Method for preventing electronic control unit from executing process based on malicious frame transmitted to bus
US-2017013006-A1 · Jan 12, 2017 · US
Communication network system, transmission node, reception node, and message checking method
US2017195878A1 · US · A1
| Field | Value |
|---|---|
| Publication number | US-2017195878-A1 |
| Application number | US-201515315084-A |
| Country | US |
| Kind code | A1 |
| Filing date | Jun 5, 2015 |
| Priority date | Jun 5, 2014 |
| Publication date | Jul 6, 2017 |
| Grant date | — |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
In a communication network system connected between a transmission node and a reception node, both the transmission node and the reception node store the same secret information with their secret information storage units. The transmission node includes a counter configured to increase its transmission count value by 1 for transmitting each message, wherein a MAC generator generates MAC based on secret information, transmission data, and its transmission count value, thus transmitting a message including transmission data and MAC. The reception node includes a counter configured to increase a reception count value by 1 for receiving each message, wherein a MAC checking part generates MAC based on secret information, reception data, and its reception count value, obtained from the received message, thus checking whether the generated MAC matches the MAC obtained from the received message.
First claim
Opening claim text (preview).
1 . A communication network system connecting a transmission node configured to transmit a message and a reception node configured to receive the message, wherein the transmission node includes a transmission counter holding a transmission count value being increased by a predetermined count value upon transmitting each message, a secret information storage unit configured to store secret information, a message authentication code generator configured to generate a message authentication code based on transmission data stored in a data section of the message, the transmission count value, and the secret information, and a transmitter configured to transmit the message including the transmission data and the message authentication code, and wherein the reception node includes a reception counter configured to increase a reception count value being increased by the predetermined count value upon receiving each message, a secret information storage unit configured to store the secret information, and a message authentication code checking part configured to generate a message authentication code based on reception data, obtained from a data section of a received message, the reception count value, and the secret information, thus checking whether the message authentication code matches the message authentication code obtained from the received message. 2 . The communication network system according to claim 1 , wherein the message authentication code generator solely uses extracted upper bits, corresponding to a predetermined number of bits extracted from a bit string of the transmission count value, in order to generate the message authentication code, wherein the transmitter solely stores one portion of a bit string of the message authentication code, specified by a value of lower bits other than the extracted upper bits within the bit string of the transmission count value, in a transmitting message, and wherein the message authentication code checking part solely uses the extracted upper bits, corresponding to the predetermined number of bits extracted from the bit string of the reception count value, in order to generate the message authentication code so as to solely use one portion of the bit string of the message authentication code, specified by a value of lower bits other than the extracted upper bits within the bit string of the reception count value, subjected to checking whether to match the message authentication code obtained from the received message. 3 . The communication network system according to claim 2 , wherein the message authentication code checking part solely uses one portion of the bit string, specified by a value of lower bits in the reception count value being increased by the predetermined count value, subjected to rechecking when a checking result indicates unmatched. 4 . The communication network system according to claim 3 , wherein the reception counter sets the value of lower bits, whose rechecking result indicates a match, to a value of lower bits in the reception count value being held thereby. 5 . The communication network system according to claim 1 , wherein the message authentication code generator solely uses the extracted upper bits, corresponding to the predetermined number of bits extracted from the bit string of the transmission count value, in order to generate the message authentication code, wherein the transmitter stores one portion of the bit string of the message authentication code, specified by the value of lower bits other than the extracted upper bits within the bit string of the transmission count value, and positional information representing one portion of the bit string located in the bit string of the message authentication code in a transmitting message, and wherein the message authentication code checking part solely uses the extracted upper bits, corresponding to the number of bits extracted from the bit string of the reception count value, in order to generate the message authentication code so as to solely use one portion of the bit string of the message authentication code, based on the positional information obtained from a received message, subjected to checking whether to match the message authentication code obtained from the received message. 6 . A transmission node adapted to a communication network system connecting the transmission code configured to transmit a message and a reception node configured to receive the message, comprising: a secret information storage unit configured to store secret information identical to secret information held by the reception node; a transmission counter configured to hold a transmission count value being increased by a predetermined count value for transmitting each message; a message authentication code generator configured to generate a message authentication code based on transmission data stored in a data section of the message, the transmission count value, and the secret information; and a transmitter configured to transmit the message including the transmission data and the message authentication code. 7 . A reception node adapted to a communication network system connecting a transmission node configured to transmit a message and the reception node configured to receive the message, comprising: a secret information storage unit configured to store secret information identical to secret information held by the transmission node; a reception counter configured to hold a reception count value being increased by a predetermined count value, corresponding to a predetermined count value used in the transmission node, for receiving each message; and a message authentication code checking part configured to generate a message authentication code based on reception data, obtained from a data section of a received message, the reception count value, and the secret information so as to check whether the message authentication code matches an message authentication code obtained from the received message. 8 . A message checking method adapted to a communication network system connecting a transmission node configured to transmit a message and a reception node configured to receive the message, comprising: storing, by the transmission node and the reception node, same secret information as the reception node; holding, by the transmission node, a transmission count value being increased by a predetermined count value for transmitting each message; generating, by the transmission node, a message authentication code based on transmission data, stored in a data section of the message, the transmission count value, and the secret information; transmitting, by the transmission node, the message including the transmission node and the message authentication code; holding, by the reception node, a reception count value being increased by the predetermined count value for receiving each message; generating, by the reception node, a message authentication code based on reception data, obtained from a data section of a received message, the reception count value, and the secret information; and checking whether the message authentication code matches the message authentication code obtained from the received message. 9 . A non-transient computer-readable storage medium storing a computer program causing a computer of a transmission node, adapted to a communication network system connecting the transmission node configured to transmit a message and a reception node configured to receive the message, to implement the steps of: storing secret information identical to secret information held by the reception node; holding a transmission count value being increased by a predetermined count value for transmitting each message;
Assignees
Inventors
Classifications
- H04L9/3242Primary
involving keyed hash functions, e.g. message authentication codes [MACs], CBC-MAC or HMAC · CPC title
- H04W12/04Primary
Key management, e.g. using generic bootstrapping architecture [GBA] · CPC title
wherein the data content is protected, e.g. by encrypting or encapsulating the payload · CPC title
for supporting key management in a packet data network (cryptographic mechanisms or cryptographic arrangements for key management H04L9/08) · CPC title
Signcrypting, i.e. digital signing and encrypting simultaneously · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US2017195878A1 cover?
- In a communication network system connected between a transmission node and a reception node, both the transmission node and the reception node store the same secret information with their secret information storage units. The transmission node includes a counter configured to increase its transmission count value by 1 for transmitting each message, wherein a MAC generator generates MAC based o…
- Who is the assignee on this patent?
- Kddi Corp
- What technology area does this patent fall under?
- Primary CPC classification H04L9/3242. Mapped technology areas include Electricity.
- When was this patent published?
- Publication date Thu Jul 06 2017 00:00:00 GMT+0000 (Coordinated Universal Time) (A1). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 1 related publication on this page (citations in our corpus or others sharing the same primary CPC).