Approach for securing a vehicle access port
First Claim
Patent Images
1. A mechanism for controlling signals between a vehicle and an entity outside of the vehicle, comprising:
- a vehicle having one or more electronic control units (ECUs);
a vehicle bus connected to the one or more ECUs;
a security module connected to the vehicle bus; and
a vehicle access port connected to the security module; and
wherein;
the security module passes, controls, restricts or blocks signals between the vehicle access port and the vehicle bus according to a vehicle manufacturer security policy;
the vehicle is a product of a vehicle manufacturer;
the vehicle manufacturer security policy applies to an accessing entity having a wireless or non-wireless connection with the vehicle access port;
the vehicle manufacturer creates a vehicle manufacturer public key and a vehicle manufacturer private key;
the vehicle manufacturer private key is protected in the security module;
an accessing entity provider creates an accessing entity provider public key and an accessing entity provider private key;
the accessing entity provider sends the accessing entity provider public key and an accessing entity provider identification data to the vehicle manufacturer using a certificate request protocol;
the vehicle manufacturer uses the vehicle manufacturer private key to sign an accessing entity provider certificate, wherein the accessing entity provider certificate includes the accessing entity provider identification data and the accessing entity provider public key;
the vehicle manufacturer creates a policy change authorization token having changes to the vehicle manufacturer security policy;
the vehicle manufacturer signs the policy change authorization token with the vehicle manufacturer private key;
the vehicle manufacturer sends the policy change authorization token to the accessing entity provider;
an accessing entity public key and an accessing entity private key are created by the accessing entity provider for the accessing entity;
the accessing entity provider uses the accessing entity provider private key to sign an accessing entity certificate containing the accessing entity identification data and the accessing entity public key; and
the accessing entity provider loads a copy of the accessing entity provider certificate, the accessing entity certificate, and the policy change authorization token into the accessing entity.
8 Assignments
0 Petitions
Accused Products
Abstract
The disclosure reveals a system having secured electronic access. The system may have one or more vehicle buses, one or more electronic control units on a vehicle connected to the one or more vehicle buses, a security module connected to the one or more vehicle buses, and a vehicle access port connected to the security module. An accessing entity may attempt connection to the vehicle access port. Messages injected or extracted by the accessing entity may be authorized or unauthorized at the security module based on a security policy.
78 Citations
4 Claims
-
1. A mechanism for controlling signals between a vehicle and an entity outside of the vehicle, comprising:
-
a vehicle having one or more electronic control units (ECUs); a vehicle bus connected to the one or more ECUs; a security module connected to the vehicle bus; and a vehicle access port connected to the security module; and wherein; the security module passes, controls, restricts or blocks signals between the vehicle access port and the vehicle bus according to a vehicle manufacturer security policy; the vehicle is a product of a vehicle manufacturer; the vehicle manufacturer security policy applies to an accessing entity having a wireless or non-wireless connection with the vehicle access port; the vehicle manufacturer creates a vehicle manufacturer public key and a vehicle manufacturer private key; the vehicle manufacturer private key is protected in the security module; an accessing entity provider creates an accessing entity provider public key and an accessing entity provider private key; the accessing entity provider sends the accessing entity provider public key and an accessing entity provider identification data to the vehicle manufacturer using a certificate request protocol; the vehicle manufacturer uses the vehicle manufacturer private key to sign an accessing entity provider certificate, wherein the accessing entity provider certificate includes the accessing entity provider identification data and the accessing entity provider public key; the vehicle manufacturer creates a policy change authorization token having changes to the vehicle manufacturer security policy; the vehicle manufacturer signs the policy change authorization token with the vehicle manufacturer private key; the vehicle manufacturer sends the policy change authorization token to the accessing entity provider; an accessing entity public key and an accessing entity private key are created by the accessing entity provider for the accessing entity; the accessing entity provider uses the accessing entity provider private key to sign an accessing entity certificate containing the accessing entity identification data and the accessing entity public key; and the accessing entity provider loads a copy of the accessing entity provider certificate, the accessing entity certificate, and the policy change authorization token into the accessing entity. - View Dependent Claims (2, 3, 4)
-
Specification
-
- Resources
Litigation Campaign Assessment
Thank you for your request. You will receive a custom alert email when the Litigation Campaign Assessment is available.
×
-
Current AssigneeGarrett Transportation I Inc. (Garrett Motion, Inc.)
-
Original AssigneeGarrett Transportation I Inc. (Garrett Motion, Inc.)
-
InventorsMarkham, Thomas R.
-
Primary Examiner(s)Doan, Trang T
-
Application NumberUS15/469,156Publication NumberTime in Patent Office1,222 DaysField of Search726 27US Class CurrentCPC Class CodesB60R 16/0231 Circuits relating to the dr...H04L 2209/80 Wireless network architectu...H04L 2209/84 VehiclesH04L 63/02 for separating internal fro...H04L 63/0435 wherein the sending and rec...H04L 63/0442 wherein the sending and rec...H04L 63/061 for key exchange, e.g. in p...H04L 63/083 using passwords cryptograph...H04L 63/10 for controlling access to d...H04L 63/20 for managing network securi...H04L 67/12 specially adapted for propr...H04L 9/0825 using asymmetric-key encryp...H04L 9/3247 involving digital signaturesH04L 9/3263 involving certificates, e.g...H04L 9/3268 using certificate validatio...H04W 12/04 Key management, e.g. using ...H04W 12/06 Authentication
