Method for securely equipping a vehicle with an individual certificate

The invention claimed is: 1. A method for securely equipping a vehicle with an individual certificate, wherein the vehicle has a control device and has a communication unit configured to establish a connection as required between the control device and a vehicle-external server, wherein the control device and the vehicle-external server have an asymmetric cryptographic mechanism for secure authentication, the method comprising: establishing a vehicle certification authority having a vehicle infrastructure for public keys based on an asymmetric pair of keys of the vehicle certification authority; maintaining a private key of the asymmetric pair of keys of the vehicle certification authority in the vehicle certification authority; distributing a public key of the asymmetric pair of keys of the vehicle certification authority to participants requiring the public key of the asymmetric pair of keys, establishing a control device certification authority having a control device infrastructure for public keys based on an asymmetric pair of keys of the control device certification authority; maintaining a private key of the asymmetric pair of keys of the control device certification authority in the control device certification authority; distributing the public key of asymmetric pair of keys of the control device certification authority to the participants; equipping the control device with initial cryptographic material by a control device-individual pair of keys generated for the control device and an identity of the control device; transmitting a public key of the control device-individual pair of keys to the control device certification authority, after which a control device-individual certificate is generated in the control device certification authority for the transmitted data using the private key of the control device certification authority, after which the control device-individual certificate is transmitted back to the control device and stored in a tamper-proof manner in the control device, wherein the public key of the asymmetric pair of keys of the vehicle certification authority is stored in the control device in a tamper-proof manner. 2. The method of claim 1 , wherein a type of the control device is also transmitted to the control device certification authority. 3. The method of claim 2 , wherein the identity of the control device is entered into the control device-individual certificate as part of a subject and the type of the control device is entered as an additional field, and wherein the control device-individual certificate, including the subject and the type of the control device, is signed with the private key of the control device certification authority. 4. The method of claim 2 , wherein in order to determine a vehicle identity belonging to the identity of the control device, a data packet consisting of the vehicle identity and the identification of the control device is recorded in a forgery-proof manner when the control device is installed in the vehicle and is then transmitted in a tamper-proof manner to the vehicle-external server, which stores the data packet in a tamper-proof manner. 5. The method of claim 4 , wherein the type of the control device is also entered into the data packet. 6. The method of claim 4 , to request a first or new certificate, the method further comprises: determining, by the control device, the identity of the vehicle in which it is installed; generating, in a secure environment of the control device, a vehicle-individual pair of keys for an individual vehicle certificate and maintaining a vehicle-individual private key of the vehicle-individual pair of keys in the secure environment of the control device, after which creating a certificate signing request for at least the identity of the vehicle and the vehicle-individual public key, after which generating a signature by signing a certificate signing request with a control device-individual private key of the control device-individual pair of keys and sending a data packet containing the signed certificate request to the vehicle-external server; receiving, by the vehicle-external server, the data packet and then using the public key of the control device certification authority stored in the vehicle-external server to check correctness of the control device-individual certificate, extracting, by the vehicle-external server, the identity of the vehicle from the certificate signing request and the identity of the control device from the control device-individual certificate and checking whether an entry for the identity of the vehicle and the identity of the control device has been stored, wherein if there is not an entry for the identity of the vehicle or for the identity of the control device, the method is aborted by the vehicle-external server, after which the vehicle-external server checks correctness of the signature of the received data packet using the public key of the control device that is contained in the control device-individual certificate which is also sent, if there is an entry for the identity of the vehicle and for the identity of the control device, the vehicle-external server sends the certificate signing request) for the identity of the vehicle and the vehicle-individual public key over a protected transmission path to the vehicle certification authority, which issues a vehicle-individual certificate signed with the private key based on the certificate signing request) for the identity of the vehicle and the vehicle-individual public key and transmits the signed vehicle-individual certificate back to the vehicle-external server, after which the vehicle-external server transmits the vehicle-individual certificate to the control device installed in the vehicle, wherein the control device checks the received vehicle-individual certificate by at least checking the correctness of the signature of the vehicle-individual certificate with the public key and verifying whether the received vehicle-individual certificate corresponds to the sent certificate signing request, which confirms that at least the identity of the vehicle and the vehicle-individual public key match in both data formats, after which the vehicle-individual certificate is stored locally. 7. The method of claim 6 , wherein the control device-individual pair of keys is generated by the control device and the control device-individual private key is then stored securely and does not leave the control device. 8. The method of claim 7 wherein the vehicle-individual pair of keys is generated by the control device and the vehicle-individual private key is then stored securely and does not leave the control device. 9. The method of claim 1 , wherein the control device-individual pair of keys and the vehicle-individual pair of keys are generated by the control device in a hardware security module or are at least securely stored in the hardware security modile and the private keys of the control device-individual pair of keys and the vehicle-individual pair of keys do not leave the hardware security module thereafter. 10. The method of claim 9 , wherein a forgery-proof individual digital vehicle fingerprint is recorded during the manufacture of the vehicle and a data packet having the identity of the vehicle and the vehicle fingerprint is transmitted in a tamper-proof manner to the vehicle-external server and is stored in the vehicle-external in a tamper-proof manner, when creating the certificate signing request, the control device determines its own control device-specific vehicle fingerprint by collecting information in the vehicle, after which the signature is generated by the data packet comprising the control device-specific v