EP3092768A1 - Procédé et dispositif de libération de fonctions d'un appareil de commande - Google Patents

Procédé et dispositif de libération de fonctions d'un appareil de commande

Info

Publication number
EP3092768A1
EP3092768A1 EP14827764.3A EP14827764A EP3092768A1 EP 3092768 A1 EP3092768 A1 EP 3092768A1 EP 14827764 A EP14827764 A EP 14827764A EP 3092768 A1 EP3092768 A1 EP 3092768A1
Authority
EP
European Patent Office
Prior art keywords
authorization
unit
remote control
control unit
control device
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Ceased
Application number
EP14827764.3A
Other languages
German (de)
English (en)
Inventor
Heiko BAUR
Debojyoti Bhattacharya
Sriram SUBRAMANIAN NEELAKANTAN
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Robert Bosch GmbH
Original Assignee
Robert Bosch GmbH
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Robert Bosch GmbH filed Critical Robert Bosch GmbH
Publication of EP3092768A1 publication Critical patent/EP3092768A1/fr
Ceased legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/44Program or device authentication
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • G06F21/6236Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database between heterogeneous systems
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/06Network architectures or network communication protocols for network security for supporting key management in a packet data network
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0823Network architectures or network communication protocols for network security for authentication of entities using certificates
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0869Network architectures or network communication protocols for network security for authentication of entities for achieving mutual authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/101Access control lists [ACL]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/12Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/34Network arrangements or protocols for supporting network services or applications involving the movement of software or configuration parameters 
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/14Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using a plurality of keys or algorithms
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/30Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3271Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using challenge-response
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/08Access security
    • H04W12/082Access security using revocation of authorisation
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/84Vehicles
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0442Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply asymmetric encryption, i.e. different keys for encryption and decryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/18Network architectures or network communication protocols for network security using different networks or channels, e.g. using out of band channels

Definitions

  • the invention relates to a method and a device for releasing functions of a control unit, in particular a control unit of a motor vehicle.
  • safety-relevant data and services should only be available after they have been enabled by the diagnostic software.
  • a typical example of such a safety-relevant function is the training of a new immobilizer or the introduction of a new
  • the activation is usually carried out by means of a so-called “seed & key method" in which the test device and the control device share a secret algorithm or key, such a known method usually taking place as follows:
  • a data connection is established between the control unit and a workshop test device.
  • the diagnostic software in the test device initiates a request via the data connection to the control unit that a specific safety-relevant function is to be released.
  • the controller responds to the trial software with a random value.
  • test device Since the diagnostic software in the test device knows the secret algorithm, it is able to calculate the appropriate answer from the random value. This answer sends the test device back to the control unit.
  • the controller checks the diagnostic software's response by itself using the secret algorithm to calculate the response from the random value and compare it to the response transmitted by the tester.
  • the controller sends a feedback to the diagnostic software, whether the activation has been made or not.
  • the vehicle manufacturers hand over to the manufacturers of the test equipment and / or the diagnostic software a library which contains the corresponding seed & key algorithms. With this library, the manufacturers of the test equipment / diagnostic software are able to implement safety-related functions and safety-relevant workshops
  • An object of the invention is to provide an improved method and an improved device for enabling functions of control devices, in particular motor vehicle control devices, and in particular an improved control of access to the functions of
  • a method for enabling external access to a control device, in particular for enabling a function of a control device, wherein the control device is in particular a control device of a motor vehicle comprises the steps of: a) establishing a data connection between a remote control device and the control device;
  • Random in response to the request signal, whereupon the device generates a random value
  • Control unit stored calculation rule for calculating a
  • Storage unit of the control unit e) transmitting the generated random value to a remote from the remote control device authentication device;
  • the release of the at least one function of the control unit can in particular be done by setting an enable bit on an input of an AND gate, so that a signal that is applied to a second input of the AND gate to perform the at least one function on
  • the invention also includes a device for enabling external access to a control device, in particular a function of the control device, wherein the control device is in particular a control device of a motor vehicle, comprising: a receiving unit which is designed to receive at least one random value via a data connection; an authentication device having a response value generation unit for generating a response value corresponding to the random value, in particular by applying a calculation rule stored in a memory of the authentication device to the random value to calculate the response value; and a transmitting unit configured to send the generated response value.
  • An inventive system for enabling external access to a control unit, in particular at least one function of the control unit, wherein the control unit is in particular the control unit of a motor vehicle, has a device according to the invention for enabling external access to a
  • Control unit in particular for enabling at least one function of a control unit; and at least one spatially separated from the device for enabling external access to a control device authorization checking device for checking the authorization of one of the Authorization checking device spatially separated remote control device is formed.
  • the checking of the authorization can in particular be done by comparing a remote control device identification data record received by the receiving unit with entries in a
  • Authorization storage device of the authorization checking device are stored.
  • the system also comprises a control device with a device for generating a random value;
  • Reference value generating unit which is formed by applying a stored in a memory of the reference value generating unit
  • Calculation rule to generate the random value at least one reference value corresponding to the random value a storage unit for storing the generated reference value; a transmitting unit for transmitting the at least one random value; a receiving unit for receiving at least one response value; a comparison unit for comparing the reference value stored in the reference value memory with the at least one response value received by the reception unit, and a
  • Release unit for enabling external access to the control unit, in particular the at least one function of the control unit, when the at least one received response value matches the stored reference value.
  • at least one remote control device is in one
  • the authorization checking device and / or the authentication device can be embodied in a common central server, which is arranged spatially separate from the remote control device (s) and connectable to a plurality of remote control devices in different workshops to provide the rights to release control device functions centrally managed and assigned.
  • a central server which is arranged in particular outside the workshop, for example at a manufacturer of the remote control device at a manufacturer of the diagnostic software and / or an authorization service provider, the control over the release of these functions is improved.
  • the secret algorithm or the secret key according to the invention is stored not in each remote control device, but in a spatially separated from the remote control device, in particular in a central authentication device, the risk that the secret algorithms / keys required to calculate the response value will fall into the wrong hands can be misused and abused considerably.
  • access control to the functions of the control devices can be improved and centralized.
  • the authentication device is arranged spatially separate from the authorization checking device.
  • a plurality of authentication devices may be provided, and the authorization checking device may be configured, for example by comparing a selection criterion transmitted by the control device with entries in a selection list stored in the authorization checking device, to select one of the plurality of authentication devices for generating the response value, the random value to the transmit selected external authentication device and receive the response value from the selected external authentication device.
  • the external authentication devices may be located at the controller and / or vehicle manufacturers and operated under their control.
  • the secret information and / or algorithms necessary for generating the response value can be located on external authentication devices arranged at the manufacturers of the control devices and / or the vehicles. Devices remain. In this way, security is further enhanced by minimizing the risk of misleading and abusing safety-related information and / or algorithms when left under the direct control of manufacturers.
  • the method may also include transmitting a remote control device identification record associated with the remote control device, in particular one-to-one, from the remote control device to an authentication device, which may be spatially separated from the remote control device, and the authorization of the remote control device by the authentication device in particular by comparing the remote control device identification record transmitted by the remote control device with entries in an authorization list and / or a non-authorization list stored in an authorization storage device of the authorization verification device.
  • an authentication device which may be spatially separated from the remote control device
  • the authorization of the remote control device by the authentication device in particular by comparing the remote control device identification record transmitted by the remote control device with entries in an authorization list and / or a non-authorization list stored in an authorization storage device of the authorization verification device.
  • the transmission of the random value may also include transmitting a function identification value associated with the function to be released, in particular one-to-one, and thus enabling the authorization checking device to identify the desired function to be released, such that the authorization is checked and the Release function-specific can be done.
  • the method may include generating the random value generated in the controller via the established data connection from the
  • Control device to the remote control device and from the remote control device to the authorization check device and / or the authentication device to transmit can thus take place via a conventional data interface provided in any conventional control unit, for example an OBD interface, without the need for modifications to the control unit.
  • a conventional data interface provided in any conventional control unit, for example an OBD interface
  • no (additional) transmission device for data transmission to the authorization checking device and / or the authentication device must be formed in the control device.
  • the invention may also include providing one with the
  • Remote control device is not authorized to perform the requested function.
  • the checking of the authorization may in particular include comparing a transmitted identification data record with the entries of an authorization list and / or a non-authorization list. On a
  • White List may include workshops, control units and / or remote control devices that are authorized to perform the desired function (s), unauthorized workshops and / or unauthorized, eg stolen, vehicles, control units and / or or remote control devices may be removed from the entitlement list and / or on one
  • Non-authorization list (“black list") are detected in order to prevent the release of the requested function (s).
  • Non-authorization list (“black list”), checking the authorization of the remote control device results in a negative result and that
  • Blocking unit blocks the authentication device and / or the
  • Blockadepeicher set a blocking bit and / or a release bit at the input of an AND gate is not set, so that an activation signal from the AND gate is not forwarded, but blocked.
  • an immobilizer can be activated to render the stolen vehicle useless for the thief.
  • the authorizations may be specifiable and / or changeable by providing a password, a personal identification number and / or a symmetric or asymmetrical key, in order to make it possible to adapt the authorizations to the current circumstances.
  • the owner of a vehicle before a visit to the workshop by entries in the authorization list targeted for the planned work necessary functions and only for the remote control devices of the workshop visited.
  • the unlocking can in particular also be limited in time, so that the authorization expires automatically after the workshop visit.
  • the method comprises, by the controller over the data link, transmitting feedback to the remote control device of a successful release or non-release; the remote control device may then activate the enabled function and / or inform the user that the requested function has been released.
  • providing a response value includes calculating the response value using a predetermined, preferably secret, algorithm from the random value and / or assigning the random value using an asymmetric cryptographic method based on a pair of public and secret keys sign.
  • the random value and / or the response value is transmitted between the remote control device and the authorization checking device via an electronic data connection, by e-mail, fax, SMS, EMS (Enhanced Message Service), MMS (Multimedia Messaging Service), Instant Messaging (eg WhatsApp) and / or by phone.
  • the transmission via an electronic data connection can in particular be automatic and thus enables a particularly convenient release of the desired
  • E-mail E-mail, fax, SMS, enhanced message service (EMS), multimedia messaging service (MMS), instant messaging (e.g.
  • WhatsApp and / or telephone makes it possible to unlock the desired function (s) even if electronic data transmission is not possible, e.g. because no suitable data connection is available.
  • the random value and / or the response value are transmitted via an encrypted connection in order to prevent unauthorized spying of the data and / or manipulation of the data by third parties.
  • Both the requests and made clearances as well as all functions performed by the remote control device can be logged in order to be able to understand them in particular in case of abuse.
  • the deletion of the logs may be the responsibility of the owner and / or manufacturer of the diagnostic Software, the motor vehicle and / or the control unit reserved. Changes to the protocols are not possible to avoid subsequent manipulation.
  • an alarm message to the owner and / or manufacturer of the motor vehicle can be triggered to warn against a possible attempted abuse. Also, the release of the functions can be locked permanently or for a predetermined period.
  • control unit can in particular be assigned to one of several security classes.
  • a first public security class may include all functions that allow information such as e.g. Error memory which is accessible to all, e.g. also a breakdown service, should be available to read.
  • a second, limited safety class may include all functions that should be available only to the manufacturer (“OEM”) and manufacturer-approved workshops (“Tier I suppliers”), such as: Software updates or the deletion of (error) memory entries.
  • control unit After the control unit has been clearly identified and the authorization of the workshop or the remote control device has been confirmed, the control unit can then be reprogrammed by a free but authenticated workshop and in particular provided with an updated software.
  • additional memory may be provided by the remote control device in the authentication server, which is used to temporarily store data during the vehicle diagnosis.
  • additional memory may be provided to the controller in the authentication server, e.g. To realize counters. These are always provided during the vehicle diagnosis.
  • a third, protected security class may include all functions that should only be available after specific approval by the vehicle owner, so that these functions can not be performed without the knowledge and approval of the Vehicle owner can be performed. This may be, for example, the history of the GPS data of the vehicle, which make it possible to create a movement profile of the motor vehicle or its driver.
  • the functions of the different security classes can be defined by different passwords, PINs and / or symmetric or
  • unblocked asymmetric keys that are only known or available to authorized persons and / or organizations.
  • FIG. 1 shows a first embodiment of a system according to the invention for releasing functions of a control unit of a motor vehicle.
  • Fig. 2 shows a second embodiment of a system according to the invention for releasing functions of a control unit of a motor vehicle.
  • FIG. 1 shows a schematic view of a first exemplary embodiment of a system according to the invention for enabling functions of a control unit 4 of a motor vehicle 2.
  • the motor vehicle 2 is located in a workshop 1 and the control unit 4 of the motor vehicle 2 is connected via a suitable interface 43, e.g. a standardized vehicle communication interface (VCI), which comprises a transmitting unit 43a and a receiving unit 43b, connected wirelessly and / or by wire via a data connection 6 to a remote control device (eg a test and / or diagnostic device) 5 in the workshop 1, that a transmission of data between the controller 4 and the remote control device 5 is possible.
  • a suitable interface 43 e.g. a standardized vehicle communication interface (VCI), which comprises a transmitting unit 43a and a receiving unit 43b, connected wirelessly and / or by wire via a data connection 6 to a remote control device (eg a test and / or diagnostic device) 5 in the workshop 1, that a transmission of data between the controller 4 and the remote control device 5 is possible.
  • VCI vehicle communication interface
  • the remote control device 5 is connected via a wireless and / or wired data connection 7, which may in particular also include the Internet, connected to a central server 8.
  • the central server 8 is typically located outside the workshop 1 and is accessible via suitable data Connections 7 with several remote control devices 5, which can be located in particular, in different, spatially separate workshops 1, connectable. For reasons of clarity, only one data connection with a single remote control device 5 is shown in FIG.
  • the invention also includes systems in which the server 8 is arranged within the workshop 1 in order to authenticate all the remote control devices 5 of the respective workshop 1.
  • the remote control device 5 makes a request to release a protected function of the control device 4 via the data connection 6 established between the remote control device 5 and the control device 4.
  • a random number generator 41 formed in the control device 4 is, a random value.
  • a reference value generation unit 42 also provided in the control unit 4 generates a reference value corresponding to the random value by applying a calculation rule stored in a memory of the reference value generation unit 42, and stores the reference value in a memory device 42a.
  • the random value can also be stored in the memory device 42a in order to be able to generate the associated reference value later.
  • the random value generated by the random generator 41 is transmitted via the interface 43 to a first transmitting and receiving unit 51 of the remote control device 5 and transmitted from a second transmitting and receiving unit 52 of the remote control device 5 to a receiving unit 81 of the server 8.
  • the identification data set can in particular unique identification features, such.
  • Example, the vehicle identification number (VIN) of the vehicle 2 and / or the "Media Access Control Address"("MACaddress") of the remote control device 5 and encoded and / or signed by the remote control device 5 to the receiving unit 81 of the server 8 are transmitted .
  • An authorization checking device 82 embodied in the server 8 uses the transmitted information, in particular by comparing the transmitted identification data set with the records of an authorization database stored in an authorization storage device 82a, to check whether the remote control device 5 and / or the workshop 1 are authorized to check the requested function unlock or activate.
  • an authentication device 83 likewise formed within the server 8, is generated , from the transmitted random value, a response value which is transmitted via a transmitting unit 84 of the server 8 again to the remote control device 5 and from the first transmitting and receiving unit 51 of the remote control device 5 to the control unit 4 of the vehicle 2.
  • the authentication device 83 in particular has a response value calculation unit 85 with a memory in which at least one secret algorithm is stored, which makes it possible to calculate a corresponding response value from the transmitted random value.
  • the response value calculation unit 85 may also be configured as a signing unit that signs the random value using an asymmetric cryptographic method with a secret key stored in a memory of the response value calculation unit 85.
  • a comparison and release unit 45 implemented in the control unit 4 compares the response value transmitted from the server 8 via the remote control device 5 to the control unit 4 with the reference value previously generated by the reference value generation unit 42 from the random value and stored in the memory unit 42a, and outputs the requested ( n) Function (s) of the
  • Control unit 4 (only) free, if the received response value with the
  • the server 8 also has an input device 86, which may be formed as a keyboard, touch screen and / or Internet portal, and it the vehicle owner or other authorized persons, for. As employees of the manufacturer or the approval authority, allows to modify the stored in the authorization storage device 82a permissions for the release of functions of the control unit 4.
  • the authorizations can be adapted in this way individually to the respective current situation.
  • the functions required for the intended work can be selectively activated only for the workshop 1 visited and the remote control devices (test and diagnostic devices) 5 present in the workshop 1.
  • the remote control devices (test and diagnostic devices) 5 present in the workshop 1.
  • all functions of the control unit 4 of the vehicle 2 can be disabled and / or an immobilizer activated to make the vehicle 2 unusable for the thief.
  • suitable software e.g. as an "App” or as a PC application, Alternatively or additionally, a browser-based access can be provided.
  • the release can also be coupled with a payment system in order to release paid services only after a corresponding payment ("pay-per-use").
  • an input device 3 can also be provided on or in the motor vehicle 2, which allows the driver and / or vehicle owner to carry out the desired modifications of the authorizations.
  • the inputs of the driver and / or vehicle owner are transmitted from the input unit 3 via the control unit 4 and the remote control device 5 to the server 8 and in particular to the authorization checking device 82 to modify the entries in the authorization storage device 82a.
  • the prerequisite for the modification of entries in the authorization storage device 82a may be the provision of a password, a personal identification number and / or a symmetric or asymmetric key to prevent unauthorized access to the entries in the
  • Authorization storage device 82a effectively prevent.
  • the rights to modify the authorizations may be transferred from the seller to the buyer. In this case, the rights of the previous owner (seller) and the authorizations granted by him expire.
  • Fig. 2 shows schematically a second embodiment of a system according to the invention.
  • the authentication device 83 is not formed together with the authentication device 82 within a common server 8.
  • an additional transmitting / receiving unit 88 is provided in the server 8 in addition to the authorization checking device 82, which can be set up via at least one suitable data connection 7, which in particular can also be established via the Internet, with external authentication devices 83a, 83b, 83c, for example are held and operated by motor vehicle manufacturers connected.
  • the transceiver 88 selects an appropriate external authentication device 83a, 83b, 83c , in particular the authentication device 83a, 83b, 83c of the manufacturer of the control unit 4 and / or of the motor vehicle 2, and the random value is transmitted to the selected authentication device 83a, 83b, 83c.
  • the selected authentication device 83a, 83b, 83c calculates a response value corresponding to the transmitted random value.
  • the response value is transmitted via the data connection 7, the transmitting and receiving unit 88 and the transmitting device 84 to the remote control device 5 and from the remote control device 5 via the data link 6 to the control unit 4 of the motor vehicle 2 and evaluated there, as described in detail for the first embodiment has been described.
  • the security of the system is further increased because the necessary for the calculation of the response value secret algorithms and / or keys on the Authentifi- Z istsvortechniken 83a, 83b, 83c of the manufacturer and thus remain under their complete control.
  • the data transmission between the authorization checking device 82, the remote control device 5 and / or the at least one authentication device 83a, 83b, 83c can in particular be encrypted and / or signed, wherein in particular an asymmetric encryption and signature method based on a pair of secret and a public key, can be used to effectively prevent interception and / or manipulation of the data in the transmission path.
  • the calculation of the response value by the authentication devices 83, 83a, 83b, 83c of the first or second embodiment can be performed using a secret seed & key algorithm.
  • the random value can be signed with a secret key and the signature can under

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computing Systems (AREA)
  • General Health & Medical Sciences (AREA)
  • Health & Medical Sciences (AREA)
  • General Physics & Mathematics (AREA)
  • Physics & Mathematics (AREA)
  • Software Systems (AREA)
  • Bioethics (AREA)
  • Medical Informatics (AREA)
  • Databases & Information Systems (AREA)
  • Lock And Its Accessories (AREA)
  • Selective Calling Equipment (AREA)

Abstract

L'invention concerne un procédé de libération d'au moins une fonction d'un appareil de commande (4), en particulier d'un appareil de commande (4) d'un véhicule automobile (2). Ledit procédé comprend les étapes suivantes : a) la génération d'une valeur aléatoire dans l'appareil de commande (4) ; b) le calcul, par l'appareil de commande (4), d'une valeur de référence à partir de la valeur aléatoire ; c) la transmission de la valeur aléatoire à un dispositif de commande à distance (5) et, par le dispositif de commande à distance (5), à un serveur (8) ; d) la vérification par le serveur (8) de l'autorisation du dispositif de commande à distance (5) transmettant la valeur aléatoire (5), et dans le cas où une autorisation du dispositif de commande à distance (5) est donnée : e) la génération par le serveur (8) d'une valeur de réponse à partir de la valeur aléatoire ; f) la transmission de la valeur de réponse au dispositif de commande à distance (5) et, par le dispositif de commande à distance (5), à l'appareil de commande (4) ; g) la comparaison de la valeur de réponse à la valeur de référence et, si la valeur de réponse concorde avec la valeur de référence, la libération de la ou des fonctions de l'appareil de commande (4).
EP14827764.3A 2014-01-08 2014-12-22 Procédé et dispositif de libération de fonctions d'un appareil de commande Ceased EP3092768A1 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
DE102014200116.1A DE102014200116A1 (de) 2014-01-08 2014-01-08 Verfahren und Vorrichtung zur Freigabe von Funktionen eines Steuergerätes
PCT/EP2014/078982 WO2015104180A1 (fr) 2014-01-08 2014-12-22 Procédé et dispositif de libération de fonctions d'un appareil de commande

Publications (1)

Publication Number Publication Date
EP3092768A1 true EP3092768A1 (fr) 2016-11-16

Family

ID=52354938

Family Applications (1)

Application Number Title Priority Date Filing Date
EP14827764.3A Ceased EP3092768A1 (fr) 2014-01-08 2014-12-22 Procédé et dispositif de libération de fonctions d'un appareil de commande

Country Status (5)

Country Link
US (1) US9965637B2 (fr)
EP (1) EP3092768A1 (fr)
CN (1) CN105900394A (fr)
DE (1) DE102014200116A1 (fr)
WO (1) WO2015104180A1 (fr)

Families Citing this family (18)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
FR3031268B1 (fr) * 2014-12-30 2017-01-13 Valeo Comfort & Driving Assistance Procede d’inscription d’un utilisateur a un service de commande d’une fonctionnalite d’un vehicule au moyen d’un terminal utilisateur
EP3056706A1 (fr) 2015-02-16 2016-08-17 Honeywell International Inc. Approche de modélisation de système de post-traitement et d'identification de modèle
JP6262681B2 (ja) * 2015-03-26 2018-01-17 Kddi株式会社 管理装置、車両、管理方法、及びコンピュータプログラム
DE102015214513A1 (de) * 2015-07-30 2017-02-02 Robert Bosch Gmbh Konfigurierbare Kommunikationsvorrichtung und Verfahren zum Konfigurieren einer konfigurierbaren Kommunikationsvorrichtung
EP3734375B1 (fr) 2015-07-31 2023-04-05 Garrett Transportation I Inc. Résolveur de programme quadratique pour mpc utilisant une commande variable
US10272779B2 (en) 2015-08-05 2019-04-30 Garrett Transportation I Inc. System and approach for dynamic vehicle speed optimization
US10036338B2 (en) 2016-04-26 2018-07-31 Honeywell International Inc. Condition-based powertrain control system
US10728249B2 (en) 2016-04-26 2020-07-28 Garrett Transporation I Inc. Approach for securing a vehicle access port
US10124750B2 (en) 2016-04-26 2018-11-13 Honeywell International Inc. Vehicle security module system
WO2018101918A1 (fr) 2016-11-29 2018-06-07 Honeywell International Inc. Capteur de flux inférentiel
US11074360B2 (en) * 2017-01-05 2021-07-27 Revivermax, Inc. User controlled access to vehicle relevant information
US11057213B2 (en) 2017-10-13 2021-07-06 Garrett Transportation I, Inc. Authentication system for electronic control unit on a bus
DE102017222129A1 (de) * 2017-12-07 2019-06-13 Robert Bosch Gmbh Verfahren und System zum Bestätigen der Identität eines Fahrzeugs
FR3082639B1 (fr) * 2018-06-19 2020-10-23 Psa Automobiles Sa Procede et dispositif de detection de requete de diagnostic frauduleuse sur un vehicule.
KR20200057515A (ko) * 2018-11-16 2020-05-26 현대자동차주식회사 차량의 보안 전략 제공 장치 및 방법
DE102018222864B3 (de) * 2018-12-21 2020-02-20 Volkswagen Aktiengesellschaft Verfahren zum Deaktivieren eines Kraftfahrzeugs, Deaktivierungssystem für ein Kraftfahrzeug und Kraftfahrzeug
JP7008661B2 (ja) * 2019-05-31 2022-01-25 本田技研工業株式会社 認証システム
US20210027334A1 (en) * 2019-07-23 2021-01-28 Ola Electric Mobility Private Limited Vehicle Communication System

Family Cites Families (13)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
DE4329697C2 (de) * 1993-09-02 1995-10-05 Siemens Ag Fernsteuerbare Zugangskontrolleinrichtung
DE19748054A1 (de) * 1997-10-30 1999-05-12 Bosch Gmbh Robert Verfahren zum Betrieb eines Mobiltelefons und Mobiltelefon
DE19861116C2 (de) * 1998-07-17 2002-05-02 Siemens Ag Zugangskontrolleinrichtung für ein Kraftfahrzeug und Verfahren zum Einstellen der Empfindlichkeit der Zugangskontrolleinrichtung
EP1069265A3 (fr) * 1999-07-01 2004-01-21 Siemens Aktiengesellschaft Dispositif d'autorisation d'entrée et dispositif d'autorisation combinée d'entrée et d'utilisateur
DE10152508B4 (de) * 2001-10-24 2008-01-31 Robert Bosch Gmbh Verfahren zum Aktivieren eines Systems zur Steuerung und/oder Regelung von Betriebsabläufen in einem Kraftfahrzeug mit mehreren gleichberechtigten Steuergeräten
DE102004050882A1 (de) 2004-10-19 2006-05-04 Siemens Ag Adapter zum Nachflashen von Steuergerätesoftware
EP1910134B1 (fr) * 2005-07-19 2013-05-15 baimos technologies GmbH Systeme d'identification et/ou de fermeture servant a identifier et/ou deverrouiller un systeme technique et procede de fonctionnement dudit systeme
DE102006040836A1 (de) * 2006-08-31 2008-04-10 Bayerische Motoren Werke Ag System aus Steuergeräten in einem Kraftfahrzeug mit geschütztem Diagnosezugriff
DE102008036678A1 (de) * 2008-08-06 2010-02-11 Dr.Ing.H.C.F.Porsche Aktiengesellschaft Systemarchitektur für Kraftfahrzeuge mit Freigabeschnittstellen für deren Inbetriebnahme
CN101414180A (zh) * 2008-11-07 2009-04-22 深圳创维-Rgb电子有限公司 一种远程控制的方法、系统及远程控制设备
US8769288B2 (en) * 2011-04-22 2014-07-01 Alcatel Lucent Discovery of security associations
US9280653B2 (en) * 2011-10-28 2016-03-08 GM Global Technology Operations LLC Security access method for automotive electronic control units
DE102011118234A1 (de) * 2011-11-11 2013-05-16 Audi Ag Verfahren und System zur Freigabe einer technischen Vorrichtung

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
None *
See also references of WO2015104180A1 *

Also Published As

Publication number Publication date
US20160330204A1 (en) 2016-11-10
WO2015104180A1 (fr) 2015-07-16
DE102014200116A1 (de) 2015-07-09
CN105900394A (zh) 2016-08-24
US9965637B2 (en) 2018-05-08

Similar Documents

Publication Publication Date Title
EP3092768A1 (fr) Procédé et dispositif de libération de fonctions d'un appareil de commande
DE102012110499B4 (de) Sicherheitszugangsverfahren für elektronische Automobil-Steuergeräte
DE102015103020B4 (de) Verfahren zum bereitstellen einer benutzerinformation in einem fahrzeug unter verwendung eines kryptografischen schlüssels
DE102017209961B4 (de) Verfahren und Vorrichtung zum Authentisieren eines Nutzers an einem Fahrzeug
DE102006015212B4 (de) Verfahren zum Schutz eines beweglichen Gutes, insbesondere eines Fahrzeugs, gegen unberechtigte Nutzung
EP2689553B1 (fr) Appareil de commande pour véhicule automobile avec dispositif cryptographique
DE102016218986B4 (de) Verfahren zur Zugriffsverwaltung eines Fahrzeugs
DE102015005232B4 (de) Steuern einer Freischaltberechtigung eines Kraftfahrzeugs
DE102013202716A1 (de) Verfahren und Vorrichtung zum Freischalten mindestens einer softwarebasierten Funktion in mindestens einer elektronischen Steuereinheit eines Kraftfahrzeugs
CH705781A1 (de) Benutzerrechteverwaltung und Zugangskontrollsystem mit Zeitbeschränkung.
DE102014219502A1 (de) System und Verfahren für einen beschränkten Zugang zu einem Fahrzeug
EP2235598A1 (fr) Appareil de terrain et son procédé de fonctionnement
EP3009992A1 (fr) Procede et dispositif de gestion d'autorisations d'acces
DE102018202173A1 (de) Verfahren und Vorrichtung zur Authentifizierung eines Nutzers eines Fahrzeugs
DE102015211104A1 (de) Verfahren zur Bereitstellung von Authentifizierungsfaktoren
WO2016041843A1 (fr) Procédé et agencement permettant d'autoriser une action au niveau d'un système en libre-service
WO2017144649A1 (fr) Sécurisation d'autorisations d'accès à des installations fixes
DE102016218988A1 (de) Kommunikationssystem
DE102018204842A1 (de) Verfahren zum Betreiben eines Kraftfahrzeugs, Authentifizierungseinrichtung, Speichermedium, Kraftfahrzeug, mobiles portables Endgerät, Datenservereinrichtung zum Betreiben im Internet
EP4176361B1 (fr) Procédé et système de démarrage ou de gestion d'un dispositif de commande hors ligne
DE102010063401A1 (de) Verfahren zum Bereitstellen eines Zugangs
DE102017215000A1 (de) Steuerung einer Funktion eines Kraftfahrzeugs
EP3312753B1 (fr) Élément de sécurité physique pour réinitialiser un mot de passe
EP3968291A1 (fr) Procédé d'autorisation d'utilisation, ainsi que dispositif d'autorisation de fonction correspondant
EP3659057A1 (fr) Procédé de gestion d'accès à un dispositif et système d'accès

Legal Events

Date Code Title Description
PUAI Public reference made under article 153(3) epc to a published international application that has entered the european phase

Free format text: ORIGINAL CODE: 0009012

17P Request for examination filed

Effective date: 20160808

AK Designated contracting states

Kind code of ref document: A1

Designated state(s): AL AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HR HU IE IS IT LI LT LU LV MC MK MT NL NO PL PT RO RS SE SI SK SM TR

AX Request for extension of the european patent

Extension state: BA ME

DAX Request for extension of the european patent (deleted)
17Q First examination report despatched

Effective date: 20190212

REG Reference to a national code

Ref country code: DE

Ref legal event code: R003

STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: THE APPLICATION HAS BEEN REFUSED

18R Application refused

Effective date: 20191116