×

End-to-end communication security

  • US 10,009,325 B1
  • Filed: 12/07/2017
  • Issued: 06/26/2018
  • Est. Priority Date: 12/07/2017
  • Status: Active Grant
First Claim
Patent Images

1. A method for providing end-to-end communication security for a controller area network (CANbus) in an automotive vehicle across which a plurality of electronic control units (ECU) communicate, the method comprising:

  • determining, by a first ECU in the automotive vehicle, a fingerprint for the first ECU;

    generating, by the first ECU, a plurality of cryptographic keys using the fingerprint as a seed value, the plurality of cryptographic keys including, at least, a public key and a corresponding private key for the first ECU and a communications table key for the first ECU;

    performing a remote attestation process with a remote computer system to validate the first ECU;

    in response to passing the remote attestation process, exchanging public cryptographic keys by the first ECU locally over the CANbus with other ECUs from among the plurality of ECUs in the automotive vehicle, wherein the CANbus in the automotive vehicle has a plurality of CANbus messages with corresponding CANbus message identifiers, wherein the first ECU exchanges public cryptographic keys with the other ECUs for each of the CANbus message identifiers for which the first ECU is programmed to either transmit or listen for corresponding CANbus messages on the CANbus, wherein the first ECU is programmed to generate a plurality of symmetric keys to use for communicating using the CANbus message identifiers for communication with the other ECUs using the private key for the first ECU and the public keys received from the other ECUs;

    creating, by the first ECU, a communication table that includes entries for the plurality of CANbus messages, the entries in the communication table including the corresponding CANbus message identifiers and the public keys received from the other ECUs;

    encrypting, by the first ECU, the communication table using the communications table key; and

    storing, by the first ECU, the encrypted communication table locally on the first ECU.

View all claims
  • 2 Assignments
Timeline View
Assignment View
    ×
    ×