Vehicle communication system based on controller-area network bus firewall
First Claim
1. A vehicle communication system boarded on a vehicle, comprising:
- a main processor;
a Controller Area Network (CAN) controller, electrically coupled to the main processor; and
a bi-directional firewall module, electrically coupled to the CAN controller, wherein;
the main processor is configured to send one or more CAN messages to the CAN controller and the CAN controller is configured to forward the CAN messages to a CAN through the bi-directional firewall module,wherein the bi-directional firewall module is configured to block one or more of the CAN messages, generate firewall event logs for each blocked CAN message periodically, and upload them to a remote server through the main processor for analysis of event correlation and the bi-directional firewall module further includes a vehicle status logger, a CAN message filter and a storage module, and the vehicle status logger is configured to check the vehicle'"'"'s status by checking diagnostic parameters from electrical control units (ECUs), the storage module is configured to store a white-list and a black-list of CAN message IDs, and the CAN message filter is configured to selectively choose one of the white-list and the black-list according to different statuses of the vehicle and apply the one of the white-list and the black-list to the CAN messages.
1 Assignment
0 Petitions
Accused Products
Abstract
A vehicle communication system boarded on a vehicle, comprises a main processor, a Controller Area Network (CAN) controller, and a bi-directional firewall module. The main processor is configured to send one or more CAN messages to the CAN controller and the CAN controller is configured to forward the CAN messages to a CAN through the bi-directional firewall module. The bi-directional firewall module further includes a vehicle status logger, a CAN message filter and a storage module, and the vehicle status logger is configured to check the vehicle'"'"'s status by collecting diagnostic parameters from ECUs, the storage module is configured to store a white-list and a black-list, and the CAN message filter is configured to selectively choose one of the white-list and the black-list according to different statuses of the vehicle and apply the one of the white-list and the black-list to the CAN messages.
-
Citations
7 Claims
-
1. A vehicle communication system boarded on a vehicle, comprising:
-
a main processor; a Controller Area Network (CAN) controller, electrically coupled to the main processor; and a bi-directional firewall module, electrically coupled to the CAN controller, wherein; the main processor is configured to send one or more CAN messages to the CAN controller and the CAN controller is configured to forward the CAN messages to a CAN through the bi-directional firewall module, wherein the bi-directional firewall module is configured to block one or more of the CAN messages, generate firewall event logs for each blocked CAN message periodically, and upload them to a remote server through the main processor for analysis of event correlation and the bi-directional firewall module further includes a vehicle status logger, a CAN message filter and a storage module, and the vehicle status logger is configured to check the vehicle'"'"'s status by checking diagnostic parameters from electrical control units (ECUs), the storage module is configured to store a white-list and a black-list of CAN message IDs, and the CAN message filter is configured to selectively choose one of the white-list and the black-list according to different statuses of the vehicle and apply the one of the white-list and the black-list to the CAN messages. - View Dependent Claims (2, 3, 4)
-
-
5. A method for controlling a vehicle communication system boarded on a vehicle, the vehicle communication system including a main processor, a Controller Area Network (CAN) controller, and a bi-directional firewall module, the method comprising:
-
receiving, at the bi-directional firewall module, one or more CAN messages from the CAN controller; checking, at the bi-directional firewall module, the vehicle'"'"'s status according to vehicle diagnostic parameters; and choosing, at the bi-directional firewall module, a white-list or a black-list according to different statuses of the vehicle and applying the chosen list to each of the CAN messages; in accordance with a determination that a respective one of the CAN messages is on the white-list, passing the CAN message to a CAN-bus, wherein the CAN bus is configured to execute vehicle operations corresponding to the CAN message; and in accordance with a determination that a respective one of the CAN messages is on the black-list, blocking the CAN message and generating a firewall event log for the blocked CAN message and uploading the firewall event log to a remote server through the main processor for analysis of event correlation. - View Dependent Claims (6, 7)
-
Specification