GB2622820A - Method and system for authenticating microcontroller using on-the-fly authentication key - Google Patents

Method and system for authenticating microcontroller using on-the-fly authentication key Download PDF

Info

Publication number
GB2622820A
GB2622820A GB2214211.1A GB202214211A GB2622820A GB 2622820 A GB2622820 A GB 2622820A GB 202214211 A GB202214211 A GB 202214211A GB 2622820 A GB2622820 A GB 2622820A
Authority
GB
United Kingdom
Prior art keywords
microcontroller
authentication key
random number
key
number combination
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
GB2214211.1A
Other versions
GB202214211D0 (en
Inventor
Than Htike Aung Min
Ismail Iman
Lester Cuba Dumlao Mark
Kyi Khin Khin
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Continental Automotive Technologies GmbH
Original Assignee
Continental Automotive Technologies GmbH
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Continental Automotive Technologies GmbH filed Critical Continental Automotive Technologies GmbH
Priority to GB2214211.1A priority Critical patent/GB2622820A/en
Publication of GB202214211D0 publication Critical patent/GB202214211D0/en
Publication of GB2622820A publication Critical patent/GB2622820A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/44Program or device authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/06Network architectures or network communication protocols for network security for supporting key management in a packet data network
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0876Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/40Network security protocols
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • H04L12/40Bus networks
    • H04L2012/40208Bus networks characterized by the use of a particular bus standard
    • H04L2012/40215Controller Area Network CAN
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • H04L12/40Bus networks
    • H04L2012/40267Bus for use in transportation systems
    • H04L2012/40273Bus for use in transportation systems the transportation system being a vehicle
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/84Vehicles

Abstract

Present invention discloses a method, a first microcontroller (101) and a system for authenticating a second microcontroller (121) using on-the-fly authentication key. The method performed by the first microcontroller (101) comprising receiving (301) a security access request from a second microcontroller (121) and generating (303) a random number combination on receiving the security access request. Thereafter, the method comprises transmitting (305) the random number combination to the second microcontroller (121) and receiving (307) a first authentication key from the second microcontroller (121). The first authentication key is generated by the second microcontroller (121). Subsequently, the method comprises generating (309) a second authentication key using a key generator application based on at least one of the random number combination, a microcontroller name of the first microcontroller (101) and a microcontroller identifier of the first microcontroller (101). Lastly, the method comprises authenticating (311) the first authentication key and the second authentication key for determining access to the second microcontroller (121).

Description

METHOD AND SYSTEM FOR AUTHENTICATING MICROCONTROLLER USING ON-THE-FLY AUTHENTICATION KEY
TECHNICAL FIELD
S
The present subject matter is generally related to the field of access control, more particularly, but not exclusively, to a method and a system for authenticating microcontroller using on-the-fly authentication key.
BACKGROUND
For secure storage, the use of symmetric keys and key components such as hardware security module and/or secure hardware extension are important. For example, an Electronic Control Unit (ECU) that performs authentication with multiple ECUs requires unique symmetric key for authentication with each of the multiple ECUs. However, with the use of symmetric keys and key components, physical key slots allocation needed for storage pose a challenge. As data to be stored increases, the need for physical key slots allocation increases exponential, which is a serious limitation.
The information disclosed in this background of the disclosure section is for enhancement of understanding of the general background of the invention and should not be taken as an acknowledgement or any form of suggestion that this information forms the prior art already known to a person skilled in the art.
SUMMARY
In an embodiment, the present disclosure relates to a method for authenticating microcontroller using on-the-fly authentication key. The method comprising receiving a security access request by a first microcontroller from a second microcontroller and generating a random number combination on receiving the security access request. Thereafter, the method comprising transmitting the random number combination to the second microcontroller and receiving a first authentication key from the second microcontroller. The first authentication key is generated by the second microcontroller using a key generator application based on at least one of the random number combination, a microcontroller name of the first microcontroller and a microcontroller identifier of the first microcontroller. Subsequently, the method comprising generating a second authentication key using the key generator application based on at least one of the random number combination, the microcontroller name of the first microcontroller and the microcontroller identifier of the first microcontroller. Lastly, the method comprising authenticating the first authentication key and the second authentication key for determining access to the second microcontroller.
In another embodiment, the present disclosure relates to a first controller for authenticating microcontroller using on-the-fly authentication key. The first controller comprising a processor and a memory communicatively coupled to the processor, wherein the memory stores processor executable instructions, which on execution, cause the processor to receive a security access request from a second microcontroller and to generate a random number combination on receiving the security access request. Thereafter, the processor is configured to transmit the random number combination to the second microcontroller and to receive a first authentication key from the second microcontroller. The first authentication key is generated by the second microcontroller using a key generator application based on at least one of the random number combination, a microcontroller name of the first microcontroller and a microcontroller identifier of the first microcontroller. In the subsequent step, the processor is configured to generate a second authentication key using the key generator application based on at least one of the random number combination, the microcontroller name of the first microcontroller and the microcontroller identifier of the first microcontroller. Lastly, the processor is configured to authenticate the first authentication key and the second authentication key for determining access to the second microcontroller.
In yet another embodiment, the present disclosure relates to a system for authenticating microcontroller using on-the-fly authentication key. The system comprising a first microcontroller and a second microcontroller communicatively coupled to the first microcontroller. The first microcontroller is configured to receive a security access request from a second microcontroller and to generate a random number combination on receiving the security access request. Thereafter, the first microcontroller is configured to transmit the random number combination to the second microcontroller and to receive a first authentication key from the second microcontroller. The first authentication key is generated by the second microcontroller using a key generator application based on at least one of the random number combination, a microcontroller name of the first microcontroller and a microcontroller identifier of the first microcontroller. In the subsequent step, the first microcontroller is configured to generate a second authentication key using the key generator application based on at least one of the random number combination, the microcontroller name of the first microcontroller and the microcontroller identifier of the first microcontroller. Lastly, the first microcontroller is configured to authenticate the first authentication key and the second authentication key for determining access to the second microcontroller.
Embodiments of the disclosure according to the above-mentioned method, the first controller, and the system bring about several technical advantages. These technical advantages are presented below.
In present disclosure, authentication of a microcontroller is performed on-the-fly i.e., for example, but not limited to, during running of a computer system where the microcontroller is part of the computer system, or while vehicle is in motion or stationary where the microcontroller is part of the vehicle. As a consequence, this authentication approach is quick.
The authenticating method of the present disclosure overcomes the need of physical key slots allocation based on hardware architecture, involving the use of symmetric key and key components such as hardware security module and/or secure hardware extension, by using a key generation algorithm. As a consequence, this approach significantly reduces storage requirement needed for the physical key slots allocation The use of key generation algorithm in the authenticating method of the present disclosure provides at least medium to high security protection to the microcontroller. Consequently, this approach prevents any compromise of information by sniffing i.e., physical attack when the information is transmitted or received by microcontrollers.
The foregoing summary is illustrative only and is not intended to be in any way limiting. In addition to the illustrative aspects, embodiments, and features described above, further aspects, embodiments, and features will become apparent by reference to the drawings and the following detailed description.
BRIEF DESCRIPTION OF THE DRAWINGS
The accompanying drawings, which are incorporated in and constitute a part of this disclosure, illustrate exemplary embodiments and together with the description, serve to explain the disclosed principles. In the figures, the left most digit(s) of a reference number identifies the figure in which the reference number first appears. The same numbers are used throughout the figures to reference like features and components. Some embodiments of system and/or methods in accordance with embodiments of the present subject matter are now described below, by way of example only, and with reference to the accompanying figures.
Figure 1 illustrates an exemplary environment for authenticating microcontroller using on-the-fly authentication key in accordance with some embodiments of the present disclosure.
Figure 2 shows a detailed block diagram of a first microcontroller in accordance with some embodiments of the present disclosure.
Figure 3 illustrates a flowchart showing a method for authenticating microcontroller using on-the-fly authentication key performed by a first microcontroller in accordance
with some embodiments of present disclosure.
It should be appreciated by those skilled in the art that any block diagrams herein represent conceptual views of illustrative systems embodying the principles of the present subject matter. Similarly, it will be appreciated that any flowcharts, flow diagrams, state transition diagrams, pseudo code, and the like represent various processes which may be substantially represented in computer readable medium and executed by a computer or processor, whether or not such computer or processor is explicitly shown.
DETAILED DESCRIPTION
In the present document, the word "exemplary" is used herein to mean "serving as an example, instance, or illustration." Any embodiment or implementation of the present subject matter described herein as "exemplary" is not necessarily to be construed as preferred or advantageous over other embodiments.
While the disclosure is susceptible to various modifications and alternative forms, specific embodiment thereof has been shown by way of example in the drawings and will be described in detail below. It should be understood, however that it is not intended to limit the disclosure to the particular forms disclosed, but on the contrary, the disclosure is to cover all modifications, equivalents, and alternatives falling within
the scope of the disclosure.
The terms "comprises", "comprising", or any other variations thereof, are intended to cover a non exclusive inclusion, such that a setup, device or method that comprises a list of components or steps does not include only those components or steps but may include other components or steps not expressly listed or inherent to such setup or device or method. In other words, one or more elements in a system or apparatus proceeded by "comprises.., a" does not, without more constraints, preclude the existence of other elements or additional elements in the system or method.
In the following detailed description of the embodiments of the disclosure, reference is made to the accompanying drawings that form a part hereof, and in which are shown by way of illustration specific embodiments in which the disclosure may be practiced. These embodiments are described in sufficient detail to enable those skilled in the art to practice the disclosure, and it is to be understood that other embodiments may be utilized and that changes may be made without departing from the scope of the present disclosure. The following description is, therefore, not to be taken in a limiting sense.
Embodiment of the present disclosure provides a solution for authenticating microcontroller using on-the-fly authentication key. Here, authenticating microcontroller using on-the-fly authentication key refers to authentication of a microcontroller performed during running of a computer system where the microcontroller is part of the computer system, or while vehicle is in motion or stationary where the microcontroller is part of the vehicle. However, the present disclosure is not limited to the computer system or the vehicle but is applicable to any application or system where the microcontroller is used and requires authentication. The present disclosure presents a method, a first microcontroller and a system. The system comprising the first microcontroller and a second microcontroller. The second microcontroller is communicatively coupled to the first microcontroller. In brief, the first controller receives a security access request from the second microcontroller. Thereafter, the first microcontroller generates a random number combination (also, referred as random number) on receiving the security access request and transmits the random number combination to the second microcontroller. The random number combination (or the random number) refers to a sequence of numbers or symbols that cannot be reasonably predicted better than by random chance is generated. The first microcontroller receives a first authentication key from the second microcontroller. The first authentication key is generated by the second microcontroller using a key generator application based on at least one of the random number combination, a microcontroller name of the first microcontroller and a microcontroller identifier of the first microcontroller. Subsequently, the first microcontroller (after receiving the first authentication key) generates a second authentication key using the key generator application based on at least one of the random number combination, the microcontroller name of the first microcontroller and the microcontroller identifier of the first microcontroller. Lastly, the first microcontroller authenticates the first authentication key and the second authentication key for determining access to the second microcontroller. This approach, which uses the key generator application for authenticating (second) microcontroller, allows a quick authentication process and at the same time provides at least medium to high security protection to the (first) microcontroller.
Figure 1 illustrates an exemplary environment for authenticating microcontroller using on-the-fly authentication key in accordance with some embodiments of the present disclosure.
As shown in the Figure 1, the environment 100 includes a first microcontroller 101, a communication network 109, and a second microcontroller 121. In the present disclosure, the first microcontroller 101 and the second microcontroller 121 together form a system for authenticating microcontroller using on-the-fly authentication key. The first microcontroller 101 and the second microcontroller 121 may be any type of microcontroller, which can be programmed to do wired or wireless communication. In one embodiment, the first microcontroller 101 and the second microcontroller 121 are a part of a computer system. In the present disclosure, the computer system may be not limiting to, a personal computer, a server, a laptop, a tablet computer, and the like. In another embodiment, the first microcontroller 101 and the second microcontroller 121 may be a part of a same vehicle or pad of a two distinct vehicle system which needs authentication. In yet another embodiment, the first microcontroller 101 is part of (or belongs to) a first vehicle and the second microcontroller 121 is part of (or belongs to) a second vehicle. The first vehicle and the second vehicle are from same or different manufactures or vehicle brands. In the present disclosure, the vehicle may be any type of motor vehicle, not limiting to, such as a motorcycle, a car, a truck, a bus and the like. The present disclosure is not limited to the computer system or the vehicle but is applicable to any application where the microcontroller is used and requires authentication. The first microcontroller 101 and the second microcontroller 121 communicate between themselves using the communication network 109.
The communication network 109 may include, but is not limited to, an e-commerce network, a Peer to Peer (P2P) network, Local Area Network (LAN), Wide Area Network (WAN), wireless network (for example, using Wireless Application Protocol), Internet, Wi Fi, Bluetooth, Dedicated Shod-Range Communications (DSRC), Cellular Vehicle to Everything (C-V2X), and the like.
The first microcontroller 101 includes an Input/Output (I/O) interface 103, a memory 105, and a processor 107. The I/O interface 103 is configured to communicate with the second microcontroller 121. The I/O interface 103 may employ communication protocols/methods such as, without limitation, audio, analog, digital, monaural, Radio Corporation of America (RCA) connector, stereo, IEEE® 1394 high speed serial bus, serial bus, Universal Serial Bus (USB), infrared, Personal System/2 (P8/2) port, Bayonet Neill Concelman (BNC) connector, coaxial, component, composite, Digital Visual Interface (DVI), High Definition Multimedia Interface (HDMI®), Radio Frequency (RF) antennas, S Video, Video Graphics Array (VGA), IEEE® 802.11b/g/n/x, Bluetooth, cellular e.g., Code Division Multiple Access (CDMA), High Speed Packet Access (HSPA+), Global System for Mobile communications (GSM®), Long Term Evolution (LTE®), Worldwide interoperability for Microwave access (WiMax®), Dedicated Short-Range Communications (DSRC), Cellular Vehicle to Everything (C-V2X), or the like.
The memory 105 is communicatively coupled to the processor 107 of the first microcontroller 101. The memory 105, also, stores processor instructions which cause the processor 107 to execute the instructions for authenticating (the second) microcontroller using on-the fly authentication key (generated by the first microcontroller).
The processor 107 includes at least one data processor for authenticating (the second) microcontroller using on-the fly authentication key (generated by the first microcontroller).
The second microcontroller 121 is analogous to the first microcontroller 101 in terms of the I/O interface 103, the memory 105, and the processor 107 and their functionalities. Hence, the explanation of the second microcontroller 121 is omitted.
Hereafter, the operation of the first microcontroller 101 with the second microcontroller 121 for authenticating microcontroller using on-the-fly authentication key is described.
Prior to start of generating on-the-fly authenticating key, the first microcontroller 101 has a key generation application and a random number generator (also, referred as a random number combination generator) application installed. The random number generator application may be, but not limited to, true random number generators, or Pseudorandom Number Generators (PRNGs) or Cryptographic random number io generators (also, referred as Cryptographic algorithms). Analogously, the second microcontroller 121 has the key generation application and the random number generator application installed. Further, the microcontroller name of the second microcontroller 121 and the microcontroller identifier of the second microcontroller 121 are stored in the memory 105 of the first microcontroller 101. Analogously, the is microcontroller name of the first microcontroller 101 and the microcontroller identifier of the first microcontroller 101 are stored in a memory 125 of the second microcontroller 121. The microcontroller identifier is an identifier to recognize the microcontroller and is unique to every microcontroller.
zo Consider a situation where the second microcontroller 121 wants to access the first microcontroller 101. In that case, the second microcontroller 121 transmits a security access request to the first microcontroller 101. The first microcontroller 101 receives the security access request from the second microcontroller 121. Thereafter, the first microcontroller 101 generates a random number combination on receiving the security access request. The first microcontroller 101 uses the random number generator (also, referred as the random number combination generator) application to generate the random number combination. The first microcontroller 101 transmits the random number combination to the second microcontroller 121. On receiving the random number combination, the second microcontroller 121 generates a first authentication key based on at least one of the random number combination, the microcontroller name of the first microcontroller 101, and the microcontroller identifier of the first microcontroller 101 using the key generator application. Thereafter, the second microcontroller 121 transmits the first authentication key to the first microcontroller 101. The first microcontroller 101 receives the first authentication key from the second microcontroller 121. Thereafter, the first microcontroller 101 generates a second authentication key using the key generator application based on at least one of the random number combination, the microcontroller name of the first microcontroller 101, and the microcontroller identifier of the first microcontroller 101. The first microcontroller 101 authenticates the first authentication key and the second authentication key for determining access to the second microcontroller 121. In detail, when the first authentication key and the second authentication key match, the first microcontroller 101 grants access to the second microcontroller 121. When to the first authentication key and the second authentication key do not match, the first microcontroller 101 denies access to the second microcontroller 121. This way the first microcontroller authenticates the second microcontroller 121 using on-the-fly authentication key (generated using the key generator application).
Since a security access request can come anytime from one microcontroller (i.e., the second microcontroller 121) to another microcontroller (i.e., the first microcontroller 101), generating authentication key on-the-fly without any delay and without compromising security becomes important for authenticating the microcontroller (i.e., the second microcontroller 121), which is provided by the present disclosure.
In one embodiment, the authentication key is generated using the random number generated along with any one of the microcontroller name, the microcontroller identifier, or any parameter associated with the microcontroller.
In one embodiment, the authentication key is generated using the random number generated along with any one of the microcontroller name, the microcontroller identifier, or any parameter associated with the vehicle.
Figure 2 shows a detailed block diagram of a first microcontroller in accordance with 30 some embodiments of the present disclosure.
The first controller 101, in addition to the I/O interface 103 and the processor 107 described above, includes data 201 and one or more modules 211, which are described herein in detail. In the embodiment, the data 201 is stored within the memory 105. The data 201 includes, for example, microcontroller data 203, authentication key data 205, and other data 207.
The microcontroller data 203 includes a microcontroller name of the second microcontroller 121 and a microcontroller identifier of the second microcontroller 121.
The authentication key data 205 includes a first authentication key and a second authentication key.
The other data 207 may store data, including temporary data and temporary files, generated by one or more modules 211 for performing the various functions of the first microcontroller 101.
In the embodiment, the data 201 in the memory 105 is processed by the one or more modules 211 present within the memory 105 of the first microcontroller 101. In the embodiment, the one or more modules 211 may be implemented as dedicated hardware units. As used herein, the term module refers to an Application Specific Integrated Circuit (ASIC), an electronic circuit, a Field Programmable Gate Arrays (FPGA), Programmable System on Chip (PSoC), a combinational logic circuit, and/or other suitable components that provide the described functionality. In some implementations, the one or more modules 211 are communicatively coupled to the processor 107 for performing one or more functions of the first microcontroller 101. The one or more modules 211 when configured with the functionality defined in the present disclosure will result in a novel hardware.
In one implementation, the one or more modules 211 include, but are not limited to, a transceiver module 213, a generating module 215, and an authenticating module 217. The one or more modules 211, also, include other modules 219 to perform various miscellaneous functionalities of the first microcontroller 101.
The transceiver module 213 acts as a transmitting module and a receiving module. The transceiver module 213 transmits and receives through the I/O interface 103.
The transceiver module 213 receives a security access request from the second microcontroller 121. The transceiver module 213 transmits the random number combination to the second microcontroller 121. The transceiver module 213 receives a first authentication key from the second microcontroller 121.
The generating module 215 generates a random number combination on receiving the security access request from the second microcontroller 121. The generating module 215 generates a second authentication key using the key generator application based on at least one of the random number combination, the microcontroller name of the first microcontroller and the microcontroller identifier of the first microcontroller. The first authentication key is generated by the second microcontroller 121 using the key generator application based on at least one of the random number combination, a microcontroller name of the first microcontroller 101 and a microcontroller identifier of the first microcontroller 101.
The authenticating module 217 authenticating the first authentication key and the second authentication key for determining access to the second microcontroller 121. In detail, the authenticating module 217 grants access to the second microcontroller 121 when the first authentication key and the second authentication key match and denies access to the second microcontroller 121 when the first authentication key and the second authentication key do not match.
The second microcontroller 121 is analogous to the first microcontroller 101 in terms of the I/O interface 103, the memory 105, the processor 107, the data 201 (comprising the microcontroller data 203, the authentication key data 205, and the other data 207), the one or more modules 211 (comprising the transceiver module 213, the generating module 215, the authenticating module 217, and the other modules 219), and their functionalities/operations. Hence, the explanation of the second microcontroller 121 is omitted.
Figure 3 illustrates a flowchart showing a method for authenticating microcontroller using on-the-fly authentication key performed by a first microcontroller in accordance with some embodiments of present disclosure.
As illustrated in Figure 3, the method 300 include one or more blocks for authenticating microcontroller using on-the fly authentication key. The method 300 may be described in the general context of computer executable instructions. Generally, computer executable instructions can include routines, programs, objects, components, data structures, procedures, modules, and functions, which perform particular functions or implement particular abstract data types.
The order in which the method 300 is described is not intended to be construed as a to limitation, and any number of the described method blocks can be combined in any order to implement the method. Additionally, individual blocks may be deleted from the methods without departing from the scope of the subject matter described herein. Furthermore, the method can be implemented in any suitable hardware, software, firmware, or combination thereof.
At block 301, the transceiver module 213 of the first microcontroller 101 receives a security access request from the second microcontroller 121.
At block 303, the generating module 215 of the first microcontroller 101 generates a 20 random number combination on receiving the security access request. The random number combination is generated using a random number generator.
At block 305, the transceiver module 213 of the first microcontroller 101 transmits the random number combination to the second microcontroller 121.
At block 307, the transceiver module 213 of the first microcontroller 101 receives a first authentication key from the second microcontroller 121. The first authentication key is generated by the second microcontroller 121 using a key generator application based on at least one of the random number combination, a microcontroller name of the first microcontroller 101 and a microcontroller identifier of the first microcontroller 101. The first microcontroller 101 and the second microcontroller 121 have the key generation application. The microcontroller name of the first microcontroller 101 and the microcontroller identifier of the first microcontroller 101 are stored in the second microcontroller 121.
At block 309, the generating module 215 of the first microcontroller 101 generates a second authentication key using the key generator application based on at least one of the random number combination, the microcontroller name of the first microcontroller 101 and the microcontroller identifier of the first microcontroller 101. The microcontroller name of the second microcontroller 121 and the microcontroller identifier of the second microcontroller 121 are stored in the first microcontroller 101.
At block 311, the authenticating module 217 of the first microcontroller 101 authenticates the first authentication key and the second authentication key to determine access for the second microcontroller 121. In detail, when the first authentication key and the second authentication key match, the authenticating module 217 of the first microcontroller 101 grants access to the second microcontroller 121. When the first authentication key and the second authentication key do not match, the authenticating module 217 of the first microcontroller 101 denies access to the second microcontroller 121.
The above example is explained with the request coming from the second microcontroller 121. However, the request can come from first microcontroller 101 to the second microcontroller 121. The steps followed by each microcontroller is obvious from the above explanation.
Some of the technical advantages of the present disclosure are listed below.
In present disclosure, authentication of a microcontroller is performed on-the-fly i.e., for example, but not limited to, during running of a computer system where the microcontroller is part of the computer system, or while vehicle is in motion or stationary where the microcontroller is part of the vehicle. As a consequence, this authentication approach is quick.
The authenticating method of the present disclosure overcomes the need of physical key slots allocation based on hardware architecture, involving the use of symmetric key and key components such as hardware security module and/or secure hardware extension, by using a key generation algorithm. As a consequence, this approach significantly reduces storage requirement needed for the physical key slots allocation.
The use of key generation algorithm in the authenticating method of the present disclosure provides at least medium to high security protection to the microcontroller.
Consequently, this approach prevents any compromise of information by sniffing i.e., physical attack when the information is transmitted or received by microcontrollers.
Few use cases, not limited to, where the present disclosure is applicable are: (1) situation involving wired or wireless networking where client-to-client or client-to-server authentication is required, and (2) situation in a hospital where a device in a patient room requires authentication with a device on a hospital staff/nurse's desk.
One or more computer readable storage media may be utilized in implementing embodiments consistent with the present disclosure. A computer readable storage medium refers to any type of physical memory on which information or data readable by a processor may be stored. Thus, a computer readable storage medium stores instructions for execution by one or more processors, including instructions for causing the processor(s) to perform steps or stages consistent with the embodiments described herein. The term "computer readable medium" should be understood to include tangible items and exclude carrier waves and transient signals, i.e., be non-transitory. Examples include Random Access Memory (RAM), Read Only Memory (ROM), volatile memory, non-volatile memory, hard drives, CD ROMs, DVDs, flash drives, disks, and any other known physical storage media.
The described operations may be implemented as a method, an individual unit, system, or article of manufacture using standard programming and/or engineering techniques to produce software, firmware, hardware, or any combination thereof. The described operations may be implemented as code maintained in a "non-transitory computer readable medium", where a processor may read and execute the code from the computer readable medium. The processor is at least one of a microprocessor and a processor capable of processing and executing the queries. A non-transitory computer readable medium may include media such as magnetic storage medium (e.g., hard disk drives, floppy disks, tape and the like), optical storage (CD ROMs, DVDs, optical disks and the like), volatile and non-volatile memory devices (e.g., EEPROMs, ROMs, PROMs, RAMs, DRAMs, SRAMs, Flash Memory, firmware, programmable logic and the like) and the like. Further, non-transitory computer readable media include all computer readable media except for a transitory. The code implementing the described operations may further be implemented in hardware logic (e.g., an integrated circuit chip, Programmable Gate Array (PGA), Application Specific Integrated Circuit (ASIC) and the like).
The terms "an embodiment", "embodiment", "embodiments", "the embodiment", "the 15 embodiments", "one or more embodiments", "some embodiments", and "one embodiment" mean "one or more (but not all) embodiments of the invention(s)" unless expressly specified otherwise.
The terms "including", "comprising", "having" and variations thereof mean "including but not limited to", unless expressly specified otherwise.
The enumerated listing of items does not imply that any or all the items are mutually exclusive, unless expressly specified otherwise.
The terms "a", "an" and "the" mean "one or more", unless expressly specified otherwise.
A description of an embodiment with several components in communication with each other does not imply that all such components are required. On the contrary, a variety of optional components are described to illustrate the wide variety of possible embodiments of the invention.
When a single device or article is described herein, it will be readily apparent that more than one device/article (whether or not they cooperate) may be used in place of a single device/article. Similarly, where more than one device or article is described herein (whether or not they cooperate), it will be readily apparent that a single device/article may be used in place of the more than one device or article, or a different number of devices/articles may be used instead of the shown number of devices or programs. The functionality and/or the features of a device may be alternatively embodied by one or more other devices which are not explicitly described as having such functionality/features. Thus, other embodiments of the invention need not include the device itself.
The illustrated operations of Figure 3 show certain events occurring in a certain order. In alternative embodiments, certain operations may be performed in a different order, modified, or removed. Moreover, steps may be added to the above-described logic and still conform to the described embodiments. Further, operations described herein may occur sequentially or certain operations may be processed in parallel. Yet further, operations may be performed by a single processing unit or by distributed processing units.
Finally, the language used in the specification has been principally selected for readability and instructional purposes, and it may not have been selected to delineate or circumscribe the inventive subject matter. It is therefore intended that the scope of the invention be limited not by this detailed description, but rather by any claims that issue on an application based here on. Accordingly, the disclosure of the embodiments of the invention is intended to be illustrative, but not limiting, of the scope of the invention, which is set forth in the following claims.
While various aspects and embodiments have been disclosed herein, other aspects and embodiments will be apparent to those skilled in the art. The various aspects and embodiments disclosed herein are for purposes of illustration and are not intended to be limiting, with the scope being indicated by the following claims.
REFERRAL NUMERALS
Reference number Description
Environment 101 First microcontroller 121 Second microcontroller 103, 123 I/O interface 105, 125 Memory 107, 127 Processor 109 Communication network 201 Data 203 Microcontroller data 205 Authentication key data 207 Other data 211 One or more modules 213 Transceiver module 215 Generating module 217 Authenticating module 219 Other modules

Claims (16)

  1. CLAIMS1. A method for authenticating microcontroller using on-the-fly authentication key, the method comprising: receiving (301) a security access request by a first microcontroller (101) from a second microcontroller (121); generating (303) a random number combination on receiving the security access request; transmitting (305) the random number combination to the second microcontroller (121); receiving (307) a first authentication key from the second microcontroller (121), wherein the first authentication key is generated by the second microcontroller (121) using a key generator application based on at least one of the random number combination, a microcontroller name of the first microcontroller (101) and a microcontroller identifier of the first microcontroller (101); generating (309) a second authentication key using the key generator application based on at least one of the random number combination, the microcontroller name of the first microcontroller (101) and the microcontroller identifier of the first microcontroller (101); and authenticating (311) the first authentication key and the second authentication key to determine access for the second microcontroller (121).
  2. 2. The method of claim 1, wherein the first microcontroller (101) and the second microcontroller (121) have the key generation application.
  3. 3. The method of any of the claims 1 to 2, wherein the microcontroller name of the first microcontroller (101) and the microcontroller identifier of the first microcontroller (101) are stored in the second microcontroller (121).
  4. 4. The method of any of the claims 1 to 3, wherein the microcontroller name of the second microcontroller (121) and the microcontroller identifier of the second microcontroller (121) are stored in the first microcontroller (101).
  5. 5. The method of any of the claims 1 to 4, wherein the random number combination is generated using a random number generator.
  6. 6. The method of any of the claims 1 to 5, wherein the determining the access to the second microcontroller (121) comprises: granting access to the second microcontroller (121) when the first authentication key and the second authentication key match; and denying access to the second microcontroller (121) when the first lo authentication key and the second authentication key do not match.
  7. 7. A first microcontroller (101) for authenticating microcontroller using on-the-fly authentication key, the first microcontroller (101) comprising: a processor (107); and a memory (105) communicatively coupled to the processor (107), wherein the memory (105) stores processor-executable instructions, which on execution, cause the processor (107) to: receive a security access request from a second microcontroller (121); generate a random number combination on receiving the security access request; transmit the random number combination to the second microcontroller (121); receive a first authentication key from the second microcontroller (121), wherein the first authentication key is generated by the second microcontroller (121) using a key generator application based on at least one of the random number combination, a microcontroller name of the first microcontroller (101) and a microcontroller identifier of the first microcontroller (101); generate a second authentication key using the key generator application based on at least one of the random number combination, the microcontroller name of the first microcontroller (101) and the microcontroller identifier of the first microcontroller (101); and authenticate the first authentication key and the second authentication key to determine access for the second microcontroller (121).
  8. 8. The first microcontroller (101) of claim 7, the first microcontroller (101) and the second microcontroller (121) have the key generation application.
  9. 9. The first microcontroller (101) of any of the claims 7 to 8, wherein the microcontroller name of the first microcontroller (101) and the microcontroller identifier of the first microcontroller (101) are stored in the second microcontroller (121).
  10. 10. The first microcontroller (101) of any of the claims 7 to 9, wherein the microcontroller name of the second microcontroller (121) and the microcontroller identifier of the second microcontroller (121) are stored in the first microcontroller (101).
  11. 11. The first microcontroller (101) of any of the claims 7 to 10, wherein the random number combination is generated using a random number generator.
  12. 12. The first microcontroller (101) of any of the claims 7 to 11, wherein the first microcontroller (101) is configured to: grant access to the second microcontroller (121) when the first authentication key and the second authentication key match; and deny access to the second microcontroller (121) when the first authentication key and the second authentication key do not match.
  13. 13. A system for authenticating microcontroller using on-the-fly authentication key, the system comprising: a first microcontroller (101); a second microcontroller (121) communicatively coupled to the first microcontroller (101), wherein the first microcontroller (101) is configured to: receive a security access request from the second microcontroller (121); generate a random number combination on receiving the security access request; transmit the random number combination to the second microcontroller (121); receive a first authentication key from the second microcontroller (121), wherein the first authentication key is generated by the second microcontroller (121) using a key generator application based on at least one of the random number combination, a microcontroller name of the first microcontroller (101) and a microcontroller identifier of the first microcontroller (101); generate a second authentication key using the key generator application based on at least one of the random number combination, the microcontroller name of the first microcontroller (101) and the microcontroller identifier of the first microcontroller (101); and authenticate the first authentication key and the second authentication key for determining access to the second microcontroller (121).
  14. 14. The system of claim 13, wherein the microcontroller name of the first microcontroller (101) and the microcontroller identifier of the first microcontroller (101) are stored in the second microcontroller (121); and wherein the microcontroller name of the second microcontroller (121) and the microcontroller identifier of the second microcontroller (121) are stored in the first microcontroller (101).
  15. 15. The system of any of the claims 13 to 14, wherein the first microcontroller (101) is configured to: grant access to the second microcontroller (121) when the first authentication 25 key and the second authentication key match; and deny access to the second microcontroller (121) when the first authentication key and the second authentication key do not match.
  16. 16. The system of any of the claims 13 to 15, wherein the first microcontroller (101) belongs to a first vehicle and the second microcontroller (121) belongs to a second vehicle.
GB2214211.1A 2022-09-28 2022-09-28 Method and system for authenticating microcontroller using on-the-fly authentication key Pending GB2622820A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
GB2214211.1A GB2622820A (en) 2022-09-28 2022-09-28 Method and system for authenticating microcontroller using on-the-fly authentication key

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
GB2214211.1A GB2622820A (en) 2022-09-28 2022-09-28 Method and system for authenticating microcontroller using on-the-fly authentication key

Publications (2)

Publication Number Publication Date
GB202214211D0 GB202214211D0 (en) 2022-11-09
GB2622820A true GB2622820A (en) 2024-04-03

Family

ID=83978679

Family Applications (1)

Application Number Title Priority Date Filing Date
GB2214211.1A Pending GB2622820A (en) 2022-09-28 2022-09-28 Method and system for authenticating microcontroller using on-the-fly authentication key

Country Status (1)

Country Link
GB (1) GB2622820A (en)

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US10218499B1 (en) * 2017-10-03 2019-02-26 Lear Corporation System and method for secure communications between controllers in a vehicle network
US20210075606A1 (en) * 2019-09-05 2021-03-11 Infineon Technologies Ag Trusted authentication of automotive microcontroller

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US10218499B1 (en) * 2017-10-03 2019-02-26 Lear Corporation System and method for secure communications between controllers in a vehicle network
US20210075606A1 (en) * 2019-09-05 2021-03-11 Infineon Technologies Ag Trusted authentication of automotive microcontroller

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
IEEE TRANSACTIONS ON VEHICULAR TECHNOLOGY, vol 70, 2021, CARVAJAL-ROCA IVAN E ET AL, "A Semi-Centralized Dynamic Key Management Framework for In-Vehicle Networks", pages 10864-10879 *

Also Published As

Publication number Publication date
GB202214211D0 (en) 2022-11-09

Similar Documents

Publication Publication Date Title
Han et al. On authentication in a connected vehicle: Secure integration of mobile devices with vehicular networks
US9460567B2 (en) Establishing secure communication for vehicle diagnostic data
US11212080B2 (en) Communication system, vehicle, server device, communication method, and computer program
US20150180840A1 (en) Firmware upgrade method and system thereof
AU2017336079B2 (en) Protecting mobile devices from unauthorized device resets
US10735261B2 (en) Smart upgrade of connected devices in a mesh network
CN112153646B (en) Authentication method, equipment and system
CN112487408B (en) Safe access method and system for in-vehicle ECU and storage medium
WO2018031176A1 (en) Precursory client configuration for network access
CN110621016B (en) User identity protection method, user terminal and base station
WO2022160124A1 (en) Service authorisation management method and apparatus
KR20200061702A (en) System for key control for in-vehicle network
US11848942B2 (en) Method for detecting intrusion in distributed field bus of a network and system thereof
CN110730447B (en) User identity protection method, user terminal and core network
GB2622820A (en) Method and system for authenticating microcontroller using on-the-fly authentication key
US10355891B2 (en) Authentication through voltage variations over communication channels
WO2023280601A1 (en) A method and system for validating security of a vehicle
CN114286318A (en) OTA upgrade package transmission method based on one secret
KR101974411B1 (en) In-vehicle secure communication support device and operating method thereof
US20230327869A1 (en) Authentication method and apparatus
US20230370278A1 (en) Vehicle network hashing
CN115938022B (en) Vehicle entity key safety authentication method and system
CN117407905B (en) Data encryption method, vehicle-mounted electronic system, electronic equipment and storage medium
US11743033B2 (en) Transmission of authentication keys
US20240147237A1 (en) Transmission of authentication keys