Security For Network-Connected Vehicles and Other Network-Connected Processing Environments
0 Assignments
0 Petitions
Accused Products
Abstract
A method and apparatus provide security for a network-connected vehicle (or other networked environment) in which a predefined set of permitted operations relating to protected resources can be initiated remotely from elsewhere in the network, while security is maintained for the protected resources (for example, an engine performance optimisation control unit or air conditioning control unit within a vehicle) by preventing remote initiation of any other operations on a data processing unit which is connected to the protected resources. One of a pair of gateway components runs on each of two data processing units within the vehicle (or other environment), the first processing unit being connected to the vehicle'"'"'s device control units and the second processing unit being connected to the external network. The gateway components control the types of communications which can be passed from the network-connected side to the first processing unit such that only permitted operations can be requested and no unauthorised operations can be initiated remotely.
45 Citations
11 Claims
-
1-5. -5. (canceled)
-
6. A data processing apparatus, including:
-
a first data processing unit connected to one or more security-critical resources;
a second data processing unit connected to an external communications network such that operation requests can be received from the external network; and
a data communications link between the first and second data processing units; and
a gateway component for controlling communications across the link, the gateway component limiting the operations which can be performed at the first data processing unit in response to requests from the second processing unit to only a predefined set of permitted operations. - View Dependent Claims (7, 8)
-
-
9. A secure gateway computer program for a network-connected vehicle, comprising:
-
a first gateway component for running on a first data processing unit connected to one or more device control units of the vehicle; and
a second gateway component for running on a second data processing unit connected to communications apparatus for providing a wireless connection to an external network;
wherein the first and second components of the secure gateway computer program are adapted to jointly control communications across a link between the first and second data processing units so as to limit the operations which can be performed at the first data processing unit in response to requests from the second processing unit to only a predefined set of permitted operations.
-
-
10. A method for controlling the initiation of operations relating to secure resources on a first data processing unit such that only a limited predefined set of operations can be initiated by requests from a second data processing unit connected to the first data processing unit by a communications link, the method comprising:
-
storing a list of permitted operations which can be requested from the second data processing unit;
comparing, by a secure gateway component which controls communications across the communications link, requests to perform operations relating to secure resources on the first data processing unit with the list of permitted operations; and
only executing the permitted operations. - View Dependent Claims (11)
-
Specification