SECURE MESSAGE FILTERING TO VEHICLE ELECTRONIC CONTROL UNITS WITH SECURE PROVISIONING OF MESSAGE FILTERING RULES

US 20140195808A1
Filed: 12/01/2011
Published: 07/10/2014
Est. Priority Date: 12/01/2011
Status: Active Grant

First Claim

Patent Images

1. A system, comprising:

a host processor associated with a vehicle, said host processor configured to receive a message filtering rule;

a bus controller configured to verify authenticity of said message filtering rule and further configured to filter messages from said host processor using said verified message filtering rule, wherein said bus controller is programmed through an interface, said interface inaccessible from said host processor; and

a bus configured to transmit said filtered messages from said bus controller to one or more electronic control units (ECUs), said ECUs communicatively coupled to said bus.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method according to one embodiment includes the operations of configuring a host processor to receive a message filtering rule, the host processor associated with a vehicle; configuring a bus controller to verify authenticity of the message filtering rule, wherein the bus controller is programmed through an interface, the interface inaccessible from the host processor; filtering messages from the host processor using the verified message filtering rule, wherein the filtering is performed by the bus controller; and transmitting the filtered messages from the bus controller over a bus to one or more electronic control units (ECUs), the ECUs communicatively coupled to the bus.

Citations

22 Claims

1. A system, comprising:
- a host processor associated with a vehicle, said host processor configured to receive a message filtering rule;
  
  a bus controller configured to verify authenticity of said message filtering rule and further configured to filter messages from said host processor using said verified message filtering rule, wherein said bus controller is programmed through an interface, said interface inaccessible from said host processor; and
  
  a bus configured to transmit said filtered messages from said bus controller to one or more electronic control units (ECUs), said ECUs communicatively coupled to said bus.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The system of claim 1, wherein said message filtering rule further comprise a trusted manifest and said bus controller programming further comprises a trusted rule signing key, such that said authenticity verification is based on said trusted manifest and said trusted rule signing key.
  - 3. The system of claim 1, wherein said bus controller ignores said message filtering rule if said authenticity verification fails.
  - 4. The system of claim 1, wherein said bus controller blocks messages and indicates an error if said authenticity verification fails.
  - 5. The system of claim 1, wherein said bus controller comprises a Field Programmable Gate Array (FPGA) and said programming interface comprises a Joint Test Action Group (JTAG) interface.
  - 6. The system of claim 1, wherein said bus comprises a Controller Area Network (CAN) bus.
  - 7. The system of claim 1, wherein said host processor comprises an In-Vehicle Infotainment (IVI) platform.
  - 8. The system of claim 1, wherein said message filtering rule is received by said host processor through a wireless connection from a source external to said vehicle.

9. A method, comprising:
- configuring a host processor to receive a message filtering rule, said host processor associated with a vehicle;
  
  configuring a bus controller to verify authenticity of said message filtering rule, wherein said bus controller is programmed through an interface, said interface inaccessible from said host processor;
  
  filtering messages from said host processor using said verified message filtering rule, wherein said filtering is performed by said bus controller; and
  
  transmitting said filtered messages from said bus controller over a bus to one or more ECUs, said ECUs communicatively coupled to said bus.
- View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
- - 10. The method of claim 9, wherein said message filtering rule further comprise a trusted manifest and said bus controller programming further comprises a trusted rule signing key, such that said authenticity verification is based on said trusted manifest and said trusted rule signing key.
  - 11. The method of claim 9, wherein said bus controller ignores said message filtering rule if said authenticity verification fails.
  - 12. The method of claim 9, wherein said bus controller blocks messages and indicates an error if said authenticity verification fails.
  - 13. The method of claim 9, wherein said bus controller comprises a Field Programmable Gate Array (FPGA) and said programming interface comprises a Joint Test Action Group (JTAG) interface.
  - 14. The method of claim 9, wherein said bus comprises a Controller Area Network (CAN) bus.
  - 15. The method of claim 9, wherein said host processor comprises an In-Vehicle Infotainment (IVI) platform.
  - 16. The method of claim 9, wherein said message filtering rule is received by said host processor through a wireless connection from a source external to said vehicle.

17. A method, comprising:
- receiving a message filtering rule from a rule authoring entity;
  
  receiving a digital signature associated with said message filtering rule, wherein said digital signature verifies identity of said rule authoring entity as a trusted source;
  
  generating a trusted manifest associated with said message filtering rule based on said digital signature; and
  
  providing said trusted manifest to said rule authoring entity, such that said rule authoring entity associates said trusted manifest with said message filtering rule for transmission to a host processor associated with a vehicle.
- View Dependent Claims (18)
- - 18. The method of claim 17, wherein said generating said trusted manifest is further based on a trusted rule signing key provisioned to a message filtering bus controller associated with said vehicle.

19. A non-transitory computer-readable storage medium having instructions stored thereon which when executed by a processor result in the following operations comprising:
- receiving a message filtering rule on a host processor, said host processor associated with a vehicle;
  
  verifying authenticity of said message filtering rule on a bus controller, wherein said bus controller is programmed through an interface, said interface inaccessible from said host processor;
  
  filtering messages from said host processor using said verified message filtering rule, wherein said filtering is performed by said bus controller; and
  
  transmitting said filtered messages from said bus controller over a bus to one or more ECUs, said ECUs communicatively coupled to said bus.
- View Dependent Claims (20, 21, 22)
- - 20. The non-transitory computer-readable storage medium of claim 19, wherein said operations further comprise verifying authenticity based on a trusted manifest and a trusted rule signing key, wherein said message filtering rule further comprises said trusted manifest and said bus controller programming further comprises said trusted rule signing key.
  - 21. The non-transitory computer-readable storage medium of claim 19, wherein said operations further comprise ignoring said message filtering rule if said authenticity verification fails.
  - 22. The non-transitory computer-readable storage medium of claim 19, wherein said operations further comprise blocking messages and indicating an error if said authenticity verification fails.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Intel Corporation
Original Assignee
Intel Corporation
Inventors
Lortz, Victor B., Rathi, Somya, Rangarajan, Anand P., Kesavan, Vijay Sarathi

Granted Patent

US 9,419,802 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/170
CPC Class Codes

G06F 15/177   Initialisation or configura...

H04L 63/0263   Rule management

H04L 63/123   received data contents, e.g...

H04L 63/126   the source of the received ...

H04L 63/1466   Active attacks involving in...

H04L 67/12   specially adapted for propr...

H04L 67/34   involving the movement of s...

H04L 9/3247   involving digital signatures

H04W 4/80   Services using short range ...

SECURE MESSAGE FILTERING TO VEHICLE ELECTRONIC CONTROL UNITS WITH SECURE PROVISIONING OF MESSAGE FILTERING RULES

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

22 Claims

Specification

Solutions

Use Cases

Quick Links

SECURE MESSAGE FILTERING TO VEHICLE ELECTRONIC CONTROL UNITS WITH SECURE PROVISIONING OF MESSAGE FILTERING RULES

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

22 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links