In-vehicle network system, electronic control unit, and update processing method

US 10,227,053 B2
Filed: 05/24/2016
Issued: 03/12/2019
Est. Priority Date: 05/08/2014
Status: Active Grant

First Claim

Patent Images

1. A method for use in an in-vehicle network system including a first electronic control unit and a second control unit, each of the first electronic control unit and the second electronic control unit communicating a data frame having a message authentication code (MAC) added thereto with one another via at least one bus in accordance with Controller Area Network (CAN) protocol, the method comprising:

the first electronic control unit detecting a state of a vehicle having the in-vehicle network system mounted therein;

the first electronic control unit sending a data frame identified with a predetermined message ID;

the first electronic control unit generating a first message authentication code that reflects the value of a transmission counter which counts the number of transmission events using a first MAC key;

the first electronic control unit adding the first message authentication code to the data frame to be sent;

the first electronic control unit updating the first MAC key used to generate the first message authentication code under the condition that the detected state of the vehicle is a predetermined state;

the second electronic control unit detecting a state of the vehicle having the in-vehicle network system mounted therein;

the second electronic control unit receiving the data frame identified with a predetermined message ID;

the second electronic control unit generating a second message authentication code that reflects the value of a reception counter which counts the number of reception events using a second MAC key;

the second electronic control unit verifying whether the message authentication code added to the received data frame is the same as the second message authentication code;

the second electronic control unit updating the second MAC key used to generate the second message authentication code under the condition that the detected state of the vehicle is the predetermined state; and

resetting the transmission counter and the reception counter under the condition that the detected state of the vehicle is the predetermined state.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method for use in an in-vehicle network system is provided. The in-vehicle network system includes a plurality of electronic control units that communicate a data frame having a message authentication code (MAC) added thereto with one another via a bus in accordance with the Controller Area Network (CAN) protocol. The method includes detecting the state of a vehicle having the in-vehicle network system mounted therein and updating a MAC key used to generate the MAC under the condition that the detected state of the vehicle is a predetermined state.

15 Citations

View as Search Results

10 Claims

1. A method for use in an in-vehicle network system including a first electronic control unit and a second control unit, each of the first electronic control unit and the second electronic control unit communicating a data frame having a message authentication code (MAC) added thereto with one another via at least one bus in accordance with Controller Area Network (CAN) protocol, the method comprising:
- the first electronic control unit detecting a state of a vehicle having the in-vehicle network system mounted therein;
  
  the first electronic control unit sending a data frame identified with a predetermined message ID;
  
  the first electronic control unit generating a first message authentication code that reflects the value of a transmission counter which counts the number of transmission events using a first MAC key;
  
  the first electronic control unit adding the first message authentication code to the data frame to be sent;
  
  the first electronic control unit updating the first MAC key used to generate the first message authentication code under the condition that the detected state of the vehicle is a predetermined state;
  
  the second electronic control unit detecting a state of the vehicle having the in-vehicle network system mounted therein;
  
  the second electronic control unit receiving the data frame identified with a predetermined message ID;
  
  the second electronic control unit generating a second message authentication code that reflects the value of a reception counter which counts the number of reception events using a second MAC key;
  
  the second electronic control unit verifying whether the message authentication code added to the received data frame is the same as the second message authentication code;
  
  the second electronic control unit updating the second MAC key used to generate the second message authentication code under the condition that the detected state of the vehicle is the predetermined state; and
  
  resetting the transmission counter and the reception counter under the condition that the detected state of the vehicle is the predetermined state.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method according to claim 1, wherein the at least one bus comprises a plurality of buses,wherein each of the first and second electronic control units is connected to one of the buses,wherein in the updating the first MAC key and second MAC key, the MAC key respectively held by each of the first and second electronic control units is updated, and the predetermined state is determined depending on the bus to which the each of the first electronic control unit and second electronic control unit is connected.
  - 3. The method according to claim 1, wherein the at least one bus comprises a plurality of buses,wherein each of the plurality of buses belongs to any one of a plurality of types of group, and the first and second electronic control units are connected to any one of the buses, andwherein in the updating the first MAC key and second MAC key, the MAC key respectively held by each of the first electronic control unit and second electronic control unit is updated, and the predetermined state is determined depending on the group to which the bus to which the each of the first and second electronic control unit is connected belongs.
  - 4. The method according to claim 1, wherein in the first MAC key and second MAC key are updated if the detected state of the vehicle is the predetermined state at a timing at which a quantity of a given type counted since previous updating of the first MAC key and second MAC key reaches a predetermined quantity.
  - 5. The method according to claim 4, wherein in the updating the first MAC key and second MAC key, if the detected state of the vehicle is not the predetermined state at a timing at which a quantity of a given type counted since previous updating of the first MAC key and second MAC key reaches a predetermined quantity, the first MAC key and second MAC key are updated at a timing at which the detected state of the vehicle changes to the predetermined state.
  - 6. The method according to claim 1, wherein the predetermined state is a state in which the vehicle is not traveling.
  - 7. The method according to claim 6, wherein the state in which the vehicle is not traveling is a state in which the vehicle is parking.

8. An in-vehicle network system including a plurality of electronic control units that each communicate a data frame having a message authentication code (MAC) added thereto with one another via at least one bus in accordance with Controller Area Network (CAN) protocol, the system comprising:
- a first electronic control unit including one or more memories and circuitry which, in operation, holds a first MAC key used to generate the message authentication code, generates a first message authentication code that reflects the value of a transmission counter which counts the number of transmission events using the first MAC key, adds the generated first message authentication code to a data frame identified by a predetermined message ID, sends the data frame, and updates the first MAC key under the condition that a state of a vehicle having the in-vehicle network system mounted therein is a predetermined state; and
  
  a second electronic control unit including one or more memories and circuitry which, in operation, holds a second MAC key used to generate the message authentication code, generates a second message authentication code that reflects the value of a reception counter which counts the number of reception events using the second MAC key, receives a data frame identified by the predetermined message ID, verifies whether the message authentication code added to the received data frame is the same as the second message authentication code, and updates the second MAC key under the condition that the state of the vehicle is a predetermined state, wherein the transmission counter and the reception counter are reset under the condition that the state of the vehicle is the predetermined state.
- View Dependent Claims (9)
- - 9. The in-vehicle network system according to claim 8, wherein when updating the first MAC key, the circuitry of the first electronic control unit determines whether the state of the vehicle is a predetermined state when receiving a particular frame identified by a predetermined particular message ID and updates the first MAC key if the state of the vehicle is the predetermined state, andwherein when updating the second MAC key, the circuitry of the second electronic control unit determines whether the state of the vehicle is a predetermined state when receiving a particular frame identified by a predetermined particular message ID and updates the second MAC key if the state of the vehicle is the predetermined state.

10. A plurality of electronic control units for operating in accordance with Controller Area Network (CAN) protocol, comprising a first electronic control unit and a second electronic control unit, each comprising one or more memories and circuitry which, in operation:
- holds, via the first electronic control unit, a first MAC key used to generate a first message authentication code (MAC);
  
  detects, via the first electronic control unit, a state of a vehicle;
  
  sends, via the first electronic control unit, a data frame identified with a predetermined message ID;
  
  adds, via the first electronic control unit, the first message authentication code to the data frame to be sent;
  
  generates, via the first electronic control unit, the first message authentication code that reflects the value of a transmission counter which counts the number of transmission events using the first held MAC key;
  
  updates, via the first electronic control unit, the first held MAC key under the condition that a state of a vehicle having the electronic control unit mounted therein is a predetermined state;
  
  holds, via the second electronic control unit, a second MAC key used to generate a second message authentication code (MAC);
  
  detects, via second electronic control unit, a state of a vehicle;
  
  receives, via the second electronic control unit, the data frame identified with a predetermined message ID;
  
  generates, via the second electronic control unit, the second message authentication code that reflects the value of a reception counter which counts the number of reception events using the second held MAC key;
  
  verifies, via the second electronic control unit, whether the message authentication code added to the received data frame is the same as the second message authentication code;
  
  updates, via the second electronic control unit, the second MAC key used to generate the second message authentication code under the condition that the detected state of the vehicle is the predetermined state; and
  
  resets the transmission counter and the reception counter under the condition that the detected state of the vehicle is the predetermined state.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Panasonic Intellectual Property Corporation of America (Panasonic Holdings Corporation)
Original Assignee
Panasonic Intellectual Property Corporation of America (Panasonic Holdings Corporation)
Inventors
Ujiie, Yoshihiro, Matsushima, Hideki, Haga, Tomoyuki, Maeda, Manabu, Unagami, Yuji, Kishikawa, Takeshi
Primary Examiner(s)
Gee, Jason K
Assistant Examiner(s)
Gao, Shu C

Application Number

US15/163,234
Publication Number

US 20160264071A1
Time in Patent Office

1,022 Days
Field of Search
US Class Current
CPC Class Codes

B60R 16/023   for transmission of signals...

H04L 12/40   Bus networks

H04L 2012/40215   Controller Area Network CAN

H04L 2012/40273   the transportation system b...

H04L 2209/84   Vehicles

H04L 63/062   for key distribution, e.g. ...

H04L 63/067   using one-time keys cryptog...

H04L 63/0869   for achieving mutual authen...

H04L 63/123   received data contents, e.g...

H04L 63/126   the source of the received ...

H04L 67/12   specially adapted for propr...

H04L 9/0891   Revocation or update of sec...

H04L 9/3242   involving keyed hash functi...

H04W 4/46   for vehicle-to-vehicle comm...

In-vehicle network system, electronic control unit, and update processing method

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

15 Citations

10 Claims

Specification

Solutions

Use Cases

Quick Links

In-vehicle network system, electronic control unit, and update processing method

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

15 Citations

10 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links