VEHICLE MODULE UPDATE, PROTECTION AND DIAGNOSTICS

US 20160197932A1
Filed: 01/05/2015
Published: 07/07/2016
Est. Priority Date: 01/05/2015
Status: Active Grant

First Claim

Patent Images

1. A method for thwarting unauthorized programming of a server included on a road vehicle comprising:

inspecting a programming message transmitted from a client to the server for the purposes of requesting a programming of the server;

determining whether the programming message is one of authorized and unauthorized; and

engaging one of a passive mode and an active mode in the event the programming message is unauthorized, including;

i) transmitting a default message to the server sufficient to return the server to a default session before the server updates a memory pursuant to the requested programming if engaged according to the active mode; and

ii) allowing the server to update the memory pursuant to the programming if engaged according to the passive mode.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Updating, protecting, diagnosing and/or otherwise managing a server, module or other analogous device(s) included on a vehicle for the purposes of facilitating a vehicle related operation is contemplated. A local controller physical connected or otherwise associated with to the vehicle may be employed to implement the contemplated processes, optionally at the direction of a remote controller or other master controller having capabilities sufficient to provide corresponding instructions thereto.

38 Citations

View as Search Results

20 Claims

1. A method for thwarting unauthorized programming of a server included on a road vehicle comprising:
- inspecting a programming message transmitted from a client to the server for the purposes of requesting a programming of the server;
  
  determining whether the programming message is one of authorized and unauthorized; and
  
  engaging one of a passive mode and an active mode in the event the programming message is unauthorized, including;
  
  i) transmitting a default message to the server sufficient to return the server to a default session before the server updates a memory pursuant to the requested programming if engaged according to the active mode; and
  
  ii) allowing the server to update the memory pursuant to the programming if engaged according to the passive mode.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The method of claim 1 further comprising detecting the programming message with a local controller in communication with a controller area network (CAN) used to deliver the programming message from the server to the client, the local controller being physically connected to the road vehicle.
  - 3. The method of claim 2 further comprising transmitting the default session message from the local controller over the CAN to an address copied from information included within the programming message.
  - 4. The method of claim 1 further comprising:
    - determining whether to engage the passive or active mode as a function of a mode instruction wirelessly received from a remote controller located outside of the road vehicle; and
      
      non-wirelessly transmitting the default message to the server over a controller area network (CAN) used to deliver the programming message from the server to the client in the event the mode instruction specifies the active mode.
  - 5. The method of claim 1 logging parameters associated with the programming message in the event the programming message is unauthorized, the parameters including at least a timestamp and an address.
  - 6. The method claim 5 further comprising wirelessly transmitting the parameters logged for the programming message to a remote controller located outside of the road vehicle.

7. A non-transitory computer-readable medium having a plurality of non-transitory instructions operable with a controller to facilitate thwarting a client from updating a server when the controller, client and server are physically connected to a vehicle, the non-transitory instructions being sufficient for:
- determining whether a programming requested by the client to update the server is unauthorized; and
  
  engaging the controller according to at least one of a passive mode and an active mode in the event the programming message is unauthorized, the controller transmitting a default message to prevent the server from performing the programming pursuant to the programming request if the active mode is engaged, the controller allowing the server to perform the programming if the passive mode is engaged.
- View Dependent Claims (8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18)
- - 8. The non-transitory computer-readable medium of claim 7 further comprising non-transitory instruction sufficient for determining the programming upon detecting a request message transmitted from the client to the server over a controller area network (CAN) of the vehicle.
  - 9. The non-transitory computer-readable medium of claim 8 further comprising non-transitory instructions sufficient for:
    - instigating a timer upon detecting the request message; and
      
      awaiting completion of the timer before transmitting the default message.
  - 10. The non-transitory computer-readable medium of claim 8 further comprising non-transitory instruction sufficient for:
    - detecting a response message transmitted from the server to the client over the CAN in response to the request message, the response message indicating availability to start the programming; and
      
      awaiting at least for detection of the response message before transmitting the default message.
  - 11. The non-transitory computer-readable medium of claim 10 further comprising non-transitory instruction sufficient for:
    - detecting a security request transmitted from the client to the server over the CAN in response to the response message, the security request requesting the server to provide a seed to the client; and
      
      awaiting at least for detection of the security request before transmitting the default message.
  - 12. The non-transitory computer-readable medium of claim 11 further comprising non-transitory instruction sufficient for:
    - detecting a security response transmitted from the server to the client over the CAN in response to the security request, the security response including the seed requested in the security request; and
      
      awaiting at least for detection of the security response before transmitting the default message.
  - 13. The non-transitory computer-readable medium of claim 12 further comprising non-transitory instruction sufficient for:
    - detecting a key response transmitted from the client to the server over the CAN in response to the security response, the key response including a key generated by the client as a result of processing the seed included in the security response; and
      
      awaiting at least for detection of the security response before transmitting the default message.
  - 14. The non-transitory computer-readable medium of claim 7 further comprising non-transitory instruction sufficient for wirelessly receiving a plurality of instructions from a device physically disconnected from the vehicle, the plurality of instructions including instructions sufficient for determining whether the programming is authorized or unauthorized and instructions sufficient for determining whether to engage the passive mode or the active mode.
  - 15. The non-transitory computer-readable medium of claim 14 further comprising non-transitory instruction sufficient for:
    - logging parameters associated with a request message transmitted from the client to the server to request the programming, the parameters including at least a timestamp and an address for the request message; and
      
      wirelessly transmitting the logged parameters to the device.
  - 16. The non-transitory computer-readable medium of claim 15 further comprising non-transitory instruction sufficient for non-wirelessly transmitting the default message to the server.
  - 17. The non-transitory computer-readable medium of claim 7 further comprising non-transitory instruction sufficient for generating the default message such that the server returns to a default session whereupon the default session prevents the server from continuing the programming previously requested at least until subsequently requested by the client to re-start the programming.
  - 18. The non-transitory computer-readable medium of claim 7 further comprising non-transitory instruction sufficient for:
    - determining one or more parameters for a request message transmitted from the client to the server to request the programming; and
      
      comparing the parameters to parameters included within a schedule to determine whether the programming being requested is one of authorized or unauthorized.

19. A system for protecting a module included within a vehicle from unauthorized updates, the module being configured to facilitate a vehicle related operation according to a corresponding plurality of non-transitory computer-readable instructions stored on a memory, the system comprising:
- a remote controller physically disconnected from the vehicle, the remote controller configured to wirelessly transmit a protection instruction sufficient for identifying one or more authorized updates for the module and whether unauthorized updates of the module are to be thwarted according to a passive mode or an active mode; and
  
  a local controller physically connected to a controller area network (CAN) shared with the module, the local controller configured to wirelessly received the protection instructions from the remote controller and as function thereof;
  
  i) determine whether a programming requested by a client connected to the CAN for the purposes of updating the module is one of the authorized updates;
  
  ii) transmit a default message to prevent the module from performing the programming if the programming is unauthorized and to be thwarted according to the active mode; and
  
  iii) allow the module to perform the programming if the programming is unauthorized and to be thwarted according to the passive mode is engaged.
- View Dependent Claims (20)
- - 20. The system of claim 19 wherein the local controller is configured to log parameters associated with the programming if unauthorized and to wirelessly transmit the parameters to the remote controller.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Movimento Group
Original Assignee
Movimento Group
Inventors
Hoffman, Benjamin J., Umbach, Dan

Granted Patent

US 9,648,023 B2
Time in Patent Office

Days
Field of Search
US Class Current

1/1
CPC Class Codes

G06F 8/65   Updates security arrangemen...

H04L 63/102   Entity profiles

H04L 63/1408   by monitoring network traff...

H04L 63/1441   Countermeasures against mal...

H04L 67/12   specially adapted for propr...

H04L 67/34   involving the movement of s...

H04W 12/082   using revocation of authori...

H04W 12/084   using delegated authorisati...

VEHICLE MODULE UPDATE, PROTECTION AND DIAGNOSTICS

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

38 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

VEHICLE MODULE UPDATE, PROTECTION AND DIAGNOSTICS

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

38 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links