Method and update gateway for updating an embedded control unit
First Claim
1. A method for updating an embedded electronic control unit, comprising:
- requesting, by an update gateway from a hardware security module, an update request destined for the electronic control unit;
receiving, by the update gateway from the hardware security module, the update request, which is signed by the hardware security module;
creating, by the update gateway, a communication channel, based on a cryptographic identity of the update gateway, to a backend;
sending, by the update gateway, the update request to the backend;
receiving, by the update gateway from the backend via the communication channel, an update ticket which corresponds to the update request and is signed by the backend, in addition to associated update data;
validating, by the update gateway, the update data;
initiating, by the update gateway, a validation of the update ticket;
checking, by the update gateway, a result of the validation;
depending on the result, updating, by the update gateway, the electronic control unit with the update data;
wherein the cryptographic identity includes a secret key which is known only to the hardware security module, a public key associated with the secret key, and a certificate of the public key which is issued by a trusted entity, and which is a function of a system environment of the update gateway;
wherein the update data are received in a container file, together with a cryptographic signature, and the validation of the update data includes a check of the signature with the aid of a certificate of the backend;
wherein the update gateway stores a public key of the update ticket which is signed by the backend, and the validation of the update ticket is carried out by the update gateway with the aid of the public key; and
wherein the initiating of the validation includes an at least partial transfer of the update ticket to the hardware security module, and the update gateway receives the result of the validation from the hardware security module.
1 Assignment
0 Petitions
Accused Products
Abstract
A method for updating an embedded electronic control unit, including an update gateway requests from a hardware security module an update request destined for the electronic control unit, the update gateway receives from the hardware security module the update request, which is signed by the hardware security module, the update gateway creates a communication channel, based on a cryptographic identity of the update gateway, to a backend, the update gateway sends the update request to the backend, the update gateway receives from the backend via the communication channel an update ticket which corresponds to the update request and is signed by the backend, in addition to associated update data, validates the update data, initiates a validation of the update ticket, checks the result of the validation, and depending on the result, the update gateway updates the electronic control unit with the update data.
6 Citations
6 Claims
-
1. A method for updating an embedded electronic control unit, comprising:
-
requesting, by an update gateway from a hardware security module, an update request destined for the electronic control unit; receiving, by the update gateway from the hardware security module, the update request, which is signed by the hardware security module; creating, by the update gateway, a communication channel, based on a cryptographic identity of the update gateway, to a backend; sending, by the update gateway, the update request to the backend; receiving, by the update gateway from the backend via the communication channel, an update ticket which corresponds to the update request and is signed by the backend, in addition to associated update data; validating, by the update gateway, the update data; initiating, by the update gateway, a validation of the update ticket; checking, by the update gateway, a result of the validation; depending on the result, updating, by the update gateway, the electronic control unit with the update data; wherein the cryptographic identity includes a secret key which is known only to the hardware security module, a public key associated with the secret key, and a certificate of the public key which is issued by a trusted entity, and which is a function of a system environment of the update gateway; wherein the update data are received in a container file, together with a cryptographic signature, and the validation of the update data includes a check of the signature with the aid of a certificate of the backend; wherein the update gateway stores a public key of the update ticket which is signed by the backend, and the validation of the update ticket is carried out by the update gateway with the aid of the public key; and wherein the initiating of the validation includes an at least partial transfer of the update ticket to the hardware security module, and the update gateway receives the result of the validation from the hardware security module. - View Dependent Claims (2)
-
-
3. A method for updating an embedded electronic control unit, comprising:
-
requesting, by an update gateway from a hardware security module, an update request destined for the electronic control unit; receiving, by the update gateway from the hardware security module, the update request, which is signed by the hardware security module; creating, by the update gateway, a communication channel, based on a cryptographic identity of the update gateway, to a backend; sending, by the update gateway, the update request to the backend; receiving, by the update gateway from the backend via the communication channel, an update ticket which corresponds to the update request and is signed by the backend, in addition to associated update data; validating, by the update gateway, the update data; initiating, by the update gateway, a validation of the update ticket; checking, by the update gateway, a result of the validation; depending on the result, updating, by the update gateway, the electronic control unit with the update data; requesting, by the update gateway from the electronic control unit, a security access authorization to the electronic control unit; receiving, by the update gateway, an authentication request from the electronic control unit; sending, by the update gateway, the authentication request, in addition to the update ticket and an identifier of the electronic control unit, to the hardware security module; receiving, by the update gateway from the hardware security module, a response to the authentication request, based on a validation of the update ticket; sending, by the update gateway, the response to the electronic control unit; receiving, by the update gateway, the security access authorization from the electronic control unit; and transferring, by the update gateway, the update data to the electronic control unit so that that the electronic control unit may install and validate software, based on the update data. - View Dependent Claims (4)
-
-
5. A non-transitory machine-readable memory medium storing a computer program for updating an embedded electronic control unit, the computer program, when executed by processor, causing the processor to perform:
-
requesting from a hardware security module an update request destined for the electronic control unit; receiving from the hardware security module the update request, which is signed by the hardware security module; creating a communication channel, based on a cryptographic identity of the update gateway, to a backend; sending the update request to the backend; receiving from the backend via the communication channel, an update ticket which corresponds to the update request and is signed by the backend, in addition to associated update data; validating the update data; initiating a validation of the update ticket; checking a result of the validation; and depending on the result, updating the electronic control unit with the update data; requesting, by the update gateway from the electronic control unit, a security access authorization to the electronic control unit; receiving, by the update gateway, an authentication request from the electronic control unit; sending, by the update gateway, the authentication request, in addition to the update ticket and an identifier of the electronic control unit, to the hardware security module; receiving, by the update gateway from the hardware security module, a response to the authentication request, based on a validation of the update ticket; sending, by the update gateway, the response to the electronic control unit; receiving, by the update gateway, the security access authorization from the electronic control unit; and transferring, by the update gateway, the update data to the electronic control unit so that that the electronic control unit may install and validate software, based on the update data.
-
-
6. An update gateway embodied at least partially in hardware for updating an embedded electronic control unit, the update gateway configured to:
-
request from a hardware security module an update request destined for the electronic control unit; receive from the hardware security module the update request, which is signed by the hardware security module; create a communication channel, based on a cryptographic identity of the update gateway, to a backend; send the update request to the backend; receive from the backend via the communication channel an update ticket which corresponds to the update request and is signed by the backend, in addition to associated update data; validate the update data; initiate a validation of the update ticket; check a result of the validation; and update the electronic control unit with the update data depending on the result; request from the electronic control unit, a security access authorization to the electronic control unit; receiving an authentication request from the electronic control unit; send the authentication request, in addition to the update ticket and an identifier of the electronic control unit, to the hardware security module; receive from the hardware security module, a response to the authentication request, based on a validation of the update ticket; send the response to the electronic control unit; receive the security access authorization from the electronic control unit; and transfer the update data to the electronic control unit so that that the electronic control unit may install and validate software, based on the update data.
-
Specification