System and method for providing security to in-vehicle network
US-2021075807-A1 · Mar 11, 2021 · US
Communication module
US2022021663A1 · US · A1
| Field | Value |
|---|---|
| Publication number | US-2022021663-A1 |
| Application number | US-201917312387-A |
| Country | US |
| Kind code | A1 |
| Filing date | Dec 12, 2019 |
| Priority date | Dec 13, 2018 |
| Publication date | Jan 20, 2022 |
| Grant date | — |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
Various aspects of the present disclosure are directed to a communication module for data transmission between at least one hardware component which is integrated into an internal network of a technical system and a back-end computer system which is connected to a packet-switched data network. In one example embodiment, a communication module is disclosed including a point-to-point connection, a device-proximal gateway is configured and arranged to provide a data transmission interface between the point-to-point connection and the internal network, and a network-proximal gateway connected to the device-proximal gateway via the point-to-point connection without intermediate stations, the network-proximal gateway configured and arranged to provide a data transmission interface between the packet-switched data network and the point-to-point connection.
First claim
Opening claim text (preview).
1 . A communication module for data transmission between at least one hardware component which is integrated into an internal network of a technical system and a back-end computer system which is connected to a packet-switched data network ( 6 ), characterized in that the communication module comprises: a point-to-point connection, a device-proximal gateway is configured and arranged to provide a data transmission interface between the point-to-point connection and the internal network, and a network-proximal gateway connected to the device-proximal gateway via the point-to-point connection without intermediate stations, the network-proximal gateway configured and arranged to provide a data transmission interface between the packet-switched data network and the point-to-point connection. 2 . The communication module according to claim 1 , characterized in that the device-proximal gateway and/or the network-proximal gateway has a gateway security module. 3 . The communication module according to claim 2 , characterized in that the at least one gateway security module has a card interface configured and arranged to receive a processor chip card. 4 . A technical system comprising: a communication module according to claim 1 , at least one hardware component, and at least one internal network. 5 . The technical system according to claim 4 , characterized in that the at least one hardware component has a security controller with an integrated cryptoprocessor, a non-volatile memory and a volatile memory. 6 . The technical system according to claim 4 , characterized in that the technical system is a vehicle with one of autonomy levels 1 to 5. 7 . The technical system according to claim 4 , characterized in that the technical system is a machine arrangement configured and arranged to be controlled by an automation system, in particular a test bench. 8 . A method for the transmission of device data of a hardware component, which is integrated in an internal network of a technical system, to a back-end computer system which is connected to a packet-switched data network, the method including the following steps: transmitting the device data from the hardware component via the internal network to a device-proximal gateway, transmitting the device data from the device-proximal gateway via a point-to-point connection to a network-proximal gateway, converting the device data into an encrypted instance of the device data by the device-proximal gateway or the network-proximal gateway, and transmitting the encrypted instance of the device data from the network-proximal gateway via the packet-switched data network to the back-end computer system. 9 . The method according to claim 8 , characterized in that the method further includes the following steps: creating an encrypted instance of the device data using a public key of the back-end computer system by the device-proximal gateway using the gateway security module of the device-proximal gateway, or by the network-proximal gateway using the gateway security module of the network-proximal gateway. 10 . The method according to claim 8 , characterized in that the step of transmitting the encrypted instance of the device data via the packet-switched data network includes transmitting the encrypted instance to a broker in accordance with a protocol that functions purely via push mechanisms. 11 . The method according to claim 8 , characterized in that the network-proximal gateway encrypts the encrypted instance of the device data before it is transmitted over the packet-switched data network in accordance with a network encryption protocol. 12 . The method according to claim 8 , characterized in that the encrypted instance of the device data contains check data which allows the back-end computing system and/or another authorized data receiver to check the integrity and/or authenticity of the device data. 13 . A method for storing update data in a device memory of a hardware component integrated in an internal network, wherein the update data for the hardware component are provided by a back-end computer system and wherein the method including the following steps: receiving an encrypted instance of the update data by a network-proximal gateway via a packet-switched data network from a back-end computer system, transmitting the update data from the network-proximal gateway via a point-to-point connection to the device-proximal gateway, transmitting the update data to the hardware component via the internal network, decrypting the encrypted instance of the update data by the device-proximal gateway or the network-proximal gateway, and storing the decrypted update data in the device memory of the hardware component. 14 . The method according to claim 13 , characterized in that the encrypted instance of the update data is created by the back-end computer system and/or an authorized data transmitter using a public key of the hardware component and/or the device-proximal gateway and/or the network-proximal gateway. 15 . The method according to claim 13 , characterized in that the method further includes the following steps: decrypting the encrypted instance of the update data by the network-proximal gateway using the gateway security module of the network-proximal gateway, or the device-proximal gateway using the gateway security module of the device-proximal gateway. 16 . The method according to claim 13 , characterized in that the update data includes firmware, application software and/or parameter data of the hardware component. 17 . The method according to claim 13 , characterized in that the step of receiving an encrypted instance of the update data includes retrieving the encrypted instance of the update data from a broker and takes place in accordance with a protocol which functions purely via push mechanisms. 18 . The method according to claim 13 , characterized in that the encrypted instance of the update data contains check data which allows the gateway security module of the device-proximal gateway, and/or the gateway security module of the network-proximal gateway and/or the security controller of the hardware component, to check the integrity and/or authenticity of the update data.
Assignees
Inventors
Classifications
the transportation system being a vehicle · CPC title
involving the movement of software or configuration parameters (network booting or remote initial program loading [RIPL] G06F9/4416) · CPC title
- H04L67/104Primary
Peer-to-peer [P2P] networks · CPC title
using an additional device, e.g. smartcard, SIM or a different communication terminal (cryptographic mechanisms or cryptographic arrangements for entity authentication involving additional secure or trusted devices H04L9/3234) · CPC title
- H04L63/0471Primary
applying encryption by an intermediary, e.g. receiving clear information at the intermediary and encrypting the received information at the intermediary before forwarding · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US2022021663A1 cover?
- Various aspects of the present disclosure are directed to a communication module for data transmission between at least one hardware component which is integrated into an internal network of a technical system and a back-end computer system which is connected to a packet-switched data network. In one example embodiment, a communication module is disclosed including a point-to-point connection, …
- Who is the assignee on this patent?
- Avl List Gmbh
- What technology area does this patent fall under?
- Primary CPC classification H04L67/104. Mapped technology areas include Electricity.
- When was this patent published?
- Publication date Thu Jan 20 2022 00:00:00 GMT+0000 (Coordinated Universal Time) (A1). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 11 related publications on this page (citations in our corpus or others sharing the same primary CPC).