Method for a public-key infrastructure for vehicular networks with limited number of infrastructure servers

US 8,397,063 B2
Filed: 07/13/2010
Issued: 03/12/2013
Est. Priority Date: 10/07/2009
Status: Expired due to Fees

First Claim

Patent Images

1. A method for providing vehicular communications network security, comprising:

providing a plurality of vehicles in a specified geographic area, each of the plurality of vehicles having a communications component;

providing a plurality of communications infrastructure nodes, one or more of the communication infrastructure nodes being static, the plurality of communications infrastructure nodes being unable to provide a data connection to each of the plurality of vehicles such that a number of the vehicles having the data connection is greater than one and less than a number of total vehicles in the specified geographic area;

communicating between the vehicles using the plurality of communication infrastructure nodes;

communicating vehicle to vehicle (V2V) using the communication components;

providing security for the communications between the plurality of vehicles;

assigning and installing in the plurality of vehicles at least one security key, a certificate of operation, and a recent certificate revocation list; and

securing communications between the plurality of vehicles using the at least one security key, the certificate of operation and the recent certificate revocation list.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system, and method related thereto, for providing a vehicular communications network public-key infrastructure. The system comprises a plurality of communications infrastructure nodes and a plurality of vehicles each having a communications component. The communications component provides vehicle to vehicle (V2V) communications, and communications via infrastructure nodes. A communications security component in each of the plurality of vehicles provides security for the communications between the plurality of vehicles using a plurality of security modules. The security modules include a certificate management module. A public key interface module may include a public key, a private key, an anonymous key and a management key. The system further includes a detection and response module for attack detection and attack mitigation. The communications security component assigns and installs at least one security key, a certificate of operation, and a current certificate revocation list. The communications component provides secure communications between the plurality of vehicles.

29 Citations

View as Search Results

24 Claims

1. A method for providing vehicular communications network security, comprising:
- providing a plurality of vehicles in a specified geographic area, each of the plurality of vehicles having a communications component;
  
  providing a plurality of communications infrastructure nodes, one or more of the communication infrastructure nodes being static, the plurality of communications infrastructure nodes being unable to provide a data connection to each of the plurality of vehicles such that a number of the vehicles having the data connection is greater than one and less than a number of total vehicles in the specified geographic area;
  
  communicating between the vehicles using the plurality of communication infrastructure nodes;
  
  communicating vehicle to vehicle (V2V) using the communication components;
  
  providing security for the communications between the plurality of vehicles;
  
  assigning and installing in the plurality of vehicles at least one security key, a certificate of operation, and a recent certificate revocation list; and
  
  securing communications between the plurality of vehicles using the at least one security key, the certificate of operation and the recent certificate revocation list.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14)
- - 2. The method of claim 1, further comprising:
    - detecting malicious activity in communications between the vehicles; and
      
      mitigating the malicious activity.
  - 3. The method of claim 2, wherein the malicious activity includes:
    - denying services or creating physical, psychological or financial harm to at least one of the plurality of vehicles.
  - 4. The method of claim 2, wherein the step of mitigating the malicious activity includes:
    - users voting as a group, including;
      
      a majority voting technique; and
      
      a self sacrifice voting technique;
      
      or a combination of the majority voting technique and the self sacrifice voting technique.
  - 5. The method of claim 1, wherein the step of assigning and installing in the plurality of vehicles occurs during manufacture of the vehicle or at a vehicle dealer.
  - 6. The method of claim 1, further including:
    - distributing an updated certificate revocation list to each vehicle in the network using the V2V communications, or using the communication infrastructure nodes;
      
      excluding one or more vehicles on the certificate revocation list from the network.
  - 7. The method of claim 6, wherein the step of distributing the updated certificate revocation list includes at least one of the following techniques:
    - flooding a geographically-controlled network;
      
      broadcasting on a nationwide network; and
      
      using the V2V communications for comparing certificate revocation lists between the plurality of vehicles.
  - 8. The method of claim 1, further including:
    - replacing expired and revoked certificates by distributing updated certificates to the plurality of vehicles in the network using the V2V communications, or using the communication infrastructure nodes.
  - 9. The method of claim 8, wherein the step of distributing the updated certificates includes using at least one of the following techniques:
    - flooding a geographically-controlled network;
      
      broadcasting on a nationwide network; and
      
      using the V2V communications for comparing certificate revocation lists between the plurality of vehicles.
  - 10. The method of claim 1, further comprising:
    - distributing one or more updated security keys to each of the plurality of vehicles.
  - 11. The method of claim 10, wherein the step of distributing one or more updated security keys includes distributing one or more of a plurality of security keys, including:
    - a public key, a private key, one or more anonymous keys, an identifying key, and a management key.
  - 12. The method of claim 1, wherein a security component includes public key infrastructure (PKI).
  - 13. The method of claim 1, further comprising:
    - reporting a certificate revocation to a remote infrastructure node.
  - 14. The method of claim 1, wherein a certificate authority server is remote from the plurality of vehicles and communicates with the plurality of vehicles using intermediate vehicles.

15. A system for providing vehicular communications network security, comprising:
- a plurality of vehicles in a specified geographic area, each of the plurality of vehicles having a communications component, the communications component providing vehicle to vehicle (V2V) communications;
  
  a plurality of communications infrastructure nodes, one or more of the communication infrastructure nodes being static, the vehicles communicating with each other using the plurality of communications infrastructure nodes, the plurality of communications infrastructure nodes being unable to provide a data connection to each of the plurality of vehicles during any specified time period, such that a number of the vehicles having the data connection is greater than one and less than a number of total vehicles in the specified geographic area during any specified time period;
  
  a communications security component in each of the plurality of vehicles providing security for the communications between the plurality of vehicles, the communications security component including a plurality of security modules, the security modules including;
  
  a certificate management module including certificates, and a certificate revocation list;
  
  a public key interface module including at least one of;
  
  a public key, a private key, an anonymous key and a management key;
  
  a detection and response module for attack detection and attack mitigation;
  
  the communications security component having assigned and installed at least one security key, a certificate of operation, and a current certificate revocation list, the communications component providing secure communications between the plurality of vehicles including vehicle to vehicle communications, and vehicle communication using the nodes.
- View Dependent Claims (16, 17, 18, 19)
- - 16. The system of claim 15, further comprising:
    - a certification authority at least occasionally communicating with the plurality of vehicles.
  - 17. The system of claim 15, wherein the certificate management module includes a certificate authority located on one or more of the infrastructure nodes.
  - 18. The system of claim 15, further comprising:
    - an alarm mechanism being part of the security component, the alarm mechanism initiating a security breach report when a certificate is revoked.
  - 19. The system of claim 15, wherein the communications infrastructure nodes include computer systems communicating with computer systems in the vehicles.

20. A method for providing security for a vehicular communications network, comprising:
- providing a plurality of vehicles in a specified geographic area, each of the plurality of vehicles having a communications component;
  
  providing a plurality of communications infrastructure nodes, one or more of the communication infrastructure nodes being static, the plurality of communications infrastructure nodes being unable to provide a data connection to each of the plurality of vehicles during any specified time period, such that a number of the vehicles having the data connection is greater than one and less than a number of total vehicles in the specified geographic area during any specified time period;
  
  providing security for communications between the plurality of vehicles;
  
  assigning and installing in the plurality of vehicles at least one security key, a certificate of operation, and a current certificate revocation list;
  
  selectively communicating between the plurality of vehicles including vehicle to vehicle communications and the nodes;
  
  securing communications between the plurality of vehicles using the at least one security key, the certificate of operation and the current revocation list;
  
  detecting malicious activity in communications between the vehicles; and
  
  mitigating the malicious activity including the technique of;
  
  users voting as a group, including;
  
  a majority voting technique; and
  
  a self sacrifice voting technique;
  
  or a combination of the majority voting technique and the self sacrifice voting technique.
- View Dependent Claims (21, 22, 23)
- - 21. The method of claim 20, further including:
    - distributing an updated certificate revocation list to each vehicle in the network excluding one or more vehicles on the certificate revocation list from the network; and
      
      the step of distributing the updated certificate revocation list includes at least one of the following techniques;
      
      flooding a geographically-controlled network;
      
      broadcasting on a nationwide network;
      
      the V2V communications for comparing certificate revocation lists between the plurality of vehicles.
  - 22. The method of claim 20, further including:
    - replacing expired and revoked certificates by distributing updated certificates to the plurality of vehicles in the network; and
      
      distributing the updated certificates includes using at least one of the following techniques;
      
      flooding a geographically-controlled network;
      
      broadcasting on a nationwide network;
      
      the V2V communications for comparing certificate revocation lists between the plurality of vehicles.
  - 23. The method of claim 20, further comprising:
    - distributing one or more updated security keys to each of the plurality of vehicles including;
      
      a public key, a private key, an anonymous key, an identifying key, and a management key.

24. A computer program product comprising a computer readable storage device having recorded thereon a computer program, a computer system including a memory device and the computer system including a processor for executing the steps of the computer program for providing vehicular communications network security, wherein a plurality of communications infrastructure nodes are provided, and a plurality of vehicles each having a communications component are provided, and the plurality of vehicles being in a specified geographic area;
- the program steps comprising;
  
  communicating between the vehicles using the plurality of communication infrastructure nodes, one or more of the communication infrastructure nodes being static, the plurality of communications infrastructure nodes being unable to provide a data connection to each of the plurality of vehicles such that a number of the vehicles having the data connection is greater than one and less than a number of total vehicles in the specified geographic area;
  
  communicating vehicle to vehicle (V2V) using the communication components;
  
  providing security for the communications between the plurality of vehicles;
  
  assigning and installing in the plurality of vehicles at least one security key, a certificate of operation, and a recent certificate revocation list; and
  
  securing communications between the plurality of vehicles using the at least one security key, the certificate of operation and the recent certificate revocation list.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Telcordia Technologies Incorporated (Telefonaktiebolaget LM Ericsson)
Original Assignee
Telcordia Technologies Incorporated (Telefonaktiebolaget LM Ericsson)
Inventors
DiCrescenzo, Giovanni
Primary Examiner(s)
Lim, Krisna

Application Number

US12/835,001
Publication Number

US 20110083011A1
Time in Patent Office

973 Days
Field of Search

713/158, 726 1- 3, 726/6, 726/14
US Class Current

713/158
CPC Class Codes

H04L 2209/80   Wireless network architectu...

H04L 2209/84   Vehicles

H04L 63/0823   using certificates cryptogr...

H04L 63/1441   Countermeasures against mal...

H04L 67/12   specially adapted for propr...

H04L 9/006   involving public key infras...

H04L 9/0891   Revocation or update of sec...

H04L 9/3268   using certificate validatio...

H04W 12/122   Counter-measures against at...

H04W 12/126   Anti-theft arrangements, e....

H04W 84/005   Moving wireless networks

Method for a public-key infrastructure for vehicular networks with limited number of infrastructure servers

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

29 Citations

24 Claims

Specification

Use Cases

Quick Links

Others

Method for a public-key infrastructure for vehicular networks with limited number of infrastructure servers

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

29 Citations

24 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others