Remote programming of dongles located at end-users inevitably leads to problems related to ensuring secured data exchange.
During remote programming the developer must make sure that, first, the enduser is going to update the data in the right dongle. For this purpose the respective dongle ID is included into the encrypted number-question generated by the dongle in the beginning of the remote programming session.
Secondly, the developer needs to verify the validity of the numberquestion, i.e. the end-user did not send a counterfeited or changed num-ber-question. The hardwareimplemented hash function with a secret key is used for validity verification (HASH64 for Guardant Sign/Time/Net or SHA256 for Guardant Code /Code Time). Number-question is sent to the developer along with the result of calculating the hash function. Having the dongle with the same algorithm, the developer can verify the validity of the number-question by calculating the hash function and comparing its result with the received value. Thus, a sort of digital signature of data is implemented.
Third, the developer needs to be sure that the number-answer will be sent to the dongle of the end-user in unchanged form. For this we also use hardware calculation of HASH64 (or SHA256).
Fourth, the end-user may not know exactly what data is being sent. A hacker very well may be in the end-user’s place trying to analyze the remote programming protocol. For this reason, all data sent from the end-user to the developer and back is obligatory encrypted with symmetric algorithm (GSII64 for Guardant Sign/Time/Net or AES128 for Guardant Code /Code Time).
The security of remote programming protocol (Trusted Remote Update) is implemented by the means of hardware encryption and hashing algorithms, as well as through keeping the secret codes inside the dongles in the process of conversion. All operations related to decrypting and data integrity checks are handled inside the hardware unit. This eliminates the possibility of compromising or substituting data recorded into the dongle.
In order for the whole mechanism of Trusted Remote Update to operate, unique secret keys of GSII64 (AES128) algorithm are programmed into the dongles during the presale preparation. Copies of these keys along with dongle IDs, where they have been recorded, are kept by the developer in a secret database accessed only by the authorized personnel.