EP3932001A1 - Verfahren und vorrichtung für symmetrische kryptografie für einen fahrzeugprozessor - Google Patents

Verfahren und vorrichtung für symmetrische kryptografie für einen fahrzeugprozessor

Info

Publication number
EP3932001A1
EP3932001A1 EP20707718.1A EP20707718A EP3932001A1 EP 3932001 A1 EP3932001 A1 EP 3932001A1 EP 20707718 A EP20707718 A EP 20707718A EP 3932001 A1 EP3932001 A1 EP 3932001A1
Authority
EP
European Patent Office
Prior art keywords
secret key
final value
internal counter
encrypted
request
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
EP20707718.1A
Other languages
English (en)
French (fr)
Inventor
Mamadou Moustapha Ndoye
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Stellantis Auto SAS
Original Assignee
PSA Automobiles SA
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by PSA Automobiles SA filed Critical PSA Automobiles SA
Publication of EP3932001A1 publication Critical patent/EP3932001A1/de
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0869Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/57Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
    • G06F21/572Secure firmware programming, e.g. of basic input output system [BIOS]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/0825Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using asymmetric-key encryption or public key infrastructure [PKI], e.g. key signature or public key certificates
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/84Vehicles

Definitions

  • the invention relates to the exchange of data between different computer systems such as an electronic box or a vehicle computer (in particular of the automotive type) and a off-board system.
  • the invention also relates to methods and devices for the encryption and / or decryption of such data.
  • Contemporary vehicles have a number of computers each providing one or more functions, such as, for example, management of driving assistance, traction control, electronic brake distribution or even the control of actuators to ensure operation. optimum of a combustion engine.
  • Asymmetric encryption uses a combination of public key and private key (a public key infrastructure type system) to encrypt and decrypt data. Such a technology, however, requires significant computing capacities and slows down the data exchange process.
  • the mixed solution sets up a transmission of the secret key of the computer encrypted with the public key of the disembarked system.
  • the unloaded system can then encrypt the data to be transmitted to the computer with the secret key of the computer.
  • This solution is however complex to implement and requires redeploying a new public key in all the computers in the event of compromise of the public key of the off-board system.
  • An object of the present invention is to provide a symmetric encryption mechanism with enhanced security against the compromise of the secret key used in the encryption (also called encryption) of the data.
  • the invention relates to a method for decrypting data encrypted from a secret key, the method being implemented in a first device, the method comprising the steps of:
  • the decryption is implemented only if the time between the transmission of at least one request and the start of reception of the encrypted data is less than a determined time.
  • the method further comprises a step of verifying that the encrypted data received has been encrypted with the secret key.
  • the increment time step of the first internal counter is identical to the increment time step of the second internal counter, the increment time step being greater than a maximum propagation time of a signal between the first device. and the second device.
  • the invention relates to a device for decrypting data encrypted from a secret key, the device being called the first device and comprising:
  • the decryption is implemented only if the time between the transmission of at least one request and the start of reception of the encrypted data is less than a determined time.
  • the device further comprises means for verifying that the encrypted data received has been encrypted with the secret key.
  • the increment time step of the first internal counter is identical to the increment time step of the second internal counter, the increment time step being greater than a maximum propagation time of a signal between the first device. and the second device.
  • the invention relates to an on-board system in a vehicle comprising one or more devices as described above according to the second aspect of the invention.
  • the invention relates to a vehicle, for example of the automobile type, comprising one or more devices as described above according to the second aspect of the invention.
  • the invention relates to a computer program which comprises instructions adapted for the execution of the steps of the method according to the first aspect of the invention, this in particular when the computer program is executed by at least one. processor.
  • Such a computer program can use any programming language, and be in the form of a source code, an object code, or an intermediate code between a source code and object code, such as in partially compiled form, or in any other desirable form.
  • the invention relates to a recording medium readable by a computer on which is recorded a computer program comprising instructions for carrying out the steps of the method according to the first aspect of the invention.
  • the recording medium can be any entity or device capable of storing the program.
  • the medium may comprise a storage means, such as a ROM memory, a CD-ROM or a ROM memory of the microelectronic circuit type, or else a magnetic recording means or a hard disk.
  • this recording medium can also be a transmissible medium such as an electrical or optical signal, such a signal being able to be conveyed via an electrical or optical cable, by conventional or hertzian radio or by self-directed laser beam or by other ways.
  • the computer program according to the invention can in particular be downloaded over an Internet-type network.
  • the recording medium can be an integrated circuit in which the computer program is incorporated, the integrated circuit being adapted to execute or to be used in the execution of the method in question.
  • FIG. 1 schematically illustrates an environment for the exchange of encrypted data between one or more first devices on the one hand and a second device on the other hand, according to a particular embodiment of the present invention
  • FIG. 2 schematically illustrates a first device of FIG. 1, according to a particular embodiment of the present invention
  • FIG. 3 schematically illustrates a second device of FIG. 1, according to a particular embodiment of the present invention
  • FIG. 4 illustrates a flowchart of the various steps of a data exchange process between one of the first devices and the second device of FIG. 1, according to a particular embodiment of the present invention
  • FIG. 5 illustrates a timing diagram associated with part of the operations of the process of FIG. 4, according to a particular embodiment of the present invention
  • FIG. 6 illustrates a flowchart of the various steps of a method for decrypting encrypted data implemented in one of the first devices in FIG. 1, according to a particular embodiment of the present invention
  • FIG. 7 illustrates a flowchart of the various steps of a data encryption method implemented in the second device of FIG. 1, according to a particular embodiment of the present invention.
  • a method for deciphering encrypted data using a secret key is implemented in a first device, for example a computer of a system on board a vehicle.
  • Data decryption is also called data decryption.
  • the method comprises generating a random duration, for example expressed in seconds or milliseconds.
  • a first final value of a first internal counter of the first device is determined as a function of the random duration.
  • One or more requests are transmitted to a second device corresponding, for example, to an off-board system responsible for transmitting data to the first device, for example update data for software installed on the first device. These requests allow the second device to determine a second final value of a second internal counter of the second device. The request or requests are transmitted in such a way that the second final value is identical to the first final value.
  • the secret key is generated by the first device using the first final value and the same secret key is also generated by the second device using the second final value.
  • the data to be transmitted by the second device to the first device is encrypted (or encrypted) by the second device with the secret key that the second device has generated.
  • These encrypted data are then received by the first device and then decrypted (or decrypted) by the first device using the secret key generated by the first device. After the encrypted data is received and decrypted, the first device resets the random duration value, the first final value, and the secret key. The first device also transmits to the second device a request for the second device to reset the second final value and the secret key.
  • Such a method avoids the exchange of the secret key between the first device and the second device, which limits the risks of interception and compromise of the secret key by an unauthorized third party, since the first device and the second device generate the same secret key on the basis of final values of identical internal counters but determined independently at the level of the first device on the one hand and of the second device on the other hand.
  • the reinitialization of parameters internal to the first device and to the second device makes it possible to generate a new secret key for each exchange of data between the first device and the second device.
  • the secret key for example
  • FIG. 1 schematically illustrates an environment 1 for the exchange of encrypted data between one or more first devices 102, 103, 104 on the one hand and a second device 101 on the other hand, according to a particular and non-limiting exemplary embodiment of the present invention.
  • Each first device 102, 103, 104 corresponds for example to a computer, for example a computer of UCE type.
  • An ECU is made up of an electronic computer and one or more on-board software which carry out one or more servos.
  • the first devices 102, 103, 104 belong for example to a system 10, advantageously on board a vehicle, for example of the automobile type.
  • the computers 102, 103, 104 form for example a multiplexed architecture for the realization of various useful services for the correct operation of the vehicle and to assist the driver and / or the passengers of the vehicle in the control of the vehicle.
  • the first devices 102, 103 and 104 communicate and exchange data with each other via one or more computer buses, for example a communication bus 11 of the CAN data bus type (from the English "Controller Area Network "Or in French” Network of controllers ").
  • Each first device 102, 103, 104 is for example connected in communication with the second device 101.
  • the second device 101 corresponds for example to an external device of a disembarked system.
  • Each first device 102, 103, 104 is connected to the second device via a wired or wireless connection.
  • the second device 101 is for example a remote server of the “cloud” (or “cloud” in French).
  • One or more first devices for example load the software updates stored for downloading in the second device 101 via for example the Internet with an OTA type connection (from English "over-the-air", or in French " by air ').
  • the data representative of the downloaded updates are advantageously encrypted (or encrypted) by implementing the method described with reference to FIGS. 4, 6 and / or 7.
  • first devices 102, 103, 104 of the system 10 is not limited to 3 and extends to any number, for example 10, 20, 50, 100 or more of first devices.
  • An example of a hardware embodiment of such a first device is described in look at FIG. 2.
  • An example of a hardware embodiment of a second device 101 is described with regard to FIG. 3.
  • FIG. 2 schematically illustrates a first device 2, according to a particular and non-limiting exemplary embodiment of the present invention.
  • the first device 2 advantageously corresponds to the first devices 102, 103 and 104 of FIG. 1.
  • the first device 2 advantageously corresponds to a computer of an on-board vehicle system, without however being limited to it.
  • the first device 2 is for example configured for the implementation of at least part of the steps of the method described with reference to FIG. 4.
  • Examples of such a first device 2 include, without being limited thereto, electronic equipment. on board such as a vehicle's on-board computer, an electronic computer such as an ECU.
  • the elements of the first device 2, individually or in combination, can be integrated in a single integrated circuit, in several integrated circuits, and / or in discrete components.
  • the first device 2 can be produced in the form of electronic circuits or software (or computer) modules or else a combination of electronic circuits and software modules.
  • the first device 2 is coupled in communication with other similar devices or systems, for example through a communication bus or through dedicated input / output ports.
  • the first device 2 comprises one (or more) processor (s) 20 configured to execute instructions for carrying out the steps of the method and / or for executing the instructions of the software (s) embedded in the first device 2.
  • the processor 20 can include integrated memory, an input / output interface, and various circuits known to those skilled in the art.
  • the first device 2 further comprises at least one memory 21, corresponding for example to a volatile and / or non-volatile memory.
  • the processor corresponds for example to an HSM Full security hardware module (standing for “Flardware Security Module”) to protect access to the variables and to the functions used for the encryption / decryption of the data.
  • the computer code of the onboard software (s) comprising the instructions to be loaded and executed by the processor is for example stored in the memory 21.
  • the first device 2 comprises a block 22 of interface elements for communicating with external devices, for example the second device 101 of FIG. 1, a remote server or the “cloud”. , odometric sensors, a GPS sensor.
  • the interface elements of block 22 include one or more of the following interfaces:
  • radiofrequency interface for example of the Bluetooth® or Wi-Fi® type, LTE (from English “Long-Term Evolution” or in French “Long-term evolution”), LTE-Advanced (or in French LTE-advanced );
  • USB interface from English “Universal Serial Bus” or “Bus Universel en Série” in French);
  • Data is for example loaded to the first device 2 via the interface of block 22 using a Wi-Fi® network such as according to IEEE 802.11 or a mobile network such as a 4G network (or LTE Advanced according to 3GPP release 10 - version 10) or 5G.
  • Wi-Fi® network such as according to IEEE 802.11
  • a mobile network such as a 4G network (or LTE Advanced according to 3GPP release 10 - version 10) or 5G.
  • the first device 2 comprises a communication interface 23 which makes it possible to establish communication with other devices (such as secondary computers of the on-board system) via a communication channel 230.
  • the interface communication 23 corresponds for example to a transmitter configured to transmit and receive information and / or data via the communication channel 230.
  • the communication channel 230 corresponds for example to a wired CAN type network.
  • FIG. 3 schematically illustrates a second device 3, according to a particular and non-limiting exemplary embodiment of the present invention.
  • the second device 2 advantageously corresponds to the second device 101 of FIG. 1.
  • Examples of such a second device 3 include, but are not limited to, different electronic devices such as a laptop computer, a computer update tool.
  • the elements of the second device 3, individually or in combination, can be integrated in a single integrated circuit, in several integrated circuits, and / or in discrete components.
  • the second device 3 can be produced in the form of electronic circuits or software (or computer) modules or else a combination of electronic circuits and software modules.
  • the second device 3 comprises one (or more) processor (s) 30 configured to execute instructions for carrying out the steps of the method.
  • the processor 30 can include integrated memory, an input / output interface, and various circuits known to those skilled in the art.
  • the second device 3 further comprises at least one memory 31, via a volatile at / or non-volatile memory and / or comprises a memory storage device which may comprise volatile and / or non-volatile memory, such as EEPROM, ROM, PROM, RAM, DRAM, SRAM, flash, magnetic or optical disk.
  • the processor corresponds, for example, to an HSM Full hardware security module ("Hardware Security Module") to protect access to the variables and functions used for the encryption / decryption of data.
  • HSM Full hardware security module (“Hardware Security Module"
  • the device 3 comprises a block 32 of elements of interface for communicating with external devices, for example a first device 2.
  • the interface elements of block 32 include one or more of the following interfaces:
  • radio frequency interface for example of the Bluetooth® or Wi-Fi® type
  • USB interface from English “Universal Serial Bus” or “Bus Universel en Série” in French);
  • the device 3 comprises a communication interface 33 which makes it possible to establish a communication with other devices via a communication channel 330.
  • the communication interface 33 corresponds for example to a transmitter configured for transmit and receive information and / or data via the communication channel 330.
  • the communication interface 33 comprises for example a modem and / or a network card and the communication channel can for example be implemented in a wired medium and / or wireless.
  • Wi-Fi® network such as according to IEEE 802.11
  • a mobile network such as a 4G network (or LTE Advanced according to 3GPP release 10 - version 10) or 5G.
  • the device 3 can provide output signals to one or more external devices, such as a display screen 340, one or more speakers 350 and / or other peripherals 360 ( DVD player, a projection system) via output interfaces 34, 35 and 36 respectively.
  • one or other of the external devices is integrated into the second device 3.
  • FIG. 4 illustrates a flowchart of the different steps or operations of a data exchange process between one of the first devices, for example the first device 102, and the second device 101, according to a particular and non-limiting example of the present invention. invention.
  • the second device 101 transmits a request to the first device 102 to initiate the data download procedure.
  • the first device 102 uses the value of its internal clock at the time of receipt of the request received in operation 400 to generate a random duration, called D_alea.
  • This random duration is limited by a minimum time limit (for example equal to 0) and by a maximum time limit, the maximum limit being for example adjustable or configurable to limit the value of D random.
  • the first device 102 transmits a request to the second device 101 for the latter to start an internal counter, called the second internal counter count_Ks2.
  • the first device 102 starts its internal counter, called the first internal counter count_Ks1.
  • the first internal counter is started after a time delay calibrated to be equal to the maximum propagation time of the request transmitted to operation 402, this maximum propagation time depending on the communication channel used.
  • the second internal counter will be stopped at the end of the random duration D_alea, the random duration being equal to the time elapsed between the start of the first internal counter and the stopping of the first internal counter.
  • This operation makes it possible to determine the first final value of the first internal counter taken at the end of the random duration D_alea. This first final value corresponds to the number of time increment steps counted between the start and stop of the first internal counter.
  • the incrementation step Tcount is for example adjustable in duration and must be greater than the maximum propagation time of the request transmitted to the operation 402. It is considered that the time drift of the internal clock of the first device 102 is negligible.
  • the first final value is determined by the juxtaposition of the final values of each of the internal counters.
  • the duration of the temporal incrementation step is generated randomly on each transmission of data from the second device 102 to the first device 101.
  • the random duration of the incrementation step is for example generated as in the operation 401. So that the first device and the second device use the same time increment step, the first device transmits synchronization requests to the second device at the start and end of the generated time increment step, as described in operation 404. .
  • the second device 101 starts its internal counter, called the second internal counter count_Ks2, on receipt of the request transmitted to the operation 402.
  • the first device 102 transmits a request to the second device 101 for the latter to stop its internal counter, called the second internal counter count_Ks2.
  • the transmission of the request by the first device 102 corresponds to the end of the operation 403a during which the first device 102 has stopped its internal counter, called the first internal counter count_Ks1, at the end of the random duration.
  • the second device 101 stops its internal counter which takes the second final value. This second final value corresponds to the number of time increment steps counted between the start and stop of the second internal counter.
  • the incrementation step Tcount of this second internal counter is also adjustable in duration.
  • the duration of the increment step of the second internal counter is chosen to be equal to the duration of the increment step of the first internal counter. It is considered that the time drift of the internal clock of the second device 101 is negligible.
  • the second final value taken by the second internal counter count_Ks2 is consequently equal to the first final value taken by the first internal counter count_Ks1.
  • a hash function of the first device 102 uses the first final value to generate the secret key K_sec.
  • a hash function of the second device 101 which is identical to the hash function of the first device 102, uses the second final value (which is identical to the first final value) to generate the same secret key K_sec .
  • the secret key K_sec is therefore generated both by the first device 102 and by the second device 101, which avoids having to transmit this secret key K_sec from one device to the other.
  • the second device 101 encrypts (or encrypts) the data to be transmitted to the first device 102 with the secret key K_sec generated by the second device 101 during the operation 405b.
  • the encryption is achieved by implementing a block or flow encryption algorithm, for example an algorithm of the type AES (standing for “Advanced Encryption Standard” or in French “standard of advanced encryption”), Blowfish, Serpent or Twofish.
  • the second device 101 transmits to the first device 102 the data encrypted (or encrypted) during the ninth operation 406.
  • the first device 102 verifies that the start of the downloading of the encrypted data begins. before a determined period, this period starting at the end of the sixth operation 404.
  • the maximum time between the end of the sixth operation 404 and the start of the tenth operation 407 must be less than the determined period, called Cste_Dmax_start, this period being for example chosen by a user or fixed in the system.
  • Cste_Dmax_start the determined period
  • the first device 102 decrypts (or decrypts) the encrypted data received during the previous operation, the decryption being performed using the secret key K_sec generated by the first device 102 during the operation 405a.
  • the first device 102 verifies that the first decrypted or decrypted datum is equal to a determined datum, called Cste_verif.
  • the operation of verifying that the start of downloading the encrypted data begins before a determined period Cste_Dmax_start is for example carried out during this twelfth operation which is then implemented in parallel with the eleventh operation 408. If one and / or l The other of the conditions associated with Cste_verif and Cste_Dmax_start is not verified, then the first device 102 interrupts the reception of the encrypted data and the process goes directly to the operation 412a. If the 2 conditions associated with Cste_verif and Cste_Dmax_start are verified, then the reception and decryption of the encrypted data continues and the process then continues with the next operation 410.
  • the decrypted or decrypted data is downloaded into the memory of the first device 102.
  • the first device 102 transmits to the second device 101 a request for reinitializing the variables associated with the encrypted data exchange process, namely the second final value Cpt_alea of the second internal counter count_Ks2 and the secret key K_sec.
  • the first device 102 reinitializes the variables associated with the encrypted data exchange process, namely the random duration D_alea, the first final value Cpt_alea of the first internal counter count_Ks1 and the secret key K_sec.
  • the second device 101 reinitializes the variables associated with the encrypted data exchange process on receipt of the request transmitted during the operation 41 1, namely the second final value Cpt_alea of the second internal counter count_Ks2 and the secret key K_sec.
  • the operations 400 to 412b are advantageously reiterated when a new transmission of encrypted data from the second device 101 to the first device 102 must be performed, the encryption / decryption process being based on a new secret key generated both by the first device 102 and the second device 101.
  • FIG. 5 illustrates a timing diagram associated with part of the operations of the process of FIG. 4, in particular operations 402 to 404, according to a particular and non-limiting exemplary embodiment of the present invention.
  • FIG. 5 illustrates two timing diagrams 52 and 54 associated with operations 402 to 404 for the first device 102 and two timing diagrams 51 and 53 associated with operations 402 to 404 for the second device 101.
  • a first request 541 is transmitted by the first device 102 to the second device 101 at a time t. This request is received by the second device at an instant t + 5t in a time interval corresponding to the maximum propagation time of the signal carrying the request Tpropag_max 531.
  • the second device 101 starts counting 512 with its internal counter count_Ks2.
  • the first device 102 starts up for its part, the counting 522 with a delay with respect to the instant t corresponding to the maximum propagation time of the signal carrying the request Tpropag_max 531.
  • the start of the counter 522 also corresponds to the start of the random duration D_alea 521.
  • the first device 102 determines the number of temporal increment steps Tcount counted by the first counter count_Ks1, this number corresponding to the first final value of the first internal counter count _Ks1.
  • a second request 542 is then transmitted by the first device 102 to the second device 101 when the first internal counter coun_Ks1 stops counting the number of time steps of increments elapsed during the random duration D_alea.
  • the second device stops its internal counter count_Ks2 and determines the number of elapsed increment time steps 513 until receipt of this second request. This number of elapsed increment time steps 513 corresponds to the second final value of the second internal counter count _Ks2.
  • the duration of a time step of incrementing the first internal counter count_Ks1 is equal to the duration of a time step of incrementing the second internal counter count_Ks2, this duration being greater than the propagation time maximum of the signal Tpropag_max 531.
  • the time step of incrementation of the first internal counter which is identical to the time step of incrementation of the second internal counter, corresponds for example to a preprogrammed constant.
  • the time step of incrementing the first internal counter which is identical to the time step of incrementing the second internal counter, is a constant generated randomly. For this, the first device generates additional information representative of a random duration which will make it possible to obtain a random time step for the first counter internal to the first device.
  • FIG. 6 illustrates a flowchart of the various steps of a method for decryption (or decryption) of encrypted data, according to a particular and non-limiting example of the present invention.
  • the method is advantageously implemented by a first device, for example a computer of the on-board system of FIG. 1.
  • a first step 61 information representative of a random duration is generated, for example as described in operation 401.
  • a first final value of a first counter internal to the first device is determined as a function of the information representative of a random duration.
  • a third step 63 at least one request is sent to a second device to allow the second device to determine a second final value of a second internal counter of this second device.
  • the second final value is the same as the first final value.
  • a secret key is generated from the first final internal counter value, for example by implementing a hash function.
  • step 65 data encrypted by the second device from the secret key generated by the second device from the second final internal counter value is received by the first device.
  • step 66 the encrypted data received in the previous step is decrypted (or decrypted) by the first device using the secret key generated by the first device.
  • a seventh step 67 the information representative of a random duration, the first final value and the secret key generated or determined by the first device are reset by the first device.
  • FIG. 7 illustrates a flowchart of the various steps of a method of encryption (or encryption) of data intended for the first device, according to a particular and non-limiting embodiment of the present invention. The method is advantageously implemented by a second device, for example a device of the unloaded system of FIG. 1.
  • a first step 71 at least one request transmitted by the first device is received by the second device.
  • a second final value of a second internal counter of this second device is determined from the request (s) received in step 71.
  • a secret key is generated from the second final value of the second internal counter, for example by implementing a hash function.
  • the data intended for the first device is encrypted (or encrypted) using the secret key generated by the second device in the previous step.
  • a fifth step 66 the data encrypted in the previous step is transmitted to the first device.
  • a sixth step 67 a request to reset the second final value and the secret key transmitted by transmitted by the first device is received by the second device.
  • the invention is not limited to the embodiments described above, but extends to a data encryption method and to the device configured for the implementation of such a method.
  • the invention also relates to a method of communication between the first device and the second device implementing the encryption and decryption of data.
  • the invention also relates to a vehicle, for example a motor vehicle or more generally a land motor vehicle, comprising the device 2 of FIG. 2 or the on-board system 10 of FIG. 1.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Software Systems (AREA)
  • Theoretical Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Storage Device Security (AREA)
EP20707718.1A 2019-02-28 2020-01-31 Verfahren und vorrichtung für symmetrische kryptografie für einen fahrzeugprozessor Pending EP3932001A1 (de)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
FR1902095A FR3093363B1 (fr) 2019-02-28 2019-02-28 Procédé et dispositif de cryptographie symétrique pour calculateur de véhicule
PCT/FR2020/050152 WO2020174137A1 (fr) 2019-02-28 2020-01-31 Procédé et dispositif de cryptographie symétrique pour calculateur de véhicule

Publications (1)

Publication Number Publication Date
EP3932001A1 true EP3932001A1 (de) 2022-01-05

Family

ID=67810681

Family Applications (1)

Application Number Title Priority Date Filing Date
EP20707718.1A Pending EP3932001A1 (de) 2019-02-28 2020-01-31 Verfahren und vorrichtung für symmetrische kryptografie für einen fahrzeugprozessor

Country Status (4)

Country Link
EP (1) EP3932001A1 (de)
CN (1) CN113491084A (de)
FR (1) FR3093363B1 (de)
WO (1) WO2020174137A1 (de)

Family Cites Families (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
FR2890267B1 (fr) * 2005-08-26 2007-10-05 Viaccess Sa Procede d'etablissement d'une cle de session et unites pour la mise en oeuvre du procede
JP5526747B2 (ja) * 2009-12-04 2014-06-18 パナソニック株式会社 復号化装置、暗号化装置、復号化方法、暗号化方法、および通信システム
EP3345339B1 (de) * 2015-09-03 2021-06-30 Signify Holding B.V. Netzwerkknoten
GB2561256A (en) * 2017-04-05 2018-10-10 Stmicroelectronics Grenoble2 Sas Apparatus for use in a can system
CN108964893B (zh) * 2018-06-26 2021-11-23 百度在线网络技术(北京)有限公司 一种密钥处理方法、装置、设备和介质

Also Published As

Publication number Publication date
CN113491084A (zh) 2021-10-08
FR3093363A1 (fr) 2020-09-04
WO2020174137A1 (fr) 2020-09-03
FR3093363B1 (fr) 2021-12-03

Similar Documents

Publication Publication Date Title
EP3152860B1 (de) Verfahren zur authentifizierung einer ersten elektronischen einheit durch eine zweite elektronische einheit und dieses verfahren umsetzende elektronische einheit
EP3348085B1 (de) Verfahren zum laden eines virtuellen schlüssels in einem benutzerendgerät und zugehöriges benutzerendgerät
EP3262860B1 (de) Automatisches erkennungsverfahren zwischen einem mobilen endgerät un einem fahrzeug unter verwendung des ble-protokolls
FR2936391A1 (fr) Procede d'echange de donnees, telles que des cles cryptographiques, entre un systeme informatique et une entite electronique, telle qu'une carte a microcircuit
FR2989799A1 (fr) Procede de transfert d'un dispositif a un autre de droits d'acces a un service
US20200348924A1 (en) Vehicular update system and control method thereof
EP2689398B1 (de) Prüfung der datenintegrität einer vorrichtung an bord eines fahrzeugs
EP3308564B1 (de) Verfahren zum laden einer virtuellen schlüssels und zugehöriges benutzerendgerät
FR3066666A1 (fr) Procede de securisation d'une communication sans gestion d'etats
WO2016102833A1 (fr) Entité électronique sécurisée, appareil électronique et procédé de vérification de l'intégrité de données mémorisées dans une telle entité électronique sécurisée
EP3343967B1 (de) Verfahren, die mithilfe einer vorrichtung und in einem netz umgesetzt werden, und entsprechende elektronikeinheit
WO2007060334A2 (fr) Entite electronique portable destinee a etablir une communication voix sur ip securisee
EP3456025B1 (de) Technik zur authentifizierung einer benutzervorrichtung
WO2004030361A1 (fr) Méthode pour le contrôle d'appariement multiple
WO2020174137A1 (fr) Procédé et dispositif de cryptographie symétrique pour calculateur de véhicule
EP3917073A1 (de) Effizienter sicherer sitzungsaufbau für anonymität in 5g-netzwerken
FR3094105A1 (fr) Procédé et dispositif de dimensionnement d’une mémoire d’un calculateur
EP4007290B1 (de) Verfahren und elektronisches gerät zur steuerung eines kommunikationssystems für einen stromzähler, entsprechendes computerprogramm und entsprechende elektronische datenübertragungsanlage
EP3259159B1 (de) Verfahren zur implementierung einer verbindung zwischen einer elektronischen slave-vorrichtung und elektronischen master-vorrichtung und zugehörige elektronische slave-vorrichtung
FR3117655A1 (fr) Système de tachygraphe, dispositif de tachygraphe et procédé de fonctionnement d’un système de tachygraphe
FR3096813A1 (fr) Procédé et dispositif électronique de pilotage d’un système de communication pour compteur électrique, programme d’ordinateur et installation électronique de transmission associés
EP4288854A1 (de) Verfahren und vorrichtung zur validierung der zeitsynchronisation zwischen fahrzeugbordcomputern
EP3993309A1 (de) Vorrichtung und verfahren zur verarbeitung einer nachricht und zum senden einer lpwan-nachricht
EP3564841A1 (de) Authentifizierung eines elektronischen schaltkreises
FR2951833A1 (fr) Procede d'authentification d'un terminal mobile de communication pour la fourniture d'un service de donnees, systeme de fourniture de service et terminal associes

Legal Events

Date Code Title Description
STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: UNKNOWN

STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: THE INTERNATIONAL PUBLICATION HAS BEEN MADE

PUAI Public reference made under article 153(3) epc to a published international application that has entered the european phase

Free format text: ORIGINAL CODE: 0009012

STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: REQUEST FOR EXAMINATION WAS MADE

17P Request for examination filed

Effective date: 20210730

AK Designated contracting states

Kind code of ref document: A1

Designated state(s): AL AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HR HU IE IS IT LI LT LU LV MC MK MT NL NO PL PT RO RS SE SI SK SM TR

DAV Request for validation of the european patent (deleted)
DAX Request for extension of the european patent (deleted)
STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: EXAMINATION IS IN PROGRESS

17Q First examination report despatched

Effective date: 20230531

RAP3 Party data changed (applicant data changed or rights of an application transferred)

Owner name: STELLANTIS AUTO SAS