In-Vehicle Network System

US 20140114497A1
Filed: 07/03/2012
Published: 04/24/2014
Est. Priority Date: 07/06/2011
Status: Active Grant

First Claim

Patent Images

1. An in-vehicle network system comprising:

an in-vehicle control unit that controls an operation of a car; and

a configuration management device that authenticates whether the in-vehicle control unit has a valid authorization to join an in-vehicle network of the car;

wherein upon receiving, from a registration device that lets the in-vehicle control unit join the in-vehicle network, a registration request requesting to let the in-vehicle control unit join the in-vehicle network, the configuration management device performs an authentication with respect to the registration device, generates attestation data unique to the in-vehicle control unit, and sends the attestation data to the registration device,wherein the registration device receives the attestation data from the configuration management device and relays the attestation data to the in-vehicle control unit,and wherein the in-vehicle control unit receives the attestation data from the registration device and stores the attestation data in a memory.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Provided is an in-vehicle network equipped with a function whereby configuration verification is performed while preventing an increase in the processing load (and cost) for each in-vehicle control device, thus improving vehicle security. This in-vehicle network system is equipped with a configuration management device that authenticates an in-vehicle control device. The configuration management device delivers to the in-vehicle control device, via a registration device connected to the in-vehicle network, configuration verification data that is used to perform configuration verification (see FIG. 1).

69 Citations

View as Search Results

14 Claims

1. An in-vehicle network system comprising:
- an in-vehicle control unit that controls an operation of a car; and
  
  a configuration management device that authenticates whether the in-vehicle control unit has a valid authorization to join an in-vehicle network of the car;
  
  wherein upon receiving, from a registration device that lets the in-vehicle control unit join the in-vehicle network, a registration request requesting to let the in-vehicle control unit join the in-vehicle network, the configuration management device performs an authentication with respect to the registration device, generates attestation data unique to the in-vehicle control unit, and sends the attestation data to the registration device,wherein the registration device receives the attestation data from the configuration management device and relays the attestation data to the in-vehicle control unit,and wherein the in-vehicle control unit receives the attestation data from the registration device and stores the attestation data in a memory.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14)
- - 2. The in-vehicle network system according to claim 1,wherein the configuration management device authenticates the in-vehicle control unit using the attestation data,and wherein the configuration management device authenticates the registration device using an authentication process different from that for authenticating the in-vehicle control unit.
  - 3. The in-vehicle network system according to claim 1, whereinthe attestation data includes at least one of:
    - a password for the configuration management device to authenticate the in-vehicle control unit; and
      
      a common key used for the in-vehicle control unit to generate a response in a challenge and response authentication performed by the configuration management device to authenticate the in-vehicle control unit.
  - 4. The in-vehicle network system according to claim 1, whereinthe attestation data includes at least one of:
    - a common key used for the in-vehicle control unit to generate a digital signature from a message when the in-vehicle control unit transmits a message authentication code on the in-vehicle network; and
      
      a common key used for the in-vehicle control unit to perform an encrypted communication on the in-vehicle network.
  - 5. The in-vehicle network system according to claim 1, whereinthe configuration management device generates the attestation data using a one directional function that outputs a value different for each of the in-vehicle control unit, for each of software versions included in the in-vehicle control unit, for each of types of the car, or for each of car identification numbers distinguishing the car individually.
  - 6. The in-vehicle network system according to claim 1,wherein the configuration management device, by receiving the attestation data or authentication data generated using the attestation data from the in-vehicle control unit joined in the in-vehicle network, authenticates the in-vehicle control unit joined in the in-vehicle network,and wherein if the configuration management device cannot receive the attestation data or the authentication data as a response of a request for the in-vehicle control unit joined in the in-vehicle network to send the attestation data or the authentication data, if the configuration management device cannot receive the attestation data or the authentication data periodically from the in-vehicle control unit joined in the in-vehicle network, or if the configuration management device fails to authenticate the in-vehicle control unit, the configuration management device outputs an alarm signal indicating that the in-vehicle control unit is falsified or broadcasts a communication packet describing that the in-vehicle control unit is falsified to the in-vehicle network.
  - 7. The in-vehicle network system according to claim 1, whereinthe in-vehicle control unit authenticates the configuration management device using the attestation data or authentication data that is generated using the attestation data.
  - 8. The in-vehicle network system according to claim 7,wherein the in-vehicle control unit authenticates the configuration management device by receiving the attestation data or the authentication data,and wherein if the in-vehicle control unit cannot receive the attestation data or the authentication data as a response to a request for the configuration management device to send the attestation data or the authentication data, if the in-vehicle control unit cannot receive the attestation data or the authentication data periodically from the configuration management device, or if the in-vehicle control unit fails to authenticate the control management device, the in-vehicle control unit outputs an alarm signal indicating that the configuration management device is falsified, broadcasts a communication packet describing that the configuration management device is falsified to the in-vehicle network, or does not follow an instruction from the configuration management device thereafter.
  - 9. The in-vehicle network system according to claim 1,wherein the attestation data includes an identification number describing a type of communication data transmitted between the configuration management device and the in-vehicle control unit,and wherein the configuration management device and the in-vehicle control unit transmit the attestation data using communication data specifying the identification number.
  - 10. The in-vehicle network system according to claim 1,wherein the configuration management device works as a communication gateway that relays a communication between devices connected to the in-vehicle network,and wherein if the configuration management device fails to authenticate the registration device, the configuration management device blocks a communication between the registration device and the in-vehicle control unit.
  - 11. The in-vehicle network system according to claim 1, whereinthe registration device has a function as a rewrite device that rewrites software equipped in the in-vehicle control unit.
  - 12. The in-vehicle network system according to claim 1, whereinthe registration device is a communication device that temporarily connects to the in-vehicle network.
  - 13. The in-vehicle network system according to claim 1, whereinthe registration device is placed outside the car and communicates with the configuration management device or the in-vehicle control unit through the in-vehicle network.
  - 14. The in-vehicle network system according to claim 1,wherein the configuration management device includes a database that manages a type of the in-vehicle control unit joining the in-vehicle network and a software version of the in-vehicle control unit joining the in-vehicle network,wherein the configuration management device updates data stored in the database in response to a request from the registration device,and wherein the registration device receives, from the registration device or the in-vehicle control unit, a query to the data stored in the database and responds the data stored in the database in response to the query.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Hitachi Astemo Ltd. (Hitachi, Ltd.)
Original Assignee
Hitachi Automotive Systems Limited (Hitachi, Ltd.)
Inventors
Miyake, Junji

Granted Patent

US 9,132,790 B2
Time in Patent Office

Days
Field of Search
US Class Current

701/1
CPC Class Codes

B60R 16/0231   Circuits relating to the dr...

G06F 21/44   Program or device authentic...

G06F 2221/2129   Authenticate client device ...

H04L 2209/84   Vehicles

H04L 9/32   including means for verifyi...

H04L 9/3271   using challenge-response

In-Vehicle Network System

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

69 Citations

14 Claims

Specification

Solutions

Use Cases

Quick Links

In-Vehicle Network System

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

69 Citations

14 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links