Signature process

US 20020120856A1
Filed: 02/26/2001
Published: 08/29/2002
Est. Priority Date: 02/25/2000
Status: Active Grant

First Claim

Patent Images

1. Process for ensuring data integrity of software for influencing operation of a control unit of a motor vehicle, which software can be stored in a memory of the control unit, said process comprising:

providing first and second keys for encrypting and decrypting electronic data;

filing the first key for access by a control unit in the motor vehicle;

by means of the second key, signing software which is to be imported;

importing the signed software into the memory of the control unit;

checking the signature of the software by means of the first key; and

accepting the imported software when the checking has a positive result.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

In a process for ensuring the data integrity of software for influencing operation of a control unit of a motor vehicle, a pair of keys is provided for encrypting and decrypting electronic data. The first key is stored for access by a control unit in the motor vehicle, and software which is to be imported is signed by means of the second key. The signed software is imported into the memory of the control unit and the signature of the software is checked by means of the first key. The signature is accepted if the check has a positive result.

38 Citations

View as Search Results

20 Claims

1. Process for ensuring data integrity of software for influencing operation of a control unit of a motor vehicle, which software can be stored in a memory of the control unit, said process comprising:
- providing first and second keys for encrypting and decrypting electronic data;
  
  filing the first key for access by a control unit in the motor vehicle;
  
  by means of the second key, signing software which is to be imported;
  
  importing the signed software into the memory of the control unit;
  
  checking the signature of the software by means of the first key; and
  
  accepting the imported software when the checking has a positive result.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20)
- - 2. The process according to claim 1, wherein a symmetrical pair of keys is used in which both keys are identical.
  - 3. The process according to claim 1, wherein an asymmetrical pair of keys with a secret and a public key is used.
  - 4. The process according to claim 3, wherein:
    - the public key is filed for access by the control unit; and
      
      the software is signed by means of the secret key.
  - 5. The process according to claim 3, wherein:
    - a control unit in the vehicle generates an asynchronous pair of keys;
      
      the secret key is filed in the vehicle, particularly in a control unit; and
      
      the public key can be read out of the vehicle for signing software.
  - 6. The process according to claim 1, wherein the key filed in the control unit is filed in a boot sector thereof.
  - 7. The process according to claim 6, wherein after inscribing and input of the key, the boot sector is blocked and is thus protected against further access, including a writing access.
  - 8. The process according to claim 1, wherein:
    - the software is first imaged on an information having a defined length; and
      
      said information is then signed.
  - 9. The process according to claim 8, wherein a hash function is selected as the imagining function.
  - 10. The process according to claim 1, wherein:
    - at least one vehicle-individual information of a vehicle containing the control unit is added to the software;
      
      at least one vehicle-individual information is signed by means of the software;
      
      in addition to checking the signature of the software, the vehicle-individual information is also checked; and
      
      the software is accepted in the control unit only when the vehicle-individual information of the software also corresponds to that of the vehicle.
  - 11. The process according to claim 10, wherein:
    - for checking the vehicle-individual information, a vehicle-specific pair of keys is produced, in a vehicle security unit, the vehicle-individual information and a first key of the pair of keys being present, in addition to the vehicle-individual information, the second key of the pair of keys being filed in the software; and
      
      in a separate routine, a check is made in the vehicle whether the two keys of the pair of keys match, in order to accept the imported software if the answer is affirmative.
  - 12. The process according to claim 1, wherein the software is tested at least during a first running-up of the control unit, and is then correspondingly marked.
  - 13. The process according to claim 1, wherein in the event of an external access to the control unit, an access unit checks whether an authorization exists for the access.
  - 14. The process according to claim 13, wherein a code is requested by a control unit and the code is checked for validity.
  - 15. The process according to claim 13, wherein:
    - a control unit supplies a random number which is to be signed by the accessing party; and
      
      the signature is checked in the control unit, by means of an authentication key.
  - 16. The process according to claim 13, wherein:
    - when access authorization is queried, an authorization stage is determined; and
      
      access actions are accepted or not accepted as a function of the authorization stage.
  - 17. The process according to claim 1, wherein a security device in a vehicle at least aperiodically carries out an authentication test of a control unit and registers the control unit in the event of a negative result.
  - 18. The process according to claim 17, wherein a control-unit-specific secret code is filed in the control unit.
  - 19. The process according to claim 17, wherein the security device queries a control-unit-specific characteristic and checks the latter with respect to authenticity.
  - 20. The process according to claim 17, wherein during the authentication check, a key is used which is filed in at least one of the security device and in the control unit.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Bayerische Motoren Werke AG
Original Assignee
Bayerische Motoren Werke AG
Inventors
Kuhls, Burkhard, Schmidt, Ernst

Granted Patent

US 6,816,971 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/193
CPC Class Codes

G05B 19/0426   Programming the control seq...

G05B 2219/23305   Transfer program into prom ...

G05B 2219/24155   Load, enter program if devi...

G05B 2219/24159   Several levels of security,...

G05B 2219/24167   Encryption, password, user ...

G05B 2219/2637   Vehicle, car, auto, wheelchair

G06F 21/572   Secure firmware programming...

H04L 2209/84   Vehicles

H04L 63/123   received data contents, e.g...

H04L 9/3247   involving digital signatures

H04L 9/3271   using challenge-response

Signature process

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

38 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Signature process

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

38 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links