Systems and Methods for Servicing Vehicle Messages
US-2021284196-A1 · Sep 16, 2021 · US
Assigning categories for messages and symmetric key per category to localize the impact in case of key compromise
US11539714B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-11539714-B2 |
| Application number | US-202017024377-A |
| Country | US |
| Kind code | B2 |
| Filing date | Sep 17, 2020 |
| Priority date | Sep 17, 2020 |
| Publication date | Dec 27, 2022 |
| Grant date | Dec 27, 2022 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
Systems and methods described herein provide for assigning classifications to signals and corresponding messages for prioritization and transmission across a vehicle CAN bus. The assigned classifications are used to select authentication keys specific to each classification of message. Nodes of the CAN bus can include different sets of keys based on the classifications of messages handled at the nodes. Keys are distributed and localized to reduce any potential impact on critical functions of the vehicle system that may result from compromise of an authentication key.
First claim
Opening claim text (preview).
What is claimed is: 1. A vehicle system comprising: a first electronic control unit communicatively coupled to one or more electronic control units via a Controller Area Network (CAN) bus of the vehicle system, the first electronic control unit comprising a memory having stored thereon instructions that, upon execution by one or more processors, cause the one or more processors to: store a first set of one or more keys in the memory of the first electronic control unit based on one or more classifications associated with signals that the first electronic control unit is configured to send or receive, wherein the first set of one or more keys exclude a second set of one or more keys stored at a memory of a second electronic control unit; and wherein the second set of one or more keys is associated with a second classification, and wherein the first electronic control unit is unable to receive or transmit a second message with the second classification; assign a classification of a plurality of classifications to a message, wherein the message comprises one or more signals of a plurality of signals, and wherein the classification is assigned based on the one or more signals; retrieve, from the memory of the first electronic control unit, a key associated with the classification of the message; authenticate the message using the key selected from the first set of one or more keys based on the classification of the message; and transmit the authenticated message across the CAN bus. 2. The vehicle system of claim 1 , wherein each of the plurality of classifications is associated with a distinct key for authenticating the message. 3. The vehicle system of claim 1 , wherein the instructions to assign the classification comprise further instructions that, upon execution by the one or more processors, cause the one or more processors to: assign a respective classification to each of the one or more signals of the message; and assign the classification based on the one or more respective classifications. 4. The vehicle system of claim 3 , wherein the instructions to assign the classification comprise further instructions that, upon execution by the one or more processors, cause the one or more processors to: select the classification of the one or more signals based on a rank of the classifications. 5. The vehicle system of claim 4 , wherein the classification is selected based on the rank of the classification being higher than a rank of another classification. 6. The vehicle system of claim 1 , wherein the instructions further cause the processor to: assign an unclassified classification of the plurality of classifications to a second message; and not authenticating the second message prior to transmitting the second message. 7. A computer-implemented method, comprising: storing a first set of one or more keys in a memory of a first electronic control unit based on one or more classifications associated with signals that the first electronic control unit is configured to send or receive, wherein the first set of one or more keys exclude a second set of one or more keys stored at a memory of a second electronic control unit; and wherein the second set of one or more keys is associated with a second classification, and wherein the first electronic control unit is unable to receive or transmit a second message with the second classification; assigning a classification of a plurality of classifications to a message for communicating operating information across a vehicle Controller Area Network (CAN) bus; retrieving, from the memory of the first electronic control unit, a key associated with the classification of the message; authenticating the message using the key, the key selected from the first set of one or more keys based on the classification of the message; and transmitting the authenticated message via the CAN bus. 8. The computer-implemented method of claim 7 , wherein the each of the plurality of keys are symmetric keys. 9. The computer-implemented method of claim 7 , wherein assigning the classification comprises determining a classification for one or more signals of the message, and wherein the classification of the message is assigned based on the classification of the one or more signals of the message. 10. The computer-implemented method of claim 7 , wherein the authenticated message comprises data identifying the classification of the message. 11. The computer-implemented method of claim 7 , wherein the classification of the message is selected from: a vehicle motion classification; a safety classification; a security classification; a regulatory classification; or unclassified. 12. The computer-implemented method of claim 7 , further comprising: assigning an unclassified classification to a second message, and not authenticating the second message prior to transmitting the second message in response to the unclassified classification. 13. The computer-implemented method of claim 7 , wherein assigning the classification comprises: determining a classification of one or more signals included in the message; and assigning the classification based on a rank of the classification of one of the one or more signals. 14. A non-transitory computer-readable medium comprising instructions that, when executed by one or more processors, cause the one or more processors to: store a first set of one or more keys in a memory of a first electronic control unit based on one or more classifications associated with signals that the first electronic control unit is configured to send or receive, wherein the first set of one or more keys exclude a second set of one or more keys stored at a memory of a second electronic control unit; and wherein the second set of one or more keys is associated with a second classification, and wherein the first electronic control unit is unable to receive or transmit a second message with the second classification; assign a classification of a plurality of classifications to a message for communicating operating information from an electronic control unit (ECU) across a vehicle Controller Area Network (CAN) bus; retrieve, from the memory of the first electronic control unit, a key associated with the classification of the message; authenticate the message using, the key selected from the first set of one or more keys based on the classification of the message; and transmit the authenticated message via the CAN bus. 15. The non-transitory computer-readable medium of claim 14 , wherein the instructions to assign the classification comprise further instructions that, upon execution by the one or more processors, cause the one or more processors to: assign a signal classification of one or more signals included in the message; assign the signal classification of at least one of the one or more signals based on a rank of the signal classification as the classification of the message. 16. The non-transitory computer-readable medium of claim 14 , wherein the classification is selected from: a vehicle motion classification; a safety classification; a security classification; a regulatory classification; or unclassified. 17. The non-transitory computer-readable medium of claim 14 , wherein the instructions further cause the one or more processors to: assign an unclassified classification of the plurality of classifications to a second message; and not authenticating the second message prior to transmitting the second message. 18. The non-transitory computer-readable medium of claim 14 , wher
Assignees
Inventors
Classifications
involving additional secure or trusted devices, e.g. TPM, smartcard, USB or software token (network architectures or network communication protocols for supporting authentication of entities using an additional device in a packet data network H04L63/0853) · CPC title
including means for verifying the identity or authority of a user of the system {or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials} · CPC title
Bus networks · CPC title
Escrow, recovery or storing of secret information, e.g. secret key escrow or cryptographic key storage · CPC title
wherein the sending and receiving network entities apply symmetric encryption, i.e. same key used for encryption and decryption (cryptographic mechanisms or cryptographic arrangements for symmetric key encryption H04L9/06) · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US11539714B2 cover?
- Systems and methods described herein provide for assigning classifications to signals and corresponding messages for prioritization and transmission across a vehicle CAN bus. The assigned classifications are used to select authentication keys specific to each classification of message. Nodes of the CAN bus can include different sets of keys based on the classifications of messages handled at th…
- Who is the assignee on this patent?
- Ford Global Tech Llc
- What technology area does this patent fall under?
- Primary CPC classification H04L63/123. Mapped technology areas include Electricity.
- When was this patent published?
- Publication date Tue Dec 27 2022 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 7 related publications on this page (citations in our corpus or others sharing the same primary CPC).