Communication relay device, communication network, and communication relay method

US 10,298,578 B2
Filed: 06/28/2016
Issued: 05/21/2019
Est. Priority Date: 07/24/2015
Status: Active Grant

First Claim

Patent Images

1. A communication relay that is situated between a corresponding communication node and a bus in a communication network in which a plurality of communication nodes mutually perform a data communication through the bus, the communication relay comprising:

a memory configured to store therein pieces of identification information that are likely to be included in message data transmitted by the corresponding communication node, each of pieces of the identification information identifying a type of the message data transmitted by the corresponding communication node;

a processor configuredto perform first authentication processing between the communication relay and a manager that is connected to the bus, the manager managing the plurality of communication nodes and a plurality of communication relays each corresponding to a respective one of the plurality of communication nodes, andto perform second authentication processing according to a result of comparing identification information, which is included in message data received from the corresponding communication node and which identifies a type of the message data received from the corresponding communication node, with the pieces of identification information stored in the memory; and

a transceiver configured to report, to the manager, a result of the second authentication processing when the first authentication processing has been successful.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A communication relay device that is situated between a corresponding communication node and a bus in a communication network in which a plurality of communication nodes mutually perform a data communication through the bus. A storage configured to store therein pieces of identification information that are likely to be included in data transmitted by the corresponding communication node. A processor configured to perform first authentication processing between the communication relay device and a management device that is connected to the bus, and to perform second authentication processing according to a result of comparing identification information included in data transmitted by the corresponding communication node with the pieces of identification information stored in the storage. A transceiver configured to report, to the management device, a result of the second authentication processing when the first authentication processing has been successful.

9 Citations

View as Search Results

10 Claims

1. A communication relay that is situated between a corresponding communication node and a bus in a communication network in which a plurality of communication nodes mutually perform a data communication through the bus, the communication relay comprising:
- a memory configured to store therein pieces of identification information that are likely to be included in message data transmitted by the corresponding communication node, each of pieces of the identification information identifying a type of the message data transmitted by the corresponding communication node;
  
  a processor configuredto perform first authentication processing between the communication relay and a manager that is connected to the bus, the manager managing the plurality of communication nodes and a plurality of communication relays each corresponding to a respective one of the plurality of communication nodes, andto perform second authentication processing according to a result of comparing identification information, which is included in message data received from the corresponding communication node and which identifies a type of the message data received from the corresponding communication node, with the pieces of identification information stored in the memory; and
  
  a transceiver configured to report, to the manager, a result of the second authentication processing when the first authentication processing has been successful.
- View Dependent Claims (2, 3)
- - 2. The communication relay according to claim 1, whereinwhen the manager and the communication relay are powered on, the processor performs the first authentication processing between the communication relay and the manager, andwhen the first authentication processing has been successful and when the second authentication processing has been unsuccessful, the transceiver reports a result of the second authentication processing.
  - 3. The communication relay according to claim 1, whereinthe first authentication processing between the communication relay and the manager is an authentication processing in a challenge and response method.

4. A non-transitory computer-readable recording medium having stored therein a communication relay program for causing a communication relay to execute a process, wherein the communication relay is situated between a corresponding communication node and a bus in a communication network in which a plurality of communication nodes mutually perform a data communication through the bus, the process comprising:
- performing first authentication processing between the communication relay and a manager that is connected to the bus, the manager managing the plurality of communication nodes and a plurality of communication relays each corresponding to a respective one of the plurality of communication nodes;
  
  storing in a memory, pieces of identification information that are likely to be included in message data transmitted by the corresponding communication node, each of pieces of the identification information identifying a type of the message data transmitted by the corresponding communication node;
  
  performing second authentication processing according to a result of comparing identification information, which is included in message data received from the corresponding communication node and which identifies a type of the message data received from the corresponding communication node, with the pieces of identification information stored in the memory; and
  
  reporting a result of the second authentication processing to the manager when the first authentication processing has been successful.
- View Dependent Claims (5, 6)
- - 5. The non-transitory computer-readable recording medium according to claim 4, comprising:
    - when the manager and the communication relay are powered on, performing authentication processing between the communication relay and the manager; and
      
      when the first authentication processing has been successful and when the second authentication processing has been unsuccessful, reporting a result of the second authentication processing to the management device.
  - 6. The non-transitory computer-readable recording medium according to claim 4, whereinthe performing of the first authentication processing is performing authentication processing between the communication relay and the manager by use of an authentication processing in a challenge and response method.

7. A communication relay method comprising:
- performing, by a communication relay, first authentication processing between the communication relay and a manager that is connected to a bus, the communication relay being situated between a corresponding communication node and the bus in a communication network in which a plurality of communication nodes mutually perform a data communication through the bus, the manager managing the plurality of communication nodes and a plurality of communication relays each corresponding to a respective one of the plurality of communication nodes;
  
  storing, in a memory, by the communication relay, pieces of identification information that are likely to be included in message data transmitted by the corresponding communication node, each of pieces of the identification information identifying a type of the message data transmitted by the corresponding communication node;
  
  performing, by the communication relay, second authentication processing according to a result of comparing identification information, which is included in message data received from the corresponding communication node and which identifies a type of the message data received from the corresponding communication node, with the pieces of identification information stored in the memory; and
  
  reporting, by the communication relay device, a result of the second authentication processing to the manager when the first authentication processing has been successful.
- View Dependent Claims (8, 9)
- - 8. The communication relay method according to claim 7, comprising:
    - when the manager and the communication relay are powered on, performing authentication processing between the communication relay and the manager; and
      
      when the first authentication processing has been successful and when the second authentication processing has been unsuccessful, reporting a result of the second authentication processing to the management device.
  - 9. The communication relay method according to claim 7, whereinthe performing of the first authentication processing is performing authentication processing between the communication relay and the manager by use of an authentication processing in a challenge and response method.

10. A system comprising:
- a communication relay configured to be situated between a corresponding communication node and a bus in a communication network in which a plurality of communication nodes mutually perform a data communication through the bus; and
  
  a manager connected to the bus and configured to manage the plurality of communication nodes and a plurality of communication relays each corresponding to one of the plurality of communication nodes, whereinthe communication relayperforms first authentication processing between the communication relay and the manager,stores, in a memory, pieces of identification information that are likely to be included in message data transmitted by the corresponding communication node, each of pieces of the identification information identifying a type of the message data transmitted by the corresponding communication node,performs second authentication processing according to a result of comparing identification information, which is included in message data received from the corresponding communication node and which identifies a type of the message data received from the corresponding communication node, with the pieces of identification information stored in the memory, andreports a result of the second authentication processing to the manager when the first authentication processing has been successful, whereinthe managerdetermines, from among the plurality of communication nodes, a communication node whose result of the second authentication processing is not successful to be a maliciously replaced communication node.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Fujitsu Limited
Original Assignee
Fujitsu Limited
Inventors
Yajima, Jun, Hasebe, Takayuki, Abe, Yasuhiko
Primary Examiner(s)
Pyzocha, Michael
Assistant Examiner(s)
Tafaghodi, Zoha Piyadehghibi

Application Number

US15/194,793
Publication Number

US 20170026373A1
Time in Patent Office

1,057 Days
Field of Search

726 7
US Class Current
CPC Class Codes

G06F 21/00   Security arrangements for p...

G06F 21/44   Program or device authentic...

H04L 63/0869   for achieving mutual authen...

H04L 63/0876   based on the identity of th...

H04L 63/0884   by delegation of authentica...

H04L 9/3226   using a predetermined code,...

H04L 9/3271   using challenge-response

H04W 12/069   using certificates or pre-s...

H04W 12/12   Detection or prevention of ...

H04W 12/122   Counter-measures against at...

H04W 4/40   for vehicles, e.g. vehicle-...

H04W 4/48   for in-vehicle communication

Communication relay device, communication network, and communication relay method

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

9 Citations

10 Claims

Specification

Solutions

Use Cases

Quick Links

Communication relay device, communication network, and communication relay method

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

9 Citations

10 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links