AUTOMOBILE MODIFICATION SYSTEM PROVIDING SECURITY AND FAULT TOLERANCE SUPPORT

US 20170221279A1
Filed: 02/02/2016
Published: 08/03/2017
Est. Priority Date: 02/02/2016
Status: Active Grant

First Claim

Patent Images

1. An automobile component that is communicatively coupled to a processor of an automobile and a middleware component of the automobile, wherein the automobile component includes a non-transitory memory storing modifiable data that is modifiable during a runtime by the middleware component of the automobile to cause the automobile to operate in compliance with one or more of a new security requirement and a new fault tolerance requirement, wherein the modifiable data is configured so that modification of the modifiable data affects a performance of the automobile component relative to one or more of the new security requirement and the new fault tolerance requirement, and wherein the modifiable data is modified by the middleware component at the runtime based on a set of predetermined configurations for the modifiable data that was determined at a design time.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The disclosure includes a system and method for providing security or fault tolerance support for an automobile or an element of an automobile. The system may include an automobile component that is communicatively coupled to a processor of an automobile. The automobile component may include a non-transitory memory storing data that is modifiable during a runtime by a middleware component of the automobile to cause the automobile to operate in compliance with one or more of a new security requirement and a new fault tolerance requirement. The data may be configured so that modification of the data affects performance of the automobile component relative to one or more of the new security requirement and the new fault tolerance requirement. The data may be modified by the middleware component at the runtime based on a set of predetermined configurations for the data that was determined at a design time.

Citations

25 Claims

1. An automobile component that is communicatively coupled to a processor of an automobile and a middleware component of the automobile, wherein the automobile component includes a non-transitory memory storing modifiable data that is modifiable during a runtime by the middleware component of the automobile to cause the automobile to operate in compliance with one or more of a new security requirement and a new fault tolerance requirement, wherein the modifiable data is configured so that modification of the modifiable data affects a performance of the automobile component relative to one or more of the new security requirement and the new fault tolerance requirement, and wherein the modifiable data is modified by the middleware component at the runtime based on a set of predetermined configurations for the modifiable data that was determined at a design time.
- View Dependent Claims (2, 3, 4, 5)
- - 2. The automobile component of claim 1, wherein the automobile component is selected from a set that includes:
    - a plug-in component;
      
      a sensor;
      
      an engine control unit;
      
      a vehicle-to-vehicle communication device;
      
      a dedicated short range communication device;
      
      a software element stored on the non-transitory memory; and
      
      a processor-based computing device.
  - 3. The automobile component of claim 1, wherein the middleware component includes an instantiated combination of one or more software components and one or more hardware components that are configured to provide the automobile with fault tolerance support and security support.
  - 4. The automobile component of claim 3, wherein the one or more software components and the one or more hardware components are statically configured and implemented at the design time.
  - 5. The automobile component of claim 1, wherein the middleware component receives sensor data describing an environment of one or more of the automobile component and the automobile and the middleware component adaptively selects a configuration from the set of predetermined configurations based on (1) the sensor data and (2) requirement data describing one or more of the new security requirement and the new fault tolerance requirement.

6. A method comprising:
- reading in a set of modifiable data from a plurality of elements of an automobile, wherein each of the plurality of the elements includes its own modifiable data stored in its own non-transitory storage medium included in a set of non-transitory storage mediums, wherein the set of modifiable data is modifiable during a runtime to cause the automobile to operate in compliance with one or more of a security requirement and a fault tolerance requirement;
  
  determining that the plurality of elements includes a plug-in component based on a presence of new modifiable data being present in the set of modifiable data;
  
  analyzing the plug-in component to determine whether an operation of the plug-in component would violate a timing constraint or a resource constraint;
  
  determining, for each element included in the plurality of elements of the automobile, an update for the set of modifiable data, wherein the update is configured to cause the plug-in component to operate while communicatively coupled to a processor of the automobile without violating the timing constraint or the resource constraint or causing any of the plurality of elements of the automobile to violate the security requirement or the fault tolerance requirement;
  
  modifying each of the non-transitory storage mediums included in the set of non-transitory storage mediums at the runtime so that they store the update; and
  
  operating the plug-in component while the plug-in component is communicatively coupled to a processor of the automobile.

7. A system comprising:
- an automobile including a processor, an adaptive automobile hardware component and an adaptive automobile middleware component that is communicatively coupled to the processor and the adaptive automobile hardware component;
  
  wherein the adaptive automobile hardware component, which is communicatively coupled to the processor and the adaptive automobile middleware component, is a processor-based device of the automobile that includes a first security add-on, a first fault tolerance add-on and a first data structure storing a first characteristic property and a first configurable parameter;
  
  wherein the first characteristic property includes a first timing setting that affects a first timing of a first process associated with functionality provided responsive to an operation of the adaptive automobile hardware component;
  
  wherein the first configurable parameter includes one or more of the following;
  
  a first security setting that affects functionality provided by the first security add-on responsive to the operation of the adaptive automobile hardware component; and
  
  a first fault tolerance setting that affects functionality provided by the first fault tolerance add-on responsive to the operation of the adaptive automobile hardware component; and
  
  wherein the first data structure is configured so that execution of the adaptive automobile middleware component by the processor enables the processor to access and modify;
  
  the first characteristic property which modifies, during a runtime, the first timing of the first process; and
  
  the first configurable parameter which modifies, during the runtime, one or more of the first security setting and the first fault tolerance setting.
- View Dependent Claims (8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24)
- - 8. The system of claim 7, wherein the adaptive automobile hardware component is an automobile sensor.
  - 9. The system of claim 7, wherein the adaptive automobile hardware component is an engine control unit.
  - 10. The system of claim 7, wherein the adaptive automobile middleware component includes instructions that, responsive to being executed by the processor, causes the processor to:
    - identify at a runtime, based on automobile requirement data that describes a new requirement for the automobile, a presence of a new requirement for the automobile;
      
      determine, based on first sensor data describing the operation of the adaptive automobile hardware component, whether the operation of the adaptive automobile hardware component yields first sensor data that complies with the new requirement;
      
      select, from first modification data describing a first set of predetermined configurations for the first characteristic property and the first configurable parameter that were determined at a design time, a first selected configuration that is configured to cause the adaptive automobile hardware component to operate in compliance with the new requirement during the runtime as indicated by yielding new sensor data that complies with the new requirement; and
      
      modify the first data structure so that it stores data for the first characteristic property and the first configurable parameter that is consistent with the first selected configuration and modifies at least one of the first characteristic property and the first configurable parameter.
  - 11. The system of claim 10, wherein the adaptive automobile middleware component includes further instructions that, responsive being executed by the processor, causes the processor to operate the adaptive automobile hardware component to ensure its operation yields the new sensor data that complies with the new requirement.
  - 12. The system of claim 10, wherein the first set of predetermined configurations includes one or more predetermined configurations that modify one or more of the first timing of the operation of the adaptive automobile hardware component, the operation of the first security add-on and the operation of the first fault tolerance add-on.
  - 13. The system of claim 10, wherein the first set of predetermined configurations are determined at the design time and the first data structure is modified at the runtime, and wherein the design time includes a nightly update received wirelessly from a network and including the first modification data.
  - 14. The system of claim 10, wherein the first characteristic property modifies the first timing of the first process cotemporaneous to identifying the new requirement.
  - 15. The system of claim 10, wherein the first configurable parameter modifies one or more of the first security setting and the first fault tolerance setting cotemporaneous to identifying the new requirement.
  - 16. The system of claim 10, wherein the first security add-on includes instructions that, responsive to being executed by the processor, causes the processor to monitor for a security event based on one or more requirements indicated by the first selected configuration stored in the first data structure.
  - 17. The system of claim 10, wherein the first fault tolerance add-on includes instructions that, responsive to being executed by the processor, causes the processor to monitor for a fault event based on one or more requirements indicated by the first selected configuration stored in the first data structure.
  - 18. The system of claim 10:
    - wherein the automobile further comprises an adaptive automobile software component that is communicatively coupled to the processor and the adaptive automobile middleware component; and
      
      wherein the adaptive automobile software component includes a second security add-on, a second fault tolerance add-on and a second data structure storing a second characteristic property and a second configurable parameter;
      
      wherein the second characteristic property includes a second timing setting that affects a second timing of a second process associated with functionality provided responsive to execution of the adaptive automobile software component;
      
      wherein the second configurable parameter includes one or more of the following;
      
      a second security setting that affects functionality provided by the second security add-on responsive to the execution of the adaptive automobile software component; and
      
      a second fault tolerance setting that affects functionality provided by the second fault tolerance add-on responsive to operation of the adaptive automobile software component; and
      
      wherein the second data structure is configured so that execution of the adaptive automobile middleware component by the processor enables the processor to access and modify;
      
      the second characteristic property which modifies, during the runtime, the second timing of the second process; and
      
      the second configurable parameter which modifies, during the runtime, one or more of the second security setting and the second fault tolerance setting.
  - 19. The system of claim 18, wherein the adaptive automobile middleware component includes further instructions that, responsive to being executed by the processor, causes the processor to:
    - determine, based on second sensor data which describes the execution of the adaptive automobile software component, whether the execution of the adaptive automobile software component yields second sensor data that complies with the new requirement;
      
      select, from second modification data describing a second set of predetermined configurations for the second characteristic property and the second configurable parameter that were determined the design time, a second selected configuration that is configured to cause the adaptive automobile software component to execute in compliance with the new requirement during the runtime as indicated by yielding additional sensor data that complies with the new requirement for the adaptive automobile software component; and
      
      modify the second data structure so that it stores data for the second characteristic property and the second configurable parameter that is consistent with the second selected configuration and modifies at least one of the second characteristic property and the second configurable parameter.operate the adaptive automobile hardware component to ensure its operation yields the additional sensor data that complies with the new requirement.
  - 20. The system of claim 19, wherein the second characteristic property modifies the second timing of the second process cotemporaneous to identifying the new requirement.
  - 21. The system of claim 19, wherein the second configurable parameter modifies one or more of the second security setting and the second fault tolerance setting cotemporaneous to identifying the new requirement.
  - 22. The system of claim 19, wherein the second security add-on includes instructions that, responsive to being executed by the processor, causes the processor to monitor for a security event based on one or more requirements indicated by the second selected configuration stored in the second data structure.
  - 23. The system of claim 19, wherein selection of the second selected configuration is configured to not provide a highest level of security or a highest level of fault tolerance, so that a computational overhead for the processor is reduced and a performance level for the processor is increased or maintained.
  - 24. The system of claim 19, wherein the system further comprises a redundant adaptive automobile software component that is modified based on the second selected configuration and the adaptive automobile middleware component includes further instructions that, responsive to being executed by the processor, causes the processor to:
    - execute the redundant adaptive automobile software component to yield redundant sensor data that describes the execution of the redundant adaptive automobile software component;
      
      analyze the redundant sensor data to determine whether substantially matches the additional sensor data; and
      
      initiate a recovery process responsive to determining that the redundant sensor data does not substantially match the additional sensor data.

25. A method comprising:
- determining, by an adaptive automobile middleware component being executed by a processor of an automobile, a presence of a new plug-in component being communicatively coupled to the processor, wherein the new plug-in component includes a first security add-on, a first fault tolerance add-on and a first data structure;
  
  determining, based on automobile requirement data that describes a safety requirement and a fault tolerance requirement for elements of the automobile, a first characteristic property that includes a first timing setting that affects a first timing of a first process associated with functionality provided responsive to an operation of the new plug-in component;
  
  determining, based on the automobile requirement data, a first configurable parameter that includes one or more of the following;
  
  a first security setting that affects functionality provided by the first security add-on responsive to the operation of the new plug-in component; and
  
  a first fault tolerance setting that affects functionality provided by the first fault tolerance add-on responsive to the operation of the new plug-in component; and
  
  modifying a first data structure included in the new plug-in component so that the new plug-in component operates based on the first characteristic property and the first configurable parameter;
  
  determining, based on the automobile requirement data and an estimation of how the first characteristic property and the first configurable parameter affect the operation of the automobile relative to the safety requirement and the fault tolerance requirement for the elements of the automobile, modifications for (1) a set of second characteristic parameters that affect timing of operations for one or more other elements of the automobile that do not include the new plug-in component and (2) a set of second configurable parameters that affect one or more second security settings and one or more second fault tolerance settings for the one or more other elements of the automobile, wherein the modifications are configured to cause the other elements to operate in compliance with the safety requirement and the fault tolerance requirement while the new plug-in component is an element of the automobile;
  
  updating a set of second data structures associated with the one or more other elements of the automobile so that the set of second data structures stores data that is consistent with the modifications for the set of second characteristic parameters and the set of second configurable parameters; and
  
  operating the new plug-in component.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Toyota Jidosha Kabushiki Kaisha (Toyota Motor Corporation)
Original Assignee
Toyota Jidosha Kabushiki Kaisha (Toyota Motor Corporation)
Inventors
Yu, Huafeng, Zheng, Bowen

Granted Patent

US 9,824,509 B2
Time in Patent Office

Days
Field of Search
US Class Current
CPC Class Codes

G06F 21/57   Certifying or maintaining t...

G06F 21/577   Assessing vulnerabilities a...

G06F 21/645   using a third party

G06F 2221/034   Test or assess a computer o...

G07C 5/02   Registering or indicating d...

H04L 67/12   specially adapted for propr...

AUTOMOBILE MODIFICATION SYSTEM PROVIDING SECURITY AND FAULT TOLERANCE SUPPORT

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

25 Claims

Specification

Solutions

Use Cases

Quick Links

AUTOMOBILE MODIFICATION SYSTEM PROVIDING SECURITY AND FAULT TOLERANCE SUPPORT

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

25 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links