Private alias endpoints for isolated virtual networks
US-9787499-B2 · Oct 10, 2017 · US
Secure start system for an autonomous vehicle
US10140468B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-10140468-B2 |
| Application number | US-201815874549-A |
| Country | US |
| Kind code | B2 |
| Filing date | Jan 18, 2018 |
| Priority date | Mar 18, 2016 |
| Publication date | Nov 27, 2018 |
| Grant date | Nov 27, 2018 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
A secure start system for an autonomous vehicle (AV) can transmit credentials to an authentication system based on detecting startup of the autonomous vehicle. When the credentials are authenticated the system can receive a tunnel key from the authentication system, and establish, using the tunnel key, a private communications session with a backend vault of the authentication system. The system may then retrieve a verification key and an autonomous key from the backend vault, and verify, using the verification key, that the file system was cryptographically signed by the authentication system, and decrypt the file system using the autonomous key to enable the autonomous mode.
First claim
Opening claim text (preview).
What is claimed is: 1. A secure start system for an autonomous vehicle, the secure start system comprising: a communications router; a compute stack storing a cryptographically signed and encrypted file system, and comprising a plurality of drives to execute the file system to enable an autonomous mode of the autonomous vehicle; and wherein the compute stack comprises a master node including one or more memory resources that execute secure start instructions, causing the secure start system to: based on detecting startup of the autonomous vehicle, transmit credentials to a backend authentication system via the communications router; receive, when the credentials are authenticated, a tunnel key from the backend authentication system; establish, using the tunnel key, a private communications session with a backend vault of the backend authentication system; retrieve a verification key and an autonomous key from the backend vault; verify, using the verification key, that the file system was cryptographically signed by the backend authentication system; and decrypt the file system using the autonomous key to enable the autonomous mode. 2. The secure start system of claim 1 , wherein the executed instructions further cause the secure start system to: retrieve, in response to detecting startup of the autonomous vehicle, a basic key from write protected memory of the secure start system; and unlock, using the basic key, a basic mode of an autonomous vehicle operating system (AVOS), the basic mode enabling network communications with the backend authentication system. 3. The secure start system of claim 1 , wherein the executed instructions further cause the secure start system to: receive the credentials from a user of the autonomous vehicle. 4. The secure start system of claim 3 , wherein the credentials are received via one of a mobile computing device executing a designated application for operating the autonomous vehicle or an input interface of the autonomous vehicle. 5. The secure start system of claim 1 , wherein the tunnel key comprises an Internet Protocol Security (IPsec) tunnel key, and wherein the private communications session comprises an IPsec tunnel to the backend vault to retrieve the verification key and the autonomous key. 6. The secure start system of claim 1 , wherein the executed instructions cause the secure start system to transmit the credentials to a demilitarized zone of the backend authentication system to receive the tunnel key. 7. The secure start system of claim 1 , wherein the executed instructions further cause the secure start system to: transmit the credentials to a communications gate of the backend vault; and receive, when the credentials are authenticated by the communications gate, a time-limited token to access the backend vault; wherein the executed instructions cause the secure start system to retrieve the verification key and the autonomous key from the backend vault using the time-limited token. 8. An autonomous vehicle comprising: a sensor system to dynamically generate sensor data indicating a situational environment of the autonomous vehicle; an acceleration, braking, and steering system; a compute stack storing a cryptographically signed and encrypted file system, and comprising a plurality of drives to execute the file system to operate the acceleration, braking, and steering system in an autonomous mode; and a secure start system connected to the compute stack, the secure start system comprising: a communications router; one or more processors; and one or more memory resources storing secure start instructions that, when executed by the one or more processors, cause the secure start system to: based on detecting startup of the autonomous vehicle, transmit credentials to a backend authentication system via the communications router; receive, when the credentials are authenticated, a tunnel key from the backend authentication system; establish, using the tunnel key, a private communications session with a backend vault of the backend authentication system; retrieve a verification key and an autonomous key from the backend vault; verify, using the verification key, that the file system was cryptographically signed by the backend authentication system; and decrypt the file system using the autonomous key to enable the autonomous mode. 9. The autonomous vehicle of claim 8 , wherein the executed instructions further cause the secure start system to: retrieve, in response to detecting startup of the autonomous vehicle, a basic key from write protected memory of the secure start system; and unlock, using the basic key, a basic mode of an autonomous vehicle operating system (AVOS), the basic mode enabling network communications with the backend authentication system. 10. The autonomous vehicle of claim 8 , wherein the executed instructions further cause the secure start system to: receive the credentials from a user of the autonomous vehicle. 11. The autonomous vehicle of claim 10 , wherein the credentials are received via one of a mobile computing device executing a designated application for operating the autonomous vehicle or an input interface of the autonomous vehicle. 12. The autonomous vehicle of claim 8 , wherein the tunnel key comprises an Internet Protocol Security (IPsec) tunnel key, and wherein the private communications session comprises an IPsec tunnel to the backend vault to retrieve the verification key and the autonomous key. 13. The autonomous vehicle of claim 8 , wherein the executed instructions cause the secure start system to transmit the credentials to a demilitarized zone of the backend authentication system to receive the tunnel key. 14. The autonomous vehicle of claim 8 , wherein the executed instructions further cause the secure start system to: transmit the credentials to a communications gate of the backend vault; and receive, when the credentials are authenticated by the communications gate, a time-limited token to access the backend vault; wherein the executed instructions cause the secure start system to retrieve the verification key and the autonomous key from the backend vault using the time-limited token. 15. A non-transitory computer readable medium storing instructions that when executed by one or more processors of a secure start system of an autonomous vehicle (AV), cause the secure start system to: based on detecting startup of the autonomous vehicle, transmit credentials to a backend authentication system using a communications router; receive, when the credentials are authenticated, a tunnel key from the backend authentication system; establish, using the tunnel key, a private communications session with a backend vault of the backend authentication system; retrieve a verification key and an autonomous key from the backend vault; verify, using the verification key, that an encrypted file system of the AV was cryptographically signed by the backend authentication system; and decrypt the file system using the autonomous key to enable an autonomous mode of the autonomous vehicle. 16. The non-transitory computer readable medium of claim 15 , wherein the executed instructions further cause the secure start system to: retrieve, in response to detecting startup of the autonomous vehicle, a basic key from write protected memory of the secure start system; and unlock, using the basic key, a basic mode of an autonomous vehicle operating system (AVOS), the basic mode enabling network communications with the backend authentication system. 17. The non-tr
Assignees
Inventors
Classifications
Key management, e.g. using generic bootstrapping architecture [GBA] · CPC title
Escrow, recovery or storing of secret information, e.g. secret key escrow or cryptographic key storage · CPC title
wherein the data content is protected, e.g. by encrypting or encapsulating the payload · CPC title
- G06F21/6218Primary
to a system of files or objects, e.g. local or distributed file system or database · CPC title
for authentication of entities (cryptographic mechanisms or cryptographic arrangements for entity authentication H04L9/32) · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US10140468B2 cover?
- A secure start system for an autonomous vehicle (AV) can transmit credentials to an authentication system based on detecting startup of the autonomous vehicle. When the credentials are authenticated the system can receive a tunnel key from the authentication system, and establish, using the tunnel key, a private communications session with a backend vault of the authentication system. The syste…
- Who is the assignee on this patent?
- Uber Technologies Inc
- What technology area does this patent fall under?
- Primary CPC classification G06F21/6218. Mapped technology areas include Physics.
- When was this patent published?
- Publication date Tue Nov 27 2018 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 3 related publications on this page (citations in our corpus or others sharing the same primary CPC).