Securely exchanging vehicular sensor information
First Claim
1. An in-vehicle computing system of a vehicle for securely exchanging sensor information, the in-vehicle computing system comprising:
- a sensor to generate sensor data;
a trusted execution environment module to establish a trusted execution environment on the in-vehicle computing system, wherein a private key is bound to the trusted execution environment of the in-vehicle computing system; and
a communication module to establish a secure communication channel between the trusted execution environment of the in-vehicle computing system and a corresponding trusted execution environment of a coordination server via a network;
wherein the trusted execution environment module is further configured to (i) confirm an authenticity of the coordination server, (ii) receive the sensor data from the sensor, (iii) generate, in response to the authentication of the coordination server, a vehicle attestation quote based on the trusted execution environment of the in-vehicle computing system, wherein the vehicle attestation quote indicates an integrity of the sensor data, (iv) transmit, to the coordination server over the secure communication channel via the network and by the communication module, the sensor data, the vehicle attestation quote for verification by the coordination server, and a cryptographically-signed communication signed with the private key, (v) receive, from the coordination server and in response to a verification of the vehicle attestation quote and the cryptographically-signed communication by the coordination server, sensor data generated by a remote vehicle, and (vi) perform, in response to authentication of the coordination server, a protection action against malicious actions based on the sensor data generated by the sensor of the vehicle and the sensor data generated by the remote vehicle;
wherein to confirm the authenticity of the coordination server comprises to (vii) receive a server attestation quote from the coordination server based on the corresponding trusted execution environment of the coordination server, (viii) determine whether the server attestation quote is verified, and (ix) perform, in response to a determination that a verification of the server attestation quote was unsuccessful, an error-handling procedure.
1 Assignment
0 Petitions
Accused Products
Abstract
Technologies for securely exchanging sensor information include an in-vehicle computing system of a vehicle to establish a trusted execution environment and a secure communication channel between the trusted execution environment and a corresponding trusted execution environment of a coordination server. A private key is bound to the trusted execution environment of the in-vehicle computing system. The in-vehicle computing system confirms the authenticity of the coordination server, receives sensor data generated by a sensor of the vehicle, and generates an attestation quote based on the trusted execution environment of the in-vehicle computing system. The in-vehicle computing system further transmits, to the coordination server over the secure communication channel, the sensor data, the attestation quote, and a cryptographically-signed communication signed with the private key.
-
Citations
21 Claims
-
1. An in-vehicle computing system of a vehicle for securely exchanging sensor information, the in-vehicle computing system comprising:
-
a sensor to generate sensor data; a trusted execution environment module to establish a trusted execution environment on the in-vehicle computing system, wherein a private key is bound to the trusted execution environment of the in-vehicle computing system; and a communication module to establish a secure communication channel between the trusted execution environment of the in-vehicle computing system and a corresponding trusted execution environment of a coordination server via a network; wherein the trusted execution environment module is further configured to (i) confirm an authenticity of the coordination server, (ii) receive the sensor data from the sensor, (iii) generate, in response to the authentication of the coordination server, a vehicle attestation quote based on the trusted execution environment of the in-vehicle computing system, wherein the vehicle attestation quote indicates an integrity of the sensor data, (iv) transmit, to the coordination server over the secure communication channel via the network and by the communication module, the sensor data, the vehicle attestation quote for verification by the coordination server, and a cryptographically-signed communication signed with the private key, (v) receive, from the coordination server and in response to a verification of the vehicle attestation quote and the cryptographically-signed communication by the coordination server, sensor data generated by a remote vehicle, and (vi) perform, in response to authentication of the coordination server, a protection action against malicious actions based on the sensor data generated by the sensor of the vehicle and the sensor data generated by the remote vehicle; wherein to confirm the authenticity of the coordination server comprises to (vii) receive a server attestation quote from the coordination server based on the corresponding trusted execution environment of the coordination server, (viii) determine whether the server attestation quote is verified, and (ix) perform, in response to a determination that a verification of the server attestation quote was unsuccessful, an error-handling procedure. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. One or more non-transitory, machine-readable storage media comprising a plurality of instructions stored thereon that, in response to execution by an in-vehicle computing system, cause the in-vehicle computing system to:
-
establish a trusted execution environment on the in-vehicle computing system; establish a secure communication channel between the trusted execution environment of the in-vehicle computing system and a corresponding trusted execution environment of a coordination server via a network; confirm, by the trusted execution environment of the in-vehicle computing system, an authenticity of the coordination server; receive, by the trusted execution environment of the in-vehicle computing system, sensor data generated by a sensor of the vehicle; generate, in response to an authentication of the coordination server and by the trusted execution environment of the in-vehicle computing system, a vehicle attestation quote based on the trusted execution environment of the in-vehicle computing system; transmit, over the secure communication channel via the network and in response to confirmation of the authenticity of the coordination server, (i) the sensor data, (ii) the vehicle attestation quote, and (iii) a cryptographically-signed communication signed with a private key bound to the trusted execution environment of the in-vehicle computing system to the coordination server; receive, from the coordination server and in response to a verification of the vehicle attestation quote and the cryptographically-signed communication by the coordination server, sensor data generated by a remote vehicle; and perform, in response to authentication of the coordination server, a protection action against malicious actions based on the sensor data generated by the sensor of the vehicle and the sensor data generated by the remote vehicle; wherein to confirm the authenticity of the coordination server comprises to (iv) receive a server attestation quote from the coordination server based on the corresponding trusted execution environment of the coordination server, (v) determine whether the server attestation quote is verified, and (vi) perform, in response to a determination that a verification of the server attestation quote was unsuccessful, an error-handling procedure. - View Dependent Claims (9, 10, 11, 12, 13)
-
-
14. A coordination server for coordinating the secure exchange of sensor information between vehicles, the coordination server comprising:
-
a trusted execution environment module to (i) establish a trusted execution environment on the coordination server and (ii) generate a server attestation quote based on the trusted execution environment of the coordination server; a communication module to (i) establish a secure communication channel between the trusted execution environment of the coordination server and a corresponding trusted execution environment of an in-vehicle computing system of a vehicle via a network, (ii) transmit, over the secure communication channel via the network, the server attestation quote to the in-vehicle computing system, and (iii) receive, from the in-vehicle computing system over the secure communication channel and in response to a verification of the server attestation quote by the in-vehicle computing system, sensor data generated by a sensor of the vehicle, a vehicle attestation quote based on the corresponding trusted execution environment of the in-vehicle computing system, and a cryptographically-signed communication signed with a private key bound to the trusted execution environment of the in-vehicle computing system; wherein the trusted execution environment module is further configured to determine whether the vehicle attestation quote, the private key associated with the cryptographically-signed communication, and a revocation status of the private key are verified and perform, in response to a determination that a verification of at least one of the vehicle attestation quote, the private key, and the revocation status of the private key was unsuccessful, an error-handling procedure; and a sensor data processing module to process the sensor data in response to verification of the vehicle attestation quote and the private key and a determination that the private key has not been revoked. - View Dependent Claims (15, 16, 17, 18, 19)
-
-
20. A local computing device for securely exchanging sensor information, the local computing device comprising:
-
a sensor to generate sensor data; a trusted execution environment module to establish a trusted execution environment on local computing device, wherein a private key is bound to the trusted execution environment; and a communication module to establish a secure communication channel between the trusted execution environment of the local computing device and a corresponding trusted execution environment of a coordination server via a network; wherein the trusted execution environment module is further configured to (i) confirm an authenticity of the coordination server, (ii) receive the sensor data from the sensor, (iii) generate, in response to an authentication of the coordination server, an attestation quote based on the trusted execution environment of the local computing device, (iv) transmit, to the coordination server over the secure communication channel via the network and by the communication module, the sensor data, the attestation quote, and cryptographically signed communication signed with the private key, (v) receive, from the coordination server and in response to a verification of the vehicle attestation quote and the cryptographically-signed communication by the coordination server, sensor data generated by a remote vehicle, and (vi) perform, in response to authentication of the coordination server, a protection action against malicious actions based on the sensor data generated by the sensor of the vehicle and the sensor data generated by the remote vehicle; wherein to confirm the authenticity of the coordination server comprises to (vii) receive a server attestation quote from the coordination server based on the corresponding trusted execution environment of the coordination server, (viii) determine whether the server attestation quote is verified, and (ix) perform, in response to a determination that a verification of the server attestation quote was unsuccessful, an error-handling procedure. - View Dependent Claims (21)
-
Specification