Protection of software models

US 10,554,404 B2
Filed: 10/19/2015
Issued: 02/04/2020
Est. Priority Date: 10/20/2014
Status: Active Grant

First Claim

Patent Images

1. An encryption method for encrypting a software model having software components of a technical system, a control unit or a system controlled or regulated by the control unit, the encryption method comprising:

generating, by a processor, a public key and a master key;

generating, by the processor, a decryption structure that includes a definition of at least two component groups of the software components of the software model for decryption by at least two devices, the at least two component groups structuring different functional parts of the software model to perform a task when respectively decrypted by the at least two devices;

at least partially encrypting, by the processor, the at least two component groups of the software components of the software model via the public key as specified by the decryption structure;

at least partially integrating, by the processor, the decryption structure into the encrypted software model; and

generating, by the processor, at least two secret keys via the master key by respectively including therein the definition of the at least two component groups of the software components of the software model such that when the encrypted software model is distributed to each of at least two devices having respective secret keys that each include the definition of a corresponding component group of the software components of the software model, the at least two component groups are only individually decryptable via the respective secret keys,wherein each of the at least two secret keys is distinct from each other, andwherein the decryption structure is generated by assigning attributes to the software components and defining the at least two component groups from those software components to which at least one specific attribute was assigned.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An encryption method is provided that has a software model of a technical system, the model including software components is encrypted by a public key and a decryption structure, wherein the latter includes definitions of component groups of the software model. The decryption structure is integrated at least partially into the encrypted software model. Correspondingly, in a decryption method according to the invention, via a secret key that likewise comprises definitions of component groups, only the particular component groups are decrypted whose definitions the secret key includes in agreement with the definitions of the encrypted software model. The definitions of the secret key can be extended after the fact by a key extension, so that additional component groups can be decrypted with an extended secret key.

21 Citations

18 Claims

1. An encryption method for encrypting a software model having software components of a technical system, a control unit or a system controlled or regulated by the control unit, the encryption method comprising:
- generating, by a processor, a public key and a master key;
  
  generating, by the processor, a decryption structure that includes a definition of at least two component groups of the software components of the software model for decryption by at least two devices, the at least two component groups structuring different functional parts of the software model to perform a task when respectively decrypted by the at least two devices;
  
  at least partially encrypting, by the processor, the at least two component groups of the software components of the software model via the public key as specified by the decryption structure;
  
  at least partially integrating, by the processor, the decryption structure into the encrypted software model; and
  
  generating, by the processor, at least two secret keys via the master key by respectively including therein the definition of the at least two component groups of the software components of the software model such that when the encrypted software model is distributed to each of at least two devices having respective secret keys that each include the definition of a corresponding component group of the software components of the software model, the at least two component groups are only individually decryptable via the respective secret keys,wherein each of the at least two secret keys is distinct from each other, andwherein the decryption structure is generated by assigning attributes to the software components and defining the at least two component groups from those software components to which at least one specific attribute was assigned.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The encryption method according to claim 1, wherein the software components within the software model are in hierarchical relationship one another, andwherein attributes are assigned to the software components such that each software component possesses at least one attribute in common with a hierarchically higher-level software component.
  - 3. The encryption method according to claim 1, wherein the software components within the software model are in hierarchical relationship with one another, andwherein the decryption structure is generated such that a component group also includes a hierarchically higher-level software component for each software component.
  - 4. The encryption method according to claim 1, wherein the decryption structure is generated such that the at least two component groups form an autonomous part of the software model.
  - 5. The encryption method according to claim 1, wherein the software model comprises at least one of trivial software components or essential software components, andwherein the decryption structure is generated such that the at least two component groups include at least one of all trivial software components or all essential software components.
  - 6. The encryption method according to claim 1, wherein the at least one specific attribute is integrated into the at least two secret keys during generation of the secret keys.
  - 7. The encryption method according to claim 1, further comprising:
    - generating an additional decryption structure that defines at least one additional component group of software components of the software model; and
      
      generating a key extension for the at least two secret keys via the master key and the additional decryption structure such that the key extension includes the definition of the at least one additional component group.
  - 8. The encryption method according to claim 7, wherein the additional decryption structure is generated by defining at least one additional component group from the software components to which at least one specific additional attribute has been assigned, andwherein the at least one additional specific attribute is integrated into the key extension during generation of the key extension.
  - 9. The encryption method according to claim 7, wherein an identifier of the at least two secret keys is integrated into the key extension during generation of the key extension.
  - 10. The encryption method according to claim 7, wherein the key extension is generated such that the at least one additional component group is only decryptable by an extended secret key that is composed of the at least two secret keys and the key extension.

11. A decryption method for decrypting a software model comprising software components of a technical system, a control unit or a system controlled or regulated by the control unit, the decryption method comprising:
- decrypting, by a processor of a decryption unit, the software model encrypted at an encryption using an encryption method that comprises;
  
  generating, by a processor of the encryption unit, a public key and a master key;
  
  generating, by the processor of the encryption unit, a decryption structure that includes a definition of at least two component groups of the software components of the software model for decryption by at least two devices, the at least two component groups structuring different functional parts of the software model to perform a task when respectively decrypted by the at least two devices;
  
  at least partially encrypting, by the processor of the encryption unit, the at least two component groups of the software components of the software model via the public key as specified by the decryption structure;
  
  at least partially integrating, by the processor of the encryption unit, the decryption structure into the encrypted software model; and
  
  generating, by the processor of the encryption unit, at least two secret keys via the master key by respectively including therein the definition of the at least two component groups of the software components of the software model such that when the encrypted software model is distributed to each of at least two devices having respective secret keys that each include the definition of a corresponding component group of the software components of the software model, the at least two component groups are only individually decryptable via the respective secret keys,wherein each of the at least two secret keys is distinct from each other,wherein the decryption structure is generated by assigning attributes to the software components and defining the at least two component groups from those software components to which at least one specific attribute was assigned, andwherein in the decryption method, each of the at least two component groups is only decrypted when the decryption structure at least partially integrated into the encrypted software model defines the each of the at least two component groups and the at least two secret keys include the definition of the each of the at least two component groups.
- View Dependent Claims (12, 13, 14, 15)
- - 12. The decryption method according to claim 11, wherein, for the purpose of decrypting the encrypted software model by the at least two secret keys, a check is made as to whether at least the at least one predefined attribute that is integrated into the at least two secret keys is assigned to a software component of the encrypted software model.
  - 13. The decryption method according to claim 11, wherein an extended secret key is formed from the at least two secret keys and a key extension generated for the at least two secret keys, andwherein the definition of the at least one additional component group is integrated into the at least two secret keys such that the at least one additional component group is decrypted via the extended secret key when a decryption structure at least partially integrated into the encrypted software model defines the at least one additional component group.
  - 14. The decryption method according to claim 13, wherein the at least one additional specific attribute is integrated into the at least two secret keys when the extended secret key is formed.
  - 15. The decryption method according to claim 13, wherein an identifier of the key extension and an identifier of the at least two secret keys are integrated into the extended secret key during formation of the extended secret key, andwherein the at least two component groups are only decrypted via the extended secret key when the identifier of the key extension and the identifier of the at least two secret keys correspond to one another.

16. A non-transitory computer readable medium storing an electronic data set comprising:
- a software model that comprises software components of a technical system, a control unit or a system controlled or regulated by the control unit, the software model having been encrypted at an encryption unit using an encryption method that comprises;
  
  generating, by a processor of the encryption unit, a public key and a master key;
  
  generating, by the processor of the encryption unit, a decryption structure that includes a definition of at least two component groups of the software components of the software model for decryption by at least two devices, the at least two component groups structuring different functional parts of the software model to perform a task when respectively decrypted by the at least two devices;
  
  at least partially encrypting, by the processor of the encryption unit, the at least two component groups of the software components of the software model via the public key as specified by the decryption structure;
  
  at least partially integrating, by the processor of the encryption unit, the decryption structure into the encrypted software model; and
  
  generating, by the processor of the encryption unit, at least two secret keys via the master key by respectively including therein the definition of the at least two component groups of the software components of the software model such that when the encrypted software model is distributed to each of at least two devices having respective secret keys that each include the definition of a corresponding component group of the software components of the software model, the at least two component groups are only individually decryptable via the respective secret keys,wherein the data set is designed such that the encrypted software model is decryptable,wherein each of the at least two secret keys is distinct from each other, andwherein the decryption structure is generated by assigning attributes to the software components and defining the at least two component groups from those software components to which at least one specific attribute was assigned.

17. An encryption unit configured to encrypt a software model comprising software components of a technical system, a control unit or a system controlled or regulated by the control unit, the encryption unit comprising:
- a processor; and
  
  a memory,wherein the processor and the memory are configured to;
  
  generate a public key and a master key;
  
  generate a decryption structure that includes a definition of at least two component groups of the software components of the software model for decryption by at least two devices, the at least two component groups structuring different functional parts of the software model to perform a task when respectively decrypted by the at least two devices;
  
  at least partially encrypt the at least two component groups of the software components of the software model via the public key as specified by the decryption structure;
  
  at least partially integrate the decryption structure into the encrypted software model; and
  
  generate at least two secret keys via the master key by respectively including therein the definition of the at least two component groups of the software components of the software model such that when the encrypted software model is distributed to each of at least two devices having respective secret keys that each include the definition of a corresponding component group of the software components of the software model, the at least two component groups are only individually decryptable via the respective secret keys,wherein each of the at least two secret keys is distinct from each other, andwherein the decryption structure is generated by assigning attributes to the software components and defining the at least two component groups from those software components to which at least one specific attribute was assigned.

18. A decryption unit configured to decrypt a software model comprising software components of a technical system, a control unit or a system controlled or regulated by the control unit, the decryption unit comprising:
- a processor; and
  
  a memory,wherein the processor and the memory of the decryption unit are configured to decrypt the software model encrypted at an encryption using an encryption method that comprises;
  
  generating, by a processor of the encryption unit, a public key and a master key;
  
  generating, by the processor of the encryption unit, a decryption structure that includes a definition of at least two component groups of the software components of the software model for decryption by at least two devices, the at least two component groups structuring different functional parts of the software model to perform a task when respectively decrypted by the at least two devices;
  
  at least partially encrypting, by the processor of the encryption unit, the at least two component groups of the software components of the software model via the public key as specified by the decryption structure;
  
  at least partially integrating, by the processor of the encryption unit, the decryption structure into the encrypted software model; and
  
  generating, by the processor of the encryption unit, at least two secret keys via the master key by respectively including therein the definition of the at least two component groups of the software components of the software model such that when the encrypted software model is distributed to each of at least two devices having respective secret keys that each include the definition of a corresponding component group of the software components of the software model, the at least two component groups are only individually decryptable via the respective secret keys,wherein each of the at least two secret keys is distinct from each other,wherein the decryption structure is generated by assigning attributes to the software components and defining the at least two component groups from those software components to which at least one specific attribute was assigned, andwherein the processor and the memory of the decryption unit are configured such that each of the at least two component groups is only decrypted when the decryption structure at least partially integrated into the encrypted software model defines the each of the at least two component groups and the at least two secret keys include the definition of the each of the at least two component groups.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Dspace GmbH
Original Assignee
Dspace Digital Signal Processing And Control Engineering Gmbh
Inventors
Jochheim, Janek, Kruegel, Karsten, Bloemer, Johannes, Liske, Gennadij
Primary Examiner(s)
Rahman, Mahfuzur
Assistant Examiner(s)
Cruz-Franqui, Richard W

Application Number

US14/886,523
Publication Number

US 20160112195A1
Time in Patent Office

1,569 Days
Field of Search
US Class Current
CPC Class Codes

G06F 21/10   Protecting distributed prog...

G06F 8/35   model driven

H04L 9/007   involving hierarchical stru...

H04L 9/0816   Key establishment, i.e. cry...

H04L 9/14   using a plurality of keys o...

H04L 9/30   Public key, i.e. encryption...

Protection of software models

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

21 Citations

18 Claims

Specification

Solutions

Use Cases

Quick Links

Protection of software models

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

21 Citations

18 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links