
