Search

EP-4738171-A1 - DECENTRALIZED IDENTITY MANAGEMENT

EP4738171A1EP 4738171 A1EP4738171 A1EP 4738171A1EP-4738171-A1

Abstract

A decentralized identity management system is provided which stores identification information for a network, and configuration history information, across a distributed ledger across a plurality of electronic control units of the network. Each change to the network is recorded in a sequence of records held on the distributed ledger.

Inventors

  • Steinacker, Domenic
  • Zulauf, Robert

Assignees

  • Aptiv Technologies AG

Dates

Publication Date
20260506
Application Date
20241031

Claims (14)

  1. An identity management system, comprising: a network of a plurality of electronic control units, ECUs, wherein each ECU is a node of a distributed ledger for sharing identification information; wherein each of the ECUs is configured to store a sequence of records defining network identification information, in which a genesis record of the sequence comprises the network identity, and each record subsequent to the genesis record defines a change to a configuration of the network recorded by the network, and a link to the previous record in the sequence, wherein the identity management system is arranged to obtain the identity and a configuration history of the network from the latest record in the sequence held by any one of the plurality of ECUs of the distributed ledger and to perform one or more operations in accordance with the obtained network identity and/or configuration history.
  2. The identity management system of claim 1, wherein each record of the sequence of records is a block of a blockchain, in which each block comprises a cryptographic hash of a previous block in the blockchain.
  3. The identity management system of claim 2, wherein a group of the plurality of ECUs is an authorisation council comprising a plurality of authorisation nodes, wherein the authorisation council is configured to: maintain the blockchain; validate one or more ECUs; and authorise network configuration changes, according to a majority voting scheme amongst the plurality of authorisation nodes.
  4. The identity management system of claim 3, wherein the network configuration changes comprise: adding an ECU to the network; removing an ECU from the network; recording a change in functionality of an ECU; and recording a software or firmware change of an ECU.
  5. The identity management system of claim 3 or claim 4, wherein the authorisation nodes comprise ECUs having a functionality greater than a threshold level of functionality.
  6. The identity management system of any one of claims 3 to 5, wherein the network is arranged to receive a record of genesis transactions from a provisioning authority, wherein an ECU is arranged to determine that it is an authorisation node if it is part of the genesis transactions received from the provisioning authority, wherein each ECU that is determined to be an authorisation node is arranged to create a block of the blockchain, comprising a genesis identity of the network and the genesis transactions received from the provisioning authority; wherein if respective blocks created by each and every authorisation node are the same, the block is validated as a genesis block and the blockchain is initiated with the genesis block, and a secure channel is established between each pair of authorisation nodes using information from the genesis transactions.
  7. The identity management system of claim 6, wherein a requesting ECU is arranged to broadcast a request to join the distributed ledger if it does not store a valid block of the blockchain, wherein the request comprises identification information for the requesting ECU, wherein: if the authorisation council validates the requesting ECU, the requesting ECU is arranged to receive the blockchain from the authorisation council, and the authorisation council is arranged to update the blockchain with a block comprising a transaction representing a network configuration change comprising the addition of the identification information of the requesting ECU, across the distributed ledger.
  8. The identity management system of claim 7, wherein the request comprises one or more of: an identification number, a serial number, a network address, a digital product passport, a software version, an authentication certificate, a token, and a public key.
  9. The identity management system of any one of the preceding claims, wherein the one or more operations comprise managing access to one or more services in dependence upon network identity and/or configuration history.
  10. The identity management system of any one of claims 1 to 8, wherein the one or more operations comprise one or more of: disabling or requesting a reboot of one or more ECUs; and triggering a notification.
  11. The identity management system of any one of claims 1 to 8, wherein the one or more operations comprise remote attestation from each ECU to each other ECU, and disabling or requesting a reboot of an ECU, or triggering a notification if the remote attestation fails.
  12. The identity management system of any one of claims 1 to 8, wherein the network comprises ECUs of a vehicle control system, and the network information comprises vehicle identity information, wherein the one or more operations include: managing access to a service in accordance with a subscription associated with the vehicle identity information; disabling one or more ECUs in accordance with a subscription associated with the vehicle identity information, or a software or firmware version; and sharing vehicle identity information and/or configuration information with an external entity.
  13. A method of managing identification information, comprising an electronic control unit, ECU, performing the steps of: receiving a record of genesis transactions from a provisioning authority, acquiring authorisation node status in a network of ECUs if the ECU is part of the genesis transactions received from the provisioning authority, responsive to the ECU determining that it is an authorisation node, creating a block of the blockchain, comprising a genesis identity of the network and the genesis transactions received from the provisioning authority; responsive to the ECU determining that the block and each respective block created by each and every other authorisation node in the network of ECUs are the same, storing a blockchain initiated with the block as a genesis block, and establishing a respective secure channel with each of the other authorisation nodes using the genesis transactions; wherein the ECU is comprised within a distributed ledger storing network identification information and configuration history information for use in one or more operations by an identification management system.
  14. A computer program which, when executed by the ECU, is arranged to perform the method of claim 13.

Description

Field The present disclosure relates to an identity management system for a network of electronic control units (ECUs). Particularly, but not exclusively, the present disclosure relates to an identity management system for a vehicle. The present disclosure concerns building and maintaining an identity using a decentralized management system based on use of a distributed ledger. Background Identity management solutions typically rely on centralized approaches, where identity and configuration information is managed by external infrastructure. This centralized approach presents several challenges and limitations. One significant problem is the requirement for regular secure communication between a network whose identity is managed, and the external infrastructure. This dependency can lead to reduced reliability and potential security vulnerabilities. Threats may emerge in either direction, depending on whether the network or the external infrastructure becomes unavailable or compromised. Conventional solutions also face challenges in efficiently handling frequent updates and changes to the configuration of a system, such as functionality changes or software updates, or the addition or removal of ECUs. These changes often require time-consuming and potentially insecure interactions with external systems in order for configuration information to be recorded accurately. At times, the external systems may be unavailable, either deliberately, or unintentionally. In some cases, some changes, such as ECU replacements or repairs may not be documented as a consequence. In implementations in which the external infrastructure is a single control unit, or even implementations in which such a single control unit is part of the network whose identity is to be managed, there is a reliance on the authority of a single node in the network to govern the entire network, which can present operational and security risks. For example, if a central authority is damaged or is maliciously altered or replaced, the entire network can be compromised. As such, there is a growing need for a more flexible and robust approach to managing identification information to provide a trusted execution environment for different types of services that depend on the identification information. Embodiments of the present disclosure aim to address this need by introducing a decentralized identity management system based on distributed ledger technology. Summary According to a first aspect, there is provided an identity management system, comprising: a network of a plurality of electronic control units, ECUs, wherein each ECU is a node of a distributed ledger for sharing identification information; wherein each of the ECUs is configured to store a sequence of records defining network identification information, in which a genesis record of the sequence comprises the network identity, and each record subsequent to the genesis record defines a change to a configuration of the network recorded by the network, and a link to the previous record in the sequence, wherein the identity management system is arranged to obtain the identity and a configuration history of the network from the latest record in the sequence held by any one of the plurality of ECUs of the distributed ledger and to perform one or more operations in accordance with the obtained network identity and/or configuration history. By utilizing a distributed ledger across multiple ECUs, the system eliminates single points of failure and reduces dependency on external infrastructure. This enhances overall reliability and resilience of the network. Further, the network identity is based on all ECU identities, such that changes to any ECU or its configuration are reflected in the network identity, while recording a history of configuration changes ensures that a current network identity can be determined to be authentic. In embodiments, each record of the sequence of records is a block of a blockchain, in which each block comprises a cryptographic hash of a previous block in the blockchain. In this manner, data integrity and immutability are ensured, facilitating verification of the entire configuration history, and recording every configuration change. In embodiments, a group of the plurality of ECUs is an authorisation council comprising a plurality of authorisation nodes, wherein the authorisation council is configured to: maintain the blockchain; validate one or more ECUs; and authorise network configuration changes, according to a majority voting scheme amongst the plurality of authorisation nodes. In this manner, unauthorised network changes can be prevented, and identity management can be sustained by democratic self-governance by the ECUs in the network. In embodiments, the network configuration changes comprise: adding an ECU to the network; removing an ECU from the network; recording a change in functionality of an ECU; and recording a software or firmware change of an ECU. In this manner