Mini integrated control device
US-2016008985-A1 · Jan 14, 2016 · US
System and method for firewalls between vehicle networks
US10897469B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-10897469-B2 |
| Application number | US-201715423102-A |
| Country | US |
| Kind code | B2 |
| Filing date | Feb 2, 2017 |
| Priority date | Feb 2, 2017 |
| Publication date | Jan 19, 2021 |
| Grant date | Jan 19, 2021 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
Generally speaking, embodiments of the present disclosure include a network security system that can comprise a hardware appliance installed in a vehicle and connected with the busses, networks, communication systems, and other components of the vehicle. This in-vehicle network security appliance can provide an access point to the networks of the vehicle, such as the Controller Area Networks (CANs), Local Interconnect Networks (LINs) and other networks, monitor inbound and outbound traffic on those networks, and provide a firewall between those networks and external networks or systems as well as between different networks and systems within the vehicle. In this way, the network security appliance can protect the vehicle networks from different sources of attack from outside and inside the vehicle via components that are less secure like the infotainment system or diagnostic port.
First claim
Opening claim text (preview).
What is claimed is: 1. An in-vehicle network security appliance comprising: a plurality of external network interfaces, each external network interface of the plurality of external network interfaces providing a connection to a communication network or device outside of a vehicle; a first plurality of internal network interfaces, each internal network interface of the first plurality of internal network interfaces providing a connection to a network of a first set of networks within the vehicle; a second plurality of internal network interfaces, each internal network interface of the second plurality of internal network interfaces providing a connection to a network of a second set of networks within the vehicle; a Telematics Control Unit (TCU) processor in the vehicle and coupled between the plurality of external network interfaces and the first plurality of internal network interfaces; a gateway processor in the vehicle and coupled between the TCU processor and the second plurality of internal network interfaces, wherein the TCU processor executes one or more applications providing network security on the first set of networks and the second set of networks by providing a firewall between the first set of networks and the communication network or device outside of the vehicle and between the first set of networks and the second set of networks, wherein the gateway processor executes one or more applications providing network security on the second set of networks within the vehicle by providing a firewall between the second set of networks and the communication network or device outside of the vehicle and between the TCU processor and the second set of networks, wherein the first set of networks within the vehicle is separate from the second set of networks within the vehicle, wherein the TCU processor is i) coupled between the gateway processor and the plurality of external network interfaces, and ii) coupled between the gateway processor and the first plurality of internal network interfaces, such that the TCU processor is i) in a first communication path between the gateway processor and the plurality of external network interfaces and, ii) in a second communication path between the gateway processor and the first plurality of internal network interfaces, wherein the second set of networks within the vehicle comprises one or more Controller Area Networks (CANs) and Local Interface Networks (LINs) of the vehicle, wherein the first set of networks within the vehicle comprises one or more networks or data busses other than CANs and LINs including one or more of an infotainment network, a Global Positioning System network, a Wi-Fi network, and a set of sensors, wherein the TCU processor executes the one or more applications providing network security on the first set of networks and the second set of networks by monitoring incoming traffic from communication networks or devices outside of the vehicle to the first set of networks and the second set of networks and outbound traffic from the first set of networks and the second set of networks to the communication networks or devices outside of the vehicle to provide the firewalls, wherein the gateway processor does not execute the one or more applications providing network security on the first set of networks, and wherein at least one of the plurality of external network interfaces comprises an Off-Board Diagnostics (OBD) connection; and a vehicle control system that, while each of the TCU and gateway processors monitors inbound and outbound traffic on the first set of networks and the second set of networks, respectively, is programmed to continually monitor traffic, vehicular, roadway, and/or environmental conditions while operating the vehicle. 2. The in-vehicle network security appliance of claim 1 , wherein each of the plurality of external network interfaces comprises a transceiver and Network Interface Controllers (NICs) in communication with the communication network or device outside the vehicle, wherein the communication network or device outside the vehicle comprises one or more of a cellular network, a Wi-Fi network, a satellite communications network, and a GPS network. 3. The in-vehicle network security appliance of claim 1 , wherein executing, by the gateway processor, the one or more applications providing network security on the second set of networks comprises monitoring incoming traffic from the communication networks or devices outside of the vehicle and the first set of networks to the second set of networks and outbound traffic from the second set of networks to the communication networks or devices outside of the vehicle and the first set of networks within the vehicle and providing a gateway to the second set of networks within the vehicle. 4. The in-vehicle network security appliance of claim 1 , wherein the vehicle control system is free of human driver interaction in operating the vehicle. 5. A vehicle comprising: a communication system providing a connection to one or more communication networks or devices outside of the vehicle; a first set of internal networks within the vehicle; a second set of internal networks within the vehicle; and an in-vehicle security appliance coupled with the communication system, the first set of internal networks, and the second set of internal networks, the in-vehicle security appliance comprising: a plurality of external network interfaces, each external network interface of the plurality of external network interfaces providing a connection to the one or more communication networks or devices outside of the vehicle through the communication system, a first plurality of internal network interfaces, each internal network interface of the first plurality of internal network interfaces providing a connection to a network of the first set of internal networks, a second plurality of internal network interfaces, each internal network interface of the second plurality of internal network interfaces providing a connection to a network of the second set of internal networks, a Telematics Control Unit (TCU) processor in the vehicle and coupled between the plurality of external network interfaces and the first plurality of internal network interfaces, a gateway processor in the vehicle and coupled between the TCU processor and the second plurality of internal network interfaces, wherein the TCU processor executes one or more applications providing network security on the first set of internal networks and the second set of internal networks by providing a firewall between the first set of internal networks and the one or more communication networks or devices outside of the vehicle and between the first set of internal networks and the second set of internal networks, wherein the gateway processor executes one or more applications providing network security on the second set of internal networks within the vehicle by providing a firewall between the second set of internal networks and the one or more communication networks or devices outside of the vehicle and between the TCU processor and the second set of internal networks, wherein the first set of internal networks within the vehicle is separate from the second set of internal networks within the vehicle, and wherein the TCU processor is i) coupled between the gateway processor and the plurality of external network interfaces, and ii) coupled between the gateway processor and the first plurality of internal network interfaces, such that the TCU processor is i) in a first communication path between the gateway processor and the plurality of external network interfaces and, ii) in a second communication path between the gateway processor and the first plurality of internal network interfaces, wherein the TCU and gateway processor are in electric
Assignees
Inventors
Classifications
interconnection devices, e.g. bus-connected or in-line devices · CPC title
the transportation system being a vehicle · CPC title
specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks · CPC title
Controller Area Network CAN · CPC title
WLAN [Wireless Local Area Networks] · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US10897469B2 cover?
- Generally speaking, embodiments of the present disclosure include a network security system that can comprise a hardware appliance installed in a vehicle and connected with the busses, networks, communication systems, and other components of the vehicle. This in-vehicle network security appliance can provide an access point to the networks of the vehicle, such as the Controller Area Networks (C…
- Who is the assignee on this patent?
- Nio Usa Inc
- What technology area does this patent fall under?
- Primary CPC classification H04L63/1408. Mapped technology areas include Electricity.
- When was this patent published?
- Publication date Tue Jan 19 2021 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 12 related publications on this page (citations in our corpus or others sharing the same primary CPC).