METHOD AND APPARATUS FOR PROVIDING SECURITY SERVICE FOR VEHICLE-DEDICATED DATA CHANNEL IN LINKING BETWEEN VEHICLE HEAD UNIT AND EXTERNAL DEVICE
First Claim
1. A method of providing a security service for a vehicle-dedicated data channel in linking with a terminal by a vehicle head unit, the method comprising:
- transmitting, to the terminal, a predetermined integrity verification request message for requesting integrity verification of application software and an operating system included in the terminal;
receiving an integrity verification result message from the terminal;
exchanging a plaintext symmetric key with the terminal when integrity of the operating system and the application software is successfully verified according to the integrity verification result message; and
establishing a vehicle-dedicated data channel to the terminal, and transmitting and receiving a packet encrypted using the plaintext symmetric key through the established vehicle-dedicated data channel when the plaintext symmetric key is successfully exchanged.
1 Assignment
0 Petitions
Accused Products
Abstract
A method and apparatus for providing a security service for a vehicle-dedicated data channel in linking between a vehicle head unit and an external device is disclosed. The method of providing the security service for the vehicle-dedicated data channel may include: transmitting, to the terminal, a predetermined integrity verification request message for requesting integrity verification of application software and an operating system included in the terminal; receiving an integrity verification result message from the terminal, exchanging a plaintext symmetric key with the terminal when integrity of the operating system and the application software is successfully verified according to the integrity verification result message; and establishing a vehicle-dedicated data channel to the terminal and transmitting and receiving a packet encrypted using the plaintext symmetric key through the established vehicle-dedicated data channel when the plaintext symmetric key is successfully exchanged.
-
Citations
20 Claims
-
1. A method of providing a security service for a vehicle-dedicated data channel in linking with a terminal by a vehicle head unit, the method comprising:
-
transmitting, to the terminal, a predetermined integrity verification request message for requesting integrity verification of application software and an operating system included in the terminal; receiving an integrity verification result message from the terminal; exchanging a plaintext symmetric key with the terminal when integrity of the operating system and the application software is successfully verified according to the integrity verification result message; and establishing a vehicle-dedicated data channel to the terminal, and transmitting and receiving a packet encrypted using the plaintext symmetric key through the established vehicle-dedicated data channel when the plaintext symmetric key is successfully exchanged. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 20)
-
-
13. A method of providing a security service for a vehicle-dedicated data channel in a terminal linked with a vehicle head unit, the method comprising:
-
receiving an integrity verification request message from the vehicle head unit; verifying integrity of application software and an operating system included in the terminal; transmitting an integrity verification result message to the vehicle head unit; exchanging a plaintext symmetric key generated by the vehicle head unit when the integrity of the application software and the operating system is successfully verified; and establishing a vehicle-dedicated data channel to the vehicle head unit, and transmitting and receiving a packet encrypted using the plaintext symmetric key through the established vehicle-dedicated data channel when the plaintext symmetric key is successfully exchanged. - View Dependent Claims (14, 15, 16, 17)
-
-
18. A vehicle head unit linked with a terminal through a wired or wireless communication connection to transmit and receive a packet, comprising:
-
a vehicle information provision module configured to transmit, to the terminal, a predetermined integrity verification request message to verify integrity of application software and an operating system included in the terminal, and configured to exchange a first plaintext symmetric key with the terminal based on a result of the integrity verification received from the terminal, and the vehicle information provision module configured to establish a vehicle-dedicated data channel to the terminal to transmit and receive the packet when the first plaintext symmetric key is successfully exchanged; and an MITM attack detection module configured to detect whether an MITM attack occurs in the packet when the packet is received through the vehicle-dedicated data channel by decrypting the received packet using the first plaintext symmetric key and a second plaintext symmetric key modulated by the first plaintext symmetric key, wherein the received packet is discarded and the established vehicle-dedicated data channel is canceled when the MITM attack is detected to occur.
-
-
19. A terminal linked with a vehicle head unit through a wired or wireless communication connection, comprising:
-
an integrity verification module configured to verify integrity of application software when an integrity verification request message is received from the vehicle head unit; and a vehicle information management application configured to verify integrity of an included operating system when the integrity of the application software is successfully verified, and configured to transmit a result of verifying integrity of the application software and the operating system to the vehicle head unit, and the vehicle information management application configured to exchange a plaintext symmetric key with the vehicle head unit, wherein a vehicle-dedicated data channel is established between the vehicle head unit and the vehicle information management application, and a packet encrypted using the plaintext symmetric key is transmitted and received through the established vehicle-dedicated data channel when the plaintext symmetric key is successfully exchanged.
-
Specification