公开(公告)号：US20200334548A1

公开(公告)日：2020-10-22

申请号：US16843731

申请日：2020-04-08

Applicant: NXP B.V.

Inventor： Christian Herber ,  Thierry G. C. Walrant

IPC: G06N5/02 ,  H04L12/715 ,  H04L12/741 ,  H04L12/801 ,  H04L12/863 ,  H04L29/06 ,  B60W50/14

Abstract: A network node comprising: a message handling module configured to control the sending of messages to one or more output ports of the network node based on a rule set stored at the network node, the rule set comprising one or more rules; a communication module configured to receive at least one update to the rule set from a controller node, separate from the network node, for changing the rule set; a supervisor module configured to verify that the changes to the rule set instructed by the update comply with at least a first set of rule-compliance-criteria and, if so, the network node is configured to modify the rule set to implement the changes of the update and, if not, the network node is configured not to implement the changes to the rule set.

公开(公告)号：US10764046B2

公开(公告)日：2020-09-01

申请号：US15839667

申请日：2017-12-12

Applicant: NXP B.V.

Inventor： Thierry G. C. Walrant

IPC: H04L9/08 ,  H04L9/32 ,  H04L29/06 ,  H04W12/06 ,  H04W12/12 ,  H04L12/40 ,  H04L9/30

Abstract: A network node and a method of updating and distributing secret keys in a distributed network is suggested. The network comprises a plurality of nodes connected to a shared medium of the distributed network. Each node of the plurality of nodes is member of at least one group of a plurality of groups. Each group is associated with a secret group key. Each node of the plurality of nodes stores only the one or more secret group keys, of which it is member. A first node of the plurality of nodes generates an authenticated update key request. The authenticated update key request comprises an indication of a membership, of which the first node is member. The first node broadcasts the authenticated update key request on the shared medium of the distributed network. Each remaining nodes of the plurality of nodes receives the authenticated key update.

公开(公告)号：US10608822B2

公开(公告)日：2020-03-31

申请号：US15497419

申请日：2017-04-26

Applicant: NXP B.V.

Inventor： Florian Boehl ,  Simon Johann Friedberger ,  Thierry G. C. Walrant

IPC: H04L9/32 ,  H04L9/06 ,  H04L9/14 ,  H04L29/06

Abstract: A method of computing a message authentication code (MAC) for a message having a common part and an independent part using a constrained processor, including: performing a MAC function on the common part of the message using a first secret key to produce a first output; performing a pseudorandom function on the independent part of the message using a second key to produce a second output, wherein the computation time of the pseudorandom function is significantly less than the computation time of the MAC function; and combining the first output and the second output to produce a computed MAC for the message.

公开(公告)号：US20190123906A1

公开(公告)日：2019-04-25

申请号：US15790612

申请日：2017-10-23

Applicant: NXP B.V.

Inventor： Thierry G. C. Walrant

IPC: H04L9/32 ,  H04L9/06 ,  H04L9/14

CPC classification number: H04L9/3226 ,  H04L9/0631 ,  H04L9/14 ,  H04L9/3242

Abstract: A method is provided for authenticating a log message in a distributed network having a plurality of nodes coupled to a serial bus. In the method, a log session is started by a first device at a first node of the plurality of nodes. A first counter value is provided by the first device to the serial bus. A log message is generated by a second device at a second node of the plurality of nodes. A second counter value is generated by the second device. A log message payload is generated for the log message, wherein the log message payload includes a log message authentication code. A computation of the log message authentication code includes the first counter value and the second counter value. The second device does not store the first counter value in a non-volatile memory on the second device.

公开(公告)号：US12261716B2

公开(公告)日：2025-03-25

申请号：US18461312

申请日：2023-09-05

Applicant: NXP B.V.

Inventor： Thierry G. C. Walrant ,  Georg Olma ,  Karthik Sivaramakrishnan

IPC: H04L12/40

Abstract: The present disclosure relates to a Controller Area Network (CAN) system including: a CAN device and a monitoring device. The CAN device includes a transmit data (TXD) interface, a transmitter, a CAN BUS interface, and a control unit. The control unit reads out an identifier from a TXD message and compares the identifier with a reference tag. The CAN device generates a CAN BUS signal based on the TXD message at the CAN BUS interface. The control unit, if the comparison indicates that the identifier does not correspond to the reference tag, invalidates a representation of the TXD message by the CAN BUS signal and temporarily prevents another CAN BUS signal from being generated by the CAN device at the CAN BUS interface. The monitoring device receives an instruction message over a CAN BUS network and, in response, tests for reachability other CAN devices on the CAN BUS network.

公开(公告)号：US20230198799A1

公开(公告)日：2023-06-22

申请号：US18066018

申请日：2022-12-14

Applicant: NXP B.V.

Inventor： Rolf van de Burgt ,  Bernd Uwe Gerhard Elend ,  Thierry G. C. Walrant ,  Dennis aan de Stegge

IPC: H04L12/40

CPC classification number: H04L12/40 ,  H04L2012/40215

Abstract: An apparatus for a CAN transceiver configured to couple to a CAN bus and generate receive-data based on signals therefrom and generate signals on the CAN bus in response to transmit-data received from a CAN controller, wherein the apparatus is configured to: receive the receive-data comprising a plurality of bits; and for each of one or more bits of the receive-data, sample at a respective sample time to determine a respective value of each of the one or more bits; and with an edge detector determine, during a respective edge detector window, the occurrence of an edge in the receive-data and generate metadata indicative thereof, wherein the edge detector window comprises a period of time that includes the sample time; and wherein the apparatus is configured to determine whether transmit-data is compliant with one or more rules based on the respective values and the metadata.

公开(公告)号：US11676045B2

公开(公告)日：2023-06-13

申请号：US16843731

申请日：2020-04-08

Applicant: NXP B.V.

Inventor： Christian Herber ,  Thierry G. C. Walrant

IPC: G06N5/025 ,  B60W50/14 ,  H04L45/64 ,  H04L45/74 ,  H04L47/10 ,  H04L47/50 ,  H04L9/40

CPC classification number: G06N5/025 ,  B60W50/14 ,  H04L45/64 ,  H04L45/74 ,  H04L47/10 ,  H04L47/50 ,  H04L63/04

Abstract: A network node comprising:



a message handling module configured to control the sending of messages to one or more output ports of the network node based on a rule set stored at the network node, the rule set comprising one or more rules;
a communication module configured to receive at least one update to the rule set from a controller node, separate from the network node, for changing the rule set;
a supervisor module configured to verify that the changes to the rule set instructed by the update comply with at least a first set of rule-compliance-criteria and, if so, the network node is configured to modify the rule set to implement the changes of the update and, if not, the network node is configured not to implement the changes to the rule set.

公开(公告)号：US11431439B1

公开(公告)日：2022-08-30

申请号：US17301713

申请日：2021-04-12

Applicant: NXP B.V.

Inventor： Bernd Uwe Gerhard Elend ,  Rolf van de Burgt ,  Franciscus Johannes Klösters ,  Thierry G. C. Walrant

IPC: H04L1/00

Abstract: A transceiver for sending and receiving data from a controller area network (CAN) bus is disclosed. The transceiver includes a microcontroller port, a transmitter and a receiver. The transceiver is configured to detect a CRC delimiter or an error signal in a CAN frame and after the detection, allow a microcontroller coupled with the microcontroller port to only send a predetermined data pattern until a bus idle is detected.

公开(公告)号：US20210400056A1

公开(公告)日：2021-12-23

申请号：US16905901

申请日：2020-06-18

Applicant: NXP B.V.

Inventor： Franciscus Johannes Klösters ,  Rolf van de Burgt ,  Thierry G. C. Walrant ,  Bernd Uwe Gerhard Elend

IPC: H04L29/06 ,  H04L12/417 ,  H04L12/40

Abstract: A transceiver for sending and receiving data from a controller area network (CAN) bus is disclosed. The transceiver includes a microcontroller port, a transmitter and a receiver. The transceiver is configured to receive a data frame from a microcontroller via the microcontroller port and to determine if the microcontroller is authorized to send the data frame or part of it based on a message identifier in the data frame and the outcome of the arbitration process. If the microcontroller is unauthorized to send the data, the transceiver is configured to invalidate the data frame and disconnect the microcontroller from the CAN bus for a predetermined period.

公开(公告)号：US10700860B2

公开(公告)日：2020-06-30

申请号：US15839860

申请日：2017-12-13

Applicant: NXP B.V.

Inventor： Thierry G. C. Walrant

IPC: H04L9/08 ,  H04L9/32 ,  H04L29/06 ,  H04W12/06 ,  H04W12/12 ,  H04L12/40 ,  H04L9/30

Abstract: According to an example, a method and a secure element legitimacy verification of a node in a distributed network is provided. The distributed network comprises a plurality of nodes and a secure element, which are connected to a shared medium of the distributed network. Each of the plurality of nodes is provisioned with an identity certificate comprising a serial number. Each serial number is specific to the respective node. The secure element receives from one of the plurality of nodes a request for legitimacy verification including the serial number. The secure element compares the serial number included in the received request with a plurality of serial numbers comprises in a whitelist maintained at the secure element. The secure element transmits back to the requesting node a request response comprising an indication whether or not the serial number is comprised in the whitelist.