Abstract: A key generation device for a vehicle-internal communication system and a method for the vehicle-internal management of cryptographic keys comprises providing at least one secret for a vehicle-internal key generation device and generation of at least one new cryptographic key by the vehicle-internal key generation device on the basis of the at least one secret. The generation and providing of the at least one new cryptographic key takes place autonomously and is triggered by a key-exchange event, or a combination of key-exchange events. The key-exchange event may be one of a vehicle-internal change, an environmental change and a security key.

Abstract: This patent application is directed to a method for detecting intrusions and anomalies, an intrusion and anomaly detecting edge computing unit, and a system for detecting intrusions and anomalies.

Abstract: A method of monitoring execution of computer instructions includes receiving data items representing real-time measurements of side-channel information emanating from execution of computer instructions, each data item forming a value of a corresponding dimension of a side-channel information vector, receiving, for two or more of the dimensions of the side-channel vector, classifiers that assign the corresponding values of a side-channel vector to classes, and classifying the data items in accordance with the received classifiers, wherein an orthogonal distance of the data item from the classifier indicates a confidence value of the classification, generating a combined a confidence value for the side-channel information vector a, and outputting a signal if a confidence value indicates affiliation to a selected one of the two classes with a predetermined probability. The method conducts a self-test by generating a combined confidence value based to ensure correct outputting of the confidence value.

Abstract: A method of identifying errors or manipulations of data or software, includes receiving a first hash value stored in a first block of the memory, receiving a second hash value from a reference memory, and comparing the hash values. If different, error correction information and the content of the first block is received. The content of the first block is reconstructed by in accordance with the error correction information, generating a hash value and comparing the hash value of the modified content with the received first hash value, until the modified content and the received hash values are identical. The content of the first block received from the reference memory and the content of the reconstructed first block stored in the memory of the device are compared for identifying the differences in the content.

Abstract: A method for providing random numbers for control units communicating via a vehicle network, in which a random number generator having an aggregation component, a storage unit and a distribution component is provided. A plurality of control units each with at least one entropy source are formed. Their raw data are transmitted to the aggregation component via the vehicle network. A quality assurance of the combined raw data from the entropy sources is carried out using only those combined raw data which both occur in a non-deterministic manner and contain a minimum degree of entropy as qualified raw data. The qualified raw data are converted into an aggregated data block by a cryptographic one-way function and securely stored as a random number in the storage unit. The random number stored in the storage unit is transmitted to a control unit via the vehicle network by the distribution component.

Abstract: A method of secure data export from an automotive ECU to a requesting entity includes receiving a signed request, the request transmitting a first public encryption key. The signature is verified using a second public key stored in the automotive ECU. Further, the requesting entity is authenticated. Only upon successful verification and authentication the automotive ECU generates a random symmetric key for encrypting the data to be exported. The symmetric key is encrypted using the first public key received in the request, and unencrypted data is deleted. The encrypted data is exported to the requesting entity, which decrypts the symmetric key using a first private key associated with the first public key, and decrypts the data encrypted with the symmetric key.

Abstract: A method of secure data export from an automotive ECU to a requesting entity includes receiving a signed request, the request transmitting a first public encryption key. The signature is verified using a second public key stored in the automotive ECU. Further, the requesting entity is authenticated. Only upon successful verification and authentication the automotive ECU generates a random symmetric key for encrypting the data to be exported. The symmetric key is encrypted using the first public key received in the request, and unencrypted data is deleted. The encrypted data is exported to the requesting entity, which decrypts the symmetric key using a first private key associated with the first public key, and decrypts the data encrypted with the symmetric key.

Abstract: A method for the vehicle-internal management of cryptographic keys comprises provision of at least one secret for a vehicle-internal key generation device and generation of at least one new cryptographic key by the vehicle-internal key generation device on the basis of the at least one secret.

Abstract: A method for the analysis of source texts comprises identifying source text vulnerabilities that are susceptible to implementation attacks, wherein the identification of the source text vulnerabilities takes place during active source text development, without the need to compile the program.

Abstract: A method of monitoring execution of computer instructions includes receiving data items representing real-time measurements of side-channel information emanating from execution of computer instructions, each data item forming a value of a corresponding dimension of a side-channel information vector, receiving, for two or more of the dimensions of the side-channel vector, classifiers that assign the corresponding values of a side-channel vector to classes, and classifying the data items in accordance with the received classifiers, wherein an orthogonal distance of the data item from the classifier indicates a confidence value of the classification, generating a combined a confidence value for the side-channel information vector a, and outputting a signal if a confidence value indicates affiliation to a selected one of the two classes with a predetermined probability. The method conducts a self-test by generating a combined confidence value based to ensure correct outputting of the confidence value.

Abstract: A method of identifying errors or manipulations of data or software, includes receiving a first hash value stored in a first block of the memory, receiving a second hash value from a reference memory, and comparing the hash values. If different, error correction information and the content of the first block is received. The content of the first block is reconstructed by in accordance with the error correction information, generating a hash value and comparing the hash value of the modified content with the received first hash value, until the modified content and the received hash values are identical. The content of the first block received from the reference memory and the content of the reconstructed first block stored in the memory of the device are compared for identifying the differences in the content.

Abstract: A method for providing random numbers for control units communicating via a vehicle network, in which a random number generator having an aggregation component, a storage unit and a distribution component is provided. A plurality of control units each with at least one entropy source are formed. Their raw data are transmitted to the aggregation component via the vehicle network. A quality assurance of the combined raw data from the entropy sources is carried out using only those combined raw data which both occur in a non-deterministic manner and contain a minimum degree of entropy as qualified raw data. The qualified raw data are converted into an aggregated data block by a cryptographic one-way function and securely stored as a random number in the storage unit. The random number stored in the storage unit is transmitted to a control unit via the vehicle network by the distribution component.