×

Secure controller operation and malware prevention

  • US 10,176,326 B2
  • Filed: 06/19/2018
  • Issued: 01/08/2019
  • Est. Priority Date: 04/06/2016
  • Status: Active Grant
First Claim
Patent Images

1. A system for providing security on an externally connected automotive electronic control unit (ECU), the system comprising:

  • a processor and computer-readable memory comprising instructions that, when processed by the processor, cause the processor to perform operations comprising;

    launching, by the automotive ECU, a kernel level security layer that includes a whitelist of permitted processes on the automotive ECU, the whitelist being part of a custom security policy for the automotive ECU;

    receiving, at the security layer, a request to run a particular process;

    determining, by the security layer, a signature for the particular process;

    identifying, by the security layer, a verified signature for the process from the whitelist;

    determining, by the security layer, whether the particular process is permitted to be run on the automotive ECU based on a comparison of the determined signature with the verified signature from the whitelist;

    blocking, by the security layer, the particular process from running on the automotive controller automotive ECU based on the determined signature not matching the verified signature for the process;

    identifying, by the security layer, a network packet to be transmitted or received as part of an identified network process on the automotive ECU;

    determining, by the security layer, an IP address and a port for the network packet;

    identifying, by the security layer, one or more verified IP addresses and one or more verified ports for the identified network process from a network and port whitelist; and

    determining, by the security layer, whether the network packet is permitted to be transmitted or received through the particular process based on a comparison of (i) the determined IP address and port with (ii) the verified IP address and port for the identified network process from the network and port whitelist.

View all claims
  • 1 Assignment
Timeline View
Assignment View
    ×
    ×