Cloud-assisted threat defense for connected vehicles

US 9,282,110 B2
Filed: 11/27/2013
Issued: 03/08/2016
Est. Priority Date: 11/27/2013
Status: Active Grant

First Claim

Patent Images

1. A system comprising:

a non-transient memory disposed on an associated motor vehicle and configured to store data representative of security threats related to the associated motor vehicle;

an interface operable to communicate with the associated motor vehicle and at least one source external to the associated motor vehicle; and

control logic coupled with the interface and with the memory;

wherein the control logic is operable to receive data from at least one on-board unit of the associated motor vehicle and the at least one source external to the associated motor vehicle, wherein the received data includes data representative of at least one file identified for operation on the associated motor vehicle;

wherein the control logic is operable to determine whether at least one predefined characteristic exists with respect to the file;

wherein, in response to a determination that at least one predefined characteristic exists with respect to the file and that data associated with the file is located in the memory, the control logic is operable to determine whether the file includes a security threat by analyzing the file based on the data representative of security threats stored in the memory;

wherein, in response to a determination that the data associated with the file is not located in the memory, the control logic is operable to (i) transmit data related to the file to a cloud-based component communicatively coupled to the control logic via the interface, wherein the cloud-based component is configured to store the data representative of security threats and (ii) receive a threat assessment from the cloud-based component regarding the file; and

wherein the control logic is operable to generate a signal based on at least one of determining whether the file includes the security threat and analyzing the threat assessment.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

In an example embodiment herein, there is provided methods and a system for cloud-assisted threat defense for connected vehicles. A vehicle suitably includes an on-board computer system for operating and/or controlling various systems on the vehicle. The on-board computer system suitably operates in connection with or includes an on-board threat defense module for detecting and protecting against malware attacks and other security threats to the vehicle. In an example embodiment, a cloud-based security component or security cloud assists with the detection and protection against security threats and malware attacks to the vehicle while minimizing the processing load and memory requirements for the on-board threat defense module.

Citations

18 Claims

1. A system comprising:
- a non-transient memory disposed on an associated motor vehicle and configured to store data representative of security threats related to the associated motor vehicle;
  
  an interface operable to communicate with the associated motor vehicle and at least one source external to the associated motor vehicle; and
  
  control logic coupled with the interface and with the memory;
  
  wherein the control logic is operable to receive data from at least one on-board unit of the associated motor vehicle and the at least one source external to the associated motor vehicle, wherein the received data includes data representative of at least one file identified for operation on the associated motor vehicle;
  
  wherein the control logic is operable to determine whether at least one predefined characteristic exists with respect to the file;
  
  wherein, in response to a determination that at least one predefined characteristic exists with respect to the file and that data associated with the file is located in the memory, the control logic is operable to determine whether the file includes a security threat by analyzing the file based on the data representative of security threats stored in the memory;
  
  wherein, in response to a determination that the data associated with the file is not located in the memory, the control logic is operable to (i) transmit data related to the file to a cloud-based component communicatively coupled to the control logic via the interface, wherein the cloud-based component is configured to store the data representative of security threats and (ii) receive a threat assessment from the cloud-based component regarding the file; and
  
  wherein the control logic is operable to generate a signal based on at least one of determining whether the file includes the security threat and analyzing the threat assessment.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The system as set forth in claim 1,wherein the control logic is operable to, responsive to a determination that the file does not include the security threat, generate a first signal to allow the file to execute on the associated motor vehicle;
    - andwherein the control logic is operable to, responsive to a determination that the file includes the security threat, generate a second signal to prevent the file from executing on the associated motor vehicle.
  - 3. The system as set forth in claim 1, wherein:
    - the control logic is operable to determine, as to the at least one predefined characteristic, whether the file is to be transmitted to a secure network of the associated motor vehicle, the file is an executable file, or the file is a non-executable file that attempts to execute on the associated motor vehicle.
  - 4. The system as set forth in claim 1,wherein the control logic is operable to update the memory using results of determining whether the file includes the security threat based on the threat assessment received from the cloud-based component;
    - andwherein the control logic is operable to update the cloud-based component using results of determining whether the file includes the security threat by analyzing the file based on the data representative of security threats stored in the memory.
  - 5. The system as set forth in claim 1, wherein the control logic is operable to dynamically adjust the size of a local database in the memory based on computational needs of an on-board computing device in the associated motor vehicle operable to access the memory, wherein the local database comprises the data representative of security threats.
  - 6. The system as set forth in claim 5, wherein the control logic is operable to dynamically adjust the size of the local database by balancing the computational needs of the on-board computing device with a volume of network traffic between the control logic disposed on the associated motor vehicle and the cloud-based component.

7. A method comprising:
- operating control logic, coupled with an associated memory disposed in an associated motor vehicle, to communicate with at least one on-board unit of the associated motor vehicle and at least one source external to the associated motor vehicle;
  
  receiving data from the at least one on-board unit of the associated motor vehicle and the at least one source external to the associated motor vehicle, wherein the received data includes data representative of at least one file for operation on the associated motor vehicle;
  
  determining by the control logic whether at least one predefined characteristic exists with respect to the file;
  
  upon determining data associated with the file is in the memory, determining by the control logic whether the file includes a security threat by analyzing the file based on data representative of security threats stored in the memory in response to determining that at least one predefined characteristic exists with respect to the file;
  
  upon determining the data associated with the file is not located in the memory, transmitting data related to the file to a cloud-based component external to the associated motor vehicle, wherein the cloud-based component is configured to store data representative of security threats related to the associated motor vehicle;
  
  receiving a threat assessment from the cloud-based component regarding the file; and
  
  generating by the control logic a signal based on at least one of determining whether the file includes the security threat and analyzing the threat assessment.
- View Dependent Claims (8, 9, 10, 11, 12)
- - 8. The method as set forth in claim 7, further comprising:
    - responsive to a determination that the file does not include the security threat, generating by the control logic a first signal indicating that the file be allowed to execute on the associated motor vehicle; and
      
      responsive to a determination that the file includes the security threat, generating by the control logic a second signal indicating that the file be prevented from executing on the associated motor vehicle.
  - 9. The method as set forth in claim 7, wherein the file is analyzed if the file is at least one of a file that is to be transmitted to a secure network of the associated motor vehicle, an executable file, or a non-executable file that attempts to execute on the associated motor vehicle.
  - 10. The method as set forth in claim 7, further comprising:
    - updating by the control logic the memory disposed on the associated motor vehicle in response to a determination of whether the file includes the security threat based on the threat assessment received from the cloud-based component; and
      
      updating by the control logic the cloud-based component in response to the determination of whether the file includes the security threat by analyzing the file based on the data representative of security threats stored in the memory.
  - 11. The method of claim 7, further comprising:
    - dynamically adjusting the size of a local database in the memory based on computational needs of an on-board computing device in the associated motor vehicle that accesses the memory, wherein the local database comprises the data representative of security threats stored in the memory.
  - 12. The method of claim 11, wherein dynamically adjusting the size of the local database comprises balancing the computational needs of the on-board computing device with a volume of network traffic between the associated motor vehicle and the cloud-based component.

13. Logic encoded in at least one non-transitory computer readable media for execution by a processor, and when executed by the processor operable to:
- operate control logic, coupled to an associated memory disposed in an associated motor vehicle, to communicate with at least one on-board unit of the associated motor vehicle and at least one source external to the associated motor vehicle;
  
  receive data from at least one on-board unit of an associated motor vehicle and at least one source external to the associated motor vehicle, wherein the received data includes data representative of a file for operation on the associated motor vehicle;
  
  determine by the control logic whether at least one predefined characteristic exists with respect to the file;
  
  upon determining data associated with the file is in the memory, determine by the control logic whether the file includes a security threat by analyzing the file based on data representative of security threats stored in the memory in response to determining that at least one predefined characteristic exists with respect to the file;
  
  upon determining the data associated with the file is not located in the memory, transmit data related to the file to a cloud-based component external to the associated motor vehicle, wherein the cloud-based component is configured to store data representative of security threats related to the associated motor vehicle;
  
  receiving a threat assessment from the cloud-based component regarding the file; and
  
  generate by the control logic a signal based on at least one of determining whether the file includes the security threat and analyzing the threat assessment.
- View Dependent Claims (14, 15, 16)
- - 14. The logic as set forth in claim 13, further operable to:
    - responsive to a determination that the file does not include the security threat, generate by the control logic a first signal indicating that the file be allowed to execute on the associated motor vehicle; and
      
      responsive to a determination that the file includes the security threat, generate by the control logic a second signal indicating that the file be prevented from executing on the associated motor vehicle.
  - 15. The logic as set forth in claim 13, wherein the logic is operable to analyze the file if the file is at least one of a file that is to be transmitted to a secure network of the associated motor vehicle, an executable file, or a non-executable file that attempts to execute on the associated motor vehicle.
  - 16. The logic as set forth in claim 13, further operable to:
    - updating by the control logic the memory disposed on the associated motor vehicle in response to a determination of whether the file includes the security threat based on the threat assessment received from the cloud-based component; and
      
      updating by the control logic the cloud-based component in response to the determination of whether the file includes the security threat by analyzing the file based on the data representative of security threats stored in the memory.

17. A method comprising:
- operating control logic, coupled with an associated memory disposed in an associated motor vehicle, to communicate with at least one on-board unit of the associated motor vehicle and at least one source external to the associated motor vehicle;
  
  receiving data from the at least one on-board unit of the associated motor vehicle and the at least one source external to the associated motor vehicle, wherein the received data includes data representative of at least two files for operation on the associated motor vehicle;
  
  determining by the control logic whether at least one predefined characteristic exists with respect to the at least two files;
  
  upon determining the data associated with a first file of the two files is in the memory, determining by the control logic whether the first file includes a security threat by analyzing the first file based on data representative of security threats stored in the memory in response to determining that at least one predefined characteristic exists with respect to the first file;
  
  upon determining the data associated with a second file of the two files is not located in the memory, transmitting data related to the second file to a cloud-based component external to the associated motor vehicle, wherein the cloud-based component is configured to store data representative of security threats related to the associated motor vehicle;
  
  receiving a threat assessment from the cloud-based component regarding the second file; and
  
  generating by the control logic a signal based on at least one of determining whether the first file includes the security threat and analyzing the threat assessment.

18. Logic encoded in at least one non-transitory computer readable media for execution by a processor, and when executed by the processor operable to:
- operate control logic, coupled to an associated memory disposed in an associated motor vehicle, to communicate with at least one on-board unit of the associated motor vehicle and at least one source external to the associated motor vehicle;
  
  receive data from at least one on-board unit of an associated motor vehicle and at least one source external to the associated motor vehicle, wherein the received data includes data representative of at least two files for operation on the associated motor vehicle;
  
  determine by the control logic whether at least one predefined characteristic exists with respect to the files;
  
  upon determining the data associated with a first file of the files is in the memory, determine by the control logic whether the first file includes a security threat by analyzing the first file based on data representative of security threats stored in the memory in response to determining that at least one predefined characteristic exists with respect to the first file;
  
  upon determining the data associated with a second file of the files is not located in the memory, transmit data related to the second file to a cloud-based component external to the associated motor vehicle, wherein the cloud-based component is configured to store data representative of security threats related to the associated motor vehicle;
  
  receive a threat assessment from the cloud-based component regarding the second file; and
  
  generate by the control logic a signal based on at least one of determining whether the first file includes the security threat and analyzing the threat assessment.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Cisco Technology, Inc. (Cisco Systems, Inc.)
Original Assignee
Cisco Technology, Inc. (Cisco Systems, Inc.)
Inventors
Zhang, Tao, Antunes, Helder, Aggarwal, Siddhartha, Patel, Chintankumar
Primary Examiner(s)
LEWIS, LISA C

Application Number

US14/091,435
Publication Number

US 20150150124A1
Time in Patent Office

832 Days
Field of Search
US Class Current

1/1
CPC Class Codes

B60R 25/00   Fittings or systems for pre...

G06F 21/51   at application loading time...

G06F 21/564   by virus signature recognition

H04L 2209/84   Vehicles

H04L 63/1408   by monitoring network traff...

H04L 63/1416   Event detection, e.g. attac...

H04L 63/1433   Vulnerability analysis

H04L 63/145   the attack involving the pr...

H04L 67/12   specially adapted for propr...

H04L 67/59   Providing operational suppo...

H04L 9/3247   involving digital signatures

H04W 12/08   Access security

H04W 12/12   Detection or prevention of ...

H04W 12/128   Anti-malware arrangements, ...

H04W 4/40   for vehicles, e.g. vehicle-...

Cloud-assisted threat defense for connected vehicles

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

18 Claims

Specification

Solutions

Use Cases

Quick Links

Cloud-assisted threat defense for connected vehicles

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

18 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links