Tamper detection for vehicle controller

US 6,678,606 B2
Filed: 09/14/2001
Issued: 01/13/2004
Est. Priority Date: 09/14/2001
Status: Expired due to Term

First Claim

Patent Images

1. A system for detecting modification of control data in an electronically controlled engine, comprising:

a memory containing the control data;

data storage containing a first stored value, which corresponds to the result of applying a first hash function to a first portion of said memory;

a processor;

a computer-readable medium, in communication with said processor, encoded with programming instructions executable by said processor to;

apply the first hash function to the first portion of said memory to obtain a first calculated hash value while the engine is operating; and

generate an error signal in an error log if the first calculated hash value and the first stored value are not equal.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system and method are disclosed for detecting tampering with the software, software parameters, and calibration data used by a vehicle controller. During authorized installation of controller memory images, a hash function is applied to selected regions of controller memory to obtain stored hash values. Then, periodically during operation of the vehicle, the hash function is applied to the then-current contents of the controller memory to obtain calculated hash values. If the stored hash values stored do not match the calculated hash values, a fault is logged for future retrieval by service personnel.

Citations

21 Claims

1. A system for detecting modification of control data in an electronically controlled engine, comprising:
- a memory containing the control data;
  
  data storage containing a first stored value, which corresponds to the result of applying a first hash function to a first portion of said memory;
  
  a processor;
  
  a computer-readable medium, in communication with said processor, encoded with programming instructions executable by said processor to;
  
  apply the first hash function to the first portion of said memory to obtain a first calculated hash value while the engine is operating; and
  
  generate an error signal in an error log if the first calculated hash value and the first stored value are not equal.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
- - 2. The system of claim 1, wherein:
3. The system of claim 2, wherein the first portion of said memory comprises a plurality of address ranges.
4. The system of claim 3, wherein:
- said memory comprises a first memory device and a second memory device;
  
  a first one of said plurality of address ranges is in a first memory device, and a second one of said plurality of address ranges is in a second memory device.
5. The system of claim 4, wherein said first memory device is a flash memory device, and said second memory device is an EEPROM.
6. The system of claim 1, wherein said data storage is in said memory.
7. The system of claim 1, wherein the first portion of said memory is defined by at least one address range data element stored in said memory.
8. The system of claim 7, wherein the first portion of said memory is defined by at least two address range data elements stored in said memory.
9. The system of claim 7, wherein:
- said memory comprises program space and data space; and
  
  the at least one address range data element is stored in the program space.
10. The system of claim 9, further comprising a port connectable to an external service tool for reading said error log, wherein:
- said error log is in said data space; and
  
  said external service tool can read from said data space, but not from said program space.
11. The system of claim 1, wherein the first hash function is a cyclic redundancy check.
12. The system of claim 1, wherein:
- said data storage also contains a second stored value, which corresponds to the result of applying a second hash function to a second portion of said memory, the second portion being different from the first portion; and
  
  the programming instructions are further executable by said processor to;
  
  apply the second hash function to the second portion of said memory to obtain a second calculated hash value while the engine is operating; and
  
  generate an error signal if the second calculated hash value and the second stored value are not equal.
13. The system of claim 1, further comprising an access means for enabling the detachable connection of an external apparatus that, while connected, reads at least a portion of the contents of said memory.

14. A method for detecting changes to control data in a vehicle'"'"'s engine control system, comprising:
- storing in a memory a first stored hash value calculated by applying a first hash function to a first portion of the control data;
  
  calculating a first calculated hash value by applying the first hash function to the first portion of the control data; and
  
  if the first hash value does not equal the first calculated hash value, signaling the mismatch.
- View Dependent Claims (15, 16, 17, 18, 19, 20, 21)
- - 15. The method of claim 14, further comprising:
16. The method of claim 14, further comprising:
- storing in the memory a second stored hash value calculated by applying a second hash function to a second portion of the control data;
  
  calculating a second calculated hash value by applying the second hash function to the second portion of the control data; and
  
  if the second stored hash value does not equal the second calculated hash value, signaling the mismatch.
17. The method of claim 14, wherein:
- said calculating comprises;
  
  executing a first phase by applying the first hash function to a first segment of the first portion of control data; and
  
  executing a second phase by applying the first hash function to a second segment of the first portion of control data; and
  
  said executing acts are separated in time.
18. The method of claim 17, wherein said executing acts are separated by a predetermined amount of time.
19. The method of claim 17, wherein:
- said first phase is executed upon occurrence of a first trigger event; and
  
  said second phase is executed upon occurrence of a second trigger event.
20. The method of claim 14:
- wherein said signaling comprises recording an error log in a computer-readable medium; and
  
  further comprising;
  
  placing a service tool in communication with the computer-readable medium, wherein the service tool has a display;
  
  reading the error log into the service tool; and
  
  showing information from the error log on the display.
21. The method of claim 14, wherein the calculating step is performed upon powering-on the vehicle.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Cummins Incorporated
Original Assignee
Cummins Incorporated
Inventors
Zhang, Shu, Chamarthi, Gopal, Oʼdell, Dave, Thompson, Scott, Akins, Mark
Primary Examiner(s)
Vo, Hieu T.
Assistant Examiner(s)
Hoang, Johnny H.

Application Number

US09/952,555
Publication Number

US 20030055552A1
Time in Patent Office

851 Days
Field of Search

701/114, 701/115, 711/100, 711/170, 395/182.01, 395/376-395, 707/1
US Class Current

701/114
CPC Class Codes

B60W 50/04   Monitoring the functioning ...

F02D 41/2493   Resetting of data to a pred...

F02D 41/266   the computer being backed-u...

G06F 21/64   Protecting data integrity, ...

Y10S 707/99931   Database or file accessing

Y10S 707/99936   Pattern matching access

Tamper detection for vehicle controller

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

21 Claims

Specification

Solutions

Use Cases

Quick Links

Tamper detection for vehicle controller

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

21 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links