Secure Communications Between and Verification of Authorized CAN Devices
First Claim
Patent Images
1. An apparatus for secure communications between and verification of authorized controller area network (CAN) devices, comprising:
- a CAN engine having a CAN bus interface adapted for coupling to a CAN bus;
a message assembly buffer having a receive message buffer and a transmit message buffer, the message assembly buffer is coupled to the CAN engine for receiving and transmitting CAN formatted messages;
a security peripheral having an encryption encoder and a decryption decoder, wherein the encryption encoder is coupled to the transmit message buffer and the decryption decoder is coupled to the receive message buffer;
a security key register storing a security key;
a synchronization counter;
a fixed data register;
at least one CAN transmit buffer coupled to the synchronization counter, fixed data register and the encryption encoder; and
at least one CAN receive buffer coupled to the synchronization counter, fixed data register and the decryption decoder;
whereinthe encryption encoder generates encrypted transmit data from transmit data in the at least one CAN transmit buffer using the security key from the security key register and places the encrypted transmit data into the transmit message buffer, andthe decryption decoder converts encrypted received data in the receive message buffer to received data using the security key from the security key register and places the received data into the at least one CAN receive buffer.
1 Assignment
0 Petitions
Accused Products
Abstract
Encrypted encoding and decoding of identification data of CAN bus devices for communications therebetween provides deterrence of theft and unauthorized access of these secure CAN bus devices. Each one of the CAN bus devices is considered a “node” on the CAN bus for communications purposes. By using a unique encryption code stored in each of the “authorized” CAN bus devices, unauthorized CAN bus nodes will not be able to communicate with the authorized, e.g., secure, CAN bus nodes functioning in a CAN system.
-
Citations
26 Claims
-
1. An apparatus for secure communications between and verification of authorized controller area network (CAN) devices, comprising:
-
a CAN engine having a CAN bus interface adapted for coupling to a CAN bus; a message assembly buffer having a receive message buffer and a transmit message buffer, the message assembly buffer is coupled to the CAN engine for receiving and transmitting CAN formatted messages; a security peripheral having an encryption encoder and a decryption decoder, wherein the encryption encoder is coupled to the transmit message buffer and the decryption decoder is coupled to the receive message buffer; a security key register storing a security key; a synchronization counter; a fixed data register; at least one CAN transmit buffer coupled to the synchronization counter, fixed data register and the encryption encoder; and at least one CAN receive buffer coupled to the synchronization counter, fixed data register and the decryption decoder; wherein the encryption encoder generates encrypted transmit data from transmit data in the at least one CAN transmit buffer using the security key from the security key register and places the encrypted transmit data into the transmit message buffer, and the decryption decoder converts encrypted received data in the receive message buffer to received data using the security key from the security key register and places the received data into the at least one CAN receive buffer. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A system for secure communications between and verification of authorized controller area network (CAN) devices operating in a CAN system, said CAN system comprising:
a plurality of CAN devices, wherein each of the plurality of CAN devices comprises; a CAN engine having a CAN bus interface adapted for coupling to a CAN bus; a message assembly buffer having a receive message buffer and a transmit message buffer, the message assembly buffer is coupled to the CAN engine for receiving and transmitting CAN formatted messages; a security peripheral having an encryption encoder and a decryption decoder, wherein the encryption encoder is coupled to the transmit message buffer and the decryption decoder is coupled to the receive message buffer; a security key register storing a security key; a synchronization counter; a fixed data register; at least one CAN transmit buffer coupled to the synchronization counter, fixed data register and the encryption encoder; and at least one CAN receive buffer coupled to the synchronization counter, fixed data register and the decryption decoder; wherein the encryption encoder generates encrypted transmit data from transmit data in the at least one CAN transmit buffer using the security key from the security key register and places the encrypted transmit data into the transmit message buffer, and the decryption decoder converts encrypted received data in the receive message buffer to received data using the security key from the security key register and places the received data into the at least one CAN receive buffer. - View Dependent Claims (11)
-
12. A method for secure communications between and verification of authorized controller area network (CAN) devices, said method comprising the steps of:
-
reading a CAN device identification; comparing the CAN device identification with a CAN system identification, wherein if the CAN device identification matches the CAN system identification, then activating the CAN device; sending status of the activated CAN device to the CAN system; and saving the status of the activated CAN device. - View Dependent Claims (13, 14, 15, 16, 17, 18, 19)
-
-
20. A method for secure communications between and verification of authorized controller area network (CAN) devices, said method comprising the steps of:
-
reading a first CAN device identification; determining if the first CAN device identification is valid; and replacing the first CAN device identification with a second CAN device identification if the first CAN device identification is valid. - View Dependent Claims (21, 22, 23, 24, 25, 26)
-
Specification