Installment configurations within a vehicle and interoperability of devices configured to implement secure communication lockdowns, and methods of use thereof
First Claim
1. A system, comprising:
- a plurality of secure communication lockdown devices;
wherein the plurality of secure communication lockdown devices are located within a vehicle;
wherein each respective secure communication lockdown device is installed in one of the following configurations;
i) a first configuration so that a particular security communication lockdown device is dedicated to at least one particular communication network of the vehicle by acting as an entry-exit point for the at least one particular communication network,ii) a second configuration so that the particular security communication lockdown device is dedicated to at least one particular external communication entry-exit point that is an interface between the vehicle and at least one external device, at least one external network, or both, oriii) a third configuration so that the particular security communication lockdown device that is dedicated to at least one particular electronic control unit (ECU);
wherein each respective secure communication lockdown device comprises;
at least one respective processor that is at least programmed to;
receive each respective electronic message;
verify at least one portion of each respective electronic message against;
i) at least one portion of at least one pre-defined approved message dictionary andii) at least one portion of at least one finite state machine;
determine, based on the verification of the at least one portion of each respective electronic message, that each respective electronic message is;
i) an unauthorized electronic message orii) an approved electronic message;
generate at least one respective indication for the at least one respective electronic message, wherein the at least one indication is configured to identify the at least one respective electronic message as being the approved electronic message or the unauthorized electronic message;
transmit the at least one respective indication to at least one other communication lockdown device of the plurality of secure communication lockdown devices; and
wherein the at least one other communication lockdown device is dedicated to at least one of;
i) at least one physically separate communication network,ii) at least one physically separate external communication entry-exit point, oriii) at least one physically separate ECU.
0 Assignments
0 Petitions
Accused Products
Abstract
In some embodiments, the present invention provides for a hardware component that includes at least the following: a logic cell; where the logic cell is configured in a static configuration within the hardware component which cannot be changed during run-time; where the hardware component is an intermediary between a processor of an ECU that is located within a vehicle and a communication network of the vehicle; where the logic cell is configured to solely serve a respective communication network; where the logic cell is configured to verify a portion of each communication against at least one of: a pre-defined approved message dictionary, a finite state machine, and an approved communication schema; and performing one of: executing an administrative action with an unauthorized communication or one of: transmitting an approved communication from the hardware component or modifying the approved communication with a pre-defined change.
28 Citations
30 Claims
-
1. A system, comprising:
-
a plurality of secure communication lockdown devices; wherein the plurality of secure communication lockdown devices are located within a vehicle; wherein each respective secure communication lockdown device is installed in one of the following configurations; i) a first configuration so that a particular security communication lockdown device is dedicated to at least one particular communication network of the vehicle by acting as an entry-exit point for the at least one particular communication network, ii) a second configuration so that the particular security communication lockdown device is dedicated to at least one particular external communication entry-exit point that is an interface between the vehicle and at least one external device, at least one external network, or both, or iii) a third configuration so that the particular security communication lockdown device that is dedicated to at least one particular electronic control unit (ECU); wherein each respective secure communication lockdown device comprises; at least one respective processor that is at least programmed to; receive each respective electronic message; verify at least one portion of each respective electronic message against; i) at least one portion of at least one pre-defined approved message dictionary and ii) at least one portion of at least one finite state machine; determine, based on the verification of the at least one portion of each respective electronic message, that each respective electronic message is; i) an unauthorized electronic message or ii) an approved electronic message; generate at least one respective indication for the at least one respective electronic message, wherein the at least one indication is configured to identify the at least one respective electronic message as being the approved electronic message or the unauthorized electronic message; transmit the at least one respective indication to at least one other communication lockdown device of the plurality of secure communication lockdown devices; and wherein the at least one other communication lockdown device is dedicated to at least one of; i) at least one physically separate communication network, ii) at least one physically separate external communication entry-exit point, or iii) at least one physically separate ECU. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15)
-
-
16. A method, comprising:
-
installing a plurality of secure communication lockdown devices into a vehicle; wherein each respective secure communication lockdown device is installed in one of the following configurations; i) a first configuration so that a particular security communication lockdown device is dedicated to at least one particular communication network of the vehicle by acting as an entry-exit point for the at least one particular communication network, ii) a second configuration so that the particular security communication lockdown device is dedicated to at least one particular external communication entry-exit point that is an interface between the vehicle and at least one external device, at least one external network, or both, or iii) a third configuration so that the particular security communication lockdown device that is dedicated to at least one particular electronic control unit (ECU); receiving, by at least one respective processor of each respective secure communication lockdown device, each respective electronic message; verifying, by the at least one respective processor of each respective secure communication lockdown device, at least one portion of each respective electronic message against; i) at least one portion of at least one pre-defined approved message dictionary or ii) at least one portion of at least one finite state machine; determining, by the at least one respective processor of each respective secure communication lockdown device, based on the verification of the at least one portion of each respective-electronic message, that each respective electronic message is; i) an unauthorized electronic message or ii) an approved electronic message; generating, by the at least one respective processor of each respective secure communication lockdown device, at least one respective indication for the at least one respective electronic message, wherein the at least one respective indication is configured to identify the at least one respective electronic message as being the approved electronic message or the unauthorized electronic message; transmitting the at least one respective indication to at least one other communication lockdown device of the plurality of secure communication lockdown devices; and wherein the at least one other communication lockdown device is dedicated to at least one of; i) at least one physically separate communication network, ii) at least one physically separate communication entry-exit point, or iii) at least one physically separate ECU. - View Dependent Claims (17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30)
-
Specification