Authenticating messages sent over a vehicle bus that include message authentication codes

US 10,211,990 B2
Filed: 07/20/2016
Issued: 02/19/2019
Est. Priority Date: 07/25/2014
Status: Active Grant

First Claim

Patent Images

1. A method of transmitting data within a vehicle over a vehicle bus, comprising the steps of:

(a) storing a first copy of a data message in a first memory installed to the vehicle, and a second copy of the data message in a second memory installed to the vehicle, the second memory physically separated from the first memory;

(b) constructing at an electronic control unit (ECU) a serial bus message that includes;

(1) the first copy of the data message as retrieved from the first memory; and

(2)a message authentication code (MAC), wherein the MAC is created using a secret key stored at the ECU, a MAC algorithm, and the second copy of the data message as retrieved from the second memory;

(c) transmitting the serial bus message to a receiving ECU over the vehicle bus; and

(d) authenticating the serial bus message at the receiving ECU using a copy of the secret key stored at the receiving ECU by;

(d1) creating a copy of the MAC from the first copy of the data message included in the serial bus message, the copy of the secret key, and the MAC algorithm;

(d2) comparing the MAC included in the serial bus message with the copy of the MAC created at the receiving ECU; and

(d3) rejecting or accepting the data message based on the comparison in step (d2).

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method of transmitting data within a vehicle includes: storing two copies of a data message; constructing at an electronic control unit (ECU) a serial bus message that includes one copy of the data message and a message authentication code (MAC) created using a secret key stored at the ECU, a MAC algorithm, and a different copy of the data message; transmitting the serial bus message to a receiving ECU over a vehicle bus; authenticating the serial bus message at the receiving ECU using a copy of the key stored at the receiving ECU by creating a copy of the MAC from the data message included in the serial bus message and the copy of the key; comparing the MAC from the serial bus message with the copy of the MAC created at the receiving ECU; and rejecting or accepting the data message based on the comparison.

15 Citations

View as Search Results

17 Claims

1. A method of transmitting data within a vehicle over a vehicle bus, comprising the steps of:
- (a) storing a first copy of a data message in a first memory installed to the vehicle, and a second copy of the data message in a second memory installed to the vehicle, the second memory physically separated from the first memory;
  
  (b) constructing at an electronic control unit (ECU) a serial bus message that includes;
  
  (1) the first copy of the data message as retrieved from the first memory; and
  
  (2)a message authentication code (MAC), wherein the MAC is created using a secret key stored at the ECU, a MAC algorithm, and the second copy of the data message as retrieved from the second memory;
  
  (c) transmitting the serial bus message to a receiving ECU over the vehicle bus; and
  
  (d) authenticating the serial bus message at the receiving ECU using a copy of the secret key stored at the receiving ECU by;
  
  (d1) creating a copy of the MAC from the first copy of the data message included in the serial bus message, the copy of the secret key, and the MAC algorithm;
  
  (d2) comparing the MAC included in the serial bus message with the copy of the MAC created at the receiving ECU; and
  
  (d3) rejecting or accepting the data message based on the comparison in step (d2).
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The method of claim 1, wherein a length of the MAC is greater than 30 bits.
  - 3. The method of claim 1, wherein the vehicle bus is a controller area network (CAN) bus, a media oriented system transfer (MOST) bus, or a local area network (LAN).
  - 4. The method of claim 1, further comprising the step of including the MAC in a payload of the serial bus message.
  - 5. The method of claim 1, wherein the ECU controls one or more vehicle systems.
  - 6. The method of claim 1, wherein storing the first and second copies of the data message includes storing the first and second copies in physically separate locations.
  - 7. The method of claim 1, wherein storing the first and second copies of the data message includes storing the first and second copies in a same physical location.
  - 8. The method of claim 1, further comprising storing at least one of the first and second copies of the data message in a volatile memory of the sending ECU prior to constructing the serial bus message.
  - 9. The method of claim 1, further comprising creating the first and second copies of the data message at the time the serial bus message is constructed.

10. A method of transmitting data within a vehicle over a vehicle bus, comprising the steps of:
- (a) storing a first copy of a data message in a first memory installed to the vehicle, and a second copy of the data message in a second memory installed to the vehicle, the second memory physically separated from the first memory, wherein at least one of the first and second copies of the data message is stored in a volatile memory of the sending ECU;
  
  (b) after step (a), constructing at an electronic control unit (ECU) a serial bus message that includes;
  
  (1) the first copy of the data message as retrieved from the first memory; and
  
  (2) a message authentication code (MAC), wherein the MAC is created using a secret key stored at the ECU, a MAC algorithm, and the second copy of the data message as retrieved from the second memory;
  
  (c) transmitting the serial bus message to a receiving ECU over the vehicle bus;
  
  (d) authenticating the serial bus message at the receiving ECU using a copy of the secret key stored at the receiving ECU by;
  
  (d1) creating a copy of the MAC from the first copy of the data message included in the serial bus message, the copy of the secret key, and the MAC algorithm;
  
  (d2) comparing the MAC included in the serial bus message with the copy of the MAC created at the receiving ECU; and
  
  (d3) rejecting or accepting the data message based on the comparison in step (d2).

11. A electronic control unit (ECU) for transmitting data within a vehicle over a vehicle bus, comprising:
- a microprocessor that executes one or more computer-readable instructions;
  
  first and second memory devices communicatively coupled with the microprocessor such that the memory devices can receive requests from the microprocessor for data stored at the memory devices, the first and second memory devices configured to store first and second copies of a data message, respectively, the second memory device physically separated from the first memory device;
  
  an input/output port for sending and receiving data over a vehicle bus;
  
  a secret key stored in the memory device; and
  
  a message authentication code (MAC) algorithm stored at the memory device, wherein the microprocessor creates a serial bus message, the serial bus message including a data message comprising the first copy of the data message as retrieved from the first memory, the serial bus message including a message authentication code (MAC) that is created using the second copy of the data message as retrieved from the second memory, the secret key, and the MAC algorithm.
- View Dependent Claims (12, 13, 14, 15, 16, 17)
- - 12. The ECU of claim 11, wherein a length of the MAC is greater than 30 bits.
  - 13. The ECU of claim 12, wherein the vehicle bus is a controller area network (CAN) bus, a media oriented system transfer (MOST) bus, or a local area network (LAN).
  - 14. The ECU of claim 13, wherein the MAC is located in a payload of the serial bus message.
  - 15. The ECU of claim 14, wherein the ECU controls one or more vehicle systems.
  - 16. The ECU of claim 11, wherein the memory devices comprise physically separate locations for storing the first and second copies of the data message, respectively.
  - 17. The ECU of claim 11, wherein the at least one memory device is configured to store at least one of the first and second copies of the data message in a volatile memory of the sending ECU prior to constructing the serial bus message.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
GM Global Technology Operations LLC (General Motors Company)
Original Assignee
GM Global Technology Operations LLC (General Motors Company)
Inventors
Nairn, David M., Forest, Thomas M., Sundaram, Padma, Yousuf, Mohammed Abdulla
Primary Examiner(s)
Leung, Robert B
Assistant Examiner(s)
Ho, Thomas

Application Number

US15/215,078
Publication Number

US 20160330032A1
Time in Patent Office

944 Days
Field of Search
US Class Current
CPC Class Codes

G06F 13/4282   on a serial bus, e.g. I2C b...

G06F 21/64   Protecting data integrity, ...

G06F 21/85   interconnection devices, e....

H04L 2209/84   Vehicles

H04L 9/3242   involving keyed hash functi...

Authenticating messages sent over a vehicle bus that include message authentication codes

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

15 Citations

17 Claims

Specification

Solutions

Use Cases

Quick Links

Authenticating messages sent over a vehicle bus that include message authentication codes

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

15 Citations

17 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links