Method and update gateway for updating an embedded control unit

US 10,244,394 B2
Filed: 05/16/2016
Issued: 03/26/2019
Est. Priority Date: 05/19/2015
Status: Active Grant

First Claim

Patent Images

1. A method for updating an embedded electronic control unit, comprising:

requesting, by an update gateway from a hardware security module, an update request destined for the electronic control unit;

receiving, by the update gateway from the hardware security module, the update request, which is signed by the hardware security module;

creating, by the update gateway, a communication channel, based on a cryptographic identity of the update gateway, to a backend;

sending, by the update gateway, the update request to the backend;

receiving, by the update gateway from the backend via the communication channel, an update ticket which corresponds to the update request and is signed by the backend, in addition to associated update data;

validating, by the update gateway, the update data;

initiating, by the update gateway, a validation of the update ticket;

checking, by the update gateway, a result of the validation;

depending on the result, updating, by the update gateway, the electronic control unit with the update data;

wherein the cryptographic identity includes a secret key which is known only to the hardware security module, a public key associated with the secret key, and a certificate of the public key which is issued by a trusted entity, and which is a function of a system environment of the update gateway;

wherein the update data are received in a container file, together with a cryptographic signature, and the validation of the update data includes a check of the signature with the aid of a certificate of the backend;

wherein the update gateway stores a public key of the update ticket which is signed by the backend, and the validation of the update ticket is carried out by the update gateway with the aid of the public key; and

wherein the initiating of the validation includes an at least partial transfer of the update ticket to the hardware security module, and the update gateway receives the result of the validation from the hardware security module.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method for updating an embedded electronic control unit, including an update gateway requests from a hardware security module an update request destined for the electronic control unit, the update gateway receives from the hardware security module the update request, which is signed by the hardware security module, the update gateway creates a communication channel, based on a cryptographic identity of the update gateway, to a backend, the update gateway sends the update request to the backend, the update gateway receives from the backend via the communication channel an update ticket which corresponds to the update request and is signed by the backend, in addition to associated update data, validates the update data, initiates a validation of the update ticket, checks the result of the validation, and depending on the result, the update gateway updates the electronic control unit with the update data.

6 Citations

6 Claims

1. A method for updating an embedded electronic control unit, comprising:
- requesting, by an update gateway from a hardware security module, an update request destined for the electronic control unit;
  
  receiving, by the update gateway from the hardware security module, the update request, which is signed by the hardware security module;
  
  creating, by the update gateway, a communication channel, based on a cryptographic identity of the update gateway, to a backend;
  
  sending, by the update gateway, the update request to the backend;
  
  receiving, by the update gateway from the backend via the communication channel, an update ticket which corresponds to the update request and is signed by the backend, in addition to associated update data;
  
  validating, by the update gateway, the update data;
  
  initiating, by the update gateway, a validation of the update ticket;
  
  checking, by the update gateway, a result of the validation;
  
  depending on the result, updating, by the update gateway, the electronic control unit with the update data;
  
  wherein the cryptographic identity includes a secret key which is known only to the hardware security module, a public key associated with the secret key, and a certificate of the public key which is issued by a trusted entity, and which is a function of a system environment of the update gateway;
  
  wherein the update data are received in a container file, together with a cryptographic signature, and the validation of the update data includes a check of the signature with the aid of a certificate of the backend;
  
  wherein the update gateway stores a public key of the update ticket which is signed by the backend, and the validation of the update ticket is carried out by the update gateway with the aid of the public key; and
  
  wherein the initiating of the validation includes an at least partial transfer of the update ticket to the hardware security module, and the update gateway receives the result of the validation from the hardware security module.
- View Dependent Claims (2)
- - 2. The method as recited in claim 1, wherein the update gateway is tunneled with a cryptographic communication channel.

3. A method for updating an embedded electronic control unit, comprising:
- requesting, by an update gateway from a hardware security module, an update request destined for the electronic control unit;
  
  receiving, by the update gateway from the hardware security module, the update request, which is signed by the hardware security module;
  
  creating, by the update gateway, a communication channel, based on a cryptographic identity of the update gateway, to a backend;
  
  sending, by the update gateway, the update request to the backend;
  
  receiving, by the update gateway from the backend via the communication channel, an update ticket which corresponds to the update request and is signed by the backend, in addition to associated update data;
  
  validating, by the update gateway, the update data;
  
  initiating, by the update gateway, a validation of the update ticket;
  
  checking, by the update gateway, a result of the validation;
  
  depending on the result, updating, by the update gateway, the electronic control unit with the update data;
  
  requesting, by the update gateway from the electronic control unit, a security access authorization to the electronic control unit;
  
  receiving, by the update gateway, an authentication request from the electronic control unit;
  
  sending, by the update gateway, the authentication request, in addition to the update ticket and an identifier of the electronic control unit, to the hardware security module;
  
  receiving, by the update gateway from the hardware security module, a response to the authentication request, based on a validation of the update ticket;
  
  sending, by the update gateway, the response to the electronic control unit;
  
  receiving, by the update gateway, the security access authorization from the electronic control unit; and
  
  transferring, by the update gateway, the update data to the electronic control unit so that that the electronic control unit may install and validate software, based on the update data.
- View Dependent Claims (4)
- - 4. The method as recited in claim 3, further comprising:
    - storing, by the update gateway, the update data in a protected manner;
      
      wherein the creating of the communication channel, the sending of the update request, the receiving of the update data, the initiating of the validation, and the checking of the result take place before the update data are stored.

5. A non-transitory machine-readable memory medium storing a computer program for updating an embedded electronic control unit, the computer program, when executed by processor, causing the processor to perform:
- requesting from a hardware security module an update request destined for the electronic control unit;
  
  receiving from the hardware security module the update request, which is signed by the hardware security module;
  
  creating a communication channel, based on a cryptographic identity of the update gateway, to a backend;
  
  sending the update request to the backend;
  
  receiving from the backend via the communication channel, an update ticket which corresponds to the update request and is signed by the backend, in addition to associated update data;
  
  validating the update data;
  
  initiating a validation of the update ticket;
  
  checking a result of the validation; and
  
  depending on the result, updating the electronic control unit with the update data;
  
  requesting, by the update gateway from the electronic control unit, a security access authorization to the electronic control unit;
  
  receiving, by the update gateway, an authentication request from the electronic control unit;
  
  sending, by the update gateway, the authentication request, in addition to the update ticket and an identifier of the electronic control unit, to the hardware security module;
  
  receiving, by the update gateway from the hardware security module, a response to the authentication request, based on a validation of the update ticket;
  
  sending, by the update gateway, the response to the electronic control unit;
  
  receiving, by the update gateway, the security access authorization from the electronic control unit; and
  
  transferring, by the update gateway, the update data to the electronic control unit so that that the electronic control unit may install and validate software, based on the update data.

6. An update gateway embodied at least partially in hardware for updating an embedded electronic control unit, the update gateway configured to:
- request from a hardware security module an update request destined for the electronic control unit;
  
  receive from the hardware security module the update request, which is signed by the hardware security module;
  
  create a communication channel, based on a cryptographic identity of the update gateway, to a backend;
  
  send the update request to the backend;
  
  receive from the backend via the communication channel an update ticket which corresponds to the update request and is signed by the backend, in addition to associated update data;
  
  validate the update data;
  
  initiate a validation of the update ticket;
  
  check a result of the validation; and
  
  update the electronic control unit with the update data depending on the result;
  
  request from the electronic control unit, a security access authorization to the electronic control unit;
  
  receiving an authentication request from the electronic control unit;
  
  send the authentication request, in addition to the update ticket and an identifier of the electronic control unit, to the hardware security module;
  
  receive from the hardware security module, a response to the authentication request, based on a validation of the update ticket;
  
  send the response to the electronic control unit;
  
  receive the security access authorization from the electronic control unit; and
  
  transfer the update data to the electronic control unit so that that the electronic control unit may install and validate software, based on the update data.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Robert Bosch GmbH
Original Assignee
Robert Bosch GmbH
Inventors
Stumpf, Frederic, Holle, Jan
Primary Examiner(s)
Armouche, Hadi S
Assistant Examiner(s)
Callahan, Paul E

Application Number

US15/155,537
Publication Number

US 20160344705A1
Time in Patent Office

1,044 Days
Field of Search
US Class Current
CPC Class Codes

G06F 21/57   Certifying or maintaining t...

H04L 2209/84   Vehicles

H04L 63/0807   using tickets, e.g. Kerbero...

H04L 63/0823   using certificates cryptogr...

H04L 63/12   Applying verification of th...

H04L 67/12   specially adapted for propr...

H04L 9/0891   Revocation or update of sec...

H04L 9/3213   using tickets or tokens, e....

H04L 9/3234   involving additional secure...

H04L 9/3247   involving digital signatures

H04W 12/04   Key management, e.g. using ...

H04W 12/06   Authentication

H04W 12/10   Integrity

H04W 12/35   Protecting application or s...

H04W 4/40   for vehicles, e.g. vehicle-...

H04W 4/44   for communication between v...

Method and update gateway for updating an embedded control unit

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

6 Citations

6 Claims

Specification

Solutions

Use Cases

Quick Links

Method and update gateway for updating an embedded control unit

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

6 Citations

6 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links