Method for detecting the use of unauthorized security credentials in connected vehicles
First Claim
1. A method for detecting potential tampering with security features of a vehicle the method comprising:
- maintaining, by one or more systems of the vehicle, a plurality of credentials, each credential comprising a key value and a set of one or more attributes identifying the credential and each credential being associated with a component of a plurality of components of the vehicle connected with a communications network of the vehicle and used by the component to access the communications network;
maintaining, by a network security system of the vehicle, separate from the credentials, information related to and identifying each credential of the plurality of credentials;
performing, by the network security system, a plurality of checks on the credentials using the maintained information, wherein the plurality of checks comprise one or more checks on each of the plurality of credentials individually and one or more checks on the plurality of credentials together in aggregate, wherein the one or more checks on each of the plurality of credentials individually comprises at least a check to determine whether one or more attributes of the credential has changed since last performing the plurality of checks, and wherein the one or more checks on the plurality of credentials together in aggregate comprises at least a check to determine whether a total number for the plurality of credentials has changed since last performing the plurality of checks; and
determining, by the network security system, whether one or more of the credentials have been changed based on the one or more checks.
2 Assignments
0 Petitions
Accused Products
Abstract
Embodiments of the present disclosure monitor certificates or other credentials loaded to various components and systems of a vehicle. A set of information identifying credentials that are expected to be present and/or in use can be saved. Periodically, on request, or upon the occurrence of an event or condition, checks can be performed on the credentials individually or in the aggregate using the saved information to determine whether the certificates present and/or in use are those expected or if a change has occurred. If a change is detected, i.e., a difference between the current set of certificates and the saved set of information, the network security system can take some action. The action, depending on the nature of the change detected, can vary from recording and/or reporting the condition up to and including isolating or even disabling a particular component or system on which the changed certificate is used.
-
Citations
14 Claims
-
1. A method for detecting potential tampering with security features of a vehicle the method comprising:
-
maintaining, by one or more systems of the vehicle, a plurality of credentials, each credential comprising a key value and a set of one or more attributes identifying the credential and each credential being associated with a component of a plurality of components of the vehicle connected with a communications network of the vehicle and used by the component to access the communications network; maintaining, by a network security system of the vehicle, separate from the credentials, information related to and identifying each credential of the plurality of credentials; performing, by the network security system, a plurality of checks on the credentials using the maintained information, wherein the plurality of checks comprise one or more checks on each of the plurality of credentials individually and one or more checks on the plurality of credentials together in aggregate, wherein the one or more checks on each of the plurality of credentials individually comprises at least a check to determine whether one or more attributes of the credential has changed since last performing the plurality of checks, and wherein the one or more checks on the plurality of credentials together in aggregate comprises at least a check to determine whether a total number for the plurality of credentials has changed since last performing the plurality of checks; and determining, by the network security system, whether one or more of the credentials have been changed based on the one or more checks. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A vehicle comprising:
-
a processor; and a memory coupled with and readable by the processor and storing therein a set of instructions which, when executed by the processor, causes the processor to detect potential tampering with security features of the vehicle by; maintaining a plurality of credentials, each credential comprising a key value and a set of one or more attributes identifying the credential and each credential being associated with a component of a plurality of components of the vehicle connected with a communications network of the vehicle and used by the component to access the communications network; maintaining, separate from the credentials, information related to and identifying each credential of the plurality of credentials; performing a plurality of checks on the credentials using the maintained information, wherein the plurality of checks comprise one or more checks on each of the plurality of credentials individually and one or more checks on the plurality of credentials together in aggregate, wherein the one or more checks on each of the plurality of credentials individually comprises at least a check to determine whether one or more attributes of the credential has changed since last performing the plurality of checks, and wherein the one or more checks on the plurality of credentials together in aggregate comprises at least a check to determine whether a total number for the plurality of credentials has changed since last performing the plurality of checks; and determining whether one or more of the credentials have been changed based on the one or more checks. - View Dependent Claims (8, 9, 10)
-
-
11. A non-transitory computer-readable medium comprising a set of instructions stored therein which, when executed by a processor, causes the processor to detect potential tampering with security features of the vehicle by:
-
maintaining a plurality of credentials, each credential comprising a key value and a set of one or more attributes identifying the credential and each credential being associated with a component of a plurality of components of the vehicle connected with a communications network of the vehicle and used by the component to access the communications network; maintaining, separate from the credentials, information related to and identifying each credential of the plurality of credentials; performing a plurality of checks on the credentials using the maintained information, wherein the plurality of checks comprises one or more checks on each of the plurality of credentials individually and one or more checks on the plurality of credentials together in aggregate, wherein the one or more checks on each of the plurality of credentials individually comprises at least a check to determine whether one or more attributes of the credential has changed since last performing the plurality of checks, and wherein the one or more checks on the plurality of credentials together in aggregate comprises at least a check to determine whether a total number for the plurality of credentials has changed since last performing the plurality of checks; and determining whether one or more of the credentials have been changed based on the one or more checks. - View Dependent Claims (12, 13, 14)
-
Specification