SPECIALLY PROGRAMMED COMPUTING SYSTEMS WITH ASSOCIATED DEVICES CONFIGURED TO IMPLEMENT SECURE LOCKDOWNS AND METHODS OF USE THEREOF

US 20170295182A1
Filed: 04/12/2017
Published: 10/12/2017
Est. Priority Date: 04/12/2016
Status: Active Grant

First Claim

Patent Images

1. A device, comprising:

at least one secure lockdown component that is operationally associated with at least one electronic control unit (ECU) of at least one network;

wherein the at least one secure lockdown component is configured such that the device physically separates at least one of;

i) the at least one network from any other network,ii) the at least one network from external inputs directed to the at least one network,iii) the at least one ECU from at least one other ECU,iv) the at least one ECU from external inputs directed to the at least one ECU,v) at least one memory component within the at least one ECU from at least one processing unit within the at least one ECU, andvi) any combination thereof;

wherein the at least one secure lockdown component comprises at least one processor programmed to execute at least one secure lockdown procedure and at least one non-volatile memory component, storing at least one;

i) at least one approved message dictionary database, comprising entries for all valid electronic messages,ii) at least one approved communication schema database, comprising at least one entry for at least one approved communication schema,iii) at least one pre-defined state machine,iv) approved content of at least one memory component within the at least one ECU, andvii) approved configuration of at least one hardware unit within the at least one ECU;

wherein the at least one processor of the at least one secure lockdown component is configured, at runtime, to execute the at least one secure lockdown procedure that is configured to;

analyze each electronic message that is at least one of;

i) directed to the at least one network,ii) transmitted within the at least one network,iii) to be externally transmitted from the at least one network to at least one external computing device,iv) directed to the at least ECU,v) to be transmitted from the at least one ECU,vi) to be transmitted to the at least one memory component within the at least one ECU, andvii) to be transmitted to configure at least one hardware component within the at least one ECU;

wherein the at least one secure lockdown component is configured to analyze each electronic message based on at least one of;

i) the at least one approved message dictionary database, comprising entries for all valid electronic messages,ii) the at least one approved communication schema database, comprising at least one entry for at least one approved communication schema, andiii) the at least one pre-defined state machine;

identify, based on the analysis of each electronic message, at least one unauthorized electronic message that would cause at least one unapproved change to or violate at least one of;

i) at least one operational configuration of the at least one ECU of the at least one network,ii) at least one communication schema that is utilized by the at least one ECU to communicate with at least one of;

1) the at one other ECU and2) at least one external electronic computing device located outside of the at least one network,iii) the at least one approved message dictionary database,iv) the at least one approved communication schema database,v) the at least one pre-defined state machine,vi) the approved content of the at least one memory component within the at least one ECU, andvii) the approved configuration of the at least one hardware unit within the at least one ECU; and

block the at least one unauthorized electronic message from passing through the at least one secure lockdown component,

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

In some embodiments, the present invention provides for an exemplary inventive device which includes at least the following components: a secure lockdown component that is operationally associated with at least one electronic control unit (ECU) of at least one network; where the secure lockdown component is configured such that the device physically separates at least one of: i) the at least one network from any other network, ii) the at least one network from external inputs directed to the at least one network, iii) the at least one ECU from at least one other ECU, iv) the at least one ECU from external inputs directed to the at least one ECU, v) at least one memory component within the at least one ECU from at least one processing unit within the at least one ECU, and vi) any combination thereof.

Citations

30 Claims

1. A device, comprising:
- at least one secure lockdown component that is operationally associated with at least one electronic control unit (ECU) of at least one network;
  
  wherein the at least one secure lockdown component is configured such that the device physically separates at least one of;
  
  i) the at least one network from any other network,ii) the at least one network from external inputs directed to the at least one network,iii) the at least one ECU from at least one other ECU,iv) the at least one ECU from external inputs directed to the at least one ECU,v) at least one memory component within the at least one ECU from at least one processing unit within the at least one ECU, andvi) any combination thereof;
  
  wherein the at least one secure lockdown component comprises at least one processor programmed to execute at least one secure lockdown procedure and at least one non-volatile memory component, storing at least one;
  
  i) at least one approved message dictionary database, comprising entries for all valid electronic messages,ii) at least one approved communication schema database, comprising at least one entry for at least one approved communication schema,iii) at least one pre-defined state machine,iv) approved content of at least one memory component within the at least one ECU, andvii) approved configuration of at least one hardware unit within the at least one ECU;
  
  wherein the at least one processor of the at least one secure lockdown component is configured, at runtime, to execute the at least one secure lockdown procedure that is configured to;
  
  analyze each electronic message that is at least one of;
  
  i) directed to the at least one network,ii) transmitted within the at least one network,iii) to be externally transmitted from the at least one network to at least one external computing device,iv) directed to the at least ECU,v) to be transmitted from the at least one ECU,vi) to be transmitted to the at least one memory component within the at least one ECU, andvii) to be transmitted to configure at least one hardware component within the at least one ECU;
  
  wherein the at least one secure lockdown component is configured to analyze each electronic message based on at least one of;
  
  i) the at least one approved message dictionary database, comprising entries for all valid electronic messages,ii) the at least one approved communication schema database, comprising at least one entry for at least one approved communication schema, andiii) the at least one pre-defined state machine;
  
  identify, based on the analysis of each electronic message, at least one unauthorized electronic message that would cause at least one unapproved change to or violate at least one of;
  
  i) at least one operational configuration of the at least one ECU of the at least one network,ii) at least one communication schema that is utilized by the at least one ECU to communicate with at least one of;
  
  1) the at one other ECU and2) at least one external electronic computing device located outside of the at least one network,iii) the at least one approved message dictionary database,iv) the at least one approved communication schema database,v) the at least one pre-defined state machine,vi) the approved content of the at least one memory component within the at least one ECU, andvii) the approved configuration of the at least one hardware unit within the at least one ECU; and
  
  block the at least one unauthorized electronic message from passing through the at least one secure lockdown component,
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30)
- - 2. The device of claim 1, wherein the at least one secure lockdown procedure is at least one communication secure lockdown procedure.
  - 3. The device of claim 1, wherein the at least one secure lockdown procedure is at least one configuration secure lockdown procedure.
  - 4. The device of claim 1, wherein the contextual communication awareness analysis is based, at least in part, on at least one of:
    - at least one pre-determined communication sequence of a plurality of electronic messages andat least one pre-determined communication rate of the plurality of electronic messages.
  - 5. The device of claim 1, wherein the at least one secure lockdown component is configured to analyze each electronic message based on at least one of:
    - i) a bit-by-bit analysis andii) a contextual communication awareness analysis.
  - 6. The device of claim 1, wherein at least one operational configuration of the at least one ECU of the at least one network comprises at least one of:
    - i) at least one approved hardware configuration of the at least one ECU andii) at least one approved software configuration of the at least one ECU.
  - 7. The device of claim 6, wherein the at least one processor of the at least one secure lockdown component is further configured, at runtime, to verify at least one of:
    - 1) that the at least one approved software configuration, stored in the at least one non-volatile memory component, has not been modified;
      
      2) that the at least one approved software configuration, loaded into a runtime memory, has not changed during the runtime;
      
      3) that an approved memory map has not been invalidated, and4) that a portion of the at least one non-volatile memory component, which stores the at least one approved hardware configuration has not been invalidated.
  - 8. The device of claim 1, wherein the determination that the at least one unauthorized electronic message that would cause at least one unapproved change to or violate is based, at least in part, on at least one of:
    - a pre-determined static state of the operational configuration of the at least one ECU anda runtime environment of the at least one ECU.
  - 9. The device of claim 1, wherein, for each of the all pre-defined valid messages, the at least one approved message dictionary database comprises at least one entry that defines:
    - at least one approved message structure definition andat least one approved value of each message parameter.
  - 10. The device of claim 1, wherein, for each approved communication schema, the at least one approved communication schema database comprises at least one entry that defines at least one of:
    - i) all approved sequences of electronic messages,ii) all approved source-destination pairs for each electronic message,iii) all approved communication rates,iv) all approved messaging activity protocols based on an internal state of the at least one network,v) all approved messaging activity protocols based on at least one external input associated with the at least one network,vi) all approved messaging activity protocols based on an internal state of the at least one ECU,vii) all approved messaging activity protocols based on at least one external input associated with the at least one ECU, andviii) any combination thereof.
  - 11. The device of claim 1, wherein the at least one pre-defined state machine is configured to define at least one of:
    - i) all approved sequences of electronic messages,ii) all approved source-destination pairs for each electronic message,iii) all approved communication rates,iv) all approved messaging activity protocols based on an internal state of the at least one network,v) all approved messaging activity protocols based on at least one external input associated with at least one network,vi) all approved messaging activity protocols based on an internal state of the at least one ECU,vii) all approved messaging activity protocols based on at least one external input associated with the at least one ECU, andviii) any combination thereof.
  - 12. The device of claim 1, wherein the at least one securing lockdown component is configured to have at least one of the following logical layers:
    - 1) a content logical layer that represents all pre-defined valid messages,2) a routing logical layer that represents all approved source-destination pairs for each electronic message, and3) a state logical layer that represents at least one of;
      
      i) all approved sequences of electronic messages,ii) all approved source-destination pairs for each electronic message,iii) all approved communication rates,iv) all approved messaging activity protocols based on an internal state of the at least one network,v) all approved messaging activity protocols based on at least one external input associated with at least one network,vi) all approved messaging activity protocols based on an internal state of the at least one ECU,vii) all approved messaging activity protocols based on at least one external input associated with the at least one ECU, andviii) any combination thereof.
  - 13. The device of claim 12, wherein the at least one network resides within a vehicle.
  - 14. The device of claim 13, wherein the at least one ECU is at least one electronic computing device configured to perform or affect at least one particular function in the vehicle.
  - 15. The device of claim 13, wherein the all pre-defined valid messages are pre-defined based, at least in part, on a vehicle specification of a vehicle manufacturer or an ECU specification of the at least one ECU of an ECU manufacturer.
  - 16. The device of claim 15, wherein the at least one secure lockdown component is further configured to:
    - electronically obtain the vehicle specification from at least one trusted electronic source, anddynamically generate, based on the vehicle specification, at least one of;
      
      1) the at least one approved message dictionary database,2) the at least one approved communication schema database, and3) the at least one pre-defined state machine.
  - 17. The device of claim 1, wherein the at least one secure lockdown component is further configured to erase the at least one unauthorized electronic message.
  - 18. The device of claim 1, wherein the at least one unapproved change is a change based, at least in part, on at least one cyber threat.
  - 19. The device of claim 1, wherein the at least one secure lockdown component is further configured to generate at least one indication of the at least one unauthorized electronic message.
  - 20. The device of claim 1, wherein the at least one secure lockdown component is further configured to add a metadata to each approved electronic message, wherein the metadata is configured to be recognized by at least one destination ECU as being approved by the device.
  - 21. The device of claim 12, wherein the at least one network resides outside a vehicle.
  - 22. The device of claim 21, wherein the at least one ECU is at least one electronic computing device configured to perform or affect at least one particular function in the vehicle.
  - 23. The device of claim 21, wherein the all pre-defined valid messages are pre-defined based, at least in part, on a vehicle specification of a vehicle manufacturer or an ECU specification of the at least one ECU of an ECU manufacturer.
  - 24. The device of claim 23, wherein the at least one secure lockdown component is further configured to:
    - electronically obtain the vehicle specification from at least one trusted electronic source, anddynamically generate, based on the vehicle specification, at least one of;
      
      1) the at least one approved message dictionary database,2) the at least one approved communication schema database, and3) the at least one pre-defined state machine.
  - 25. The device of claim 1, wherein the at least one unauthorized electronic message is related to at least one cyber threat.
  - 26. The device of claim 1, wherein the at least one secure lockdown component is configured to block the at least one unauthorized electronic message at one of:
    - hardware,at least one location along a software stack, orboth.
  - 27. The device of claim 12, wherein the at least one pre-defined state machine is configured to implement at least one of:
    - 1) the content logical layer,2) the routing logical layer, and3) the state logical layer.
  - 28. The device of claim 19, wherein the at least one secure lockdown component is further configured to at least one of:
    - log the at least one indication of the at least one unauthorized electronic message, andtransmit the at least one indication of the at least one unauthorized electronic message to at least one external electronic destination that is outside the device.
  - 29. The device of claim 1, wherein the at least one secure lockdown component is further configured to at least one of:
    - generate at least one indication of at least one authorized electronic message;
      
      log the at least one authorized electronic message, the at least one indication, or both; and
      
      transmit the at least one indication of the at least one authorized electronic message to at least one external electronic destination that is outside the device.
  - 30. A method, comprising:
    - incorporating the device of claim 1 into a vehicle, andwherein the at least one ECU resides within the vehicle.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Guardknox Cyber Technologies Ltd.
Original Assignee
Guardknox Cyber Technologies Ltd.
Inventors
Teshler, Dionis, Shlisel, Moshe, Nadav, Idan

Granted Patent

US 9,866,563 B2
Time in Patent Office

Days
Field of Search
US Class Current
CPC Class Codes

H04L 51/212   using filtering or selectiv...

H04L 63/0227   Filtering policies mail mes...

H04L 63/10   for controlling access to d...

H04L 63/1433   Vulnerability analysis

H04L 67/34   involving the movement of s...

H04W 12/10   Integrity

H04W 12/12   Detection or prevention of ...

H04W 4/40   for vehicles, e.g. vehicle-...

SPECIALLY PROGRAMMED COMPUTING SYSTEMS WITH ASSOCIATED DEVICES CONFIGURED TO IMPLEMENT SECURE LOCKDOWNS AND METHODS OF USE THEREOF

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

30 Claims

Specification

Solutions

Use Cases

Quick Links

SPECIALLY PROGRAMMED COMPUTING SYSTEMS WITH ASSOCIATED DEVICES CONFIGURED TO IMPLEMENT SECURE LOCKDOWNS AND METHODS OF USE THEREOF

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

30 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links