Abstract: A method for carrying out a secured startup sequence of a control unit, which includes a host that is configured to execute a loader program and one or multiple application programs, and a hardware security module (HSM) which includes a program memory and a data memory. The method includes a starting of the host and of the HSM; an authentication of the loader program by the HSM with the aid of a loader program signature stored in the program memory of the HSM; and, an execution of the loader program by the host if the authentication of the loader program is successful.

Abstract: A method for securely updating a control unit. The control unit includes a host configured to execute an update program and at least one application program, a memory, which contains the programs and data, and a hardware security module (HSM) which is configured to block and to unblock a write access to the memory. The method includes starting the host and the HSM; blocking the write access by the HSM; starting the update program; determining by the update program whether a request of a caller to carry out an update is present; if a request is present, checking an authorization of the caller by the HSM to carry out an update, the authorization of the caller being confirmed by a confirmation unit differing from the control unit; and if the caller is authorized, unblocking the write access and rewriting at least a portion of the memory by the update program.

Abstract: Data processing device, in particular, for a control unit, the data processing device including at least one computing device, a memory device, a hardware security module and at least one cryptography module.

Abstract: A method for securely updating a control unit. The control unit includes a host configured to execute an update program and at least one application program, a memory, which contains the programs and data, and a hardware security module (HSM) which is configured to block and to unblock a write access to the memory. The method includes starting the host and the HSM; blocking the write access by the HSM; starting the update program; determining by the update program whether a request of a caller to carry out an update is present; if a request is present, checking an authorization of the caller by the HSM to carry out an update, the authorization of the caller being confirmed by a confirmation unit differing from the control unit; and if the caller is authorized, unblocking the write access and rewriting at least a portion of the memory by the update program.

Abstract: A method for carrying out a secured startup sequence of a control unit, which includes a host that is configured to execute a loader program and one or multiple application programs, and a hardware security module (HSM) which includes a program memory and a data memory. The method includes a starting of the host and of the HSM; an authentication of the loader program by the HSM with the aid of a loader program signature stored in the program memory of the HSM; and, an execution of the loader program by the host if the authentication of the loader program is successful.

Abstract: A method for averting a manipulation on a CAN bus using a first node connected to the bus by a CAN controller includes a secured transmit module of the first node monitoring the bus; the transmit module recognizing transmission processes of the CAN controller in a normal operation of the first node; the transmit module recognizing a message transmitted impermissibly on the bus in a manner deviating from the normal operation; and, in the event the transmit module recognizes the message, the transmit module initiating countermeasures provided against the manipulation.

Abstract: Data processing device, in particular, for a control unit, the data processing device including at least one computing device, a memory device, a hardware security module and at least one cryptography module.

Abstract: A method for implementing a communication between at least two control units, and a control unit interconnection for implementing the method are provided. An electronic hardware security module is provided in each control unit, the communication taking place via an additional communications link.

Abstract: In a method for cryptographically processing data which are exchanged between a first unit and a control unit, a derived key is used in this process, which is derived from a secret key and an identifier. The exchanged data are encrypted using the derived key, and the exchanged data are encrypted in a tool chain, which provides the identifier.

Abstract: A method for averting a manipulation on a CAN bus using a first node connected to the bus by a CAN controller includes a secured transmit module of the first node monitoring the bus; the transmit module recognizing transmission processes of the CAN controller in a normal operation of the first node; the transmit module recognizing a message transmitted impermissibly on the bus in a manner deviating from the normal operation; and, in the event the transmit module recognizes the message, the transmit module initiating countermeasures provided against the manipulation.

Abstract: A method for operating a control unit, such a control unit, and an electronic hardware security module are provided. A manipulation of a main computer unit is detected by the electronic hardware security module, and a check takes place whether reprogramming is possible.

Abstract: A method and device for avoiding manipulation of a data transmission. A message containing a message authentication code is received at a processing unit, the message from the processing unit is transferred to a hardware module, a check value as a function of the received message is computed in the hardware module, the received message authentication code and the check value are compared in the hardware module, a result of the comparison is transferred from the hardware module to the processing unit as an output variable, the message authentication code received in the message from the processing unit is checked in the processing unit based on the output variable.

Abstract: A method and device for avoiding manipulation of a data transmission. A message containing a message authentication code is received at a processing unit, the message from the processing unit is transferred to a hardware module, a check value as a function of the received message is computed in the hardware module, the received message authentication code and the check value are compared in the hardware module, a result of the comparison is transferred from the hardware module to the processing unit as an output variable, the message authentication code received in the message from the processing unit is checked in the processing unit based on the output variable.

Abstract: A method for authenticating a transmitter to a receiver, as well as for the protected transmission of messages; both the transmitter, as well as the receiver at least having a first common key; a random number, as well as at least one first partial code of a first code calculated from the random number with the aid of the first key from the receiver to the transmitter being transmitted in a synchronization message; the first partial code being checked by the transmitter; a first counter being generated by the transmitter; useful data, as well as a first partial counter of first counter and at least one second partial code of a second code calculated with the aid of a second key being transmitted by the transmitter to the receiver in a message; and the receiver checking the second partial code to verify the transmitter, as well as the transmitted message.

Abstract: In a method for cryptographically processing data which are exchanged between a first unit and a control unit, a derived key is used in this process, which is derived from a secret key and an identifier. The exchanged data are encrypted using the derived key, and the exchanged data are encrypted in a tool chain, which provides the identifier.

Abstract: A method for operating a control unit, such a control unit, and an electronic hardware security module are provided. A manipulation of a main computer unit is detected by the electronic hardware security module, and a check takes place whether reprogramming is possible.

Abstract: A method for implementing a communication between at least two control units, and a control unit interconnection for implementing the method are provided. An electronic hardware security module is provided in each control unit, the communication taking place via an additional communications link.

Abstract: In a method for operating a control unit using an electronic hardware security module, a secure layer is provided, which is assigned to the hardware security module and monitors the operation of the main computer unit. The secure layer switches to an operation under emergency conditions if a malfunction is present.

Abstract: A method and an electronic hardware security module are provided for managing software functionalities in a control unit. The hardware security module records results of a security functionality and acts on software functionalities as a function of the results.

Abstract: A method for authenticating a transmitter to a receiver, as well as for the protected transmission of messages; both the transmitter, as well as the receiver at least having a first common key; a random number, as well as at least one first partial code of a first code calculated from the random number with the aid of the first key from the receiver to the transmitter being transmitted in a synchronization message; the first partial code being checked by the transmitter; a first counter being generated by the transmitter; useful data, as well as a first partial counter of first counter and at least one second partial code of a second code calculated with the aid of a second key being transmitted by the transmitter to the receiver in a message; and the receiver checking the second partial code to verify the transmitter, as well as the transmitted message.