Electrical computers and digital processing systems: memory – Storage accessing and control – Control technique
Reexamination Certificate
2002-07-01
2004-11-09
Nguyen, Hiep T. (Department: 2187)
Electrical computers and digital processing systems: memory
Storage accessing and control
Control technique
Reexamination Certificate
active
06816953
ABSTRACT:
FIELD OF THE INVENTION
The present invention relates to a method of protecting a microcomputer system against manipulation of its program. The microcomputer system includes a rewritable memory in which at least one portion of the program is stored. In this method, a check is performed as part of a checking procedure to determine whether at least one portion of the rewritable memory includes a specified content.
The present invention also relates to a microcomputer system which is protected against manipulation of its program. The microcomputer system includes a rewritable memory in which at least one portion of the program is stored. In addition, the microcomputer system includes for its protection a checking arrangement for checking on whether at least one portion of the rewritable memory includes a preselected content.
BACKGROUND INFORMATION
A method and a microcomputer system for protecting against manipulation of a program is referred to in German Published Patent Application No. 197 23 332, for example. The method discussed in German Published Patent Application No. 197 23 332 is used in particular to protect an automotive control device against manipulation of its control program. The control device controls and/or regulates automotive functions, for example of an internal combustion engine, an electronic control (steer-by-wire) or an electronic brake (brake-by-wire). In the method discussed in German Published Patent Application No. 197 23 332, a boot routine is executed each time the microcomputer system is powered up, a checking procedure is executed as part of the boot routine. The checking procedure is implemented, for example, as a checking program, which is stored in a read-only memory of the microcomputer system. In execution of the checking procedure, a code word is determined from at least one portion of the memory content of the rewritable memory with the help of an encryption algorithm and compared with a reference code word stored in the rewritable memory. The code word is a checksum, for example. Execution of the control program stored in the rewritable memory of the control device is blocked if the code word determined is not the same as the reference code word.
If a manipulated program has been stored in the rewritable memory, the code word determined via the memory content of the rewritable memory will usually differ from the reference code word stored, and execution of the manipulated program is blocked. This prevents the automotive functions or automotive units that are to be regulated or controlled by the control device from being damaged by manipulation of the control program.
Various encryption algorithms may be used to form the code word. In particular, cross-checksums and/or longitudinal checksums may be formed (even parity check) or a cyclic redundancy check (CRC) may be used, in which code words are generated in blocks from the content of the rewritable memory and compared with reference code words. The more complex the encryption algorithms used to calculate the code word, the more difficult it is for an unauthorized third party to overcome the protection against manipulation and tuning. On the other hand, a complicated encryption algorithm requires a great deal of computation capacity (memory and computing time) of a computer core, in particular a microprocessor, of the microcomputer system. However, it is problematical that unlimited time is not available for checking the content of the rewritable memory in a microcomputer system. There is thus a destination conflict between secure and reliable protection against manipulation and tuning of a microcomputer system and rapid execution of the checking procedure without any significant delay in execution of the program.
In a microcomputer system, the power of the microprocessors used is not unlimited for reasons of cost and configuration (high-power microprocessors require a relatively large structure, have a relatively high power consumption and generate a great deal of waste heat which is dissipated from the microcomputer system). For this reason, the checking procedure in other prior systems is executed only at certain points in time when more time is available for complete processing of the checking program, e.g., when powering up the microcomputer system or after reprogramming or new programming of the rewritable memory. As an alternative, it may also be allowed to process only a portion of the checking program, which takes less time but reduces the certainty and reliability of the protection against manipulation and tuning.
If the checking procedure reveals that the checked portion of the rewritable memory includes a specified content, a corresponding marker is stored in a memory of the microcomputer system. By querying this marker at later points in time, e.g., each time the microcomputer system is powered up, it is allowed within an extremely short period of time to check on whether or not the program stored in the rewritable memory has been manipulated. In the method discussed in German Published Patent Application No. 197 23 332, however, no check of the content of other portions of the rewritable memory or even the entire rewritable memory during operation of the microcomputer system, i.e., while the program is running, is performed. Another check is performed only on reaching the point in time for performing the checking procedure again, e.g., when powering up the microcomputer system again. In the exemplary method according to the present invention, it may therefore take a relatively long time until manipulation of the program of a microcomputer system is detected and suitable countermeasures have been taken.
SUMMARY OF THE INVENTION
It is an object of the exemplary embodiment and/or exemplary method of the present invention to reliably and with certainty protect a microcomputer system against manipulation of its program, so that manipulation is detectable within the shortest period of time.
The exemplary embodiment and/or exemplary method of the present invention provides that the checking procedure be executed cyclically at preselectable intervals during operation of the microcomputer system.
According to the exemplary embodiment and/or exemplary method of the present invention, the checking procedure is thus executed not only at discrete points in time, e.g., following a reprogramming or new programming of the rewritable memory, but instead cyclically during normal operation of the microcomputer system, i.e., when running the program. Cyclic execution of the checking procedure may be performed in addition to or instead of execution of the checking procedure at discrete points in time, e.g., after reprogramming or new programming of the rewritable memory. The portion of the checking procedure executed during a cycle is reduced so that running of the program is hardly impaired by a computer core, in particular by a microprocessor, of the microcomputer system. A reduction in the checking procedure may be achieved, for example, by checking only a small portion of the rewritable memory in each cycle. The entire rewritable memory may be checked according to the present invention after only a relatively short operation of the microcomputer system and repeated execution of various portions of the checking program. If it is found in execution of the checking procedure that the rewritable memory or the checked portion of the rewritable memory does not include a specified content, suitable measures are initiated immediately. For example, the program or the checked portion of the program is declared invalid immediately and execution of the program, i.e., the checked portion of the program, is blocked immediately.
Various checking procedures which may be used in conjunction with the exemplary embodiment and/or exemplary method of the present invention are referred to in other prior systems. First, a method referred to in German Published Patent Application No 197 23 332 may be used, for example. In this method, a code word, e.g., a checksum, is formed over the rewritable memory or at least one
Kenyon & Kenyon
Nguyen Hiep T.
Robert & Bosch GmbH
LandOfFree
Method of protecting a microcomputer system against... does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Method of protecting a microcomputer system against..., we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Method of protecting a microcomputer system against... will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-3289178