Invention Title:

VEHICLE NETWORK SECURITY

Publication number:

US20240129301

Publication date:

2024-04-18

Section:

Electricity

Class:

H04L63/0853

Inventors:

Yangho KIM Northville, MI, United States

Rajesh Balaji Vijayan Novi, MI, United States

Assignee:

FORD GLOBAL TECHNOLOGIES, LLC Dearborn, MI, United States

Applicant:

Ford Global Technologies, LLC Dearborn, MI, United States

Drawings (4 of 6)

Smart overview of the Invention

A gateway device in a vehicle is designed to enhance security by managing communication between various electronic control units (ECUs) and external networks. It monitors packets received from devices connected to the vehicle network and determines if they are authenticated. If a device is not authenticated, the system checks if the packet is an authentication request and attempts to authenticate the device. If authentication fails after a predetermined number of attempts, the port is disabled to prevent unauthorized access.

Vehicle Network Components

Modern vehicles contain multiple electronic devices, including ECUs that communicate via various networks like Controller Area Network (CAN) and Ethernet. The gateway device serves as a bridge, allowing these ECUs to interact with external systems, including cloud servers. It regulates access through specified ports for each ECU, ensuring that only authenticated devices can communicate over the vehicle network.

Authentication Process

The gateway device follows a structured authentication process for incoming packets. It first identifies whether the device is recognized on the network. If it is not authenticated, the device's packet is evaluated to see if it is an authentication request. The gateway then attempts to authenticate the device up to a set limit of attempts, typically three. If unsuccessful, the port associated with that device is disabled to safeguard the network.

Packet Management Features

In addition to authentication, the gateway device includes features for packet management based on access control lists and CPU utilization thresholds. It can block packets from devices not listed as authorized and can also pass packets if CPU utilization remains within acceptable limits. If CPU usage exceeds these limits, the port may be disabled to maintain network integrity.

Network Versatility

The vehicle network can incorporate various communication technologies beyond just CAN and Ethernet, such as WiFi and Bluetooth. This flexibility allows for diverse applications within different types of vehicles, including passenger cars and commercial vehicles. The gateway device facilitates communication between internal vehicle systems and external networks, enhancing both functionality and security in modern automotive environments.