Secure start system for an autonomous vehicle

US 10,089,116 B2
Filed: 03/18/2016
Issued: 10/02/2018
Est. Priority Date: 03/18/2016
Status: Active Grant

First Claim

Patent Images

1. A secure start system for an autonomous vehicle, the secure start system comprising:

a compute stack comprising a plurality of encrypted drives that, when decrypted, enable one or more functions of the autonomous vehicle; and

a communications router connected to the compute stack, the communications router comprising;

an encrypted router drive; and

an input interface to receive a boot-loader comprising a basic decryption key to (i) decrypt the encrypted router drive, and (ii) enable network communications with a backend system;

wherein the secure start system (i) utilizes a tunnel key from the backend system to establish a private communications session with a backend data vault, and (ii) retrieves a set of decryption keys from the backend data vault, via the private communications session, to decrypt the plurality of encrypted drives.

View all claims

5 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A secure start system for an autonomous vehicle (AV) can include a compute stack and a communications router. The communications router can include an encrypted router drive and an input interface to receive a boot-loader that includes a basic decryption key to decrypt the encrypted router drive and enable network communications with a backend system. The secure start system can utilizes a tunnel key from the backend system to establish a private communications session with a backend data vault, and retrieve a set of decryption keys from the backend data vault, via the private communications session, to decrypt a plurality of encrypted drives of the AV.

23 Citations

View as Search Results

20 Claims

1. A secure start system for an autonomous vehicle, the secure start system comprising:
- a compute stack comprising a plurality of encrypted drives that, when decrypted, enable one or more functions of the autonomous vehicle; and
  
  a communications router connected to the compute stack, the communications router comprising;
  
  an encrypted router drive; and
  
  an input interface to receive a boot-loader comprising a basic decryption key to (i) decrypt the encrypted router drive, and (ii) enable network communications with a backend system;
  
  wherein the secure start system (i) utilizes a tunnel key from the backend system to establish a private communications session with a backend data vault, and (ii) retrieves a set of decryption keys from the backend data vault, via the private communications session, to decrypt the plurality of encrypted drives.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The secure start system of claim 1, wherein the input interface comprises a universal serial bus (USB) interface, and wherein the boot-loader comprises a USB connected boot-up drive including the basic decryption key.
  - 3. The secure start system of claim 1, wherein upon enabling network communications, the communications router transmits credentials from the boot-loader to the backend system, and wherein the communications router receives the tunnel key when the backend system authenticates the credentials.
  - 4. The secure start system of claim 3, wherein the communications router transmits the credentials and receives the tunnel key using secure hypertext transfer protocol (HTTPS) communications with the backend system.
  - 5. The secure start system of claim 1, wherein the tunnel key comprises an Internet Protocol Security (IPsec) tunnel key, and wherein the private communications session comprises an IPsec tunnel to the backend data vault to retrieve the set of decryption keys.
  - 6. The secure start system of claim 1, wherein decryption of the plurality of encrypted drives using the set of decryption keys enables autonomous drive functions for the autonomous vehicle.
  - 7. The secure start system of claim 1, wherein the compute stack comprises encrypted data logs to store session data corresponding to a drive session of the autonomous vehicle.
  - 8. The secure start system of claim 7, wherein the data logs are accessible via insertion of a log reader into the input interface, and wherein the log reader includes a decryption key that decrypts the data logs to retrieve the session data.

9. An autonomous vehicle comprising:
- a sensor system to dynamically generate sensor data indicating a situational environment of the autonomous vehicle;
  
  acceleration, braking, and steering systems;
  
  a compute stack comprising a plurality of encrypted drives that, when decrypted, (i) processes the sensor data to identify features when the autonomous vehicle operates in an autonomous drive mode, and (ii) utilizes the processed sensor data to operate the acceleration, braking, and steering systems in the autonomous drive mode; and
  
  a secure start system connected to the compute stack, the secure start system comprising;
  
  a communications router including an encrypted router drive; and
  
  an input interface to receive a boot-loader comprising a basic decryption key to (i) decrypt the encrypted router drive, and (ii) enable network communications with a backend system;
  
  wherein the secure start system (i) utilizes a tunnel key from the backend system to establish a private communications session with a backend data vault, and (ii) retrieves a set of decryption keys from the backend data vault, via the private communications session, to decrypt the plurality of encrypted drives.
- View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
- - 10. The autonomous vehicle of claim 9, wherein the input interface comprises a universal serial bus (USB) interface, and wherein the boot-loader comprises a USB connected boot-up drive including the basic decryption key.
  - 11. The autonomous vehicle of claim 9, wherein upon enabling network communications, the communications router transmits credentials from the boot-loader to the backend system, and wherein the communications router receives the tunnel key when the backend system authenticates the credentials.
  - 12. The autonomous vehicle of claim 11, wherein the communications router transmits the credentials and receives the tunnel key using secure hypertext transfer protocol (HTTPS) communications with the backend system.
  - 13. The autonomous vehicle of claim 9, wherein the tunnel key comprises an Internet Protocol Security (IPsec) tunnel key, and wherein the private communications session comprises an IPsec tunnel to the backend data vault to retrieve the set of decryption keys.
  - 14. The autonomous vehicle of claim 9, wherein decryption of the plurality of encrypted drives using the set of decryption keys enables autonomous drive functions for the autonomous vehicle.
  - 15. The autonomous vehicle of claim 9, wherein the compute stack comprises encrypted data logs to store session data corresponding to a drive session of the autonomous vehicle.
  - 16. The autonomous vehicle of claim 15, wherein the data logs are accessible via insertion of a log reader into the input interface, and wherein the log reader includes a decryption key that decrypts the data logs to retrieve the session data.

17. A non-transitory computer-readable medium storing instructions that, when executed by one or more processors of a secure start system for an autonomous vehicle, cause the one or more processors to:
- retrieve a basic decryption key from a boot-loader to (i) decrypt a router drive, and (ii) enable network communications with a backend system;
  
  transmit credentials to the backend system;
  
  when the credentials are authenticated, receive a tunnel key from the backend system;
  
  utilize the tunnel key to establish a private communications session with a backend data vault; and
  
  retrieve a set of decryption keys from the backend data vault, via the private communications session, to (i) decrypt a plurality of encrypted drives of the autonomous vehicle, and (ii) initiate an autonomous mode of the autonomous vehicle.
- View Dependent Claims (18, 19, 20)
- - 18. The non-transitory computer-readable medium of claim 17, wherein the executed instructions cause the one or more processors to transmit the credentials and receive the tunnel key using secure hypertext transfer protocol (HTTPS) communications with the backend system.
  - 19. The non-transitory computer-readable medium of claim 17, wherein the tunnel key comprises an Internet Protocol Security (IPsec) tunnel key, and wherein the private communications session comprises an IPsec tunnel to the backend data vault to retrieve the set of decryption keys.
  - 20. The non-transitory computer-readable medium of claim 17, wherein the executed instructions cause the one or more processors to retrieve the basic decryption key in response to the boot-loader being inserted into a universal serial bus (USB) interface of the router drive.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Uatc, LLC (Uber Technologies, Inc.)
Original Assignee
Uber Technologies, Inc.
Inventors
Valasek, Christopher, Miller, Charles
Primary Examiner(s)
Rahim, Monjour

Application Number

US15/074,892
Publication Number

US 20170269940A1
Time in Patent Office

928 Days
Field of Search

713182
US Class Current
CPC Class Codes

B60R 25/04   operating on the propulsion...

G06F 21/34   involving the use of extern...

G06F 21/57   Certifying or maintaining t...

G06F 21/575   Secure boot

G06F 21/606   by securing the transmissio...

G06F 21/73   by creating or determining ...

G06F 21/88   Detecting or preventing the...

G06F 2221/2105   Dual mode as a secondary as...

G06F 9/4403   Processor initialisation

G06F 9/4406   Loading of operating system

H04L 2209/84   Vehicles

H04L 63/0272   Virtual private networks

H04L 63/0428   wherein the data content is...

H04L 63/06   for supporting key manageme...

H04L 63/062   for key distribution, e.g. ...

H04L 63/164   at the network layer

H04L 63/168   above the transport layer

H04L 67/02   based on web technology, e....

H04L 67/12   specially adapted for propr...

H04L 9/0822   using key encryption key

H04L 9/0897 : involving additional device...

H04L 9/14 : using a plurality of keys o...

H04L 9/3226 : using a predetermined code,...

H04W 12/02 : Protecting privacy or anony...

H04W 12/03 : Protecting confidentiality,...

H04W 12/04 : Key management, e.g. using ...

H04W 12/06 : Authentication

View All

Secure start system for an autonomous vehicle

First Claim

5 Assignments

0 Petitions

Accused Products

Abstract

23 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Secure start system for an autonomous vehicle

First Claim

5 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

23 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links