Threat mitigation in a vehicle-to-vehicle communication network

US 8,819,414 B2
Filed: 04/19/2010
Issued: 08/26/2014
Est. Priority Date: 04/19/2010
Status: Active Grant

First Claim

Patent Images

1. A method of obtaining a certificate revocation list (CRL) for a vehicle in a vehicle-to-vehicle communication system, the method comprising the steps of:

providing a portable security unit to access secured operations for the vehicle, the portable security unit being relocatable from the vehicle;

linking the portable security unit to a network device having access to a communication network, wherein the network device is remote from the vehicle, wherein the communication network is separate from the vehicle-to-vehicle communication system, and wherein the communication network is in communication with a certificate authority for issuing an updated CRL;

downloading the updated CRL from the certificate authority to the portable security unit via the communication network;

establishing a communication link between the portable security unit and a vehicle processor unit;

exchanging mutual authentication between the portable security unit and the vehicle processing unit, wherein the updated CRL stored in the portable security unit is downloaded to a memory of the vehicle in response to a successful mutual authentication; and

wherein establishing the link between the portable security unit and a vehicle processing unit is initiated by inserting an ignition key in a vehicle ignition.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method is provided for obtaining a certificate revocation list (CRL) for a vehicle in a vehicle-to-vehicle communication system. A portable security unit is provided to access secured operations for the vehicle. The portable security unit is linked to a device having access to a communication network. The communication network is in communication with a certificate authority for issuing an updated CRL. The updated CRL is downloaded from the certificate authority to the portable security unit. At a later time, when a user enters the vehicle, a communication link is established between the portable security unit and a vehicle processor unit. Mutual authentication is exchanged between the portable security unit and the vehicle processing unit. The updated CRL stored in the portable security unit is downloaded to a memory of the vehicle communication system in response to a successful mutual authentication.

Citations

19 Claims

1. A method of obtaining a certificate revocation list (CRL) for a vehicle in a vehicle-to-vehicle communication system, the method comprising the steps of:
- providing a portable security unit to access secured operations for the vehicle, the portable security unit being relocatable from the vehicle;
  
  linking the portable security unit to a network device having access to a communication network, wherein the network device is remote from the vehicle, wherein the communication network is separate from the vehicle-to-vehicle communication system, and wherein the communication network is in communication with a certificate authority for issuing an updated CRL;
  
  downloading the updated CRL from the certificate authority to the portable security unit via the communication network;
  
  establishing a communication link between the portable security unit and a vehicle processor unit;
  
  exchanging mutual authentication between the portable security unit and the vehicle processing unit, wherein the updated CRL stored in the portable security unit is downloaded to a memory of the vehicle in response to a successful mutual authentication; and
  
  wherein establishing the link between the portable security unit and a vehicle processing unit is initiated by inserting an ignition key in a vehicle ignition.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The method of claim 1 wherein the portable security unitcommunicates with the communication network via a wired connection.
  - 3. The method of claim 1 wherein the portable security unit communicates with the communication network via a wireless connection.
  - 4. The method of claim 1 wherein the network device communicates with certificate authority via an internet.
  - 5. The method of claim 1 wherein the portable security unit utilizes a docking device to communicate with the network device.
  - 6. The method of claim 1 wherein the updated CRL is stored in a memory card of the portable security unit when downloading the updated CRL from the certificate authority to the portable security unit.
  - 7. The method of claim 1 wherein the updated CRL is computed by a centralized malicious node detection system running on a back-end server.
  - 8. The method of claim 1 wherein the centralized malicious node detection system detects anomalies in the vehicle-to-vehicle communication system.
  - 9. The method of claim 1 wherein packet transcripts are uploaded from the portable security unit to the certificate authority to assist in detecting anomalies in the vehicle-to-vehicle communication system.
  - 10. The method of claim 1 wherein cryptographic credentials are downloaded from the certificate authority to vehicles for providing enhanced privacy to users in the vehicle-to-vehicle communication system.

11. A vehicle-to-vehicle communication system comprising:
- a vehicle communication processing unit for controlling a broadcast of wireless messages within the vehicle-to-vehicle communication system, the vehicle communication processing unit having a memory for storing certificate revocation lists (CRL); and
  
  a portable security unit for linking to the vehicle processing unit, the portable security unit being relocatable from the vehicle, the portable security unit communicating with the processing unit for performing mutual authentication between the portable security unit and the vehicle communication processing unit in response to being linked to one another, the portable security unit having a non-volatile memory for storing an updated certification revocation list;
  
  wherein the portable security unit links to a network device having access to a communication network, the network device being remote from the vehicle, the communication network being separate from the vehicle-to-vehicle communication system, and the communication network being in communication with a certificate authority for issuing an updated CRL, wherein the updated CRL is downloaded from the certificate authority to the portable security unit via the communication network, wherein the portable security unit establishes a communication link to the vehicle communication system in response to initiating a vehicle security operation, and wherein the updated CRL stored in the portable security unit is downloaded to the memory of the vehicle in response to the mutual authentication between the portable security unit and the vehicle processing unit; and
  
  wherein the portable security unit and the vehicle communication processor exchanges mutual authentication in response to an ignition key being inserted within an ignition.
- View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19)
- - 12. The vehicle-to-vehicle communication system of claim 11 wherein the portable security unit includes a key dongle.
  - 13. The vehicle-to-vehicle communication system of claim 12 wherein the key dongle is integrated as part of the ignition key.
  - 14. The vehicle-to-vehicle communication system of claim 13 further comprising a docking device for communication with the network device.
  - 15. The vehicle-to-vehicle communication system of claim 14 wherein the network device for downloading the updated CRL from the communication network includes a computer.
  - 16. The vehicle-to-vehicle communication system of claim 14 wherein the network device for downloading the updated CRL from the communication network includes a phone-based device.
  - 17. The vehicle-to-vehicle communication system of claim 12 wherein the key dongle includes a memory card for storing the updated CRL download.
  - 18. The vehicle-to-vehicle communication system of claim 11 wherein a centralized malicious node detection routine is used to detect anomalies in the vehicle-to-vehicle communication network.
  - 19. The vehicle-to-vehicle communication system of claim 11 wherein the memory stores packet transcripts of vehicle-to-vehicle communications that are uploaded to the certificate authority to assist in detecting anomalies in the vehicle-to-vehicle communication system.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
GM Global Technology Operations LLC (General Motors Company)
Original Assignee
GM Global Technology Operations LLC (General Motors Company)
Inventors
Bellur, Bhargav R., Bhattacharya, Debojyoti, Iyer, Aravind V.
Primary Examiner(s)
Patel, Ashok
Assistant Examiner(s)
GRACIA, GARY S

Application Number

US12/762,428
Publication Number

US 20110258435A1
Time in Patent Office

1,590 Days
Field of Search

713/155
US Class Current

713/155
CPC Class Codes

H04L 2209/80   Wireless

H04L 2209/84   Vehicles

H04L 63/0823   using certificates cryptogr...

H04L 63/0869   for achieving mutual authen...

H04L 9/3268   using certificate validatio...

H04L 9/3273   for mutual authentication n...

Threat mitigation in a vehicle-to-vehicle communication network

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

Citations

19 Claims

Specification

Solutions

Use Cases

Quick Links

Threat mitigation in a vehicle-to-vehicle communication network

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

19 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links