×

Automotive ECU controller and data network having security features for protection from malware transmission

  • US 10,320,836 B2
  • Filed: 07/16/2018
  • Issued: 06/11/2019
  • Est. Priority Date: 01/03/2017
  • Status: Active Grant
First Claim
Patent Images

1. A system for data communication for the operation of an automobile, the system comprising:

  • the automobile, the automobile comprising;

    a first electronic control unit (ECU) being directly accessible to external networks that are outside of the automobile;

    a second ECU that is not directly accessible to the external networks that are outside of the automobile;

    a control area network (CAN) bus that communicably couples the first ECU and the second ECU such that the first ECU and the second ECU can pass data communications within the automobile;

    wherein the first ECU that is directly accessible to the external networks that are outside of the automobile is configured to;

    operate either in a normal mode or in a first safe-mode, wherein;

    the normal mode and first safe-mode are defined in a security policy for the first ECU, andthe first safe-mode restricts the actions of the first ECU more than the normal mode based on predefined permitted contexts, wherein at least one of the predefined permitted contexts defines whether software changes to the first ECU are permitted;

    while operating in the normal mode, detect an attempted attack on the automobile;

    responsive to detecting the attempted attack on the automobile, determine that the detected attempted attack is indicative of attempted malicious execution by malware;

    responsive to determining that the detected attempted attack is indicative of attempted malicious execution by malware, change modes from the normal mode to the first safe-mode;

    responsive to determining that the detected attempted attack is indicative of attempted malicious execution by malware, transmit over the CAN bus a safe-mode alert;

    wherein the second ECU that is not directly accessible to the external networks that are outside of the automobile is configured to;

    operate in either the normal mode or a second safe-mode, wherein;

    the normal mode and second safe-mode are defined in a security policy for the second ECU, andthe second safe-mode restricts the actions of the second ECU more than the normal mode, andthe second safe-mode comprises different security policies than the first safe-mode;

    while operating in the normal mode, receive the safe-mode alert from the first ECU over the CAN bus; and

    responsive to receiving the safe-mode alert, change modes from the normal mode to the second safe-mode.

View all claims
  • 2 Assignments
Timeline View
Assignment View
    ×
    ×