Search

US-12621666-B2 - Method for authenticating a central unit connected to peripheral units using a secure server

US12621666B2US 12621666 B2US12621666 B2US 12621666B2US-12621666-B2

Abstract

A method for authenticating a central unit communicating with peripheral units performing measurements, using a server device, each peripheral unit generates a shared encryption key, the server device generates a temporary session key and the same shared encryption key, then performs a first encryption in order to form a first shared dynamic encryption key, then performs a second encryption with the identifier of the central unit in order to give an encrypted central-unit information item as proof of authentication transmitted to the peripheral unit, the peripheral unit performs a reverse decryption in order to obtain the temporary session key, and an encryption with the central-unit identifier and the shared encryption key in order to give an encrypted identifier which is compared with the received encrypted central-unit information item in order to grant its authentication.

Inventors

  • Jean-Philippe BOISSET
  • Nicolas Guinart

Assignees

  • Continental Automotive Technologies GmbH

Dates

Publication Date
20260505
Application Date
20230421
Priority Date
20220427

Claims (9)

  1. 1 . A method for authenticating rights of a central unit of a user device for communicating bidirectionally at radio frequency with one or more peripheral units fixed to wheels of a motor vehicle which transmit raw measurement data consisting of measurements performed on tires of the vehicle which the one or more peripheral units acquire, each of the central unit and each of the one or more peripheral units possessing a specific identifier, this method using, over the Internet, an external server device comprising at least one secure server, comprising a secure connection between a plurality of the at least one secure server, and possessing, in a database, the identifier of the peripheral units, the method comprising the following successive steps: the central unit uses its identifier and a password to get itself recognized by each peripheral unit, each peripheral unit generates a symmetric shared random encryption key, and in parallel, the central unit establishes a secure connection with the server device, authenticating so that the server recognizes, in the server database, the specific identifier of the peripheral unit; the server device generates a dynamic temporary session key; the server device generates an encryption key which is the same as the symmetric shared encryption key on the basis of the identifier of the peripheral unit, then performs a first encryption with this shared encryption key and with the dynamic temporary session key in order to form a first shared dynamic encryption key, then performs a second encryption using the identifier of the central unit, and the symmetric shared encryption key or the dynamic temporary session key, in order to give an encrypted central-unit information item which is a proof of authentication; the shared dynamic encryption key and the encrypted central-unit information item are transmitted to the central unit, which transmits them, in its turn, to the peripheral units; the one or more peripheral unit perform a decryption which is the reverse of the first encryption, performed by the server device in its third step, with the shared encryption key and the shared dynamic encryption key, in order to obtain the dynamic temporary session key; and the one or more peripheral unit perform, in parallel, an encryption with its shared encryption key and the central-unit identifier in order to give a second encrypted information item, then compares this second encrypted information item with the received encrypted central-unit information item in order, if they coincide, to grant its authentication to this central unit.
  2. 2 . The method as claimed in claim 1 , wherein the peripheral unit performs, in a following step, an encryption of the raw data to be transmitted with the dynamic temporary session key, in order to form encrypted data transmitted to the central unit, which transmits them, in its turn, to the server device.
  3. 3 . The method as claimed in claim 1 , wherein the peripheral unit performs, in a following step, an encryption of the raw data to be transmitted with the shared dynamic encryption key, in order to form encrypted data transmitted to the central unit, which then carries out a decryption in order to obtain the raw data, with the shared dynamic encryption key which this central unit kept in memory.
  4. 4 . The method as claimed in claim 1 , wherein the server device comprises a single server which is secure, carrying out the second step of generating the dynamic temporary session key, and the third step, of generating the shared dynamic encryption key then the encrypted central-unit information item forming the proof of authentication.
  5. 5 . The method as claimed in claim 1 , wherein the server device comprises a first server possessing, in a database, the identifier of the peripheral unit and comprises the secure server possessing, in a database, the shared encryption key.
  6. 6 . The method as claimed in claim 5 , wherein the first server carries out the second step, of generating the dynamic temporary session key, then transmits this dynamic temporary session key and the identifier of the central unit to the secure server.
  7. 7 . The method as claimed in claim 6 , wherein the secure server then carries out the third step, of generating the shared dynamic encryption key, then the encrypted central-unit information item forming the proof of authentication.
  8. 8 . A system comprising a central unit, and peripheral units fixed to the wheels of a motor vehicle carrying out measurements on the tires of the wheels of the vehicle forming raw data, connected to one another at radio frequency, comprising devices implementing a method as claimed claim 1 .
  9. 9 . A motor vehicle comprising a central unit, and peripheral units fixed to the wheels of the motor vehicle carrying out measurements on the tires of the wheels of this vehicle forming raw data, comprising devices implementing a method as claimed in claim 1 .

Description

CROSS REFERENCE TO RELATED APPLICATIONS This application is the U.S. National Phase Application of PCT International Application No. PCT/EP2023/060421, filed Apr. 21, 2023, which claims priority to French Patent Application No. 2203920, filed Apr. 27, 2022, the contents of such applications being incorporated by reference herein. FIELD OF THE INVENTION The present invention relates to a method for authenticating the rights of a central unit to communicate with peripheral units fixed to the wheels of a motor vehicle using a secure server connected by an Internet connection, in order to carry out sensitive operations on these peripheral units, as well as units and a motor vehicle comprising devices implementing this method. BACKGROUND OF THE INVENTION One type of method of communication between a tire-pressure monitoring system (TPMS) of a motor vehicle and a smart device of a user of this vehicle, presented notably by the document FR-A1-3084310, incorporated herein by reference, comprises a peripheral unit installed on each wheel of the vehicle measuring parameters such as the inflation pressure and the temperature of the tire, which are transmitted at radio frequency, in particular using the Bluetooth standard, to a central unit arranged in the vehicle receiving information in order to process it and inform the driver or a repairer in order to alert them in the event that a problem is detected. In particular, the wheel units periodically transmit information to the central unit, using a specific unique identifier which makes it possible to identify the wheel concerned. Each wheel unit also possesses a wave receiver receiving signals from the central unit, in order to perform diagnostic, configuration or training operations on this wheel unit. The method exhibits the use of waves at ultra high frequency (UHF), exceeding one gigahertz, making it possible to offer new applications such as exchanging with devices which are external to the vehicle, notably a smartphone of the user. Moreover, generally, in the case of a system carrying out radiofrequency exchanges between a central unit of a user or client and peripheral units recording data, for example for these tire-pressure monitoring systems, it may be necessary to perform sensitive operations on these peripheral units, such as reprogramming them, using the Internet and cloud-computing services. Each unit possesses, as an identifier, a specific medium access control (MAC) address stored in a physical memory. The authentication of the central unit of the user by the peripheral units for carrying out sensitive operations such as reprogramming thereon poses problems for, in a simple way, without loading the server with exchanges of large volumes of data, ensuring a high level of security in order to avoid undesirable interventions by third parties such as piracy, and the confidentiality of the data exchanges. A notable aim of the present invention is to avoid these problems of the prior art. SUMMARY OF THE INVENTION It proposes, to this end, a method for authenticating the rights of a central unit of a user for communicating bidirectionally at radio frequency with one or more peripheral units fixed to the wheels of a motor vehicle which transmit raw measurement data consisting of measurements performed on the tires of the vehicle which they acquire, each central unit and peripheral unit possessing a specific identifier, this method using, over the Internet, an external server device comprising at least one secure server, comprising a link by a secure connection between them in the case of several servers, and possessing, in a database, the identifier of the peripheral units, this method being noteworthy in that it comprises the following successive steps: in a first step the central unit uses its identifier and a password to get itself recognized by each peripheral unit which generates a symmetric shared random encryption key, and in parallel the central unit establishes a secure connection with the server device, authenticating so that it recognizes, in its database, the identifier of the peripheral unit concerned;in a second step the server device generates a dynamic temporary session key;in a third step the server device generates the same symmetric shared encryption key on the basis of the identifier of the peripheral unit, then performs a first encryption with this shared encryption key and with the dynamic temporary session key in order to form a first shared dynamic encryption key, then performs a second encryption using the identifier of the central unit, and the symmetric shared encryption key or the dynamic temporary session key, in order to give an encrypted central-unit information item which is a proof of authentication;in a fourth step the shared dynamic encryption key and the encrypted central-unit information item are transmitted to the central unit, which transmits them, in its turn, to the peripheral unit;the peripheral unit performs, in a fif