AUTHORIZATION SCHEME TO ENABLE SPECIAL PRIVILEGE MODE IN A SECURE ELECTRONIC CONTROL UNIT

US 20140075517A1
Filed: 09/12/2012
Published: 03/13/2014
Est. Priority Date: 09/12/2012
Status: Abandoned Application

First Claim

Patent Images

1. A method for enabling a privilege mode in a secure controller, said method comprising:

establishing direct communication between a programming tool and the controller, where the controller communicates only with the programming tool;

requesting information from the controller via the programming tool;

creating an information ticket in the controller that identifies the controller in response to the request;

sending the controller information ticket to a secure server;

creating an authorization ticket in the secure server that identifies the controller and creates a security code for the authorization ticket;

presenting the authorization ticket to the controller via the programming tool; and

processing the authorization ticket in the controller to verify the security code and allowing access to the controller.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system and method for by-passing a security code to allow developmental software to be installed on a production controller without having to authenticate the software. The method includes requesting information from the controller and creating an information ticket in the controller in response to the request that identifies the controller. The information ticket is sent to a secure server that creates an authorization ticket that identifies the controller from the information ticket and creates a security code for the ticket. The authorization ticket is presented to the controller and if the security code is verified by the controller, the controller allows the developmental software to be installed.

Citations

20 Claims

1. A method for enabling a privilege mode in a secure controller, said method comprising:
- establishing direct communication between a programming tool and the controller, where the controller communicates only with the programming tool;
  
  requesting information from the controller via the programming tool;
  
  creating an information ticket in the controller that identifies the controller in response to the request;
  
  sending the controller information ticket to a secure server;
  
  creating an authorization ticket in the secure server that identifies the controller and creates a security code for the authorization ticket;
  
  presenting the authorization ticket to the controller via the programming tool; and
  
  processing the authorization ticket in the controller to verify the security code and allowing access to the controller.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The method according to claim 1 wherein requesting information from the controller, sending the controller information ticket to the server and sending the authorization ticket to the controller are performed by a person.
  - 3. The method according to claim 1 wherein the authorization ticket includes unique identifying information about the controller, the purpose for accessing the controller, a period of validity of the authorization ticket and the security code.
  - 4. The method according to claim 1 wherein creating an information ticket in the controller includes creating an information ticket that includes an identification number of the controller.
  - 5. The method according to claim 4 wherein creating an information ticket in the controller includes providing a challenge in the information ticket that must be answered before the controller will allow access to the controller.
  - 6. The method according to claim 5 wherein creating an authorization ticket includes creating an authorization ticket that includes an answer to the challenge.
  - 7. The method according to claim 1 wherein the security code includes a signature associated with asymmetric key cryptography that uses a private key and a public key.
  - 8. The method according to claim 1 wherein the privilege mode is used to allow access to the controller for installing developmental software files onto the controller.
  - 9. The method according to claim 1 wherein the controller is an electronic control unit (ECU) for a vehicle.

10. A method for placing a production electronic control unit (ECU) for a vehicle in a special privilege mode to allow the ECU to be used for installing development software files on the ECU without the need for signing the development software with a security signature, said method comprising:
- establishing direct communication between a programming tool and the ECU, where the ECU communicates only with the programming tool;
  
  requesting unique identifying information from the ECU via the programming tool;
  
  creating an ECU information ticket in the ECU including an ECU identification number in response to the request;
  
  sending the ECU information ticket to a remote secure server;
  
  creating an authorization ticket in the secure server that includes the ECU identification number and a signature code that establishes the user and authorization ticket as authorized, where the authorization ticket includes identifying information about the controller, the purpose for accessing the controller, a period of validity of the authorization ticket and the security code;
  
  presenting the authorization ticket to the ECU via the ‘
  
  programming tool; and
  
  processing the authorization ticket in the ECU to disable the signature verification requirement and to allow the developmental software file to be installed on the ECU.
- View Dependent Claims (12, 13)
- - 12. The method according to claim 10 wherein creating an information ticket in the controller includes providing a challenge in the information ticket that must be answered before the controller will allow access to the controller.
  - 13. The method according to claim 12 wherein creating an authorization ticket includes creating an authorization ticket that includes an answer to the challenge.

11. (canceled)

14. A system for enabling a privilege mode in a secure controller, said system comprising:
- means for requesting information from the controller, where the controller communicates only with the means for requesting information;
  
  means for creating an information ticket in the controller that identifies the controller in response to the request;
  
  means for sending the controller information ticket to a secure server;
  
  means for creating an authorization ticket in the secure server that identifies the controller and creates a security code for the authorization ticket, where the authorization ticket includes identifying information about the controller, the purpose for accessing the controller, a period of validity of the authorization ticket and the security code;
  
  means for presenting the authorization ticket to the controller; and
  
  means for processing the authorization ticket in the controller to verify the security code and allow privileged access to the controller.
- View Dependent Claims (16, 17, 18, 19, 20)
- - 16. The system according to claim 14 wherein the means for creating an information ticket in the controller provides a challenge in the information ticket that must be answered before the controller will allow access to the controller.
  - 17. The system according to claim 16 wherein the means for creating an authorization ticket creates an authorization ticket that includes an answer to the challenge.
  - 18. The system according to claim 14 wherein the security code includes a signature associated with asymmetric key cryptography that uses a private key and a public key.
  - 19. The system according to claim 14 wherein the privilege mode is used to allow access to the controller for installing developmental software files onto the controller.
  - 20. The system according to claim 14 wherein the controller is an electronic control unit (ECU) for a vehicle.

15. (canceled)

Specification

Resources

Litigation Campaign Assessment

Current Assignee
GM Global Technology Operations LLC (General Motors Company)
Original Assignee
GM Global Technology Operations LLC (General Motors Company)
Inventors
Alrabady, Ansaf I., Baltes, Kevin M., Forest, Thomas M.

Application Number

US13/612,139
Publication Number

US 20140075517A1
Time in Patent Office

Days
Field of Search
US Class Current

726/4
CPC Class Codes

G06F 21/572   Secure firmware programming...

H04L 2209/84   Vehicles

H04L 63/126   the source of the received ...

H04L 67/12   specially adapted for propr...

H04W 4/40   for vehicles, e.g. vehicle-...

H04W 4/60   Subscription-based services...

AUTHORIZATION SCHEME TO ENABLE SPECIAL PRIVILEGE MODE IN A SECURE ELECTRONIC CONTROL UNIT

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

AUTHORIZATION SCHEME TO ENABLE SPECIAL PRIVILEGE MODE IN A SECURE ELECTRONIC CONTROL UNIT

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links