Method and system of reconstructing a secret code in a vehicle for performing secure operations

US 8,799,657 B2
Filed: 08/02/2012
Issued: 08/05/2014
Est. Priority Date: 08/02/2012
Status: Active Grant

First Claim

Patent Images

1. A method for constructing a secret code in a processing unit when in communication with a portable security unit, wherein the processing unit and portable security unit each contain respective volatile and non-volatile memory, and wherein the processing unit uses the security code to perform a secure operation, the method comprising the steps of:

linking the portable security unit with the processing unit;

exchanging mutual authentication messages between the portable security unit and the processing unit as a condition to continuing the method;

communicating a first portion of the secret code stored in the non-volatile memory of the portable security unit to the processing unit;

combining a second portion of the secret code stored in the non-volatile memory of the processing unit with the first portion of the secret code;

storing at least the first portion of the secret code in a volatile memory of the processing unit;

performing the secure operation using the secret code;

splitting the combined secret code into two parts and storing a first part in the non-volatile memory of the portable security unit and a second part in the non-volatile memory of the processing unit;

de-linking the portable security unit from the processing unit, the first part of the secret code being stored in the non volatile memory of the portable security unit prior to de-linking the portable security unit from the processing unit; and

deleting at least a portion of the secret code from the volatile memory of the processing unit.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method is provided for constructing a secret code in a processing unit when in communication with a portable security unit. Mutual authentication messages are exchanged between a linked portable security unit and processing unit. A first portion of the secret code is communicated to the processing unit. The processing unit combines the first portion and a second portion of the secret code stored in the non-volatile memory of the processing unit. The secret code is stored in a volatile memory of the processing unit. A secure operation is performed using the secret code. The portable security unit is de-linked from the processing unit. At least a portion of the secret code is deleted from the volatile memory of the processing unit.

28 Citations

View as Search Results

23 Claims

1. A method for constructing a secret code in a processing unit when in communication with a portable security unit, wherein the processing unit and portable security unit each contain respective volatile and non-volatile memory, and wherein the processing unit uses the security code to perform a secure operation, the method comprising the steps of:
- linking the portable security unit with the processing unit;
  
  exchanging mutual authentication messages between the portable security unit and the processing unit as a condition to continuing the method;
  
  communicating a first portion of the secret code stored in the non-volatile memory of the portable security unit to the processing unit;
  
  combining a second portion of the secret code stored in the non-volatile memory of the processing unit with the first portion of the secret code;
  
  storing at least the first portion of the secret code in a volatile memory of the processing unit;
  
  performing the secure operation using the secret code;
  
  splitting the combined secret code into two parts and storing a first part in the non-volatile memory of the portable security unit and a second part in the non-volatile memory of the processing unit;
  
  de-linking the portable security unit from the processing unit, the first part of the secret code being stored in the non volatile memory of the portable security unit prior to de-linking the portable security unit from the processing unit; and
  
  deleting at least a portion of the secret code from the volatile memory of the processing unit.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. The method of claim 1 further comprising the steps of splitting the secret code into two parts and storing a first part in the non-volatile memory of the portable security unit and a second part in the non-volatile memory of the processing unit.
  - 3. The method of claim 1 wherein the first portion of the secret code and the second portion of the secret code are encrypted based on a first key, wherein the first key is not stored in the portable security unit, and wherein the first key is used to decrypt the first portion of the secret code and the second portion of the secret code, and wherein the first key is stored in a non-volatile memory of the processing unit.
  - 4. The method of claim 3 further comprising the steps of:
    - generating a next encryption key for replacing the first key used to decrypt the first portion and second portion of the secret code;
      
      encrypting the first part of the secret code using the next encryption key;
      
      storing the first part of the secret code encrypted by the next encryption key in the portable security unit; and
      
      deleting the first key from the non-volatile memory of the processing unit.
  - 5. The method of claim 4 wherein the deleting of the first part of the secret code from the volatile memory of the portable security unit and deleting the first key from the non-volatile memory of the processing unit is performed after an acknowledgment that the first part of the secret code encrypted by the next encryption key has been successfully stored in the portable security unit.
  - 6. The method of claim 3 wherein the portable security unit includes a dongle embedded in an ignition key for a vehicle, wherein the processing unit includes an electronic control unit of a vehicle, wherein mutual authentication is performed when the ignition key is turned to an on position, wherein the dongle communicates the first portion of the secret code to the electronic control unit in response to a successful mutual authentication between the dongle and the electronic control unit, wherein the first key stored in the non-volatile memory of the electronic control unit decrypts the combined first portion of the secret code and the second portion of the secret code, and wherein secret code is stored in the volatile memory of the electronic control unit.
  - 7. The method of claim 6 wherein a next encryption key is generated for replacing the first key stored in the non-volatile memory of the electronic control unit, wherein the first part of the secret code is encrypted using the next encryption key, wherein first part of the secret code encrypted by the next encryption key is stored in the dongle prior to an engine being turned off, and wherein the first key is deleted from the non-volatile memory of the processing unit prior to the ignition key being removed from an ignition slot.
  - 8. The method of claim 1 wherein a symmetrical authentication key is stored in both the portable security unit and the processing unit for authenticating respective authentication signals transmitted between the portable security unit and the processing unit.
  - 9. The method of claim 1 wherein the mutual authentication includes a first authentication signal sent from one of the portable security unit or processing unit to the other of the portable security unit or processing unit, and a second authentication signal being sent from the other of the portable security unit or processing unit to the one of the portable security unit or processing unit.
  - 10. The method of claim 1 wherein the secure operation is comprised of an engine start operation.
  - 11. The method of claim 1 wherein the secure operation is comprised of signing a digital message.

12. A vehicle security system comprising:
- a processing unit for constructing a secret code, the processing unit having a non-volatile memory and a volatile memory; and
  
  a portable security unit for linking to the processing unit, the portable security unit communicating with the processing unit for performing mutual authentication between the portable security unit and the processing unit in response to being linked to one another, the portable security unit having a non-volatile memory for storing a first portion of the secret code;
  
  wherein the first portion of the secret code is communicated to the processing unit in response to a successful mutual authentication between the portable security unit and the processing unit, wherein the first portion of the secret code is combined with a second portion of the secret code stored in the non-volatile memory of the processing unit, wherein a secure operation is performed using the secret code, wherein the combined secret code is split into two parts, wherein a first part is stored in the non-volatile memory of the portable security unit and a second part in the non-volatile memory of the processing unit, and wherein the first part of the secret code is stored in the non volatile memory of the portable security unit prior to de-linking the portable security unit from the processing unit.
- View Dependent Claims (13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23)
- - 13. The vehicle security system of claim 12 further comprising a first key for decrypting and encrypting the first portion of the secret code and the second portion of the secret code, the first key being stored only in the non-volatile memory of the processing unit, wherein the combined portions of the secret code are decrypted using the first key stored in the processing unit for performing the secure operation.
  - 14. The vehicle security system of claim 13 wherein at least a portion of the decrypted secret code is deleted from the non-volatile memory of the processing unit after the portable security unit is de-linked from the processing unit.
  - 15. The vehicle security system of claim 13 wherein the processing unit generates a next encryption key for replacing the first key used to decrypt the first portion and second portion of the secret code, wherein the secret code is split into two parts, wherein the processing unit encrypts a first part of the secret code and a second part of the secret code using the next encryption key, wherein the portable security unit stores the first part of the secret code encrypted by the next encryption key in the non-volatile memory of the portable security unit, and wherein the processing unit deletes the first key from the non-volatile memory of the processing unit.
  - 16. The vehicle security system of claim 13 wherein the portable security unit includes a dongle.
  - 17. The vehicle security system of claim 16 wherein the dongle is integral to an ignition key.
  - 18. The vehicle security system of claim 13 wherein the processing unit is an electronic control unit within the vehicle.
  - 19. The vehicle system of claim 18 wherein the wherein the electronic control unit communicates the first part of the secret code encrypted by the next encryption key to the dongle prior to the engine turning off.
  - 20. The vehicle security system of claim 19 wherein the processing unit deletes at least the portion of the secret code from the volatile memory of the processing unit after an acknowledgment is received from the portable security unit that the first part of the secret code encrypted using the next encryption key is successfully stored in the portable security unit.
  - 21. The vehicle security system of claim 20 wherein the wherein the processing unit deletes the first key from the non-volatile memory of the vehicle after an acknowledgement that the first part of the secret code encrypted by the next encryption key is successfully stored in the dongle.
  - 22. The vehicle security system of claim 12 wherein the secure operations includes using the secret code for enabling an engine start operation.
  - 23. The vehicle security system of claim 12 further comprising a symmetric key stored in the portable security unit and in the processing unit, wherein the symmetric key stored in both the portable security unit and the processing unit is used to mutually authenticate the portable security unit and the processing unit.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
GM Global Technology Operations LLC (General Motors Company)
Original Assignee
GM Global Technology Operations LLC (General Motors Company)
Inventors
Bhattacharya, Debojyoti, Chakrabarty, Sugato, Bellur, Bhargav Ramchandra
Primary Examiner(s)
PYZOCHA, MICHAEL J

Application Number

US13/564,943
Publication Number

US 20140037092A1
Time in Patent Office

733 Days
Field of Search

380/259, 713/171, 307/10.3
US Class Current

713/171
CPC Class Codes

G07C 2009/00769   with data transmission perf...

G07C 9/00174   Electronically operated loc...

G07C 9/00309   operated with bidirectional...

H04L 2209/84   Vehicles

H04L 9/0891   Revocation or update of sec...

H04L 9/3242   involving keyed hash functi...

H04L 9/3273   for mutual authentication n...

Method and system of reconstructing a secret code in a vehicle for performing secure operations

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

28 Citations

23 Claims

Specification

Solutions

Use Cases

Quick Links

Method and system of reconstructing a secret code in a vehicle for performing secure operations

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

28 Citations

23 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links