GATEWAY DEVICE, AND SERVICE PROVIDING SYSTEM

US 20150326529A1
Filed: 10/18/2013
Published: 11/12/2015
Est. Priority Date: 03/11/2013
Status: Active Grant

First Claim

Patent Images

1. A gateway device for controlling access to a processing device connected with an internal network from an external network, the gateway device comprising:

a control information transfer control unit;

an access control management updating unit; and

a control information access unit, whereinthe access control management updating unit, when receiving an access execution instruction from the external network, acquires determination information on the access execution instruction, the determination information being set an accessible attribute of the processing device per transmission source of the access execution instruction;

the control information transfer control unit determines whether execution of the access execution instruction should be permitted or not using the determination information, and transmits the access execution instruction, execution of which is determined to be permitted, to the control information access unit;

the control information access unit transmits the received access execution instruction to the processing device, and transmits a result message of the access execution instruction to the control information transfer control unit; and

the control information transfer control unit transmits the result message to the transmission source of the access execution instruction.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Provided are a control device, system, and method capable of controlling an accessible range of information on an individual external device basis even in the case of a valid access for the information from an external device. An ACL management server is installed to introduce an ACL associating a service provider ID identifying a service provider accessing an ECU mounted on an automobile with an attribute of an ECU that the service provider can access or with an ASIL determined for the ECU, and to manage the ACL safely and in the latest state. Also, a service providing server is installed for providing services for reading and rewriting ECU control information in accordance with a request from a user. A gateway is installed for determining, using the ACL, whether access to the ECU should be granted with respect to access instruction execution information received from the service providing server.

Citations

8 Claims

1. A gateway device for controlling access to a processing device connected with an internal network from an external network, the gateway device comprising:
- a control information transfer control unit;
  
  an access control management updating unit; and
  
  a control information access unit, whereinthe access control management updating unit, when receiving an access execution instruction from the external network, acquires determination information on the access execution instruction, the determination information being set an accessible attribute of the processing device per transmission source of the access execution instruction;
  
  the control information transfer control unit determines whether execution of the access execution instruction should be permitted or not using the determination information, and transmits the access execution instruction, execution of which is determined to be permitted, to the control information access unit;
  
  the control information access unit transmits the received access execution instruction to the processing device, and transmits a result message of the access execution instruction to the control information transfer control unit; and
  
  the control information transfer control unit transmits the result message to the transmission source of the access execution instruction.
- View Dependent Claims (2, 3, 4)
- - 2. The gateway device according to claim 1, wherein the attribute set to the determination information is a type of the processing device, or ASIL defined per processing device or function of the processing device.
  - 3. The gateway device according to claim 1, wherein the access control management updating unit transmits an acquisition request for the determination information to a determination information management device connected with the external network to acquire the determination information after the gateway device receives the access execution instruction from the external network.
  - 4. The gateway device according to claim 3, wherein the access control management updating unit transmits an acquisition request for the determination information to another information processing device having received and held the determination information from the determination information management device in advance to acquire the determination information if the determination information cannot be acquired from the determination information management device.

5. A service providing system comprising a service enjoying device, a service providing device, a service execution management device, and a service execution determination information management device, whereinthe service execution management device is connected with one or more processing devices via an internal network;
- the service enjoying device transmits a service execution request to the service providing device;
  
  the service providing device transmits an access execution instruction based on the service execution request to the service execution management device via an external network;
  
  the service execution management device transmits an acquisition request for determination information on the access execution instruction to the service execution determination information management device via the external network when receiving the access execution instruction from the service providing device;
  
  the service execution determination information management device transmits the determination information to the service execution management device;
  
  the service execution management device determines whether execution of the access execution instruction should be permitted or not using the received determination information, transmits the access execution instruction, execution of which is determined to be permitted, to the processing devices via the internal network, and transmits an execution result based on the access execution instruction to the service providing device via the external network; and
  
  the service providing device transmits the received execution result to the service enjoying device,wherein the determination information indicates permission or rejection of executing the access execution instruction on the basis of a combination of an attribute of the service enjoying device, an attribute of the service providing device, and attributes of the processing devices.
- View Dependent Claims (6, 7, 8)
- - 6. The service providing system according to claim 5, wherein the determination information uses a domain predefined for the processing devices as the attribute.
  - 7. The service providing system according to claim 5, whereinthe service enjoying device transmits a service application contents registration request to the service providing device;
    - the service providing device transmits a change request for the determination information based on the service application contents registration request to the service execution determination information management device; and
      
      the service execution determination information management device transmits a part related to the service enjoying device included in the determination information to the service enjoying device if the determination information has been changed based on the change request.
  - 8. The service providing system according to claim 7, whereinthe service execution management device transmits an acquisition request for the determination information on the access execution instruction to the service enjoying device if the determination information cannot be acquired from the service execution determination information management device;
    - the service enjoying device transmits the determination information acquired from the service execution determination information management device to the service execution management device; and
      
      the service execution management device determines whether execution of the access execution instruction should be permitted or not using the determination information received from the service enjoying device.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Hitachi Astemo Ltd. (Hitachi, Ltd.)
Original Assignee
Hitachi Automotive Systems Limited (Hitachi, Ltd.)
Inventors
MORITA, Nobuyoshi

Granted Patent

US 9,906,492 B2
Time in Patent Office

Days
Field of Search
US Class Current

1/1
CPC Class Codes

G06F 21/62   Protecting access to data v...

G06F 21/6218   to a system of files or obj...

G06F 2221/2141   Access rights, e.g. capabil...

H04L 12/6418   Hybrid transport

H04L 12/66   Arrangements for connecting...

H04L 2012/40273   the transportation system b...

H04L 63/02   for separating internal fro...

H04L 67/51   Discovery or management the...

GATEWAY DEVICE, AND SERVICE PROVIDING SYSTEM

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

8 Claims

Specification

Solutions

Use Cases

Quick Links

GATEWAY DEVICE, AND SERVICE PROVIDING SYSTEM

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

8 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links