| CPC H04L 9/3263 (2013.01) [H04L 9/0631 (2013.01); H04L 9/0643 (2013.01); H04L 9/088 (2013.01)] | 20 Claims |
|
1. A certificate installation method based on encryption and decryption of a contract certificate private key for an electric vehicle communication controller, the certificate installation method comprising:
transmitting, by the electric vehicle communication controller and to a secondary actor, a certificate installation request message signed with a private key associated with a manufacturer provisioning certificate; and
receiving, from the secondary actor, a certificate installation response message signed with a private key associated with a leaf certificate of a certificate provisioning service,
wherein the certificate installation response message includes a contract certificate data packet including a signed installation data element, the signed installation data element includes a contract certificate chain element and an encrypted private key element, and the encrypted private key element stores a private key belonging to a new contract certificate encrypted for the electric vehicle communication controller without a trusted platform module,
wherein the private key belonging to the new contract certificate is encrypted using an advanced encryption standard (AES)-Galois/counter mode (GCM) based on an encryption key which is generated from a public key of the manufacturer provisioning certificate and the private key of the secondary actor through elliptic-curve Diffie-Hellman (ECDH) protocol, and the private key encrypted using the AES-GCM is included as a ciphertext or an encrypted private key field in 528 bits or 448 bits following a 96-bit or 128-bit initialization vector (IV) in the contract certificate data packet, and
wherein the initialization vector is included in the encrypted contract private key structure and is used as input to the AES-GCM decryption process together with the encryption key derived via ECDH, to decrypt the encrypted private key.
|