Authorization process using a certificate

US 7,197,637 B2
Filed: 02/26/2001
Issued: 03/27/2007
Est. Priority Date: 02/25/2000
Status: Active Grant

First Claim

Patent Images

1. A process for authenticating software that is to be stored in a memory for controlling operation of a control unit of a vehicle, said process comprising:

an authorized software installer providing a pair of certificate keys, including first and second certificate keys;

a trust center providing a pair of control unit keys, including first and second control unit keys;

said trust center storing the first control unit key in or accessible to the control unit in the vehicle;

said authorized software installer issuing a certificate request to said trust center, said certificate request containing said first certificate key;

said trust center generating a number of certificates, each certificate comprising a certificate information;

when a plurality of certificates are used,i) including in certificate information of each certificate, other than a last of said certificates, a first key, of a pair of additional first and second keys, for checking a signature in a certificate that follows, and;

ii) signing each certificate other than a first of said first certificates, using the second key of said pair of additional keys of which the first key is filed in certificate information of a next preceding certificate;

including the first certificate key, contained in said certificate request, in certificate information of the last of said certificates, for checking signature of said software;

signing certificate information of the first of said certificates using the second control unit key, issued by the trust center;

said authorized software installer signing software that is to be entered, by means of said second certificate key, provided by said authorized software installer;

said authorized software installer importing all signed certificates into the control unit;

said authorized software installer importing the signed software into the control unit;

said control unit using said first control unit key, provided by said trust center, and said first certificate key, provided by said authorized software installer, to authenticate the software, by checking the signature of the first certificate by means of the first control unit key filed in or accessible to the control unit and, when a plurality of certificates are used, authenticating the signature of each additional certificate by means of a first key contained in certificate information of a next preceding certificate;

accepting certificate information of a respective certificate if checking thereof has a positive result;

checking the signature of the software using the first certificate key included in the certificate information of the last certificate; and

authenticating the software if said checking also has a positive result;

whereinthe second control unit key is known only to said trust center, and said second certificate key is known only to said authorized software installer, which is an entity different from said trust center;

at least one vehicle-specific information for the vehicle containing the control unit is added to the software;

the at least one vehicle-specific information is signed by means of the software;

in addition to checking the signatures of the certificates and of the software, the vehicle-specific information is also checked;

the software is accepted in the control unit only when the vehicle-specific information of the software also corresponds to that of the vehicle;

for checking vehicle-specific information, a vehicle-specific pair of keys is generated in one of a vehicle security unit and the control unit, the vehicle-specific information and a key of the vehicle-specific pair of keys being present;

in addition to the vehicle-specific information, the additional key of the vehicle-specific pair of keys is filed in the software;

in a separate routine, a check is made whether the keys of the vehicle-specific pair of keys match; and

the imported software is accepted if the answer is affirmative.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

In a process for insuring data integrity of software for a control unit of a motor vehicle, a central system (trust center) can issue certificates to authorized parties, enabling them to properly sign software for the control unit and import it into a vehicle to enable operation of the vehicle. For this purpose, the trust center (or the vehicle itself) provides a pair of control unit keys having a first and second key. The first key is stored during production of the vehicle in such a manner that it is accessible to the control unit. By means of the second key of the trust center, a first certificate for an authorized party (certificate holder) is signed.

Citations

17 Claims

1. A process for authenticating software that is to be stored in a memory for controlling operation of a control unit of a vehicle, said process comprising:
- an authorized software installer providing a pair of certificate keys, including first and second certificate keys;
  
  a trust center providing a pair of control unit keys, including first and second control unit keys;
  
  said trust center storing the first control unit key in or accessible to the control unit in the vehicle;
  
  said authorized software installer issuing a certificate request to said trust center, said certificate request containing said first certificate key;
  
  said trust center generating a number of certificates, each certificate comprising a certificate information;
  
  when a plurality of certificates are used,i) including in certificate information of each certificate, other than a last of said certificates, a first key, of a pair of additional first and second keys, for checking a signature in a certificate that follows, and;
  
  ii) signing each certificate other than a first of said first certificates, using the second key of said pair of additional keys of which the first key is filed in certificate information of a next preceding certificate;
  
  including the first certificate key, contained in said certificate request, in certificate information of the last of said certificates, for checking signature of said software;
  
  signing certificate information of the first of said certificates using the second control unit key, issued by the trust center;
  
  said authorized software installer signing software that is to be entered, by means of said second certificate key, provided by said authorized software installer;
  
  said authorized software installer importing all signed certificates into the control unit;
  
  said authorized software installer importing the signed software into the control unit;
  
  said control unit using said first control unit key, provided by said trust center, and said first certificate key, provided by said authorized software installer, to authenticate the software, by checking the signature of the first certificate by means of the first control unit key filed in or accessible to the control unit and, when a plurality of certificates are used, authenticating the signature of each additional certificate by means of a first key contained in certificate information of a next preceding certificate;
  
  accepting certificate information of a respective certificate if checking thereof has a positive result;
  
  checking the signature of the software using the first certificate key included in the certificate information of the last certificate; and
  
  authenticating the software if said checking also has a positive result;
  
  whereinthe second control unit key is known only to said trust center, and said second certificate key is known only to said authorized software installer, which is an entity different from said trust center;
  
  at least one vehicle-specific information for the vehicle containing the control unit is added to the software;
  
  the at least one vehicle-specific information is signed by means of the software;
  
  in addition to checking the signatures of the certificates and of the software, the vehicle-specific information is also checked;
  
  the software is accepted in the control unit only when the vehicle-specific information of the software also corresponds to that of the vehicle;
  
  for checking vehicle-specific information, a vehicle-specific pair of keys is generated in one of a vehicle security unit and the control unit, the vehicle-specific information and a key of the vehicle-specific pair of keys being present;
  
  in addition to the vehicle-specific information, the additional key of the vehicle-specific pair of keys is filed in the software;
  
  in a separate routine, a check is made whether the keys of the vehicle-specific pair of keys match; and
  
  the imported software is accepted if the answer is affirmative.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17)
- - 2. The process according to claim 1, wherein the software is tested at least during a first start-up of the control unit, and is then correspondingly characterized.
  - 3. The process according to claim 1, wherein in the event of an external access to the control unit, an access unit checks whether an authorization exists for the access.
  - 4. The process according to claim 3, wherein a code is requested by a control unit and the code is checked for validity.
  - 5. The process according to claim 4, wherein:
    - the control unit supplies a random number which is to be signed by the accessing party; and
      
      the signature applied to the random number is checked in the control unit using an authentication key.
  - 6. The process according to claim 3, wherein:
    - when access authorization is queried, an authorization stage is determined; and
      
      access actions are accepted or not accepted as a function of the authorization stage.
  - 7. The process according to claim 1, wherein a security device in the vehicle performs an authentication check of a control unit at least aperiodically, and registers the control unit in the event of a negative result.
  - 8. The process according to claim 7, wherein a control-unit-individual secret code is filed in the control unit.
  - 9. The process according to claim 7, wherein the security device queries a control-unit-specific characteristic and checks the latter with respect to authenticity.
  - 10. The process according to claim 7, wherein during the authentication check, a key is used which is stored in one of the security device and the control unit.
  - 11. The process according to claim 1, wherein:
    - a public key is contained in a certificate as the certificate information; and
      
      a signature to be checked thereby is generated by means of a pertaining secret key.
  - 12. The process according to claim 11, wherein:
    - the first control unit key, is a public key; and
      
      the second control unit key is a secret key.
  - 13. The process according to claim 11, wherein:
    - a control unit in the vehicle generates an asymmetric pair of keys with a public and a secret key;
      
      the public key is filed in a control unit in the vehicle; and
      
      the private key can be read out of the vehicle for signing the first certificate.
  - 14. The process according to claim 1, wherein the first control unit key is filed in the boot sector of the control unit.
  - 15. The process according to claim 14, wherein after input of the key, the boot sector is blocked and is thus protected against further access.
  - 16. The process according to claim 1, wherein at least one of the software and the certificate information is imaged on an information of a defined length and said information is then signed.
  - 17. The process according to claim 16, wherein a hash function is selected as the imaging function.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Bayerische Motoren Werke AG
Original Assignee
Bayerische Motoren Werke AG
Inventors
Kuhls, Burkhard, Schmidt, Ernst
Primary Examiner(s)
Barron; Gilberto
Assistant Examiner(s)
Kim; Jung

Application Number

US09/792,034
Publication Number

US 20020023223A1
Time in Patent Office

2,220 Days
Field of Search

705/157, 713/157, 713/176, 713/189, 713/156
US Class Current

713/157
CPC Class Codes

B60R 25/24   using electronic identifier...

G06F 21/572   Secure firmware programming...

G06F 2221/2145   Inheriting rights or proper...

H04L 2209/84   Vehicles

H04L 63/0823   using certificates cryptogr...

H04L 9/3247   involving digital signatures

H04L 9/3263   involving certificates, e.g...

H04L 9/3271   using challenge-response

Authorization process using a certificate

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

17 Claims

Specification

Solutions

Use Cases

Quick Links

Authorization process using a certificate

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

17 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links