US2017245151A1PendingUtilityA1

Vehicle module update, protection and diagnostics

46
Assignee: Movimento GroupPriority: Jan 5, 2015Filed: May 9, 2017Published: Aug 24, 2017
Est. expiryJan 5, 2035(~8.5 yrs left)· nominal 20-yr term from priority
H04L 63/102H04L 63/1408H04L 67/34H04L 67/12H04L 63/1441G06F 8/65H04W 12/08H04W 12/082H04W 12/084
46
PatentIndex Score
0
Cited by
0
References
0
Claims

Abstract

Updating, protecting, diagnosing and/or otherwise managing a server, module or other analogous device(s) included on a vehicle for the purposes of facilitating a vehicle related operation is contemplated. A local controller physical connected or otherwise associated with to the vehicle may be employed to implement the contemplated processes, optionally at the direction of a remote controller or other master controller having capabilities sufficient to provide corresponding instructions thereto.

Claims

exact text as granted — not AI-modified
What is claimed is: 
     
         1 . A method for thwarting unauthorized programming of a server included on a road vehicle comprising:
 inspecting a programming message transmitted from a client to the server, the programming message being sufficient for instigating a programming session at the server;   determining whether the programming message is one of authorized and unauthorized; and   engaging one an active mode in the event the programming message is unauthorized, including transmitting a default message to the server prior to the server instigating the programming session, the default message being sufficient to return the server to a default session before the server updates a memory pursuant to the requested programming.   
     
     
         2 . The method of  claim 1  further comprising detecting the programming message with a local controller in communication with a controller area network (CAN), the CAN being used to deliver the programming message from the server to the client, the local controller being physically connected to the road vehicle and incapable of preventing the programming message from traveling over the CAN between the client and the server. 
     
     
         3 . The method of  claim 2  further comprising transmitting the default session message from the local controller over the CAN to an address copied from information included within the programming message. 
     
     
         4 . The method of  claim 1  further comprising:
 determining whether the programming message is one of authorized and unauthorized as a function of a mode instruction wirelessly received from a remote controller located outside of the road vehicle; and 
 non-wirelessly transmitting the default message to the server over a controller area network (CAN) used to deliver the programming message from the server to the client in the event the mode instruction specifies the active mode. 
 
     
     
         5 . The method of  claim 1  further comprising logging parameters associated with the programming message, including at least a timestamp and an address. 
     
     
         6 . The method  claim 5  further comprising wirelessly transmitting the parameters logged for the programming message to a remote controller located outside of the road vehicle. 
     
     
         7 . A non-transitory computer-readable medium having a plurality of non-transitory instructions operable with a controller to facilitate thwarting a client from updating a server when the controller, client and server are physically connected to a vehicle, the non-transitory instructions being sufficient for:
 inspecting a programming request made by the client to request an update of the server to determine whether the programming request is authorized or unauthorized;   taking no action against the server to prevent the update when the programming request is authorized; and   engaging an active mode to thwart the update when the programming request is unauthorized, the active mode including the controller transmitting a default message to the server after the server receives the programming request, the default message being sufficient for controlling the server to return to a default session before instigating a program session sufficient for overwriting a memory or other data construct of the server pursuant to the programming.   
     
     
         8 . The non-transitory computer-readable medium of  claim 7  further comprising non-transitory instructions sufficient for:
 determining the programming request as a function of the controller detecting a request message transmitted from the client to the server over a controller area network (CAN) of the vehicle; and 
 engaging the active mode after detecting the request message such that the request message reaches the server before the update can be thwarted. 
 
     
     
         9 . The non-transitory computer-readable medium of  claim 8  further comprising non-transitory instructions sufficient for:
 instigating a timer upon detecting the request message, including setting a duration of the timer to approximate time needed for the server to process the request message after being received from the client over the CAN; and 
 awaiting completion of the timer before transmitting the default message from the controller to the server over the CAN so as to ensure the server is in a state suitable to processing of the default message. 
 
     
     
         10 . The non-transitory computer-readable medium of  claim 8  further comprising non-transitory instructions sufficient for:
 detecting a response message transmitted from the server to the client over the CAN in response to the request message, the response message indicating availability to start the programming; and 
 awaiting at least for detection of the response message before transmitting the default message. 
 
     
     
         11 . The non-transitory computer-readable medium of  claim 10  further comprising non-transitory instructions sufficient for:
 detecting a security request transmitted from the client to the server over the CAN in response to the response message, the security request requesting the server to provide a seed to the client; and 
 awaiting at least for detection of the security request before transmitting the default message. 
 
     
     
         12 . The non-transitory computer-readable medium of  claim 11  further comprising non-transitory sufficient for:
 detecting a security response transmitted from the server to the client over the CAN in response to the security request, the security response including the seed requested in the security request; and 
 awaiting at least for detection of the security response before transmitting the default message. 
 
     
     
         13 . The non-transitory computer-readable medium of  claim 12  further comprising non-transitory instructions sufficient for:
 detecting a key response transmitted from the client to the server over the CAN in response to the security response, the key response including a key generated by the client as a result of processing the seed included in the security response; and 
 awaiting at least for detection of the security response before transmitting the default message. 
 
     
     
         14 . The non-transitory computer-readable medium of  claim 8  further comprising non-transitory instructions sufficient for:
 logging parameters associated with the request message, the parameters including at least a timestamp and an address for the request message; and 
 wirelessly transmitting a report having the logged parameters to a device physically disconnected from the vehicle. 
 
     
     
         15 . The non-transitory computer-readable medium of  claim 8  further comprising non-transitory instructions sufficient for:
 determining one or more parameters for the request message; 
 comparing the parameters to predefined characteristics included within a schedule provided to the controller prior to detecting the request message; 
 determining the update to be authorized when the parameters sufficiently cross-reference with the predefined characteristics to indicate the update as being previously authorized; and 
 determining the update to be unauthorized when the parameters fail to sufficiently cross-reference with the predefined characteristics to indicate the update as failing to have been previously authorized. 
 
     
     
         16 . The non-transitory computer-readable medium of  claim 7  further comprising non-transitory instructions sufficient for wirelessly receiving a plurality of instructions from a device physically disconnected from the vehicle, the plurality of instructions including instructions sufficient for determining whether the update is authorized or unauthorized. 
     
     
         17 . The non-transitory computer-readable medium of  claim 7  further comprising non-transitory instructions sufficient for non-wirelessly transmitting the default message from the controller to the server. 
     
     
         18 . The non-transitory computer-readable medium of  claim 7  further comprising non-transitory instructions sufficient for wirelessly transmitting the default message from the controller to the server. 
     
     
         19 . A system for protecting a module included within a vehicle from unauthorized updates, the module being configured to facilitate a vehicle related operation according to a corresponding plurality of non-transitory computer-readable instructions stored on a memory, the system comprising:
 a remote controller physically disconnected from the vehicle, the remote controller configured to wirelessly transmit a protection instruction sufficient for identifying one or more authorized updates for the module and whether unauthorized updates of the module are to be thwarted according to an active mode; and   a local controller physically connected to a controller area network (CAN) shared with the module, the local controller configured to wirelessly receive the protection instructions from the remote controller and includes a non-transitory computer-readable medium having a plurality of non-transitory instructions, which when executed with a processor associated therewith, sufficient to:   i) determine whether a programming requested by a client connected to the CAN for the purposes of updating the module is one of the authorized updates; and   ii) transmit a default message to the module over the CAN after the module receives a programming request from the client for the programming when the programming is unauthorized and to be thwarted according to the active mode, the default message causing the module to return to a default session or other state sufficient to cease further processing of the programming requested by the client prior to a memory associated therewith being overwritten as a function thereof.   
     
     
         20 . The system of  claim 19  wherein the non-transitory instructions are sufficient to:
 log parameters associated with the programming at least when unauthorized; 
 wirelessly transmit the parameters to the remote controller within a report having the parameters; 
 determining the programming requested by the client from processing of a request message transmitted over the CAN from the client to the module; and 
 determining whether the programming is one of the authorized updates without interrupting transmission of the request message over the CAN from the client to the module.

Cited by (0)

No later patents cite this yet.

References (0)

No backward citations on record.