标准摘要
[中文适用范围]: 对系统数据和/或控制的访问机制是在系统的不同使用和阶段期间硬件保护安全环境(硬件保护安全环境)的主要用例。受硬件保护的安全环境充当这些用例的看门人,而不一定充当功能的执行者。本节是此类用例的概括,试图提取硬件保护安全环境的常见要求,使其成为看门人。示例包括: 创建新密钥卡 重新刷新 ECU 固件 从 ECU 读取/导出 PII 使用基于订阅的功能 在 ECU 上执行某些服务 转移车辆所有权 其中一些示例将在本节后面讨论,另一些示例将在本节后面讨论。有自己的详细部分。这个列表并不全面。 [外文原描述]: Access mechanisms to system data and/or control is a primary use case of the hardware protected security environment (hardware protected security environment) during different uses and stages of the system. The hardware protected security environment acts as a gatekeeper for these use cases and not necessarily as the executor of the function. This section is a generalization of such use cases in an attempt to extract common requirements for the hardware protected security environment that enable it to be a gatekeeper.Examples are:Creating a new key fobRe-flashing ECU firmwareReading/exporting PII out of the ECUUsing a subscription-based featurePerforming some service on an ECUTransferring ownership of the vehicleSome of these examples are discussed later in this section and some have detailed sections of their own. This list is by no means comprehensive. Other use cases that require hardware protected security environment-based access control may be used by each manufacturer/service provider based on vehicle capabilities, architecture, and business model.This section describes how the hardware protected security environment provides a platform to implement access control by enabling secure authentication, authorization and access enforcement. It does not define any specific access control system (DAC/MAC/capability-based/role-based/etc.), models, or polices.A general access control system is based on the following stages:1Identifying and authenticating the user.2Authorizing access to the resource.aComparing authenticated user to policies (database/certificates/other).bComparing other conditions (temporal/spatial/other) to policies database.cUnlocking access to the resource.3Using the resource.4(Optional) Removing access to the resource based on temporal or other conditions.aLocking access to the resource.The hardware protected security environment can be involved to different extents in each of the stages listed above. The main two types of hardware protected security environment involvements are full control and partial control. In partial control, the hardware protected security environment is responsible to authenticate and authorize the access, while the normal environment is responsible to lock/unlock the resource. In full control, the hardware protected security environment is responsible for both.Cross Reference:
英文名称Hardware Protected Security for Ground Vehicles