Securely exchanging vehicular sensor information

US 10,103,889 B2
Filed: 09/26/2014
Issued: 10/16/2018
Est. Priority Date: 09/26/2014
Status: Active Grant

First Claim

Patent Images

1. An in-vehicle computing system of a vehicle for securely exchanging sensor information, the in-vehicle computing system comprising:

a sensor to generate sensor data;

a trusted execution environment module to establish a trusted execution environment on the in-vehicle computing system, wherein a private key is bound to the trusted execution environment of the in-vehicle computing system; and

a communication module to establish a secure communication channel between the trusted execution environment of the in-vehicle computing system and a corresponding trusted execution environment of a coordination server via a network;

wherein the trusted execution environment module is further configured to (i) confirm an authenticity of the coordination server, (ii) receive the sensor data from the sensor, (iii) generate, in response to the authentication of the coordination server, a vehicle attestation quote based on the trusted execution environment of the in-vehicle computing system, wherein the vehicle attestation quote indicates an integrity of the sensor data, (iv) transmit, to the coordination server over the secure communication channel via the network and by the communication module, the sensor data, the vehicle attestation quote for verification by the coordination server, and a cryptographically-signed communication signed with the private key, (v) receive, from the coordination server and in response to a verification of the vehicle attestation quote and the cryptographically-signed communication by the coordination server, sensor data generated by a remote vehicle, and (vi) perform, in response to authentication of the coordination server, a protection action against malicious actions based on the sensor data generated by the sensor of the vehicle and the sensor data generated by the remote vehicle;

wherein to confirm the authenticity of the coordination server comprises to (vii) receive a server attestation quote from the coordination server based on the corresponding trusted execution environment of the coordination server, (viii) determine whether the server attestation quote is verified, and (ix) perform, in response to a determination that a verification of the server attestation quote was unsuccessful, an error-handling procedure.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Technologies for securely exchanging sensor information include an in-vehicle computing system of a vehicle to establish a trusted execution environment and a secure communication channel between the trusted execution environment and a corresponding trusted execution environment of a coordination server. A private key is bound to the trusted execution environment of the in-vehicle computing system. The in-vehicle computing system confirms the authenticity of the coordination server, receives sensor data generated by a sensor of the vehicle, and generates an attestation quote based on the trusted execution environment of the in-vehicle computing system. The in-vehicle computing system further transmits, to the coordination server over the secure communication channel, the sensor data, the attestation quote, and a cryptographically-signed communication signed with the private key.

Citations

21 Claims

1. An in-vehicle computing system of a vehicle for securely exchanging sensor information, the in-vehicle computing system comprising:
- a sensor to generate sensor data;
  
  a trusted execution environment module to establish a trusted execution environment on the in-vehicle computing system, wherein a private key is bound to the trusted execution environment of the in-vehicle computing system; and
  
  a communication module to establish a secure communication channel between the trusted execution environment of the in-vehicle computing system and a corresponding trusted execution environment of a coordination server via a network;
  
  wherein the trusted execution environment module is further configured to (i) confirm an authenticity of the coordination server, (ii) receive the sensor data from the sensor, (iii) generate, in response to the authentication of the coordination server, a vehicle attestation quote based on the trusted execution environment of the in-vehicle computing system, wherein the vehicle attestation quote indicates an integrity of the sensor data, (iv) transmit, to the coordination server over the secure communication channel via the network and by the communication module, the sensor data, the vehicle attestation quote for verification by the coordination server, and a cryptographically-signed communication signed with the private key, (v) receive, from the coordination server and in response to a verification of the vehicle attestation quote and the cryptographically-signed communication by the coordination server, sensor data generated by a remote vehicle, and (vi) perform, in response to authentication of the coordination server, a protection action against malicious actions based on the sensor data generated by the sensor of the vehicle and the sensor data generated by the remote vehicle;
  
  wherein to confirm the authenticity of the coordination server comprises to (vii) receive a server attestation quote from the coordination server based on the corresponding trusted execution environment of the coordination server, (viii) determine whether the server attestation quote is verified, and (ix) perform, in response to a determination that a verification of the server attestation quote was unsuccessful, an error-handling procedure.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The in-vehicle computing system of claim 1, wherein to establish the trusted execution environment comprises to allocate a contiguous region of linear address space of a memory of the in-vehicle computing system for execution of a plurality of instructions that is protected from memory accesses originating from outside the contiguous region.
  - 3. The in-vehicle computing system of claim 1, wherein to establish the secure communication channel comprises to establish a Secure Sockets Layer channel between the trusted execution environment of the in-vehicle computing system and the corresponding trusted execution environment of the coordination server.
  - 4. The in-vehicle computing system of claim 1, wherein to verify the server attestation quote comprises to (i) transmit the server attestation quote to an attestation server and (ii) receive, from the attestation server in response to transmittal of the server attestation quote, an attestation result indicating whether the trusted execution environment of the coordination server is secure.
  - 5. The in-vehicle computing system of claim 1, wherein to confirm the authenticity of the coordination server comprises to verify an integrity of code executing in the corresponding trusted execution environment of the coordination server.
  - 6. The in-vehicle computing system of claim 1, further comprising a main processor and a security co-processor different from the main processor,wherein to establish the trusted execution environment comprises to establish a trusted execution environment on the security co-processor of the in-vehicle computing system;
    - wherein to receive the sensor data comprises to receive, by the trusted execution environment of the in-vehicle computing system, the sensor data through a hardware-protected input-output path between the security co-processor and the sensor; and
      
      wherein the private key is bound to the security co-processor.
  - 7. The in-vehicle computing system of claim 1, wherein the private key is a private Enhanced Privacy Identification key corresponding with a public Enhanced Privacy Identification key accessible to the coordination server.

8. One or more non-transitory, machine-readable storage media comprising a plurality of instructions stored thereon that, in response to execution by an in-vehicle computing system, cause the in-vehicle computing system to:
- establish a trusted execution environment on the in-vehicle computing system;
  
  establish a secure communication channel between the trusted execution environment of the in-vehicle computing system and a corresponding trusted execution environment of a coordination server via a network;
  
  confirm, by the trusted execution environment of the in-vehicle computing system, an authenticity of the coordination server;
  
  receive, by the trusted execution environment of the in-vehicle computing system, sensor data generated by a sensor of the vehicle;
  
  generate, in response to an authentication of the coordination server and by the trusted execution environment of the in-vehicle computing system, a vehicle attestation quote based on the trusted execution environment of the in-vehicle computing system;
  
  transmit, over the secure communication channel via the network and in response to confirmation of the authenticity of the coordination server, (i) the sensor data, (ii) the vehicle attestation quote, and (iii) a cryptographically-signed communication signed with a private key bound to the trusted execution environment of the in-vehicle computing system to the coordination server;
  
  receive, from the coordination server and in response to a verification of the vehicle attestation quote and the cryptographically-signed communication by the coordination server, sensor data generated by a remote vehicle; and
  
  perform, in response to authentication of the coordination server, a protection action against malicious actions based on the sensor data generated by the sensor of the vehicle and the sensor data generated by the remote vehicle;
  
  wherein to confirm the authenticity of the coordination server comprises to (iv) receive a server attestation quote from the coordination server based on the corresponding trusted execution environment of the coordination server, (v) determine whether the server attestation quote is verified, and (vi) perform, in response to a determination that a verification of the server attestation quote was unsuccessful, an error-handling procedure.
- View Dependent Claims (9, 10, 11, 12, 13)
- - 9. The one or more non-transitory, machine-readable storage media of claim 8, wherein to establish the trusted execution environment comprises to allocate a contiguous region of linear address space of a memory of the in-vehicle computing system for execution of a plurality of instructions that is protected from memory accesses originating from outside the contiguous region.
  - 10. The one or more non-transitory, machine-readable storage media of claim 8,wherein to verify the server attestation quote comprises to (i) transmit the server attestation quote to an attestation server and (ii) receive, from the attestation server in response to transmitting the server attestation quote, an attestation result indicating whether the trusted execution environment of the coordination server is secure.
  - 11. The one or more non-transitory, machine-readable storage media of claim 8, wherein to confirm the authenticity of the coordination server comprises to verify an integrity of code executing in the corresponding trusted execution environment of the coordination server.
  - 12. The one or more non-transitory, machine-readable storage media of claim 8, wherein to:
    - establish the trusted execution environment comprises to establish a trusted execution environment on a security co-processor of the in-vehicle computing system;
      
      receive the sensor data comprises to receive, by the trusted execution environment of the in-vehicle computing system, the sensor data through a hardware-protected input-output path between the security co-processor and the sensor; and
      
      the private key is bound to the security co-processor.
  - 13. The one or more non-transitory, machine-readable storage media of claim 8, wherein the private key is a private Enhanced Privacy Identification key corresponding with a public Enhanced Privacy Identification key accessible to the coordination server.

14. A coordination server for coordinating the secure exchange of sensor information between vehicles, the coordination server comprising:
- a trusted execution environment module to (i) establish a trusted execution environment on the coordination server and (ii) generate a server attestation quote based on the trusted execution environment of the coordination server;
  
  a communication module to (i) establish a secure communication channel between the trusted execution environment of the coordination server and a corresponding trusted execution environment of an in-vehicle computing system of a vehicle via a network, (ii) transmit, over the secure communication channel via the network, the server attestation quote to the in-vehicle computing system, and (iii) receive, from the in-vehicle computing system over the secure communication channel and in response to a verification of the server attestation quote by the in-vehicle computing system, sensor data generated by a sensor of the vehicle, a vehicle attestation quote based on the corresponding trusted execution environment of the in-vehicle computing system, and a cryptographically-signed communication signed with a private key bound to the trusted execution environment of the in-vehicle computing system;
  
  wherein the trusted execution environment module is further configured to determine whether the vehicle attestation quote, the private key associated with the cryptographically-signed communication, and a revocation status of the private key are verified and perform, in response to a determination that a verification of at least one of the vehicle attestation quote, the private key, and the revocation status of the private key was unsuccessful, an error-handling procedure; and
  
  a sensor data processing module to process the sensor data in response to verification of the vehicle attestation quote and the private key and a determination that the private key has not been revoked.
- View Dependent Claims (15, 16, 17, 18, 19)
- - 15. The coordination server of claim 14, wherein to process the sensor data comprises to transmit the sensor data to a second in-vehicle computing system of a remote vehicle.
  - 16. The coordination server of claim 14, wherein to verify the vehicle attestation quote comprises to:
    - transmit the vehicle attestation quote to an attestation server; and
      
      receive, from the attestation server in response to transmittal of the vehicle attestation quote, an attestation result indicating whether the trusted execution environment of the in-vehicle computing system is secure.
  - 17. The coordination server of claim 14, wherein the private key is a private Enhanced Privacy Identification key corresponding with a public Enhanced Privacy Identification key accessible to the coordination server;
    - andwherein to verify the private key comprises to apply the public Enhanced Privacy Identification key to the cryptographically-signed communication.
  - 18. The coordination server of claim 14, wherein to verify the revocation status of the private key comprises to compare the private key to a revocation list of a manufacturer server.
  - 19. The local computing device of claim 14, wherein to establish the trusted execution environment comprises to allocate a contiguous region of linear address space of a memory of the coordination server for execution of a plurality of instructions that is protected from memory accesses originating from outside the contiguous region.

20. A local computing device for securely exchanging sensor information, the local computing device comprising:
- a sensor to generate sensor data;
  
  a trusted execution environment module to establish a trusted execution environment on local computing device, wherein a private key is bound to the trusted execution environment; and
  
  a communication module to establish a secure communication channel between the trusted execution environment of the local computing device and a corresponding trusted execution environment of a coordination server via a network;
  
  wherein the trusted execution environment module is further configured to (i) confirm an authenticity of the coordination server, (ii) receive the sensor data from the sensor, (iii) generate, in response to an authentication of the coordination server, an attestation quote based on the trusted execution environment of the local computing device, (iv) transmit, to the coordination server over the secure communication channel via the network and by the communication module, the sensor data, the attestation quote, and cryptographically signed communication signed with the private key, (v) receive, from the coordination server and in response to a verification of the vehicle attestation quote and the cryptographically-signed communication by the coordination server, sensor data generated by a remote vehicle, and (vi) perform, in response to authentication of the coordination server, a protection action against malicious actions based on the sensor data generated by the sensor of the vehicle and the sensor data generated by the remote vehicle;
  
  wherein to confirm the authenticity of the coordination server comprises to (vii) receive a server attestation quote from the coordination server based on the corresponding trusted execution environment of the coordination server, (viii) determine whether the server attestation quote is verified, and (ix) perform, in response to a determination that a verification of the server attestation quote was unsuccessful, an error-handling procedure.
- View Dependent Claims (21)
- - 21. The local computing device of claim 20, wherein to establish the trusted execution environment comprises to allocate a contiguous region of linear address space of a memory of the local computing device for execution of a plurality of instructions that is protected from memory accesses originating from outside the contiguous region.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Intel Corporation
Original Assignee
Intel Corporation
Inventors
Bronk, Mateusz
Primary Examiner(s)
Arani, Taghi
Assistant Examiner(s)
Champakesan, Badri

Application Number

US14/771,096
Publication Number

US 20170244565A1
Time in Patent Office

1,481 Days
Field of Search

713176
US Class Current
CPC Class Codes

B60R 16/023   for transmission of signals...

G06F 21/57   Certifying or maintaining t...

H04L 2209/127   Trusted platform modules [TPM]

H04L 2209/80   Wireless

H04L 2209/84   Vehicles

H04L 63/0428   wherein the data content is...

H04L 63/126   the source of the received ...

H04L 67/12   specially adapted for propr...

H04L 67/141   Setup of application sessio...

H04L 9/14   using a plurality of keys o...

H04L 9/30   Public key, i.e. encryption...

H04L 9/3247   involving digital signatures

H04W 12/06   Authentication

H04W 12/106   Packet or message integrity

H04W 4/60   Subscription-based services...

H04W 4/70   Services for machine-to-mac...

H04W 84/18   Self-organising networks, e...

Securely exchanging vehicular sensor information

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

21 Claims

Specification

Solutions

Use Cases

Quick Links

Securely exchanging vehicular sensor information

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

21 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links