Secure Communications Between and Verification of Authorized CAN Devices

US 20110093639A1
Filed: 10/19/2009
Published: 04/21/2011
Est. Priority Date: 10/19/2009
Status: Abandoned Application

First Claim

Patent Images

1. An apparatus for secure communications between and verification of authorized controller area network (CAN) devices, comprising:

a CAN engine having a CAN bus interface adapted for coupling to a CAN bus;

a message assembly buffer having a receive message buffer and a transmit message buffer, the message assembly buffer is coupled to the CAN engine for receiving and transmitting CAN formatted messages;

a security peripheral having an encryption encoder and a decryption decoder, wherein the encryption encoder is coupled to the transmit message buffer and the decryption decoder is coupled to the receive message buffer;

a security key register storing a security key;

a synchronization counter;

a fixed data register;

at least one CAN transmit buffer coupled to the synchronization counter, fixed data register and the encryption encoder; and

at least one CAN receive buffer coupled to the synchronization counter, fixed data register and the decryption decoder;

whereinthe encryption encoder generates encrypted transmit data from transmit data in the at least one CAN transmit buffer using the security key from the security key register and places the encrypted transmit data into the transmit message buffer, andthe decryption decoder converts encrypted received data in the receive message buffer to received data using the security key from the security key register and places the received data into the at least one CAN receive buffer.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Encrypted encoding and decoding of identification data of CAN bus devices for communications therebetween provides deterrence of theft and unauthorized access of these secure CAN bus devices. Each one of the CAN bus devices is considered a “node” on the CAN bus for communications purposes. By using a unique encryption code stored in each of the “authorized” CAN bus devices, unauthorized CAN bus nodes will not be able to communicate with the authorized, e.g., secure, CAN bus nodes functioning in a CAN system.

Citations

26 Claims

1. An apparatus for secure communications between and verification of authorized controller area network (CAN) devices, comprising:
- a CAN engine having a CAN bus interface adapted for coupling to a CAN bus;
  
  a message assembly buffer having a receive message buffer and a transmit message buffer, the message assembly buffer is coupled to the CAN engine for receiving and transmitting CAN formatted messages;
  
  a security peripheral having an encryption encoder and a decryption decoder, wherein the encryption encoder is coupled to the transmit message buffer and the decryption decoder is coupled to the receive message buffer;
  
  a security key register storing a security key;
  
  a synchronization counter;
  
  a fixed data register;
  
  at least one CAN transmit buffer coupled to the synchronization counter, fixed data register and the encryption encoder; and
  
  at least one CAN receive buffer coupled to the synchronization counter, fixed data register and the decryption decoder;
  
  whereinthe encryption encoder generates encrypted transmit data from transmit data in the at least one CAN transmit buffer using the security key from the security key register and places the encrypted transmit data into the transmit message buffer, andthe decryption decoder converts encrypted received data in the receive message buffer to received data using the security key from the security key register and places the received data into the at least one CAN receive buffer.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The apparatus according to claim 1, further comprising a non-volatile memory for the security key register, the synchronization counter and the fixed data register.
  - 3. The apparatus according to claim 1, wherein the security key comprises a vehicle identification number (VIN).
  - 4. The apparatus according to claim 1, wherein the security key is selected from the group consisting of a serial number, a manufacturer code, a manufacturer password, and a user password.
  - 5. The apparatus according to claim 1, further comprising a digital processor coupled to the at least one CAN receive buffer and the at least one CAN transmit buffer.
  - 6. The apparatus according to claim 4, wherein the digital processor is a microcontroller.
  - 7. The apparatus according to claim 5, wherein the digital processor is selected from the group consisting of a microprocessor, a digital signal processor, a programmable logic array (PLA), and an application specific integrated circuit (ASIC).
  - 8. The apparatus according to claim 1, wherein the CAN device becomes inoperative if unauthorized use of it is made in a CAN system.
  - 9. The apparatus according to claim 1, wherein communications occurs only between CAN devices having the same security key.

10. A system for secure communications between and verification of authorized controller area network (CAN) devices operating in a CAN system, said CAN system comprising:
- a plurality of CAN devices, wherein each of the plurality of CAN devices comprises;
  
  a CAN engine having a CAN bus interface adapted for coupling to a CAN bus;
  
  a message assembly buffer having a receive message buffer and a transmit message buffer, the message assembly buffer is coupled to the CAN engine for receiving and transmitting CAN formatted messages;
  
  a security peripheral having an encryption encoder and a decryption decoder, wherein the encryption encoder is coupled to the transmit message buffer and the decryption decoder is coupled to the receive message buffer;
  
  a security key register storing a security key;
  
  a synchronization counter;
  
  a fixed data register;
  
  at least one CAN transmit buffer coupled to the synchronization counter, fixed data register and the encryption encoder; and
  
  at least one CAN receive buffer coupled to the synchronization counter, fixed data register and the decryption decoder;
  
  whereinthe encryption encoder generates encrypted transmit data from transmit data in the at least one CAN transmit buffer using the security key from the security key register and places the encrypted transmit data into the transmit message buffer, andthe decryption decoder converts encrypted received data in the receive message buffer to received data using the security key from the security key register and places the received data into the at least one CAN receive buffer.
- View Dependent Claims (11)
- - 11. The system according to claim 10, wherein the each of the plurality of CAN devices communicate with other ones of the plurality of CAN devices having the same security key.

12. A method for secure communications between and verification of authorized controller area network (CAN) devices, said method comprising the steps of:
- reading a CAN device identification;
  
  comparing the CAN device identification with a CAN system identification, wherein if the CAN device identification matches the CAN system identification, then activating the CAN device;
  
  sending status of the activated CAN device to the CAN system; and
  
  saving the status of the activated CAN device.
- View Dependent Claims (13, 14, 15, 16, 17, 18, 19)
- - 13. The method according to claim 12, wherein the activated CAN device identification is changed to a new identification.
  - 14. The method according to claim 12, wherein the CAN device is disabled if the CAN device identification does not match the CAN system identification.
  - 15. The method according to claim 14, wherein the disabled CAN device is rendered inoperable until re-enabled by an authorized programming device.
  - 16. The method according to claim 15, wherein the authorized programming device compares the CAN device identification with an identification list of stolen CAN devices.
  - 17. The method according to claim 16, wherein the CAN device identification is changed to a new identification if the CAN device identification is not found in the identification list of stolen CAN devices.
  - 18. The method according to claim 16, wherein the CAN device identification and location are reported if the CAN device identification is found in the identification list of stolen CAN devices.
  - 19. The method according to claim 16, wherein the CAN device identification and location are reported if the CAN device is used in an improper application.

20. A method for secure communications between and verification of authorized controller area network (CAN) devices, said method comprising the steps of:
- reading a first CAN device identification;
  
  determining if the first CAN device identification is valid; and
  
  replacing the first CAN device identification with a second CAN device identification if the first CAN device identification is valid.
- View Dependent Claims (21, 22, 23, 24, 25, 26)
- - 21. The method according to claim 20, wherein the CAN device is disabled if the first CAN device identification is not valid.
  - 22. The method according to claim 21, wherein the disabled CAN device is rendered inoperable until re-enabled by an authorized programming device.
  - 23. The method according to claim 22, wherein the authorized programming device compares the first CAN device identification with an identification list of stolen CAN devices.
  - 24. The method according to claim 22, wherein the first CAN device identification is changed to the second CAN device identification if the first CAN device identification is not found in the identification list of stolen CAN devices.
  - 25. The method according to claim 23, wherein the first CAN device identification and location are reported if the first CAN device identification is found in the identification list of stolen CAN devices.
  - 26. The method according to claim 23, wherein the first CAN device identification and location are reported if the first CAN device is used in an improper application.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microchip Technology Incorporated
Original Assignee
Microchip Technology Incorporated
Inventors
Richards, Patrick K.

Application Number

US12/581,225
Publication Number

US 20110093639A1
Time in Patent Office

Days
Field of Search
US Class Current

710/310
CPC Class Codes

H04L 12/40032   Details regarding a bus int...

H04L 2012/40215   Controller Area Network CAN

H04L 63/0428   wherein the data content is...

H04L 63/126   the source of the received ...

Secure Communications Between and Verification of Authorized CAN Devices

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

26 Claims

Specification

Solutions

Use Cases

Quick Links

Secure Communications Between and Verification of Authorized CAN Devices

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

26 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links