System and method of authenticating multiple files using a detached digital signature

US 8,683,206 B2
Filed: 09/19/2011
Issued: 03/25/2014
Est. Priority Date: 09/19/2011
Status: Active Grant

First Claim

Patent Images

1. A method of authenticating data files, comprising:

providing a plurality of software part files and a manifest file associated with the software part files, the manifest file identifying each of the plurality of software part files, wherein a vehicle control module of a vehicle manages operation of a defined vehicle function through the plurality of software part files;

associating the manifest file with a manifest detached digital signature;

digitally signing the manifest file with the manifest detached digital signature, wherein the manifest detached digital signature authenticates the manifest file;

associating each of the plurality of software part files with one of a plurality of unique detached digital signatures;

providing a detached digital signature file that contains the plurality of unique detached digital signatures and the manifest detached digital signature;

digitally signing each of the plurality of software part files with one of the plurality of unique detached digital signatures, wherein each of the plurality of unique detached digital signatures authenticates one of the plurality of software part files; and

providing a license file that includes a license signature, wherein the manifest file includes a license flag that is an indication that a license is needed to download the software part files.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system and method of authenticating data files is provided. The method includes providing a plurality of software part files and a manifest file associated with the software part files. The manifest file identifies each of the plurality of software part files. The method includes associating the manifest file with a manifest detached digital signature. The method also includes digitally signing the manifest file with the manifest detached digital signature. The manifest detached digital signature authenticates the manifest file. The method includes associating each of the plurality of software part files with one a plurality of unique detached digital signatures. The method includes digitally signing each of the plurality of software part files with one of the plurality of unique detached digital signatures. Each of the plurality of unique detached digital signatures authenticates one of the software part files.

22 Citations

View as Search Results

18 Claims

1. A method of authenticating data files, comprising:
- providing a plurality of software part files and a manifest file associated with the software part files, the manifest file identifying each of the plurality of software part files, wherein a vehicle control module of a vehicle manages operation of a defined vehicle function through the plurality of software part files;
  
  associating the manifest file with a manifest detached digital signature;
  
  digitally signing the manifest file with the manifest detached digital signature, wherein the manifest detached digital signature authenticates the manifest file;
  
  associating each of the plurality of software part files with one of a plurality of unique detached digital signatures;
  
  providing a detached digital signature file that contains the plurality of unique detached digital signatures and the manifest detached digital signature;
  
  digitally signing each of the plurality of software part files with one of the plurality of unique detached digital signatures, wherein each of the plurality of unique detached digital signatures authenticates one of the plurality of software part files; and
  
  providing a license file that includes a license signature, wherein the manifest file includes a license flag that is an indication that a license is needed to download the software part files.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. The method as recited in claim 1, comprising computing a manifest file hash value of the manifest file and extracting a manifest digital signature hash value from the manifest detached digital signature.
  - 3. The method as recited in claim 2, wherein a hash function is used to compute the manifest file hash value.
  - 4. The method as recited in claim 2, comprising comparing the manifest file hash value and the manifest digital signature hash value to determine if the manifest file hash value and the manifest digital signature hash value match one another.
  - 5. The method as recited in claim 4, comprising extracting a list of part numbers that represent the plurality of software part files from the manifest file if the manifest file hash value and the manifest digital signature hash value match one another.
  - 6. The method as recited in claim 5, comprising computing a software part file hash value for each of the plurality of software part files and comparing the software part file hash value with a respective hash value that is present in the manifest file, and wherein if the software part file hash value matches the respective hash value of the manifest file then a corresponding detached digital signature hash value is extracted from each of the plurality of unique detached digital signatures.
  - 7. The method as recited in claim 6, wherein the integrity of the plurality of software part files and the manifest file is established if each software part file hash value and the corresponding detached digital signature hash value extracted from one of the plurality of unique detached digital signatures match one another.
  - 8. The method as recited in claim 6, wherein a hash function is used to compute the software part file hash value and the detached digital signature hash value.
  - 9. The method as recited in claim 1, comprising providing the plurality of software part files and the manifest file as part of a group of tightly coupled files.
  - 10. The method as recited in claim 1, wherein the at least one control module is at least one of an infotainment module, a radio control module, a human interface (“
    - HMI”
      
      ) module, an airbag control module and a navigational control module.
  - 11. The method of claim 1, further comprising:
    - separately storing the plurality of software part files and the manifest file from corresponding unique detached digital signatures and the manifest detached digital signature.

12. A system for authenticating data files, comprising:
- a storage device having a memory for storing a plurality of software part files, a manifest file associated with the plurality of software part files, a plurality of unique detached digital signatures, and a manifest detached digital signature, the manifest file identifying each of the plurality of software part files, wherein each of the plurality of unique detached digital signature authenticates a corresponding one of the plurality of software part files, and wherein the manifest detached digital signature authenticates the manifest file, the plurality of unique detached digital signatures and the manifest detached digital signature being part of a detached digital signature file, a license file including a license signature, wherein the manifest file includes a license flag that is an indication that a license is needed to download the software part files; and
  
  at least one control module that is connected to the storage device for sending and receiving data from the storage device, the at least one control module comprising a vehicle control module of a vehicle that manages operation of a defined vehicle function through the plurality of software part files, the control module comprising;
  
  a control logic for monitoring the storage device for the plurality of software part files, the manifest file, the plurality of software part files, the plurality of unique detached digital signatures, and the manifest detached digital signature;
  
  a control logic for computing a manifest file hash value representing data contained in the manifest file;
  
  a control logic for extracting a manifest digital signature hash value from the manifest detached digital signature;
  
  a control logic for comparing the manifest file hash value with the manifest digital signature hash value and authenticating the manifest file if the manifest file hash value matches the manifest digital signature hash value;
  
  a control logic for computing a unique software part file hash value for each of the plurality of software part files and comparing the software part file hash value with a respective hash value that is present in the manifest file;
  
  a control logic for extracting a detached digital signature hash value from each of the plurality of unique detached digital signatures if the software part file hash value matches the respective hash value of the manifest file;
  
  a control logic for comparing the unique software part file hash value for each of the plurality of software part files with the detached digital signature hash value from the corresponding one of the plurality of unique detached digital signatures; and
  
  a control logic for authenticating the plurality of software part files and the manifest file if the unique software part file hash value for each of the plurality of software part files matches the detached digital signature hash value from the corresponding one of the plurality of unique detached digital signatures.
- View Dependent Claims (13, 14, 15, 16, 17, 18)
- - 13. The system as recited in claim 12, comprising a communication interface, the storage device in communication with the at least one control module through the communication interface.
  - 14. The system as recited in claim 13, wherein the communication interface is one of a universal serial bus (“
    - USB”
      
      ) interface, a wireless connection, and an 8-pin connector.
  - 15. The system as recited in claim 12, wherein the at least one control module is at least one of an infotainment module, a radio control module, a human interface (“
    - HMI”
      
      ) module, an airbag control module and a navigational control module.
  - 16. The system as recited claim 12, wherein a hash function is used to compute the manifest file hash value and the manifest digital signature hash value.
  - 17. The system as recited in claim 12, wherein a hash function is used to compute the software part file hash value and the detached digital signature hash value.
  - 18. The system as recited in claim 12, wherein the license signature is based on a vehicle identification number (“
    - VIN”
      
      ) and the manifest file.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
GM Global Technology Operations LLC (General Motors Company)
Original Assignee
GM Global Technology Operations LLC (General Motors Company)
Inventors
Sarkar, Susanta P., Alrabady, Ansaf I., Catsburg, Thomas M. P.
Primary Examiner(s)
REVAK, CHRISTOPHER A

Application Number

US13/235,763
Publication Number

US 20130073864A1
Time in Patent Office

918 Days
Field of Search

None
US Class Current

713/176
CPC Class Codes

G06F 21/64 Protecting data integrity, ...

System and method of authenticating multiple files using a detached digital signature

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

22 Citations

18 Claims

Specification

Solutions

Use Cases

Quick Links

System and method of authenticating multiple files using a detached digital signature

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

22 Citations

18 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links