ACCESS RESTRICTION DEVICE, ON-BOARD COMMUNICATION SYSTEM AND METHOD FOR COMMUNICATION RESTRICTION
First Claim
1. An access restriction device to be installed in a vehicle,the access restriction device comprising:
- a first communication unit which communicates with an on-board device by way of an in-car network arranged in the vehicle;
a second communication unit which communicates with an external device;
a program storage unit storing a program which performs processing concerning information to be transmitted and received with the first communication unit and/or processing concerning information to be transmitted and received with the second communication unit;
a processor which executes one or a plurality of programs stored in the program storage unit and performs processing including;
a program addition/update means which performs addition or update of a program to be executed by the processor by communicating between the second communication unit and the external device;
a first determination means which determines, for each program, a level of access authorization with respect to information received with the first communication unit;
a second determination means which determines, for each type of information received with the first communication unit, a level of access authorization for permission to access the information received with the first communication unit; and
an access restriction means which restricts access to the information, depending on the level of access authorization of the program determined by the first determination means and the level of access authorization for the information determined by the second determination means, when an access request is made for the information received by the first communication unit in the processing performed by the processor when executing the program.
1 Assignment
0 Petitions
Accused Products
Abstract
An access restriction device as well as an on-board communication system and a method for communication restriction, which prevent outside leakage of information caused by unauthorized access of malicious programs to an in-car network. The communication between the in-car network of the vehicle and an external device is performed by a security controller. The security controller can perform addition or update of a program involving processing for transmission and reception of the information. The security controller performs processing for restricting access to information of the in-car network performed by program execution according to an access authorization level of each program and an access permission level of each type of information. The security controller restricts the transmission depending on the access authorization level of each program and the access permission level of each type of information in case of transmitting the information to the in-car network by the program execution.
-
Citations
13 Claims
-
1. An access restriction device to be installed in a vehicle,
the access restriction device comprising: -
a first communication unit which communicates with an on-board device by way of an in-car network arranged in the vehicle; a second communication unit which communicates with an external device; a program storage unit storing a program which performs processing concerning information to be transmitted and received with the first communication unit and/or processing concerning information to be transmitted and received with the second communication unit; a processor which executes one or a plurality of programs stored in the program storage unit and performs processing including; a program addition/update means which performs addition or update of a program to be executed by the processor by communicating between the second communication unit and the external device; a first determination means which determines, for each program, a level of access authorization with respect to information received with the first communication unit; a second determination means which determines, for each type of information received with the first communication unit, a level of access authorization for permission to access the information received with the first communication unit; and an access restriction means which restricts access to the information, depending on the level of access authorization of the program determined by the first determination means and the level of access authorization for the information determined by the second determination means, when an access request is made for the information received by the first communication unit in the processing performed by the processor when executing the program. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
-
12. An on-board communication system comprising
one or more on-board devices, and an access restriction device connected to the one or more onboard devices by way of an in-car network, the access restriction device includes: -
a first communication unit which communicates with an on-board device by way of an in-car network arranged in the vehicle; a second communication unit which communicates with an external device; a program storage unit storing a program which performs processing concerning information to be transmitted and received with the first communication unit and/or processing concerning information to be transmitted and received with the second communication unit; a processor which executes one or a plurality of programs stored in the program storage unit and performs processing including; a program addition/update means which performs addition or update of a program to be executed by the processor by means of communication of the second communication unit with the external device; a first determination means which determines, for each program, a level of access authorization with respect to information received with the first communication unit; a second determination means which determines, for each type of information received with the first communication unit, a level of access authorization for permission to access the information received with the first communication unit; and an access restriction means which restricts access to the information, depending on the level of access authorization of the program determined by the first determination means and the level of access authorization for the information determined by the second determination means, when an access request is made for the information received by the first communication unit in the processing performed by the processor when executing the program; and wherein the on-board device is configured to communicate with the external device by way of the access restriction device.
-
-
13. A communication restriction method utilizing an access restriction device to be installed in a vehicle, the access restriction device comprising:
- (i) a first communication unit which communicates with an on-board device by way of an in-car network arranged in the vehicle;
(ii) a second communication unit which communicates with an external device;
(iii) a program storage unit storing a program which performs processing concerning information to be transmitted and received with the first communication unit and/or processing concerning information to be transmitted and received with the second communication unit;
(iv) a processor which executes one or a plurality of programs stored in the program storage unit and performs processing;
(v) a program addition/update means which performs addition or update of a program to be executed by the processor by communicating between the second communication unit the external device;
the communication restriction method restricting the communication of the on-board device and the external device by utilizing the access restriction device;
the communication restriction method comprising;a first determination step of determining, for each program, a level of access authorization for information received with the first communication unit; a second determination step of determining, for each type of information received in the first communication unit, a level of access authorization for permission to access information received with the first communication unit; and an access restriction step of restricting access to the information, depending on the level of access authorization of the program determined in the first determination step and the level of access authorization for the information determined in the second determination step, when an access request is made for the information received by the first communication unit in the processing performed by the processor when executing the program.
- (i) a first communication unit which communicates with an on-board device by way of an in-car network arranged in the vehicle;
Specification