The invention relates to an electric wiring system of a motor vehicle with control devices that communicate with each other via a data bus, and with a communication apparatus inside the vehicle for data exchange with a remote communication station outside the vehicle via a communication channel.
Control devices in vehicles include as a rule a program- and a data memory that are written during production or in the factory with software and data. In a few control devices this data includes an authentication certificate in addition to a cryptographic key that are added by the manufacturer of the control device into the control device in a non-replaceable manner. If the certificate is no longer valid or was recalled, the functionality of the control device can no longer be used to the relevant extent. The control device must be replaced in the workshop by a new control device that has a valid certificate.
The invention solves the problem of creating an electric wiring system of a motor vehicle that can be reliably authenticated relative to at least one remote station.
The invention suggests in the case of the known electric wiring system of a motor vehicle with control devices that communicate with each other via a data bus and with a communication apparatus inside the vehicle for data exchange with at least a first remote communication station outside the vehicle via a communication channel that the first remote communication station outside the vehicle transmits at least one cryptographic key and/or at least one certificate for storage in a first control device of the plurality of control devices via the communication channel to the communication apparatus inside the vehicle. The communication apparatus inside the vehicle communicates with a data bus using data technology and the at least one cryptographic key and/or the at least one certificate is/are supplied to the first control device via the data bus. The first control device stores the at least one key and/or the at least one certificate in coded or decoded form. The at least one key and/or the at least one certificate is/are used at least in the framework of an authentication.
In the authentication a (public) certificate and a corresponding secret cryptographic key are required. The vehicle corroborates with the aid of the secret key that it is really the vehicle. For example, a CE device recognizes with the aid of the certificate that this vehicle is entitled to the communication. As a rule such a certificate contains the public key that fits the private key and contains a signature of the public key by the issuer of the certificate (e.g., the manufacturer of the CE device), as well as features for the validity and entitlement level.
The issuer of the certificate can recall the certificate in that, e.g., an appropriate blocking note is transmitted into the CE devices. The vehicle can then still authenticate but is no longer entitled to use/control the CE device. Inversely, e.g., even the manufacturer of the vehicle can recall certificates, e.g., of CE devices that were entitled to use interfaces to the vehicle.
If required, e.g., when a certificate has expired or been revoked, a new certificate must be installed in the vehicle. In the case of certificate revocation, even the secret key would usually be exchanged in this procedure since the reason for the certificate revocation is as a rule the fact that the previously secret key is no longer secret.
In order to exchange at least one certificate, a cryptographic key, a server address, an http proxy configuration, URLs, telephone numbers for dialing into a data service, e.g., in the first control device for an expired or recalled certificate, a communication connection is established preferably between the vehicle manufacturer (first remote communication station) and the vehicle in question and supplied to the first control device. Then a new authentication can take place with this new certificate.
An embodiment of the invention provides that a data unicate for authentication can be supplied to each first control device and therewith to each vehicle, that is, a one-time certificate individual for the control device or such a cryptographic key.
A further development of the invention provides that a certificate blocking list or a certificate blocking note is supplied to each first control device and therewith to each vehicle. Thus, the vehicle manufacturer can recall a certificate for a second remote communication station outside the vehicle.
Such data unicates (cryptographic keys, certificates, etc.) are used in accordance with the invention especially for processes for digital legal monitoring, for device authentication (remote device authenticates against the vehicle and/or vehicle authenticates against the remote device), for access monitoring in secure communication (client authentication), for browser certificates for server authentication and for other client-related individual data and programs. This makes possible for the driver of the vehicle the inclusion of consumer electronic data terminals in the vehicle and the operation via apparatuses of the vehicle as well as a plurality of new applications in the vehicle. This also makes possible the access of a consumer electronic data terminal to the vehicle's systems such as GPS, speaker, displays, controls, etc., under the control of the vehicle's manufacturer.
An embodiment of the invention provides that the authentication between the first control device and a second remote communication station outside the vehicle takes place, e.g., relative to the Web server of a third party or also relative to the first remote communication station outside the vehicle.
An embodiment of the invention provides that the authentication takes place between the first control device and an electronic data terminal located in the vehicle, in particular, a consumer electronic data terminal.
Another preferred embodiment of the invention provides that the authentication takes place between the first control device and the first remote communication station outside the vehicle.
An embodiment of the invention provides that a coded data exchange takes place via the communication channel, which communication channel is preferably formed by a mobile radio network, in particular a mobile telephone network, or a data network such as LAN or W-LAN.
An embodiment of the invention provides that the communication apparatus inside the vehicle is formed by a network access device inside the vehicle, in particular a mobile telephone built in the vehicle or by such a W-LAN transmitter/receiver. The “network” is in particular the network of a mobile radio—and/or radio data transmission provider.
A further embodiment of the invention provides that the communication apparatus inside the vehicle is formed by a portable mobile telephone. A portable mobile telephone is a customary mobile telephone that is not built into the vehicle.
An embodiment of the invention provides that the first remote communication station outside the vehicle brings about the transmission and that the at least one key and/or the at least one certificate and/or the certificate revocation list replaces an expired or recalled key and/or an expired or recalled certificate and/or an outdated certificate list in the first control device.
An embodiment of the invention provides that the first control device brings about the transmission and that the at least one key and/or the at least one certificate and/or the certificate revocation list replaces an expired or recalled key and/or an expired or recalled certificate and/or an outdated certificate list in the first control device.
Other objects, advantages and novel features of the present invention will become apparent from the following detailed description of one or more preferred embodiments when considered in conjunction with the accompanying drawings.