Installment configurations within a vehicle and interoperability of devices configured to implement secure communication lockdowns, and methods of use thereof

US 10,129,259 B2
Filed: 05/18/2018
Issued: 11/13/2018
Est. Priority Date: 04/12/2016
Status: Active Grant

First Claim

Patent Images

1. A system, comprising:

a plurality of secure communication lockdown devices;

wherein the plurality of secure communication lockdown devices are located within a vehicle;

wherein each respective secure communication lockdown device is installed in one of the following configurations;

i) a first configuration so that a particular security communication lockdown device is dedicated to at least one particular communication network of the vehicle by acting as an entry-exit point for the at least one particular communication network,ii) a second configuration so that the particular security communication lockdown device is dedicated to at least one particular external communication entry-exit point that is an interface between the vehicle and at least one external device, at least one external network, or both, oriii) a third configuration so that the particular security communication lockdown device that is dedicated to at least one particular electronic control unit (ECU);

wherein each respective secure communication lockdown device comprises;

at least one respective processor that is at least programmed to;

receive each respective electronic message;

verify at least one portion of each respective electronic message against;

i) at least one portion of at least one pre-defined approved message dictionary andii) at least one portion of at least one finite state machine;

determine, based on the verification of the at least one portion of each respective electronic message, that each respective electronic message is;

i) an unauthorized electronic message orii) an approved electronic message;

generate at least one respective indication for the at least one respective electronic message, wherein the at least one indication is configured to identify the at least one respective electronic message as being the approved electronic message or the unauthorized electronic message;

transmit the at least one respective indication to at least one other communication lockdown device of the plurality of secure communication lockdown devices; and

wherein the at least one other communication lockdown device is dedicated to at least one of;

i) at least one physically separate communication network,ii) at least one physically separate external communication entry-exit point, oriii) at least one physically separate ECU.

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

In some embodiments, the present invention provides for a hardware component that includes at least the following: a logic cell; where the logic cell is configured in a static configuration within the hardware component which cannot be changed during run-time; where the hardware component is an intermediary between a processor of an ECU that is located within a vehicle and a communication network of the vehicle; where the logic cell is configured to solely serve a respective communication network; where the logic cell is configured to verify a portion of each communication against at least one of: a pre-defined approved message dictionary, a finite state machine, and an approved communication schema; and performing one of: executing an administrative action with an unauthorized communication or one of: transmitting an approved communication from the hardware component or modifying the approved communication with a pre-defined change.

28 Citations

View as Search Results

30 Claims

1. A system, comprising:
- a plurality of secure communication lockdown devices;
  
  wherein the plurality of secure communication lockdown devices are located within a vehicle;
  
  wherein each respective secure communication lockdown device is installed in one of the following configurations;
  
  i) a first configuration so that a particular security communication lockdown device is dedicated to at least one particular communication network of the vehicle by acting as an entry-exit point for the at least one particular communication network,ii) a second configuration so that the particular security communication lockdown device is dedicated to at least one particular external communication entry-exit point that is an interface between the vehicle and at least one external device, at least one external network, or both, oriii) a third configuration so that the particular security communication lockdown device that is dedicated to at least one particular electronic control unit (ECU);
  
  wherein each respective secure communication lockdown device comprises;
  
  at least one respective processor that is at least programmed to;
  
  receive each respective electronic message;
  
  verify at least one portion of each respective electronic message against;
  
  i) at least one portion of at least one pre-defined approved message dictionary andii) at least one portion of at least one finite state machine;
  
  determine, based on the verification of the at least one portion of each respective electronic message, that each respective electronic message is;
  
  i) an unauthorized electronic message orii) an approved electronic message;
  
  generate at least one respective indication for the at least one respective electronic message, wherein the at least one indication is configured to identify the at least one respective electronic message as being the approved electronic message or the unauthorized electronic message;
  
  transmit the at least one respective indication to at least one other communication lockdown device of the plurality of secure communication lockdown devices; and
  
  wherein the at least one other communication lockdown device is dedicated to at least one of;
  
  i) at least one physically separate communication network,ii) at least one physically separate external communication entry-exit point, oriii) at least one physically separate ECU.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15)
- - 2. The system of claim 1, wherein, when the at least one respective electronic message is the unauthorized electronic message, the at least one respective indication is configured to further identify at least one of:
    - i) at least one reason why the at least one respective electronic message has been determined to be the unauthorized electronic message, orii) at least one administrative action performed with the unauthorized electronic message.
  - 3. The system of claim 2, wherein the at least one respective indication comprises meta-data regarding the verification of each respective electronic message.
  - 4. The system of claim 1, wherein the plurality of secure communication lockdown devices comprises:
    - at least one first respective secure communication lockdown device;
      
      at least one second respective secure communication lockdown device;
      
      wherein the at least one first respective secure communication lockdown device and the at least one second respective secure communication lockdown device are configured to communicate with each other.
  - 5. The system of claim 4, wherein the communication of the at least one first respective secure communication lockdown device and the at least one second respective secure communication lockdown device comprises the at least one indication.
  - 6. The system of claim 5, wherein the at least one respective indication comprises meta-data regarding the verification of each respective electronic message.
  - 7. The system of claim 6, wherein the meta-data is configured so that the approved electronic message is recognized.
  - 8. The system of claim 4, wherein the at least one first respective secure communication lockdown device, comprising:
    - a first non-volatile memory storing at least one first portion of the at least one pre-defined approved message dictionary and at least one first portion of the at least one finite state machine; and
      
      wherein the at least one second respective secure communication lockdown device, comprising;
      
      a second non-volatile memory storing at least one second portion of the at least one pre-defined approved message dictionary and at least one second portion of the at least one finite state machine.
  - 9. The system of claim 8, wherein the at least one finite state machine comprises:
    - i) a plurality of states for at least one component of the vehicle, andii) a plurality of state transitions for each state of the plurality of states;
      
      wherein each state is associated with at least one state vector;
      
      wherein the at least one state vector comprises data representative of at least one of the following;
      
      i) at least one general parameter associated with at least one of;
      
      1) an overall operation of the vehicle or2) an overall condition of the vehicle,ii) at least one component-specific parameter associated with at least one operational state of the at least one component of the vehicle,iii) at least one ECU-specific parameter associated with at least one operational state of at least one ECU of the vehicle, oriv) at least one communication-specific parameter associated with at least one communication process that is associated with the vehicle;
      
      wherein the at least one state transition comprises data that is representative of a change in at least on state vector corresponding to the at least one state of the plurality of states.
  - 10. The system of claim 4, wherein the at least one first respective secure communication lockdown device corresponding to a first security level of a respective secure communication lockdown and the at least one second respective secure communication lockdown device corresponds to a second security level of the respective secure communication lockdown;
    - andwherein each of the first security level and the second security levels is configured to perform at least one activity associated with at least one administrative action performed with the unauthorized electronic message.
  - 11. The system of claim 10, wherein the at least one administrative action comprises at least one of:
    - i) dropping the unauthorized electronic message,ii) erasing the unauthorized electronic message,iii) logging the unauthorized electronic message, oriv) modifying the unauthorized electronic message to generate the approved electronic message.
  - 12. The system of claim 10, wherein the at least one respective processor is further programmed to perform at least one of:
    - log the at least one respective indication of the unauthorized electronic message, or transmit the at least one respective indication of the unauthorized electronic message to at least one external electronic destination that is located outside of the respective secure communication lockdown device.
  - 13. The system of claim 1, wherein the unauthorized electronic message is caused, at least in part, by at least one cyber threat.
  - 14. The system of claim 1, wherein the unauthorized electronic message is caused, at least in part, by at least one undesirable software functionality.
  - 15. The system of claim 14, wherein the at least one undesirable change is caused, at least in part, by malicious computer code.

16. A method, comprising:
- installing a plurality of secure communication lockdown devices into a vehicle;
  
  wherein each respective secure communication lockdown device is installed in one of the following configurations;
  
  i) a first configuration so that a particular security communication lockdown device is dedicated to at least one particular communication network of the vehicle by acting as an entry-exit point for the at least one particular communication network,ii) a second configuration so that the particular security communication lockdown device is dedicated to at least one particular external communication entry-exit point that is an interface between the vehicle and at least one external device, at least one external network, or both, oriii) a third configuration so that the particular security communication lockdown device that is dedicated to at least one particular electronic control unit (ECU);
  
  receiving, by at least one respective processor of each respective secure communication lockdown device, each respective electronic message;
  
  verifying, by the at least one respective processor of each respective secure communication lockdown device, at least one portion of each respective electronic message against;
  
  i) at least one portion of at least one pre-defined approved message dictionary orii) at least one portion of at least one finite state machine;
  
  determining, by the at least one respective processor of each respective secure communication lockdown device, based on the verification of the at least one portion of each respective-electronic message, that each respective electronic message is;
  
  i) an unauthorized electronic message orii) an approved electronic message;
  
  generating, by the at least one respective processor of each respective secure communication lockdown device, at least one respective indication for the at least one respective electronic message, wherein the at least one respective indication is configured to identify the at least one respective electronic message as being the approved electronic message or the unauthorized electronic message;
  
  transmitting the at least one respective indication to at least one other communication lockdown device of the plurality of secure communication lockdown devices; and
  
  wherein the at least one other communication lockdown device is dedicated to at least one of;
  
  i) at least one physically separate communication network,ii) at least one physically separate communication entry-exit point, oriii) at least one physically separate ECU.
- View Dependent Claims (17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30)
- - 17. The method of claim 16, wherein, when the at least one respective electronic message is the unauthorized electronic message, the at least one respective indication is configured to further identify at least one of:
    - i) at least one reason why the at least one respective electronic message has been determined to be the unauthorized electronic message, orii) at least one administrative action performed with the unauthorized electronic message.
  - 18. The method of claim 17, wherein the at least one respective indication comprises meta-data regarding the verification of each respective electronic message.
  - 19. The method of claim 16, wherein the plurality of secure communication lockdown devices comprises:
    - at least one first respective secure communication lockdown device;
      
      at least one second respective secure communication lockdown device;
      
      wherein the at least one first respective secure communication lockdown device and the at least one second respective secure communication lockdown device are configured to communicate with each other.
  - 20. The method of claim 19, wherein the communication of the at least one first respective secure communication lockdown device and the at least one second respective secure communication lockdown device comprises the at least one indication.
  - 21. The method of claim 20, wherein the at least one respective indication comprises meta-data regarding the verification of each respective electronic message.
  - 22. The method of claim 21, wherein the meta-data is configured so that the approved electronic message is recognized.
  - 23. The method of claim 19, wherein the at least one first respective secure communication lockdown device, comprising:
    - a first non-volatile memory storing at least one first portion of the at least one pre-defined approved message dictionary and at least one first portion of the at least one finite state machine; and
      
      wherein the at least one second respective secure communication lockdown device, comprising;
      
      a second non-volatile memory storing at least one second portion of the at least one pre-defined approved message dictionary and at least one second portion of the at least one finite state machine.
  - 24. The method of claim 23, wherein the at least one finite state machine comprises:
    - i) a plurality of states for at least one component of the vehicle, andii) a plurality of state transitions for each state of the plurality of states;
      
      wherein each state is associated with at least one state vector;
      
      wherein the at least one state vector comprises data representative of at least one of the following;
      
      i) at least one general parameter associated with at least one of;
      
      1) an overall operation of the vehicle or2) an overall condition of the vehicle,ii) at least one component-specific parameter associated with at least one operational state of the at least one component of the vehicle,iii) at least one ECU-specific parameter associated with at least one operational state of at least one ECU of the vehicle, oriv) at least one communication-specific parameter associated with at least one communication process that is associated with the vehicle;
      
      wherein the at least one state transition comprises data that is representative of a change in at least on state vector corresponding to the at least one state of the plurality of states.
  - 25. The method of claim 19, wherein the at least one first respective secure communication lockdown device corresponding to a first security level of a respective secure communication lockdown and the at least one second respective secure communication lockdown device corresponds to a second security level of the respective secure communication lockdown;
    - andwherein each of the first security level and the second security levels is configured to perform at least one activity associated with at least one administrative action performed with the unauthorized electronic message.
  - 26. The method of claim 25, wherein the at least one administrative action comprises at least one of:
    - i) dropping the unauthorized electronic message,ii) erasing the unauthorized electronic message,iii) logging the unauthorized electronic message, oriv) modifying the unauthorized electronic message to generate the approved electronic message.
  - 27. The method of claim 25, wherein the method further comprises at least one of:
    - logging, by the at least one respective processor of each respective secure communication lockdown device, the at least one respective indication of the unauthorized electronic message, ortransmitting, by the at least one respective processor of each respective secure communication lockdown device, the at least one respective indication of the unauthorized electronic message to at least one external electronic destination that is located outside of the respective secure communication lockdown device.
  - 28. The method of claim 16, wherein the unauthorized electronic message is caused, at least in part, by at least one cyber threat.
  - 29. The method of claim 16, wherein the unauthorized electronic message is caused, at least in part, by at least one undesirable software functionality.
  - 30. The method of claim 29, wherein the at least one undesirable software functionality is caused, at least in part, by malicious computer code.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Guardknox Cyber Technologies Ltd.
Original Assignee
Guardknox Cyber Technologies Ltd.
Inventors
Teshler, Dionis, Shlisel, Moshe, Nadav, Idan
Primary Examiner(s)
Schwartz, Darren B

Application Number

US15/983,849
Publication Number

US 20180270240A1
Time in Patent Office

179 Days
Field of Search
US Class Current
CPC Class Codes

H04L 51/212   using filtering or selectiv...

H04L 63/0227   Filtering policies mail mes...

H04L 63/10   for controlling access to d...

H04L 63/1433   Vulnerability analysis

H04L 67/34   involving the movement of s...

H04W 12/10   Integrity

H04W 12/12   Detection or prevention of ...

H04W 4/40   for vehicles, e.g. vehicle-...

Installment configurations within a vehicle and interoperability of devices configured to implement secure communication lockdowns, and methods of use thereof

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

28 Citations

30 Claims

Specification

Solutions

Use Cases

Quick Links

Installment configurations within a vehicle and interoperability of devices configured to implement secure communication lockdowns, and methods of use thereof

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

28 Citations

30 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links