[0021] The drawing shows a control device 10 which is installed in a passenger car (not shown in detail). In connection with the embodiment on which the drawing is based, we proceed from this point: the control device refers to the navigation device of the passenger car. However, it may generally be a control device that provides any other functionality than the navigation assistance function.
[0022] The route calculation required for the navigation assistance function and the driving instruction generated by the digital indicator of the navigation device (not shown) are controlled by the control device 12. The control device 12 is coupled to the encryption device 14 of the control device 10. The output of the encryption device 14 can be transmitted to the compression device 16. The output value 18 of the compression device 16 can be transmitted to the control device 12.
[0023] The control device 12, the encryption device 14, and the compression device 16 may be a circuit arrangement structure of the control device 10 or a program run by a processor of the control device 10, respectively.
[0024] Only when it is recognized in advance that the passenger car is a vehicle for which the "navigation assistance" functionality of the control device 10 has been authorized, the control device 12 provides the "navigation assistance" functionality.
[0025] To activate the control device 10, the control device 12 has an activation part 20. Via the communication bus (not shown) of the passenger vehicle (here a diagnostic bus), for example, the activation code 22 is transmitted to the control device 10 when the control device 10 is installed in the motor vehicle. Inside the control device 10, the activation code 22 is transmitted to the activation component 20. In addition to other data, the activation code 22 also contains a vehicle identification or a vehicle component reference number VCRN (vehicle component reference number). In the described embodiment, it consists of a four-byte long code, by which it is determined which completely certain control device (identified by its serial number) is for the passenger car (identified by its vehicle chassis number). The functional aspects of "navigation assistance" are authorized.
[0026] For example, it can also be provided that the control device 10 is not activated during installation, but only later by the motor vehicle user himself. For this purpose, it can be provided that the activation code is transmitted from the database to the motor vehicle via a network connection and transmitted to the control device 10. Thus, for example, the user can also activate other functions of his control device afterwards.
[0027] In order to check the authorization of the control device 10, the activation component 20 sends a character string 24 representing the functionality of “navigation assistance” to the encryption device 18. The message may consist of numbers or text, for example. The character string 24 is stored in the activation device 20 as constant data.
[0028] The character string 24 is encrypted by the encryption device 14. The encryption result is a 16-byte long digital value in the illustrated embodiment. This value is transmitted by the encryption device 14 to the compression device 16. The compression device 16 forms a 4-byte long output value 18 from the 16-byte long value, which is transmitted to the activation component 20 as a local VCRN (that is, a VCRN generated inside the control device 10). In the figure, the local VCRN is correspondingly called VCRN'.
[0029] The activation device 20 compares the VCRN included in the activation code 22 with the local VCRN (VCRN'). If the two values match, the control device 14 is activated, that is, the control device 10 is activated. Otherwise, the control device 14 is not activated, so the control device 10 does not provide "navigation assistance" functionality.
[0030] The encryption of the character string 24 and subsequent compression are further explained below.
[0031] The encryption device generates an encryption result by encrypting the character string 24, and the encryption result is unique to the combination of the control device 10 to be activated and the passenger car installed with the control device 10 given the character string 24. To this end, the encryption device 14 stores the control device-specific key 26 in the memory 28 and the encryption device 14 stores the vehicle-specific key 30 in the memory 32.
[0032] The two keys are cryptographic keys used in the symmetric encryption method. When the control device 10 is manufactured, each control device 10 exclusively generates the key 26 and saves it in the memory 28. Other control devices with different serial numbers in the same series have different keys in their corresponding memories. The key 30 is generated exclusively for passenger cars such that the passenger car has a unique vehicle chassis number and the key 30 is generated for the vehicle chassis number.
[0033] In order to encrypt the character string 24, the third combined key 34, which is here 16 bytes long, is used by the encryption device 14. After the key 30 is stored in the memory 32, the key 34 is generated by the encryption device 14. To this end, the character string 38 is stored in the configuration data 36, which is stored in the encryption device 14. The character string 38 may be composed of a value or a text, for example. The character string 38 is encrypted with the key 26 by means of a symmetric encryption method, and the result of the encryption process is encrypted with the key 30. In the embodiment, the encryption method is a method according to the Advanced Encryption Standard (AES). The encryption device 14 provides a key 34 for encrypting the message (such as the character string 24) by means of other encryption processes in the encryption component 40 (here also in accordance with AES).
[0034] The key 34 is formed by the key 26 unique to the control device and the key 30 unique to the vehicle, and the encryption result with the identity mark of the control device 10 and the identity mark of the passenger car is always generated by encrypting with the encryption component 40.
[0035] The compression device 16 compresses the encryption result of the encryption device 40 by means of a CRC method (CRC: Cyclic Redundancy Check).
[0036] The VCRN included in the activation code 22 is formed of a copy of the character string 24 in the same way as the VCRN' obtained from the character string 24. In order to generate the activation code 22, the database reads out copies of the keys 26 and 30 based on the serial number of the control device 10 and the vehicle chassis number of the passenger car, respectively. The database is operated by the passenger car manufacturer. The manufacturer also knows the string 38.
[0037] The character string that is the same as the character string 24 is encrypted and compressed in the same manner as the process performed by the encryption device 14 and the compression device 16 in the control device 10 by means of the key copy. The manufacturer can generate a key that is the same as the key 34 required for encryption from the database and the known string 38 from the copies of the keys 26 and 30. The compressed encryption result is added to the activation code 22 as VCRN. The compressed encryption result is still largely exclusive to the control device and the vehicle, so the VCRN composed of the compressed encryption result is not suitable for activating the control device 10 in other passenger cars.
[0038] In order to be able to remove the control device 10 and use it in other passenger cars, the control device 10 has a receiving device 42 by means of which the vehicle-specific key 30' of the passenger car can be received and written into the memory 32.
[0039] The receiving device (such as the receiving device 42) can also be configured to write to the memory 28. In this way, the key 26 specific to the control device may be determined at a later point in time, for example, by the manufacturer of the passenger car (rather than the manufacturer of the control device 10).
[0040] By laterally exchanging the control device 10 between two passenger cars each time, a new VCRN for activating the control device 10 is additionally generated for each passenger car by the passenger car manufacturer and provided to the passenger car The user activates the control device 10.
[0041] For the control device (such as the control device 10), it can also be specified that instead of providing only one character string 24, a plurality of different character strings are provided. In this way, different control device functionalities can be selectively activated through different activation codes.
[0042] The character string 24 may also consist of a value that has nothing to do with the functionality to be activated. In this way, activation codes for different control devices can be generated in the motor vehicle through the same character string.
[0043] The exemplary embodiment shows how it is possible to check in the control device whether the control device is approved for the passenger car in which it is installed.
