Vehicle system and authentication method

US 10,484,184 B2
Filed: 09/07/2016
Issued: 11/19/2019
Est. Priority Date: 10/19/2015
Status: Active Grant

First Claim

Patent Images

1. A vehicle system comprising a master Electronic Control Unit (ECU) and a general ECU,the master ECU being provided with, by a management device different from the master ECU and the general ECU:

a private key of the master ECU; and

an electronic certificate of the general ECU which includes a public key of the general ECU and specified data related to an execution program stored in the general ECU; and

the general ECU being provided with, by the management device;

a private key of the general ECU; and

an electronic certificate of the master ECU which includes a public key of the master ECU and specified data related to an execution program stored in the master ECU, wherein;

the general ECU is configured to;

attach a first digital signature using the private key of the general ECU to first transmission data including generated specified data of the general ECU, andtransmit the first transmission data to the master ECU;

the master ECU is configured to;

verify, using the electronic certificate of the general ECU, the first transmission data attached with the first digital signature and transmitted from the general ECU,verify whether the generated specified data included in the first transmission data matches the specified data included in the electronic certificate of the general ECU,when the generated specified data included in the first transmission data matches the specified data included in the electronic certificate of the general ECU, determine that the general ECU and the execution program stored in the general ECU are valid,attach a second digital signature using the private key of the master ECU to second transmission data including generated specified data of the master ECU and a session key, andtransmit the second transmission data to the general ECU; and

the general ECU is configured to;

verify, using the electronic certificate of the master ECU, the second transmission data attached with the second digital signature and transmitted from the master ECU,verify whether the generated specified data included in the second transmission data matches the specified data included in the electronic certificate of the master ECU,when the generated specified data included in the second transmission data matches the specified data included in the electronic certificate of the master ECU, determine that the master ECU and the execution program stored in the master ECU are valid, anduse the session key included in the second transmission data as a common key when performing subsequent communications.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A vehicle system includes a master ECU and a general ECU. The general ECU attaches a digital signature to transmission data including data (for example, a digest value of a program) and transmits the transmission data to the master ECU. The master ECU verifies the digital signature and the data and, when both the digital signature and the data are valid, determines that the general ECU is valid. The master ECU attaches a digital signature to transmission data including data of the master ECU and a session key and transmits the transmission data to the general ECU. The general ECU verifies the digital signature and the data and, when both the digital signature and the data are valid, the general ECU uses the session key included in the transmission data as a common key when performing subsequent communications.

13 Citations

View as Search Results

13 Claims

1. A vehicle system comprising a master Electronic Control Unit (ECU) and a general ECU,the master ECU being provided with, by a management device different from the master ECU and the general ECU:
- a private key of the master ECU; and
  
  an electronic certificate of the general ECU which includes a public key of the general ECU and specified data related to an execution program stored in the general ECU; and
  
  the general ECU being provided with, by the management device;
  
  a private key of the general ECU; and
  
  an electronic certificate of the master ECU which includes a public key of the master ECU and specified data related to an execution program stored in the master ECU, wherein;
  
  the general ECU is configured to;
  
  attach a first digital signature using the private key of the general ECU to first transmission data including generated specified data of the general ECU, andtransmit the first transmission data to the master ECU;
  
  the master ECU is configured to;
  
  verify, using the electronic certificate of the general ECU, the first transmission data attached with the first digital signature and transmitted from the general ECU,verify whether the generated specified data included in the first transmission data matches the specified data included in the electronic certificate of the general ECU,when the generated specified data included in the first transmission data matches the specified data included in the electronic certificate of the general ECU, determine that the general ECU and the execution program stored in the general ECU are valid,attach a second digital signature using the private key of the master ECU to second transmission data including generated specified data of the master ECU and a session key, andtransmit the second transmission data to the general ECU; and
  
  the general ECU is configured to;
  
  verify, using the electronic certificate of the master ECU, the second transmission data attached with the second digital signature and transmitted from the master ECU,verify whether the generated specified data included in the second transmission data matches the specified data included in the electronic certificate of the master ECU,when the generated specified data included in the second transmission data matches the specified data included in the electronic certificate of the master ECU, determine that the master ECU and the execution program stored in the master ECU are valid, anduse the session key included in the second transmission data as a common key when performing subsequent communications.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The vehicle system according to claim 1, wherein:
    - the general ECU exists in plurality;
      
      the master ECU is provided with an electronic certificate of each of the plurality of the general ECUs;
      
      the master ECU is configured to transmit a same key as the session key to each respective one of the plurality of the general ECUs; and
      
      the plurality of the general ECUs are configured to use the session key as the common key for communication with the master ECU and for communication with each other.
  - 3. The vehicle system according to claim 1, wherein:
    - the specified data included in the electronic certificate of the general ECU is a valid digest value of the execution program stored in the general ECU;
      
      the specified data included in the electronic certificate of the master ECU is a valid digest value of the execution program stored in the master ECU; and
      
      the general ECU and the master ECU are each configured to calculate a digest value of an execution program stored in respective devices as the generated specified data of the respective devices, attach a digital signature to transmission data including the calculated digest value, and transmit the transmission data.
  - 4. The vehicle system according to claim 1, whereinthe specified data included in the electronic certificate of the general ECU includes an ID of the general ECU;
    - the specified data included in the electronic certificate of the master ECU includes an ID of the master ECU; and
      
      the general ECU and the master ECU are each configured to attach a digital signature to transmission data including the ID of respective devices, and transmit the transmission data after confirming integrity of the execution program stored in the respective devices using a secure boot.
  - 5. The vehicle system according to claim 1, whereinthe master ECU and the general ECU are each configured to store a root public key that is a public key of a root certificate authority in an unrewritable memory.
  - 6. The vehicle system according to claim 1, whereinthe master ECU and the general ECU are each configured to:
    - store a root public key that is a public key of a root certificate authority in a rewritable memory, andwhen storing the root public key in the rewritable memory, store the root public key in association with a digital signature created using the private key of the master ECU or the private key of the general ECU.
  - 7. The vehicle system according to claim 1, wherein:
    - the master ECU is provided with the electronic certificate of the master ECU, and the general ECU is provided with the electronic certificate of the general ECU;
      
      when the general ECU does not have the electronic certificate of the master ECU;
      
      the general ECU transmits the electronic certificate of the general ECU together with the first transmission data attached with the first digital signature, to the master ECU, andthe master ECU verifies the electronic certificate of the general ECU transmitted from the general ECU using a root public key, and stores the electronic certificate of the general ECU when the electronic certificate of the general ECU is valid; and
      
      when the master ECU does not have the electronic certificate of the general ECU;
      
      the master ECU transmits the electronic certificate of the master ECU together with the second transmission data attached with the second digital signature, to the general ECU, andthe general ECU verifies the electronic certificate of the master ECU transmitted from the master ECU using the root public key and stores the electronic certificate of the master ECU when the electronic certificate of the master ECU is valid.

8. An authentication method in a vehicle system constituted by a master Electronic Control Unit (ECU) and a general ECU,the master ECU being provided with, by a management device different from the master ECU and the general ECU:
- a private key of the master ECU; and
  
  an electronic certificate of the general ECU which includes a public key of the general ECU and specified data related to an execution program stored in the general ECU; and
  
  the general ECU being provided with, by the management device;
  
  a private key of the general ECU; and
  
  an electronic certificate of the master ECU which includes a public key of the master ECU and specified data related to an execution program stored in the master ECU,the authentication method comprising steps of;
  
  causing the general ECU to;
  
  attach a first digital signature using the private key of the general ECU to first transmission data including generated specified data of the general ECU, andtransmit the first transmission data to the master ECU;
  
  causing the master ECU to;
  
  verify, using the electronic certificate of the general ECU, the first transmission data attached with the first digital signature and transmitted from the general ECU,verify whether the generated specified data included in the first transmission data matches the specified data included in the electronic certificate of the general ECU,when the generated specified data included in the first transmission data matches the specified data included in the electronic certificate of the general ECU, determine that the general ECU and the execution program stored in the general ECU are valid;
  
  attach a second digital signature using the private key of the master ECU to second transmission data including generated specified data of the master ECU and a session key, andtransmit the second transmission data to the general ECU; and
  
  causing the general ECU to;
  
  verify, using the electronic certificate of the master ECU, the second transmission data attached with the second digital signature and transmitted from the master ECU,verify whether the generated specified data included in the second transmission data matches the specified data included in the electronic certificate of the master ECU,when the generated specified data included in the second transmission data matches the specified data included in the electronic certificate of the master ECU, determine that the master ECU and the execution program stored in the master ECU are valid, anduse the session key included in the second transmission data as a common key when performing subsequent communications.
- View Dependent Claims (9, 10, 11, 12, 13)
- - 9. The authentication method according to claim 8, wherein:
    - the general ECU exists in plurality;
      
      the master ECU is provided with an electronic certificate of each of the plurality of the general ECUs;
      
      the master ECU transmits a same key as the session key to each respective one of the plurality of the general ECUs; and
      
      the plurality of the general ECUs use the session key as the common key for communication with the master ECU and for communication with each other.
  - 10. The authentication method according to claim 8, wherein:
    - the specified data included in the electronic certificate of the general ECU is a valid digest value of the execution program stored in the general ECU;
      
      the specified data included in the electronic certificate of the master ECU is a valid digest value of the execution program stored in the master ECU; and
      
      the general ECU and the master ECU each calculate a digest value of an execution program stored in respective devices as the generated specified data of the respective devices, attach a digital signature to transmission data including the calculated digest value, and transmit the transmission data.
  - 11. The authentication method according to claim 8, wherein:
    - the specified data included in the electronic certificate of the general ECU includes an ID of the general ECU;
      
      the specified data included in the electronic certificate of the master ECU includes an ID of the master ECU; and
      
      the general ECU and the master ECU each attach a digital signature to transmission data including the ID of respective devices, and transmit the transmission data after confirming integrity of the execution program stored in the respective devices using a secure boot.
  - 12. The authentication method according to claim 8, wherein:
    - the master ECU is provided with the electronic certificate of the master ECU, and the general ECU is provided with the electronic certificate of the general ECU;
      
      when the general ECU does not have the electronic certificate of the master ECU;
      
      the general ECU transmits the electronic certificate of the general ECU together with the first transmission data attached with the first digital signature, to the master ECU, andthe master ECU verifies the electronic certificate of the general ECU transmitted from the general ECU using a root public key, and stores the electronic certificate of the general ECU when the electronic certificate of the general ECU is valid; and
      
      when the master ECU does not have the electronic certificate of the general ECU;
      
      the master ECU transmits the electronic certificate of the master ECU together with the second transmission data attached with the second digital signature, to the general ECU, andthe general ECU verifies the electronic certificate of the master ECU transmitted from the master ECU using the root public key, and stores the electronic certificate of the master ECU when the electronic certificate of the master ECU is valid.
  - 13. A non-transitory computer-readable medium storing a program causing a computer to execute the steps of the authentication method according to claim 8.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Toyota Jidosha Kabushiki Kaisha (Toyota Motor Corporation)
Original Assignee
Toyota Jidosha Kabushiki Kaisha (Toyota Motor Corporation)
Inventors
Oguma, Hisashi, Toyama, Tsuyoshi
Primary Examiner(s)
Henning, Matthew T

Application Number

US15/258,576
Publication Number

US 20170111177A1
Time in Patent Office

1,168 Days
Field of Search
US Class Current
CPC Class Codes

G06F 21/575   Secure boot

H04L 2209/84   Vehicles

H04L 63/10   for controlling access to d...

H04L 67/12   specially adapted for propr...

H04L 9/3247   involving digital signatures

H04L 9/3263   involving certificates, e.g...

H04L 9/3273   for mutual authentication n...

Vehicle system and authentication method

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

13 Citations

13 Claims

Specification

Solutions

Use Cases

Quick Links

Vehicle system and authentication method

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

13 Citations

13 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links