1. Patent Search
  2. Details

METHOD FOR MONITORING A COMPONENT OF AN EFFECT CHAIN

20230072587 ยท 2023-03-09

    Inventors

    Cpc classification

    International classification

    Abstract

    A system for monitoring a component of an effect chain for an at least partially automated driving function of a motor vehicle. The system includes: a processor; one or more memory blocks, an input, set up to receive output data output by the component;

    computer-executable instructions, executable by the processor in order to implement one or more enclaves, using the one or more memory blocks, the one or more enclaves including a certificate enclave, which is set up to create a certificate for the component of the effect chain; an output, set up to output the certificate to the component, the certificate enclave being set up to check the output data received following output of the certificate, on the basis of the certificate, in order to output a check result, and a trigger device, set up to trigger a security action based on the check result.

    Claims

    1. A system for monitoring a component of an effect chain for an at least partially automated driving function of a motor vehicle, comprising: a computer platform, including: a processor; one or more memory blocks; an input configured to receive output data output from the component; computer-executable instructions executable by the processor to implement one or more enclaves, using the one or more memory blocks, the one or more enclaves including a certificate enclave configured to create a certificate for the component of the effect chain; an output configured to output the certificate to the component, the certificate enclave being configured to check the output data received following the output of the certificate, based on the certificate, to output a check result; and a trigger device configured to trigger a security action based on the check result.

    2. The system as recited in claim 1, wherein the one or more enclaves include a processing unit enclave, which is configured to implement a processing unit.

    3. The system as recited in claim 2, wherein the processing unit is configured to provide a lockstep function.

    4. The system as recited in claim 1, wherein the one or more enclaves include a time trigger enclave, which is configured to provide a time trigger function.

    5. The system as recited in claim 1, wherein the one or more enclaves include a watchdog enclave, which configured to provide a watchdog function.

    6. The system as recited in claim 1, wherein the one or more enclaves include an authentication management enclave, which is configured to provide an authentication management function.

    7. The system as recited in claim 6, wherein the authentication management enclave is configured to provide a key management function.

    8. The system as recited in claim 7, wherein the key management function is configured to provide a PUF for key management.

    9. The system as recited in claim 1, wherein the one or more enclaves include a test generator enclave, which is configured to provide a test generator function for testing the component, for testing the component during runtime.

    10. The system as recited in claim 1, wherein the one or more enclaves include a memory enclave, which is set up to provide a memory function for storing cryptographic data.

    11. The system as recited in claim 1, wherein the computer platform is an ASIC.

    12. The system as recited in claim 1, wherein the input is configured to receive configuration data for configuring the computer platform, the processor being set up to configure the computer platform based on the configuration data, during runtime.

    13. The system as recited in claim 12, wherein the processor is set up to configure the computer platform based on the configuration data only if the configuration data are signed with a valid signature.

    14. A method for monitoring a component of an effect chain for an at least partially automated driving function of a motor vehicle, using a system including a computer platform, the computer platform including: a processor, one or more memory blocks, an input configured to receive output data output from the component, computer-executable instructions executable by the processor to implement one or more enclaves, using the one or more memory blocks, the one or more enclaves including a certificate enclave configured to create a certificate for the component of the effect chain, an output configured to output the certificate to the component, the certificate enclave being configured to check the output data received following the output of the certificate, based on the certificate, to output a check result; and a trigger device configured to trigger a security action based on the check result; the method comprising the following steps: creating a certificate for the component of the effect chain using the certificate enclave; outputting the certificate to the component using the output; receiving output data output by the component by way of the input; checking the output data received following output of the certificate, based on the certificate, using the certificate enclave, to output a check result; and triggering a security action based on the check result, using the trigger device.

    15. A non-transitory machine-readable storage medium on which is stored a computer program for monitoring a component of an effect chain for an at least partially automated driving function of a motor vehicle, using a system including a computer platform, the computer platform including: a processor, one or more memory blocks, an input configured to receive output data output from the component, computer-executable instructions executable by the processor to implement one or more enclaves, using the one or more memory blocks, the one or more enclaves including a certificate enclave configured to create a certificate for the component of the effect chain, an output configured to output the certificate to the component, the certificate enclave being configured to check the output data received following the output of the certificate, based on the certificate, to output a check result; and a trigger device configured to trigger a security action based on the check result; the computer program, when executed by the system, causing the system to perform the following steps: creating a certificate for the component of the effect chain using the certificate enclave; outputting the certificate to the component using the output; receiving output data output by the component by way of the input; checking the output data received following output of the certificate, based on the certificate, using the certificate enclave, to output a check result; and triggering a security action based on the check result, using the trigger device.

    Description

    BRIEF DESCRIPTION OF THE DRAWINGS

    [0093] FIG. 1 shows a system for monitoring a component of an effect chain for an at least partially automated driving function of a vehicle, according to an example embodiment of the present invention.

    [0094] FIG. 2 shows a flow chart of a method for monitoring a component of an effect chain for an at least partially automated driving function of a motor vehicle, according to an example embodiment of the present invention.

    [0095] FIG. 3 shows a machine-readable storage medium, according to an example embodiment of the present invention.

    [0096] FIG. 4 shows a plurality of enclaves, according to an example embodiment of the present invention.

    DETAILED DESCRIPTION OF EXAMPLE EMBODIMENTS

    [0097] FIG. 1 shows a system 101 for monitoring a component of an effect chain for an at least partially automated driving function of a vehicle.

    [0098] For the sake of clarity, the component of the effect chain is not shown.

    [0099] System 101 comprises a computer platform 103. Computer platform 103 comprises a processor 105 and a first memory block 107, a second memory block 109, a third memory block 111, and a fourth memory block 113.

    [0100] Furthermore, computer platform 103 comprises an input 115, which is set up to receive output data output by the component.

    [0101] Furthermore, computer platform 103 comprises computer-executable instructions 116, which are executable by processor 105 in order to implement a first enclave 117 using first memory block 107 and second memory block 109, a second enclave 119 using third memory block 111, and a third enclave 121 using fourth memory block 113.

    [0102] Computer-executable instructions 116 are stored in a memory 122 of computer platform 103.

    [0103] First enclave 117 is a certificate enclave, which is set up to create a certificate for the component of the effect chain.

    [0104] Computer platform 103 comprises an output 123, which is set up to output the certificate to the component. Following output of the certificate, output data from the component are received by way of input 115. Certificate component 117 is set up to check the output data received following output of the first certificate, on the basis of the certificate, in order to output a check result.

    [0105] Computer platform 103 comprises a trigger device 125, which is set up to trigger one or more security actions on the basis of the check result.

    [0106] FIG. 2 shows a flow chart of a method for monitoring a component of an effect chain for an at least partially automated driving function of a vehicle, using a system according to the first aspect. The method comprises the following steps:

    [0107] creating 201 a certificate for the component of the effect chain by way of the certificate enclave,

    [0108] outputting 203 the certificate to the component by way of the output,

    [0109] receiving 205 output data output by the component by way of the input,

    [0110] checking 207 the output data received following output of the certificate, on the basis of the certificate, by way of the certificate enclave, in order to output a check result, triggering 209 a security action based on the check result, by way of the trigger device.

    [0111] FIG. 3 shows a machine-readable storage medium 301 on which a computer program 303 is stored. Computer program 303 comprises commands that, in response to the execution of computer program 303 by a system according to the first aspect, cause the system to carry out a method according to the second aspect.

    [0112] FIG. 4 shows a first enclave 401, a second enclave 403, a third enclave 405, a fourth enclave 407, and a fifth enclave 409. First enclave 401 provides a test generator function 411 for testing a component of an effect chain for an at least partially automated driving function of a vehicle. First enclave 401 is thus a test generator enclave.

    [0113] Second enclave 403 implements a first processing unit 413. The second enclave is thus a processing unit enclave.

    [0114] Third enclave 405 implements a second processing unit 415. Third enclave 405 is thus a processing unit enclave.

    [0115] Fourth enclave 407 provides a lockstep function 417. Lockstep function 417 is implemented in a processing unit 418, which is implemented in fourth enclave 407.

    [0116] Fifth enclave 409 provides an authentication management function 419. Fifth enclave 409 is thus an authentication management enclave.

    [0117] Furthermore, a heartbeat module 421 is provided, which provides a heartbeat function. The five enclaves 401, 403, 405, 407, 409 and heartbeat function 421 are connected to one another and are implemented, for example, in accordance with one specific embodiment, in a computer platform of a system according to the first aspect.

    [0118] According to one specific embodiment, heartbeat module 421 may be monitored by one or more of the five enclaves 401, 403, 405, 407, and 409.

    [0119] For example, the five enclaves 401, 403, 405, 407, and 409 and heartbeat module 421 are implemented as an ASIC module.