METHOD FOR MANIPULATION PROTECTION OF A BUS SYSTEM BETWEEN AT LEAST TWO SYSTEM COMPONENTS

US 20160373261A1
Filed: 06/22/2016
Published: 12/22/2016
Est. Priority Date: 06/22/2015
Status: Active Grant

First Claim

Patent Images

1. A method for a manipulation protection of useful data packets to be transmitted via a bus system between at least two system components, wherein the at least two system components each comprise a signing unit that generates data packets and a signing test unit that tests generated data packets, the method comprising:

a first one of the system components generating an independent, protective data packet with protective information for a useful data packet to be transmitted via the bus system, wherein the protective data packet is independent of the useful data packet but is allocated unambiguously to the useful data packet;

subsequently, transmitting the generated protective data packet separately from the associated useful data packet via the bus system from the first one of the system components to the second one of the system components, andtransmitting a verification of authenticity of the useful data packet from the second one of the system components in response to receipt of the transmitted protective data packet by the second one of the system components.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method for a manipulation protection of useful data packets to be transmitted via a bus system between at least two system components, wherein the system components include a signing and signing test unit by which data packets can be generated and tested. A first one of the system components generates an independent protective data packet with protective information for a useful data packet to be transmitted via the bus system, which protective data packet is independent of this useful data packet but, can be allocated unambiguously to it, after which the generated protective data packet is sent out separately from the associated useful data packet via the bus system to the second one of the system components and a verification of the authenticity of the useful data packet to be transmitted is effected by the transmitted protective data packet by the second one of the system components.

21 Citations

34 Claims

1. A method for a manipulation protection of useful data packets to be transmitted via a bus system between at least two system components, wherein the at least two system components each comprise a signing unit that generates data packets and a signing test unit that tests generated data packets, the method comprising:
- a first one of the system components generating an independent, protective data packet with protective information for a useful data packet to be transmitted via the bus system, wherein the protective data packet is independent of the useful data packet but is allocated unambiguously to the useful data packet;
  
  subsequently, transmitting the generated protective data packet separately from the associated useful data packet via the bus system from the first one of the system components to the second one of the system components, andtransmitting a verification of authenticity of the useful data packet from the second one of the system components in response to receipt of the transmitted protective data packet by the second one of the system components.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 19, 20, 21, 22, 23, 24, 26, 27, 28, 29, 30, 31, 32)
- - 2. The method of claim 1, further comprising depositing at least one identical cryptographic key in the signing and signing test units of the at least two system components for use in encrypting and decrypting protective data packets.
  - 3. The method of claim 1, wherein each useful data packet for which a protective data packet is generated comprises a counter having a bit length of N bits, wherein the method further comprises incrementing the counter with each transmission of the respective useful data packet.
  - 4. The method of claim 3, wherein the counter has a bit length of 4 bits.
  - 5. The method of claim 1, wherein each protective data packet and each useful data packet has, in each case, one message identifier indicating allocation of the respective data packet to a priority stage, wherein a value of the protective data packet message identifier is selected close to a value of the message identifier of the useful data packet allocated to protective data packet, such that the useful data packet and the allocated protective data packet are allocated to a same or directly mutually adjacent priority stages.
  - 6. The method of claim 1, wherein, via the same bus system, useful data packets not to be verified by protective data packets are also transmitted between the at least two system components for which no protective data packets are generated and sent out.
  - 7. The method of claim 1, wherein the at least two system components have a time unit synchronized to a common system time.
  - 8. The method of claim 7, wherein the protective data packet is formed using the common system time and using at least a part of the useful data of the useful data packet to be transmitted to which the protective data packet is allocated.
  - 9. The method of claim 1, the method further comprising carrying out a challenge-response authentication between the at least two system components, wherein a generated random number is transmitted from one of the at least two system components to the other one of the at least two system components and the response to the transmitted random number is used for the authentication.
  - 10. The method of claim 9, wherein the protective data packet is formed using the generated random number and using at least a part of the useful data of the useful data packet to be transmitted to which the protective data packet is allocated.
  - 11. The method of claim 3, wherein the protective data packet is also formed using the counter and using the message identifier of the useful data packet to which the protective data packet can be allocated.
  - 12. The method of claim 3, wherein the protective data packet is also formed using the counter and via the message identifier of the protective data packet.
  - 13. The method of claim 1, further comprising calculating a Message Authentication Code for a useful data packet to be protected and transmitting the Message Authentication Code in the protective data packet allocated to the useful data packet.
  - 14. The method of claim 1, further comprising discarding useful data packets that are not verifiable as authentic based on a protective data packet.
  - 15. The method of claim 1, wherein the bus system is a CAN bus system.
  - 16. The method of claim 8, wherein the protective data packet is also formed using the counter and using the message identifier of the useful data packet to which the protective data packet can be allocated.
  - 17. The method of claim 8, wherein the protective data packet is also formed using the counter and using the message identifier of the protective data packet.
  - 19. The system of claim 17, wherein at least one identical cryptographic key is deposited in the signing and signing test units of the at least two system components for use in encrypting and decrypting protective data packets.
  - 20. The system of claim 17, wherein each useful data packet for which a protective data packet is generated comprises a counter having a bit length of N bits, wherein the method further comprises incrementing the counter with each transmission of the respective useful data packet.
  - 21. The system of claim 20, wherein the counter has a bit length of 4 bits.
  - 22. The system of claim 17, wherein each protective data packet and each useful data packet has, in each case, one message identifier indicating allocation of the respective data packet to a priority stage, wherein a value of the protective data packet message identifier is selected close to a value of the message identifier of the useful data packet allocated to protective data packet, such that the useful data packet and the allocated protective data packet are allocated to a same or directly mutually adjacent priority stages.
  - 23. The system of claim 17, wherein, via the same bus system, useful data packets not to be verified by protective data packets are also transmitted between the at least two system components for which no protective data packets are generated and sent out.
  - 24. The system of claim 17, wherein the at least two system components have a time unit synchronized to a common system time.
  - 26. The system of claim 17, wherein a challenge-response authentication is carried out between the at least two system components, wherein a generated random number is transmitted from one of the at least two system components to the other one of the at least two system components and the response to the transmitted random number is used for the authentication.
  - 27. The system of claim 26, wherein the protective data packet is formed using the generated random number and using at least a part of the useful data of the useful data packet to be transmitted to which the protective data packet is allocated.
  - 28. The system of claim 20, wherein the protective data packet is also formed using the counter and using the message identifier of the useful data packet to which the protective data packet can be allocated.
  - 29. The system of claim 20, wherein the protective data packet is also formed using the counter and via the message identifier of the protective data packet.
  - 30. The system of claim 17, wherein a Message Authentication Code is calculated for a useful data packet to be protected and transmitted in the protective data packet allocated to the useful data packet.
  - 31. The system of claim 17, wherein useful data packets that are not verifiable as authentic based on a protective data packet are discarded.
  - 32. The system of claim 17, wherein the bus system is a CAN bus system.

18. A system for a manipulation protection of useful data packets to be transmitted via a bus system between at least two system components, wherein the at least two system components each comprise a signing unit that generates data packets and a signing test unit that tests generated data packets,wherein a first one of the system components generates an independent, protective data packet with protective information for a useful data packet to be transmitted via the bus system, wherein the protective data packet is independent of the useful data packet but is allocated unambiguously to the useful data packet,wherein, subsequently, the generated protective data packet is transmitted separately from the associated useful data packet via the bus system from the first one of the system components to the second one of the system components, andwherein, a verification of authenticity of the useful data packet is transmitted from the second one of the system components in response to receipt of the transmitted protective data packet by the second one of the system components.

25. The system of 24, wherein the protective data packet is formed using the common system time and using at least a part of the useful data of the useful data packet to be transmitted to which the protective data packet is allocated.
- View Dependent Claims (33, 34)
- - 33. The system of claim 25, wherein the protective data packet is also formed using the counter and using the message identifier of the useful data packet to which the protective data packet can be allocated.
  - 34. The system of claim 25, wherein the protective data packet is also formed using the counter and using the message identifier of the protective data packet.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Volkswagen AG
Original Assignee
Volkswagen AG
Inventors
HARTKOPP, Oliver, TSCHACHE, Alexander

Granted Patent

US 10,079,685 B2
Time in Patent Office

Days
Field of Search
US Class Current

1/1
CPC Class Codes

B60W 2050/0045   using databus protocols

G06F 13/36   for access to common bus or...

H04L 12/40104   Security; Encryption; Conte...

H04L 2012/40215   Controller Area Network CAN

H04L 2209/84   Vehicles

H04L 63/0428   wherein the data content is...

H04L 63/08   for authentication of entit...

H04L 63/083   using passwords cryptograph...

H04L 63/123   received data contents, e.g...

H04L 9/3226   using a predetermined code,...

H04L 9/3242   involving keyed hash functi...

H04L 9/3247   involving digital signatures

METHOD FOR MANIPULATION PROTECTION OF A BUS SYSTEM BETWEEN AT LEAST TWO SYSTEM COMPONENTS

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

21 Citations

34 Claims

Specification

Use Cases

Quick Links

Others

METHOD FOR MANIPULATION PROTECTION OF A BUS SYSTEM BETWEEN AT LEAST TWO SYSTEM COMPONENTS

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

21 Citations

34 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others