US9270468B2ActiveUtilityA1

Methods to improve secure flash programming

68
Assignee: GM GLOBAL TECH OPERATIONS INCPriority: May 29, 2013Filed: May 29, 2013Granted: Feb 23, 2016
Est. expiryMay 29, 2033(~6.9 yrs left)· nominal 20-yr term from priority
H04L 9/3247H04L 9/3263H04L 2209/84H04L 9/007H04L 2209/72H04L 2209/24G06F 12/1408H04L 2209/64G06F 2212/1052
68
PatentIndex Score
2
Cited by
2
References
4
Claims

Abstract

Methods are provided for securely loading software objects into an electronic control unit. The methods include receiving a first software object comprising a second level public key certificate, a first encryption signature and a first set of software. Once the first software object is received, validating the first second level public key is validated with the embedded root public key, the first encryption signature with the first second level public key certificate, and the first set of software with the first encryption signature. When the first set of software is valid, then the first second level public key certificate and the first set of software are stored to non-volatile memory. Once stored, a consecutive software object is received comprising only a consecutive encryption signature and a consecutive set of software from the programming source. The consecutive encryption signature is validated with the stored second level public key certificate, and the consecutive set of software is validated with the consecutive encryption signature.

Claims

exact text as granted — not AI-modified
What is claimed is: 
     
       1. A method for loading multiple software objects into a computing device containing an embedded public root key and a stored first second level public key certificate when there is a different subsequent second level public key certificate associated with a second software object being loaded, the method comprising:
 receiving a first software object comprising a first second level public key certificate, an encryption signature and a first set of software from a programming source; 
 determining that the second software object received is associated with the subsequent second level public key certificate that is different than the first second level public key certificate; 
 when the subsequent second level public key certificate is the same as the first second level public key certificate, then validating the encryption signature associated with the second software object with the first second level public key certificate and writing the second software object to a non-volatile memory of the computing device; 
 when the subsequent second level public key certificate is different from the stored first second level public key certificate, then validating the subsequent second level public key certificate with the embedded public root key; 
 validating the encryption signature using the subsequent second level public key certificate; 
 validating the second software object with their encryption signatures; and 
 when the second software object is valid, then storing the subsequent second level public key certificate to the non-volatile memory and writing the second software object to a non-volatile memory. 
 
     
     
       2. The method of  claim 1 , wherein the embedded public root key is an asynchronous public encryption key. 
     
     
       3. A vehicle comprising:
 an electronically controlled device; 
 an electronic control unit (ECU) configured to control the electronically controlled device, the ECU containing an embedded public root key and a stored first second level public key certificate; and 
 a boot loader, the boot loader configured to load software into the ECU when there is a different subsequent second level public key certificate associated with a second software object being loaded by:
 receiving a first software object comprising a first second level public key certificate, an encryption signature and a first set of software from a programming source; 
 determining that the second software object received is associated with the subsequent second level public key certificate that is different than the first second level public key certificate; 
 when the subsequent second level public key certificate is the same as the first second level public key certificate, then validating the encryption signature associated with the second software object with the first second level public key certificate and writing the second software object to a non-volatile memory of the computing device; 
 when the subsequent second level public key certificate is different from the stored first second level public key certificate, then validating the subsequent second level public key certificate with the embedded public root key; 
 validating the encryption signature using the subsequent second level public key certificate; 
 validating the second software object with their encryption signatures; and 
 when the second software object is valid, then storing the subsequent second level public key certificate to the non-volatile memory and writing the second software object to a non-volatile memory. 
 
 
     
     
       4. The vehicle of  claim 3 , wherein the embedded public root key is an asynchronous public encryption key.

Cited by (0)

No later patents cite this yet.

References (0)

No backward citations on record.