PRIVILEGED, DIAGNOSTIC LINK CONNECTOR BASED NETWORK MONITORING CAPABILITIES WITHIN A VEHICLE EMPLOYING A GATEWAY MODULE USED TO ISOLATE AND SECURE VEHICLE NETWORKS

US 20180343262A1
Filed: 05/25/2017
Published: 11/29/2018
Est. Priority Date: 05/25/2017
Status: Active Grant

First Claim

Patent Images

1. Method of providing privileged access to an internal vehicle communication network, the method comprising:

providing a presentation network bus capable of providing listen-only access to a subset of in-vehicle networks;

verifying access credentials in a security system configured to control access to the presentation network bus by using a combination of symmetric and asymmetric cryptographic systems;

receiving a diagnostic service request after the access credentials have been verified to enable the presentation network bus for listen-only access to the subset of in-vehicle networks; and

enabling the presentation network bus for the listen-only access in response to receipt of the diagnostic service request.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system for providing privileged access to an internal vehicle communication network is provided. The system includes a presentation network bus configured to provide listen-only access to a subset of in-vehicle networks, a security system configured to enable access to the presentation network bus by verifying access credentials, and a diagnostic service system configured to control access to the presentation network bus. The diagnostic service system is configured to receive a diagnostic service request after the access credentials have been verified to enable the presentation network busses for listen-only access to the subset of the in-vehicle networks. The presentation network busses may be enabled for the listen-only access after credential verification by the security system and in response to receipt of a diagnostic service request from the diagnostic service system requesting that the presentation network busses be enabled.

Citations

20 Claims

1. Method of providing privileged access to an internal vehicle communication network, the method comprising:
- providing a presentation network bus capable of providing listen-only access to a subset of in-vehicle networks;
  
  verifying access credentials in a security system configured to control access to the presentation network bus by using a combination of symmetric and asymmetric cryptographic systems;
  
  receiving a diagnostic service request after the access credentials have been verified to enable the presentation network bus for listen-only access to the subset of in-vehicle networks; and
  
  enabling the presentation network bus for the listen-only access in response to receipt of the diagnostic service request.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The method of claim 1, further comprising receiving a second diagnostic service request after the presentation network bus has been enabled that identifies a different network for listen-only access.
  - 3. The method of claim 1, further comprising enabling a persistence mode after the access credentials have been verified wherein the presentation network bus will be enabled for listen-only access after a power-down and power-up cycle without re-verifying access credentials in the security system after the power-down.
  - 4. The method of claim 3, wherein enabling a persistence mode comprises receiving a diagnostic service request that requests that the persistence mode be enabled and includes a persistence count value that identifies the number of power-down and power-up cycles during which the presentation network bus will be enabled for listen-only access without re-verifying access credentials.
  - 5. The method of claim 4, wherein the persistence count value automatically decrements after each power-down and power-up cycle.
  - 6. The method of claim 4, further comprising disabling the persistence mode after receiving a diagnostic service request to disable the persistence mode regardless of the persistence count value.
  - 7. The method of claim 6, wherein disabling the persistence mode comprises resetting the persistence count value to zero.
  - 8. The method of claim 4, wherein the persistence count value may only be set to a value greater than zero during an operating cycle in which the access credentials have been verified in the security system.
  - 9. The method of claim 1, further comprising providing one of a plurality of different listen-only access levels to the in-vehicle networks based on the received access credentials.

10. A system for providing privileged access to an internal vehicle communication network, the system comprising:
- a presentation network bus configured to provide listen-only access to a subset of in-vehicle networks;
  
  a security system configured to enable access to the presentation network bus by verifying access credentials; and
  
  a diagnostic service system configured to control access to the presentation network bus, the diagnostic service system configured to receive a diagnostic service request after the access credentials have been verified to enable the presentation network bus for listen-only access to the subset of networks;
  
  wherein the presentation network bus may be enabled for the listen-only access after credential verification by the security system and in response to receipt of a diagnostic service request from the diagnostic service system requesting that the presentation network bus be enabled.
- View Dependent Claims (11, 12, 13, 14, 15, 16, 17)
- - 11. The system of claim 10, wherein the presentation network bus is configured to provide a listen-only connection to one of the in-vehicle serial networks on a first pin of a diagnostic link connector (DLC) and a listen-only connection to a second one of the in-vehicle serial networks on a second pin of the DLC.
  - 12. The system of claim 10, further comprising presentation circuitry configured to mirror an in-vehicle network onto the presentation network bus.
  - 13. The system of claim 12, wherein the presentation circuitry comprises a network transceiver that is configured to transmit data onto the presentation network bus from the in-vehicle network for listen-only access to the in-vehicle network but not capable of receiving data from the presentation network bus to transmit onto the in-vehicle network.
  - 14. The system of claim 12, wherein the presentation circuitry comprises selection circuitry configured to selectively output one of a plurality of network receive lines of the in-vehicle serial networks to the presentation network bus.
  - 15. The system of claim 10, wherein the diagnostic service system is further configured to enable a persistence mode after the access credentials have been verified wherein the presentation network bus will be enabled for listen-only access after a power-down and power-up cycle for a limited number of cycles without re-verifying access credentials in the security system after the power-down.
  - 16. The system of claim 15, wherein the diagnostic service system is further configured to receive a diagnostic service request that requests that the persistence mode be enabled and includes a persistence count value that identifies the number of power-down and power-up cycles during which the presentation network bus will be enabled for listen-only access without re-verifying access credentials.
  - 17. The system of claim 16, wherein the persistence count value may only be set to a value greater than zero during an operating cycle in which the access credentials have been verified in the security system.

18. A gateway module in a vehicle comprising:
- presentation circuitry configured to mirror a selected in-vehicle network onto a presentation network bus, the presentation circuitry comprising;
  
  selection circuitry configured to selectively output one of a plurality of network receive lines from in-vehicle serial networks to the presentation network bus; and
  
  transceiver circuitry that is configured to transmit data onto the presentation network bus from the selected in-vehicle network for listen-only access to the in-vehicle network and prevent data from the presentation network bus from being transmitted onto the selected in-vehicle network;
  
  a security interface configured to enable access to the presentation network bus by verifying access credentials using a combination of symmetric and asymmetric cryptographic systems; and
  
  a diagnostic service interface configured to control access to the presentation network bus, the diagnostic service interface configured to receive a diagnostic service request after the access credentials have been verified to enable the presentation network bus for listen-only access to the selected in-vehicle network.
- View Dependent Claims (19, 20)
- - 19. The gateway module of claim 18, wherein the diagnostic service interface is further configured to enable a persistence mode after the access credentials have been verified wherein the presentation network bus will be enabled for listen-only access after a power-down and power-up cycle without re-verifying access credentials in the security system after the power-down.
  - 20. The gateway module of claim 19, wherein the diagnostic service interface is further configured to receive a diagnostic service request that requests that the persistence mode be enabled and includes a persistence count value that identifies the number of power-down and power-up cycles during which the presentation network bus will be enabled for listen-only access without re-verifying access credentials.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
GM Global Technology Operations LLC (General Motors Company)
Original Assignee
GM Global Technology Operations LLC (General Motors Company)
Inventors
ANDERSON, ANTHONY, PLOUCHA, JOSEPH E., HROMADA, KENNETH M., SOWA, MICHAEL A., WIENCKOWSKI, NATALIE ANN

Granted Patent

US 10,412,094 B2
Time in Patent Office

Days
Field of Search
US Class Current
CPC Class Codes

B60R 16/0234   related to maintenance or r...

B60R 25/00   Fittings or systems for pre...

G07C 5/0808   Diagnosing performance data...

H04L 2012/40215   Controller Area Network CAN

H04L 63/0823   using certificates cryptogr...

H04L 63/102   Entity profiles

H04W 12/06   Authentication

H04W 4/44   for communication between v...

PRIVILEGED, DIAGNOSTIC LINK CONNECTOR BASED NETWORK MONITORING CAPABILITIES WITHIN A VEHICLE EMPLOYING A GATEWAY MODULE USED TO ISOLATE AND SECURE VEHICLE NETWORKS

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

PRIVILEGED, DIAGNOSTIC LINK CONNECTOR BASED NETWORK MONITORING CAPABILITIES WITHIN A VEHICLE EMPLOYING A GATEWAY MODULE USED TO ISOLATE AND SECURE VEHICLE NETWORKS

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links