METHOD FOR DETECTING THE USE OF UNAUTHORIZED SECURITY CREDENTIALS IN CONNECTED VEHICLES

US 20180337957A1
Filed: 05/18/2017
Published: 11/22/2018
Est. Priority Date: 05/18/2017
Status: Active Grant

First Claim

Patent Images

1. A method for detecting potential tampering with security features of a vehicle the method comprising:

maintaining, by one or more systems of the vehicle, a plurality of credentials, each credential comprising a key value and a set of one or more attributes identifying the credential;

maintaining, by a network security system of the vehicle, separate from the credentials, information related to and identifying each credential of the plurality of credentials;

performing, by the network security system, one or more checks on the credentials using the maintained information; and

determining, by the network security system, whether one or more of the credentials have been changed based on the one or more checks.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Embodiments of the present disclosure monitor certificates or other credentials loaded to various components and systems of a vehicle. A set of information identifying credentials that are expected to be present and/or in use can be saved. Periodically, on request, or upon the occurrence of an event or condition, checks can be performed on the credentials individually or in the aggregate using the saved information to determine whether the certificates present and/or in use are those expected or if a change has occurred. If a change is detected, i.e., a difference between the current set of certificates and the saved set of information, the network security system can take some action. The action, depending on the nature of the change detected, can vary from recording and/or reporting the condition up to and including isolating or even disabling a particular component or system on which the changed certificate is used.

22 Citations

View as Search Results

20 Claims

1. A method for detecting potential tampering with security features of a vehicle the method comprising:
- maintaining, by one or more systems of the vehicle, a plurality of credentials, each credential comprising a key value and a set of one or more attributes identifying the credential;
  
  maintaining, by a network security system of the vehicle, separate from the credentials, information related to and identifying each credential of the plurality of credentials;
  
  performing, by the network security system, one or more checks on the credentials using the maintained information; and
  
  determining, by the network security system, whether one or more of the credentials have been changed based on the one or more checks.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The method of claim 1, wherein the maintained information related to and identifying each credential of the plurality of credentials comprises values for at least one of the one or more attributes identifying each credential.
  - 3. The method of claim 2, wherein the attributes comprise one or more of an identifying name or number, an identification of an owner of the credential, an identification of an issuer of the credential, a date and time when the credential becomes valid, a date and time when the credential expires, an indication of usage of the credential, an indication of a signature algorithm used to sign the credential, or a signature by an issuer of the credential.
  - 4. The method of claim 1, wherein the one or more checks are performed upon a system boot, periodically, or based on satisfaction of a condition defined in a rule.
  - 5. The method of claim 1, wherein the checks comprise one or more checks on the plurality of credentials together and one or more checks on each credential individually.
  - 6. The method of claim 1, wherein determining whether one or more of the credentials have changed comprises determining a total number of credentials in the plurality of credential has changed or determining one or more attributes of one or more credentials have changed.
  - 7. The method of claim 1, further comprising, in response to determining one or more of the credentials have changed, performing an action based on the determined change.
  - 8. The method of claim 7, wherein the performed action comprises a remedial action defined for the determined change.

9. A vehicle comprising:
- a processor; and
  
  a memory coupled with and readable by the processor and storing therein a set of instructions which, when executed by the processor, causes the processor to detect potential tampering with security features of the vehicle by;
  
  maintaining a plurality of credentials, each credential comprising a key value and a set of one or more attributes identifying the credential;
  
  maintaining, separate from the credentials, information related to and identifying each credential of the plurality of credentials;
  
  performing one or more checks on the credentials using the maintained information; and
  
  determining whether one or more of the credentials have been changed based on the one or more checks.
- View Dependent Claims (10, 11, 12, 13, 14)
- - 10. The vehicle of claim 9, wherein the maintained information related to and identifying each credential of the plurality of credentials comprises values for at least one of the one or more attributes identifying each credential and wherein the attributes comprise one or more of an identifying name or number, an identification of an owner of the credential, an identification of an issuer of the credential, a date and time when the credential becomes valid, a date and time when the credential expires, an indication of usage of the credential, an indication of a signature algorithm used to sign the credential, or a signature by an issuer of the credential.
  - 11. The vehicle of claim 9, wherein the one or more checks are performed upon a system boot, periodically, or based on satisfaction of a condition defined in a rule.
  - 12. The vehicle of claim 9, wherein the checks comprise one or more checks on the plurality of credentials together and one or more checks on each credential individually.
  - 13. The vehicle of claim 9, wherein determining whether one or more of the credentials have changed comprises determining a total number of credentials in the plurality of credential has changed or determining one or more attributes of one or more credentials have changed.
  - 14. The vehicle of claim 9, further comprising, in response to determining one or more of the credentials have changed, performing an action based on the determined change and wherein the performed action comprises a remedial action defined for the determined change.

15. A non-transitory computer-readable medium comprising a set of instructions stored therein which, when executed by a processor, causes the processor to detect potential tampering with security features of the vehicle by:
- maintaining a plurality of credentials, each credential comprising a key value and a set of one or more attributes identifying the credential;
  
  maintaining, separate from the credentials, information related to and identifying each credential of the plurality of credentials;
  
  performing one or more checks on the credentials using the maintained information; and
  
  determining whether one or more of the credentials have been changed based on the one or more checks.
- View Dependent Claims (16, 17, 18, 19, 20)
- - 16. The non-transitory computer-readable medium of claim 15, wherein the maintained information related to and identifying each credential of the plurality of credentials comprises values for at least one of the one or more attributes identifying each credential and wherein the attributes comprise one or more of an identifying name or number, an identification of an owner of the credential, an identification of an issuer of the credential, a date and time when the credential becomes valid, a date and time when the credential expires, an indication of usage of the credential, an indication of a signature algorithm used to sign the credential, or a signature by an issuer of the credential.
  - 17. The non-transitory computer-readable medium of claim 15, wherein the one or more checks are performed upon a system boot, periodically, or based on satisfaction of a condition defined in a rule.
  - 18. The non-transitory computer-readable medium of claim 15, wherein the checks comprise one or more checks on the plurality of credentials together and one or more checks on each credential individually.
  - 19. The non-transitory computer-readable medium of claim 15, wherein determining whether one or more of the credentials have changed comprises determining a total number of credentials in the plurality of credential has changed or determining one or more attributes of one or more credentials have changed.
  - 20. The non-transitory computer-readable medium of claim 15, further comprising, in response to determining one or more of the credentials have changed, performing an action based on the determined change and wherein the performed action comprises a remedial action defined for the determined change.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
NIO Technology Company Limited (Shanghai Anbin Technology Co., Ltd.)
Original Assignee
NextEV USA, Inc.
Inventors
Chen, Abraham T.

Granted Patent

US 10,530,816 B2
Time in Patent Office

Days
Field of Search
US Class Current
CPC Class Codes

G06F 21/33   using certificates

G06F 21/85   interconnection devices, e....

H04L 2209/80   Wireless network architectu...

H04L 2209/84   Vehicles

H04L 63/0428   wherein the data content is...

H04L 63/06   for supporting key manageme...

H04L 63/0823   using certificates cryptogr...

H04L 63/205   involving negotiation or de...

H04L 9/006   involving public key infras...

H04L 9/3268   using certificate validatio...

H04W 12/03   Protecting confidentiality,...

H04W 12/043   using a trusted network nod...

H04W 12/10   Integrity

H04W 12/128   Anti-malware arrangements, ...

H04W 12/61   Time-dependent

H04W 4/40   for vehicles, e.g. vehicle-...

METHOD FOR DETECTING THE USE OF UNAUTHORIZED SECURITY CREDENTIALS IN CONNECTED VEHICLES

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

22 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

METHOD FOR DETECTING THE USE OF UNAUTHORIZED SECURITY CREDENTIALS IN CONNECTED VEHICLES

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

22 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links