This work shows how vehicular features which are pre-installed but deactivated can be securely enabled later with activation codes. Nowadays, feature activation results in two business models. The first model is a pay-per-use model which drastically reduces one-time acquisition costs for customers while increasing the long-term revenue of manufacturers. The second model is an “activate-once-and-use-always” model, which allows vehicles to come in differently configured variants even though most electronic devices use the same hardware and software components. Since the usage of product features is usually liable to pay costs (e.g., aftermarket business models) and legal obligations (e.g., export restrictions), the underlying security of the feature activation process is essential.
This paper discusses the theoretical background of secure activation codes geared to an automotive context. Typically, activation codes can be used to enable features, such as the usage of pre-installed maps for a certain time in a navigation system, disabling the maximum speed limit of the engine, or enabling a speech control system. Various ways are presented of how to deploy activation codes into a vehicle, for instance, by the driver’s using a short alphanumeric sequence, by workshop service personnel transferring a cryptographically robust code using the onboard diagnostic interface, or by the service provider or automotive manufacturer transferring the code remotely using a secure telematics channel. This work presents various technical aspects of activation codes based on asymmetric and symmetric signatures in combination with flexible key management using cryptographic certificates. The technical requirements of electric control units to allow feature activation processes as well as the secure generation of activation codes in a backend environment are discussed.