SECURITY ACCESS METHOD FOR AUTOMOTIVE ELECTRONIC CONTROL UNITS

US 20130111582A1
Filed: 09/26/2012
Published: 05/02/2013
Est. Priority Date: 10/28/2011
Status: Active Grant

First Claim

Patent Images

1. A method for allowing access to an electronic control unit (ECU) on a vehicle, said method comprising:

storing an ECU identification value that identifies the ECU in a memory on the ECU;

storing the ECU identification value and an ECU security key value associated with the ECU identification value at a remote and secure database;

requesting the ECU identification value from the ECU by a service tool;

generating a challenge in the ECU in response to the request;

sending the ECU identification value and the challenge from the ECU to the service tool;

sending the ECU identification value and the challenge from the service tool to the secure database;

identifying the ECU security key value that corresponds to the ECU identification value;

generating a message in the database based on the ECU security key value that includes a response to the challenge;

sending the message from the database to the service tool;

sending the message from the service tool to the ECU; and

allowing access to the ECU if the response to the challenge is accepted by the ECU.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system and method for employing a mechanism for unlocking a vehicle ECU. The ECU stores a unique ECU identification value that identifies the particular ECU and a secure server stores the ECU identification value and a unique ECU security key value, where the identification value identifies the security key value in the server, and where the secure server stores the unique ECU identification value and the unique security key value for many ECUs. A service tool that wants to gain access to the ECU for software reprogramming or service requests the ECU identification value and a challenge from the ECU and sends them to the secure server, which then identifies the security key value associated with that ECU identification value and the response for the challenge. The secure server then sends the response to the service tool, which provides it to the ECU to unlock it for programming.

48 Citations

View as Search Results

20 Claims

1. A method for allowing access to an electronic control unit (ECU) on a vehicle, said method comprising:
- storing an ECU identification value that identifies the ECU in a memory on the ECU;
  
  storing the ECU identification value and an ECU security key value associated with the ECU identification value at a remote and secure database;
  
  requesting the ECU identification value from the ECU by a service tool;
  
  generating a challenge in the ECU in response to the request;
  
  sending the ECU identification value and the challenge from the ECU to the service tool;
  
  sending the ECU identification value and the challenge from the service tool to the secure database;
  
  identifying the ECU security key value that corresponds to the ECU identification value;
  
  generating a message in the database based on the ECU security key value that includes a response to the challenge;
  
  sending the message from the database to the service tool;
  
  sending the message from the service tool to the ECU; and
  
  allowing access to the ECU if the response to the challenge is accepted by the ECU.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The method according to claim 1 wherein generating a message in the database includes using a secure message authentication code that is keyed to the ECU security key value to provide an authenticator.
  - 3. The method according to claim 1 wherein there is no relationship between the ECU identification value and the ECU security key value other than the ECU identification value being used to identify the ECU security key value.
  - 4. The method according to claim 1 wherein the ECU identification value and the ECU security key value are related by a secret key where the ECU security key value is calculated using the ECU identification value and the security key.
  - 5. The method according to claim 4 wherein the ECU security key value is calculated using a secure cryptographic message authentication code.
  - 6. The method according to claim 4 wherein the ECU security key value is calculated at a provisioning server.
  - 7. The method according to claim 1 wherein sending the ECU identification value and the challenge to the secure database and sending the ECU identification value and the challenge from the service tool to the secure database includes using a communications link selected from the group consisting of short messages, internet, web page access, SMS text messages, smart phone, email, voice response system and telephone connections.
  - 8. The method according to claim 1 wherein generating a challenge in the ECU includes computing a random or pseudorandom bit value.
  - 9. The method according to claim 1 wherein generating a challenge in the ECU includes generating a different challenge each time a request for the ECU identification value is made.

10. A method for allowing access to a controller, said method comprising:
- storing a controller identification value that identifies the controller in a memory on the controller;
  
  storing the controller identification value and a controller security key value associated with the controller identification value at a remote and secure database;
  
  requesting the controller identification value and a challenge from the controller by a service tool;
  
  generating a challenge in the controller in response to the request, wherein generating a challenge in the controller includes generating a different challenge each time a request for the controller identification value is made, and wherein generating a challenge in the controller includes computing a random or pseudorandom bit value;
  
  sending the controller identification value and the challenge from the controller to the service tool;
  
  sending the controller identification value and the challenge from the service tool to the secure database;
  
  identifying the controller security key value that corresponds to the controller identification value;
  
  generating a message in the database based on the controller security key value that includes a response to the challenge;
  
  sending the message from the database to the service tool;
  
  sending the message from the service tool to the controller; and
  
  allowing access to the controller if the response to the challenge is accepted by the controller.
- View Dependent Claims (11, 12, 13, 14)
- - 11. The method according to claim 10 wherein generating a message in the database includes using a secure message authentication code that is keyed to the controller security key value to provide an authenticator.
  - 12. The method according to claim 10 wherein there is no relationship between the controller identification value and the controller security key value other than the controller identification value being used to identify the controller security key value.
  - 13. The method according to claim 10 wherein the controller identification value and the controller security key value are related by a secret key where the controller security key value is calculated using the controller identification value and the security key.
  - 14. The method according to claim 13 wherein the controller security key value is calculated using a secure cryptographic message authentication code.

15. A system for allowing access to a controller, said system comprising:
- means for storing a controller identification value that identifies the controller in a memory on the controller;
  
  means for storing the controller identification value and a controller security key value associated with the controller identification value at a remote and secure database;
  
  means for requesting the controller identification value and a challenge from the controller by a service tool;
  
  means for generating a challenge in the controller in response to the request;
  
  means for sending the controller identification value and the challenge from the controller to the service tool;
  
  means for sending the controller identification value and the challenge from the service tool to the secure database;
  
  means for identifying the controller security key value that corresponds to the controller identification value;
  
  means for generating a message in the database based on the controller security key value that includes an answer to the challenge;
  
  means for sending the message from the database to the service tool;
  
  means for sending the message from the service tool to the controller; and
  
  means for allowing access to the controller if the response to the challenge is accepted by the controller.
- View Dependent Claims (16, 17, 18, 19, 20)
- - 16. The system according to claim 15 wherein the means for generating a message in the database uses a secure message authentication code that is keyed to the controller security key value to provide an authenticator.
  - 17. The system according to claim 15 wherein there is no relationship between the controller identification value and the controller security key value other than the controller identification value being used to identify the controller security key value.
  - 18. The system according to claim 15 wherein the controller identification value and the controller security key value are related by a secret key where the controller security key value is calculated using the controller identification value and the security key.
  - 19. The system according to claim 15 wherein the means for generating a challenge in the ECU computes a random or pseudorandom bit value.
  - 20. The system according to claim 15 wherein the means for generating a challenge in the ECU generates a different challenge each time a request for the ECU identification value is made.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
GM Global Technology Operations LLC (General Motors Company)
Original Assignee
GM Global Technology Operations LLC (General Motors Company)
Inventors
FOREST, THOMAS M.

Granted Patent

US 9,280,653 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/19
CPC Class Codes

G06F 21/44 Program or device authentic...

G06F 2221/2103 Challenge-response

SECURITY ACCESS METHOD FOR AUTOMOTIVE ELECTRONIC CONTROL UNITS

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

48 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

SECURITY ACCESS METHOD FOR AUTOMOTIVE ELECTRONIC CONTROL UNITS

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

48 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links