Authentication of devices having unequal capabilities
First Claim
1. An apparatus for authentication of in-vehicle network devices comprising:
- a first communication port configured to receive via an associated communication network a first authentication request from at least one network device of a first set of associated network devices having a first authentication capability, and a second authentication request from at least one network device of a second set of associated network devices having a second authentication capability different than the first authentication capability, wherein the second authentication request is unidirectional message data; and
a connected vehicle gateway portion of a selected in-vehicle device implemented as an onboard authentication proxy logic operatively coupled with the first communication port;
wherein the authentication proxy logic is configured to;
selectively authenticate at least one of the first set of associated network devices based on the first authentication request in accordance with the first authentication capability, wherein selectively authenticating the at least one of the first set of associated network devices comprises selectively generating a first cryptographic key set;
selectively authenticate at least one of the second set of associated network devices based on the second authentication request in accordance with the second authentication capability, wherein selectively authenticating the at least one of the second set of associated network devices comprises selectively generating a second cryptographic key set; and
distribute the first and second cryptographic key sets to the first set of associated network devices, without distributing the first and second cryptographic key sets to the second set of associated network devices.
1 Assignment
0 Petitions
Accused Products
Abstract
A system authenticates in-vehicle electronic devices having unequal capabilities such as having varying different communication and processing capabilities. A Connected Vehicle Gateway portion of a selected in-vehicle device acts as an onboard authentication proxy and onboard key server functionality for other in-vehicle devices, and serves as an interface between an in-vehicle network and one or more associated external networks, thereby eliminating the need for explicit peer discovery protocol and the requirement of devices to perform key establishment with each individual communication peer. Instead, each in-vehicle device establishes the group keys as a result of its authentication with the onboard key server and uses the group keys to locally generate and update its session keys. The onboard key server selectively obtains the keys from one or more off-board authentication servers and distributes them to selected in-vehicle devices.
-
Citations
12 Claims
-
1. An apparatus for authentication of in-vehicle network devices comprising:
-
a first communication port configured to receive via an associated communication network a first authentication request from at least one network device of a first set of associated network devices having a first authentication capability, and a second authentication request from at least one network device of a second set of associated network devices having a second authentication capability different than the first authentication capability, wherein the second authentication request is unidirectional message data; and a connected vehicle gateway portion of a selected in-vehicle device implemented as an onboard authentication proxy logic operatively coupled with the first communication port; wherein the authentication proxy logic is configured to; selectively authenticate at least one of the first set of associated network devices based on the first authentication request in accordance with the first authentication capability, wherein selectively authenticating the at least one of the first set of associated network devices comprises selectively generating a first cryptographic key set; selectively authenticate at least one of the second set of associated network devices based on the second authentication request in accordance with the second authentication capability, wherein selectively authenticating the at least one of the second set of associated network devices comprises selectively generating a second cryptographic key set; and distribute the first and second cryptographic key sets to the first set of associated network devices, without distributing the first and second cryptographic key sets to the second set of associated network devices. - View Dependent Claims (2, 3, 4)
-
-
5. A method for authentication of in-vehicle network devices comprising:
-
receiving a first signal by a first communication port configured to communicate via an associated communication network with first and second sets of associated network devices having first and second authentication capabilities respectively, the first signal comprising a first authentication request from at least one of the first set of associated network devices having the first authentication capability; receiving a second signal by the first communication port, the second signal comprising a second authentication request from at least one of the second set of associated network devices having the second authentication capability, wherein the second authentication request is unidirectional message data; selectively authenticating by a connected vehicle gateway portion of a selected in-vehicle device implemented as an onboard authentication proxy processor the at least one of the first set of associated network devices based on the first authentication request data in accordance with the first authentication capability, wherein selectively authenticating the at least one of the first set of associated network devices comprises selectively generating a first cryptographic key set; selectively authenticating by the authentication proxy processor the at least one of the second set of associated network devices based on the second authentication request data in accordance with the second authentication capability, wherein selectively authenticating the at least one of the second set of associated network devices comprises selectively generating a second cryptographic key set; and distributing the first and second cryptographic key sets to the first set of associated network devices, without distributing the first and second cryptographic key sets to the second set of associated network devices. - View Dependent Claims (6, 7, 8)
-
-
9. Logic for authentication of in-vehicle network devices, the logic being encoded in one or more tangible non-transient computer readable media for execution by an associated processor onboard a vehicle and when executed by the associated processor the logic being operable to:
-
receive a first signal by a first communication port configured to communicate via an associated communication network with first and second sets of associated network devices having first and second authentication capabilities respectively, the first signal comprising first authentication request data representative of a request for authentication from at least one of the first set of associated network devices having the first authentication capability; receive a second signal by the first communication port, the second signal comprising second authentication request data representative of a request for authentication from at least one of the second set of associated network devices having the second authentication capability; selectively forward by a second communication port configured to communicate via an associated authentication network with an associated authentication processor the first authentication request data responsive to a connected vehicle gateway portion of a selected in-vehicle device implemented as an onboard authentication proxy logic failing to locally authenticate the at least one of the first set of associated network devices based on the first authentication request data in accordance with the first authentication capability; selectively receive by the authentication proxy logic a first cryptographic key set via the second communication port from the associated authentication network responsive to the associated authentication processor authenticating the at least one of the first set of associated network devices based on the first authentication request data; selectively forward by the second communication port configured to communicate via an associated authentication network with the associated authentication processor the second authentication request data responsive to the authentication proxy logic failing to locally authenticate the at least one of the second set of associated network devices based on the second authentication request data in accordance with the second authentication capability; selectively receive by the authentication proxy logic a second cryptographic key set by the second communication port via the associated authentication network responsive to the associated authentication processor authenticating the at least one of the second set of associated network devices; and selectively distribute by the authentication proxy logic the first and second cryptographic key sets to the first set of associated network devices. - View Dependent Claims (10, 11, 12)
-
Specification