Patents by Inventor Andreas SOENKENS
Andreas SOENKENS has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 11822661Abstract: A method for carrying out a secured startup sequence of a control unit, which includes a host that is configured to execute a loader program and one or multiple application programs, and a hardware security module (HSM) which includes a program memory and a data memory. The method includes a starting of the host and of the HSM; an authentication of the loader program by the HSM with the aid of a loader program signature stored in the program memory of the HSM; and, an execution of the loader program by the host if the authentication of the loader program is successful.Type: GrantFiled: June 23, 2021Date of Patent: November 21, 2023Assignee: ROBERT BOSCH GMBHInventors: Andreas Soenkens, Bjoern Kasper, Jens Schmuelling, Thorsten Schwepp
-
Patent number: 11748275Abstract: A method for securely updating a control unit. The control unit includes a host configured to execute an update program and at least one application program, a memory, which contains the programs and data, and a hardware security module (HSM) which is configured to block and to unblock a write access to the memory. The method includes starting the host and the HSM; blocking the write access by the HSM; starting the update program; determining by the update program whether a request of a caller to carry out an update is present; if a request is present, checking an authorization of the caller by the HSM to carry out an update, the authorization of the caller being confirmed by a confirmation unit differing from the control unit; and if the caller is authorized, unblocking the write access and rewriting at least a portion of the memory by the update program.Type: GrantFiled: June 24, 2021Date of Patent: September 5, 2023Assignee: ROBERT BOSCH GMBHInventors: Andreas Soenkens, Bjoern Kasper, Jens Schmuelling, Thorsten Schwepp
-
Patent number: 11238166Abstract: Data processing device, in particular, for a control unit, the data processing device including at least one computing device, a memory device, a hardware security module and at least one cryptography module.Type: GrantFiled: May 21, 2019Date of Patent: February 1, 2022Assignee: Robert Bosch GmbHInventors: Juergen Schramm, Andreas Soenkens, Bjoern Kasper
-
Publication number: 20210406361Abstract: A method for securely updating a control unit. The control unit includes a host configured to execute an update program and at least one application program, a memory, which contains the programs and data, and a hardware security module (HSM) which is configured to block and to unblock a write access to the memory. The method includes starting the host and the HSM; blocking the write access by the HSM; starting the update program; determining by the update program whether a request of a caller to carry out an update is present; if a request is present, checking an authorization of the caller by the HSM to carry out an update, the authorization of the caller being confirmed by a confirmation unit differing from the control unit; and if the caller is authorized, unblocking the write access and rewriting at least a portion of the memory by the update program.Type: ApplicationFiled: June 24, 2021Publication date: December 30, 2021Inventors: Andreas Soenkens, Bjoern Kasper, Jens Schmuelling, Thorsten Schwepp
-
Publication number: 20210406375Abstract: A method for carrying out a secured startup sequence of a control unit, which includes a host that is configured to execute a loader program and one or multiple application programs, and a hardware security module (HSM) which includes a program memory and a data memory. The method includes a starting of the host and of the HSM; an authentication of the loader program by the HSM with the aid of a loader program signature stored in the program memory of the HSM; and, an execution of the loader program by the host if the authentication of the loader program is successful.Type: ApplicationFiled: June 23, 2021Publication date: December 30, 2021Inventors: Andreas Soenkens, Bjoern Kasper, Jens Schmuelling, Thorsten Schwepp
-
Patent number: 10701101Abstract: A method for averting a manipulation on a CAN bus using a first node connected to the bus by a CAN controller includes a secured transmit module of the first node monitoring the bus; the transmit module recognizing transmission processes of the CAN controller in a normal operation of the first node; the transmit module recognizing a message transmitted impermissibly on the bus in a manner deviating from the normal operation; and, in the event the transmit module recognizes the message, the transmit module initiating countermeasures provided against the manipulation.Type: GrantFiled: October 10, 2016Date of Patent: June 30, 2020Assignee: Robert Bosch GmbHInventors: Andreas Soenkens, Arthur Mutter, Florian Hartwich, Thomas Keller, Timo Lothspeich
-
Publication number: 20190362082Abstract: Data processing device, in particular, for a control unit, the data processing device including at least one computing device, a memory device, a hardware security module and at least one cryptography module.Type: ApplicationFiled: May 21, 2019Publication date: November 28, 2019Inventors: Juergen Schramm, Andreas Soenkens, Bjoern Kasper
-
Patent number: 10305679Abstract: A method for implementing a communication between at least two control units, and a control unit interconnection for implementing the method are provided. An electronic hardware security module is provided in each control unit, the communication taking place via an additional communications link.Type: GrantFiled: May 6, 2015Date of Patent: May 28, 2019Assignee: ROBERT BOSCH GMBHInventors: Werner Quirant, Andreas Soenkens, Thomas Kuhn, Stefan Schneider
-
Patent number: 10291402Abstract: In a method for cryptographically processing data which are exchanged between a first unit and a control unit, a derived key is used in this process, which is derived from a secret key and an identifier. The exchanged data are encrypted using the derived key, and the exchanged data are encrypted in a tool chain, which provides the identifier.Type: GrantFiled: January 25, 2016Date of Patent: May 14, 2019Assignee: ROBERT BOSCH GMBHInventors: Bjoern Kasper, Thorsten Schwepp, Andreas Soenkens
-
Publication number: 20180302431Abstract: A method for averting a manipulation on a CAN bus using a first node connected to the bus by a CAN controller includes a secured transmit module of the first node monitoring the bus; the transmit module recognizing transmission processes of the CAN controller in a normal operation of the first node; the transmit module recognizing a message transmitted impermissibly on the bus in a manner deviating from the normal operation; and, in the event the transmit module recognizes the message, the transmit module initiating countermeasures provided against the manipulation.Type: ApplicationFiled: October 10, 2016Publication date: October 18, 2018Inventors: Andreas Soenkens, Arthur Mutter, Florian Hartwich, Thomas Keller, Timo Lothspeich
-
Patent number: 10025954Abstract: A method for operating a control unit, such a control unit, and an electronic hardware security module are provided. A manipulation of a main computer unit is detected by the electronic hardware security module, and a check takes place whether reprogramming is possible.Type: GrantFiled: May 6, 2015Date of Patent: July 17, 2018Assignee: ROBERT BOSCH GMBHInventors: Martin Emele, Thomas Keller, Andreas Soenkens, Stefan Schneider
-
Patent number: 9894081Abstract: A method and device for avoiding manipulation of a data transmission. A message containing a message authentication code is received at a processing unit, the message from the processing unit is transferred to a hardware module, a check value as a function of the received message is computed in the hardware module, the received message authentication code and the check value are compared in the hardware module, a result of the comparison is transferred from the hardware module to the processing unit as an output variable, the message authentication code received in the message from the processing unit is checked in the processing unit based on the output variable.Type: GrantFiled: April 19, 2017Date of Patent: February 13, 2018Assignee: ROBERT BOSCH GMBHInventors: Dirk Wagner, Andreas Soenkens, Frank Ahnert, Juergen Schramm, Thomas Hartgen, Werner Stadler
-
Publication number: 20170310684Abstract: A method and device for avoiding manipulation of a data transmission. A message containing a message authentication code is received at a processing unit, the message from the processing unit is transferred to a hardware module, a check value as a function of the received message is computed in the hardware module, the received message authentication code and the check value are compared in the hardware module, a result of the comparison is transferred from the hardware module to the processing unit as an output variable, the message authentication code received in the message from the processing unit is checked in the processing unit based on the output variable.Type: ApplicationFiled: April 19, 2017Publication date: October 26, 2017Inventors: Dirk Wagner, Andreas Soenkens, Frank Ahnert, Juergen Schramm, Thomas Hartgen, Werner Stadler
-
Patent number: 9602487Abstract: A method for authenticating a transmitter to a receiver, as well as for the protected transmission of messages; both the transmitter, as well as the receiver at least having a first common key; a random number, as well as at least one first partial code of a first code calculated from the random number with the aid of the first key from the receiver to the transmitter being transmitted in a synchronization message; the first partial code being checked by the transmitter; a first counter being generated by the transmitter; useful data, as well as a first partial counter of first counter and at least one second partial code of a second code calculated with the aid of a second key being transmitted by the transmitter to the receiver in a message; and the receiver checking the second partial code to verify the transmitter, as well as the transmitted message.Type: GrantFiled: September 10, 2014Date of Patent: March 21, 2017Assignee: ROBERT BOSCH GMBHInventors: Bjoern Kasper, Andreas Soenkens, Thorsten Schwepp
-
Publication number: 20160217303Abstract: In a method for cryptographically processing data which are exchanged between a first unit and a control unit, a derived key is used in this process, which is derived from a secret key and an identifier. The exchanged data are encrypted using the derived key, and the exchanged data are encrypted in a tool chain, which provides the identifier.Type: ApplicationFiled: January 25, 2016Publication date: July 28, 2016Inventors: Bjoern Kasper, Thorsten Schwepp, Andreas Soenkens
-
Publication number: 20150324583Abstract: A method for operating a control unit, such a control unit, and an electronic hardware security module are provided. A manipulation of a main computer unit is detected by the electronic hardware security module, and a check takes place whether reprogramming is possible.Type: ApplicationFiled: May 6, 2015Publication date: November 12, 2015Inventors: Martin EMELE, Thomas KELLER, Andreas SOENKENS, Stefan SCHNEIDER
-
Publication number: 20150324610Abstract: A method and an electronic hardware security module are provided for managing software functionalities in a control unit. The hardware security module records results of a security functionality and acts on software functionalities as a function of the results.Type: ApplicationFiled: May 12, 2015Publication date: November 12, 2015Inventors: Markus IHLE, Ingo OPFERKUCH, Thomas KELLER, Andreas SOENKENS, Thomas KUHN, Stefan SCHNEIDER
-
Publication number: 20150324576Abstract: A method for implementing a communication between at least two control units, and a control unit interconnection for implementing the method are provided. An electronic hardware security module is provided in each control unit, the communication taking place via an additional communications link.Type: ApplicationFiled: May 6, 2015Publication date: November 12, 2015Inventors: Werner QUIRANT, Andreas SOENKENS, Thomas KUHN, Stefan SCHNEIDER
-
Publication number: 20150323919Abstract: In a method for operating a control unit using an electronic hardware security module, a secure layer is provided, which is assigned to the hardware security module and monitors the operation of the main computer unit. The secure layer switches to an operation under emergency conditions if a malfunction is present.Type: ApplicationFiled: May 4, 2015Publication date: November 12, 2015Inventors: Thorsten Schwepp, Markus Ihle, Andreas Soenkens, Thomas Kuhn, Stefan Schneider
-
Publication number: 20150074404Abstract: A method for authenticating a transmitter to a receiver, as well as for the protected transmission of messages; both the transmitter, as well as the receiver at least having a first common key; a random number, as well as at least one first partial code of a first code calculated from the random number with the aid of the first key from the receiver to the transmitter being transmitted in a synchronization message; the first partial code being checked by the transmitter; a first counter being generated by the transmitter; useful data, as well as a first partial counter of first counter and at least one second partial code of a second code calculated with the aid of a second key being transmitted by the transmitter to the receiver in a message; and the receiver checking the second partial code to verify the transmitter, as well as the transmitted message.Type: ApplicationFiled: September 10, 2014Publication date: March 12, 2015Applicant: ROBERT BOSCH GMBHInventors: Bjoern KASPER, Andreas SOENKENS, Thorsten SCHWEPP