SECURITY ACCESS METHOD FOR AUTOMOTIVE ELECTRONIC CONTROL UNITS
First Claim
1. A method for allowing access to an electronic control unit (ECU) on a vehicle, said method comprising:
- storing an ECU identification value that identifies the ECU in a memory on the ECU;
storing the ECU identification value and an ECU security key value associated with the ECU identification value at a remote and secure database;
requesting the ECU identification value from the ECU by a service tool;
generating a challenge in the ECU in response to the request;
sending the ECU identification value and the challenge from the ECU to the service tool;
sending the ECU identification value and the challenge from the service tool to the secure database;
identifying the ECU security key value that corresponds to the ECU identification value;
generating a message in the database based on the ECU security key value that includes a response to the challenge;
sending the message from the database to the service tool;
sending the message from the service tool to the ECU; and
allowing access to the ECU if the response to the challenge is accepted by the ECU.
3 Assignments
0 Petitions
Accused Products
Abstract
A system and method for employing a mechanism for unlocking a vehicle ECU. The ECU stores a unique ECU identification value that identifies the particular ECU and a secure server stores the ECU identification value and a unique ECU security key value, where the identification value identifies the security key value in the server, and where the secure server stores the unique ECU identification value and the unique security key value for many ECUs. A service tool that wants to gain access to the ECU for software reprogramming or service requests the ECU identification value and a challenge from the ECU and sends them to the secure server, which then identifies the security key value associated with that ECU identification value and the response for the challenge. The secure server then sends the response to the service tool, which provides it to the ECU to unlock it for programming.
48 Citations
20 Claims
-
1. A method for allowing access to an electronic control unit (ECU) on a vehicle, said method comprising:
-
storing an ECU identification value that identifies the ECU in a memory on the ECU; storing the ECU identification value and an ECU security key value associated with the ECU identification value at a remote and secure database; requesting the ECU identification value from the ECU by a service tool; generating a challenge in the ECU in response to the request; sending the ECU identification value and the challenge from the ECU to the service tool; sending the ECU identification value and the challenge from the service tool to the secure database; identifying the ECU security key value that corresponds to the ECU identification value; generating a message in the database based on the ECU security key value that includes a response to the challenge; sending the message from the database to the service tool; sending the message from the service tool to the ECU; and allowing access to the ECU if the response to the challenge is accepted by the ECU. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A method for allowing access to a controller, said method comprising:
-
storing a controller identification value that identifies the controller in a memory on the controller; storing the controller identification value and a controller security key value associated with the controller identification value at a remote and secure database; requesting the controller identification value and a challenge from the controller by a service tool; generating a challenge in the controller in response to the request, wherein generating a challenge in the controller includes generating a different challenge each time a request for the controller identification value is made, and wherein generating a challenge in the controller includes computing a random or pseudorandom bit value; sending the controller identification value and the challenge from the controller to the service tool; sending the controller identification value and the challenge from the service tool to the secure database; identifying the controller security key value that corresponds to the controller identification value; generating a message in the database based on the controller security key value that includes a response to the challenge; sending the message from the database to the service tool; sending the message from the service tool to the controller; and allowing access to the controller if the response to the challenge is accepted by the controller. - View Dependent Claims (11, 12, 13, 14)
-
-
15. A system for allowing access to a controller, said system comprising:
-
means for storing a controller identification value that identifies the controller in a memory on the controller; means for storing the controller identification value and a controller security key value associated with the controller identification value at a remote and secure database; means for requesting the controller identification value and a challenge from the controller by a service tool; means for generating a challenge in the controller in response to the request; means for sending the controller identification value and the challenge from the controller to the service tool; means for sending the controller identification value and the challenge from the service tool to the secure database; means for identifying the controller security key value that corresponds to the controller identification value; means for generating a message in the database based on the controller security key value that includes an answer to the challenge; means for sending the message from the database to the service tool; means for sending the message from the service tool to the controller; and means for allowing access to the controller if the response to the challenge is accepted by the controller. - View Dependent Claims (16, 17, 18, 19, 20)
-
Specification