Privileged, diagnostic link connector based network monitoring capabilities within a vehicle employing a gateway module used to isolate and secure vehicle networks
First Claim
1. Method of providing privileged access to an internal vehicle communication network, the method comprising:
- providing a presentation network bus capable of providing listen-only access to a subset of in-vehicle networks, the presentation network bus connected to circuitry configured to selectively transmit network traffic from one of a plurality of the in-vehicle networks to the presentation network bus and permanently configured to permanently prevent data from the presentation network bus from being received by any of the plurality of in-vehicle networks;
verifying access credentials in a security system configured to control access to the presentation network bus by using a combination of symmetric and asymmetric cryptographic systems;
receiving a diagnostic service request after the access credentials have been verified to enable the presentation network bus for listen-only access to the subset of in-vehicle networks;
enabling the presentation network bus for the listen-only access in response to receipt of the diagnostic service request by enabling the circuitry to selectively transmit network traffic from one of the plurality of in-vehicle networks to the presentation network bus;
enabling a persistence mode after the access credentials have been verified wherein the presentation network bus will be enabled for listen-only access after a power-down and power-up cycle without re-verifying access credentials in the security system after the power-down; and
providing one of a plurality of different listen-only access levels to the in-vehicle networks based on the received access credentials.
1 Assignment
0 Petitions
Accused Products
Abstract
A system for providing privileged access to an internal vehicle communication network is provided. The system includes a presentation network bus configured to provide listen-only access to a subset of in-vehicle networks, a security system configured to enable access to the presentation network bus by verifying access credentials, and a diagnostic service system configured to control access to the presentation network bus. The diagnostic service system is configured to receive a diagnostic service request after the access credentials have been verified to enable the presentation network busses for listen-only access to the subset of the in-vehicle networks. The presentation network busses may be enabled for the listen-only access after credential verification by the security system and in response to receipt of a diagnostic service request from the diagnostic service system requesting that the presentation network busses be enabled.
-
Citations
20 Claims
-
1. Method of providing privileged access to an internal vehicle communication network, the method comprising:
-
providing a presentation network bus capable of providing listen-only access to a subset of in-vehicle networks, the presentation network bus connected to circuitry configured to selectively transmit network traffic from one of a plurality of the in-vehicle networks to the presentation network bus and permanently configured to permanently prevent data from the presentation network bus from being received by any of the plurality of in-vehicle networks; verifying access credentials in a security system configured to control access to the presentation network bus by using a combination of symmetric and asymmetric cryptographic systems; receiving a diagnostic service request after the access credentials have been verified to enable the presentation network bus for listen-only access to the subset of in-vehicle networks; enabling the presentation network bus for the listen-only access in response to receipt of the diagnostic service request by enabling the circuitry to selectively transmit network traffic from one of the plurality of in-vehicle networks to the presentation network bus; enabling a persistence mode after the access credentials have been verified wherein the presentation network bus will be enabled for listen-only access after a power-down and power-up cycle without re-verifying access credentials in the security system after the power-down; and providing one of a plurality of different listen-only access levels to the in-vehicle networks based on the received access credentials. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A system for providing privileged access to an internal vehicle communication network, the system comprising:
-
a presentation network bus configured to provide listen-only access to a subset of in-vehicle networks; a presentation circuit connected to the presentation network bus, the presentation circuit is configured to selectively transmit network traffic from one of a plurality of the in-vehicle networks to the presentation network bus and permanently configured to permanently prevent data from the presentation network bus from being received by any of the plurality of in-vehicle networks; a security system comprising one or more processors configured by programming instructions on non-transient computer readable media to enable access to the presentation network bus by verifying access credentials using a combination of symmetric and asymmetric cryptographic systems; and a diagnostic service system comprising one or more processors configured by programming instructions on non-transient computer readable media to control access to the presentation network bus, the diagnostic service system configured to receive a diagnostic service request after the access credentials have been verified and to enable the presentation network bus for listen-only access to the subset of networks by enabling the presentation circuit to selectively transmit network traffic from one of the plurality of in-vehicle networks to the presentation network bus; wherein the presentation network bus may be enabled for the listen-only access after credential verification by the security system and in response to receipt of a diagnostic service request from the diagnostic service system requesting that the presentation network bus be enabled; wherein the diagnostic service system is further configured to enable a persistence mode after the access credentials have been verified wherein the presentation network bus will be enabled for listen-only access after a power-down and power-up cycle for a limited number of cycles without re-verifying access credentials in the security system after the power-down; and wherein the diagnostic service system is further configured to provide one of a plurality of different listen-only access levels to the in-vehicle networks based on the received access credentials. - View Dependent Claims (9, 10, 11, 12, 13, 14)
-
-
15. A gateway module in a vehicle comprising:
-
presentation circuitry configured to mirror a selected in-vehicle network onto a presentation network bus, the presentation circuitry comprising selection circuitry and transceiver circuitry coupled between the presentation network bus and the selected in-vehicle network; the selection circuitry is configured to selectively output network traffic from the selected in-vehicle network to the transceiver circuitry; and the transceiver circuitry is configured to transmit network traffic received from the selection circuitry to the presentation network bus for listen-only access to the selected in-vehicle network and permanently configured to permanently prevent data from the presentation network bus from being received by the selection circuitry and transmitted onto the selected in-vehicle network; a security interface configured to enable access to the presentation network bus by verifying access credentials using a combination of symmetric and asymmetric cryptographic systems; and a diagnostic service interface configured to control access to the presentation network bus, the diagnostic service interface configured to receive a diagnostic service request after the access credentials have been verified to enable the presentation network bus for listen-only access to the selected in-vehicle network by enabling the presentation circuitry to selectively transmit network traffic from the selected in-vehicle network to the presentation network bus; wherein the diagnostic service interface is further configured to enable a persistence mode after the access credentials have been verified wherein the presentation network bus will be enabled for listen-only access after a power-down and power-up cycle for a limited number of cycles without re-verifying access credentials in the security system after the power-down; and wherein the diagnostic service interface is further configured to provide one of a plurality of different listen-only access levels to the in-vehicle networks based on the received access credentials. - View Dependent Claims (16, 17, 18, 19, 20)
-
Specification