公开(公告)号：US11356475B2

公开(公告)日：2022-06-07

申请号：US16255697

申请日：2019-01-23

Applicant: Panasonic Intellectual Property Corporation of America

Inventor： Yoshihiro Ujiie ,  Jun Anzai ,  Hideki Matsushima ,  Tomoyuki Haga

IPC: H04L9/40 ,  H04L12/40 ,  H04W4/40

Abstract: A frame transmission prevention apparatus connected to a network of a network system including a plurality of electronic control units communicating with one another via the network is provided. The apparatus includes a processor and a memory. The memory includes at least one set of instructions that causes the processor to perform processes when executed by the processor. The processes include receiving a first frame from the network and switching whether to perform a first process for preventing transmission of the first frame on the basis of management information indicating whether prevention of transmission of a frame is permitted if the first frame satisfies a first condition.

公开(公告)号：US10977373B2

公开(公告)日：2021-04-13

申请号：US15922970

申请日：2018-03-16

Applicant: Panasonic Intellectual Property Corporation of America

Inventor： Toshihisa Nakano ,  Jun Anzai ,  Tohru Wakabayashi ,  Kimio Minami

IPC: G06F21/00 ,  G06F21/57 ,  B60R16/023 ,  B60R16/02 ,  G06F21/85 ,  G06F21/56

Abstract: An evaluation device for evaluating security of an electronic control system in which a plurality of electronic control units are connected to a bus used for communication includes a recording medium that holds attack procedure information indicative of contents and a transmission order of a plurality of frames, a transmitter that transmits the plurality of frames to the bus in the transmission order indicated by the attack procedure information, a monitor that monitors an actuator unit controlled by any of the plurality of electronic control units, and an evaluator that makes the evaluation on basis of a monitoring result obtained by the monitor when the transmitter transmits the plurality of frames to the bus.

公开(公告)号：US20180167360A1

公开(公告)日：2018-06-14

申请号：US15880769

申请日：2018-01-26

Applicant: Panasonic Intellectual Property Corporation of America

Inventor： Manabu Maeda ,  Jun Anzai ,  Yoshihiro Ujiie ,  Masato Tanabe ,  Takeshi Kishikawa

IPC: H04L29/06 ,  B60R16/023

CPC classification number: H04L63/0209 ,  B60R16/023 ,  G06F21/55 ,  G06F21/85 ,  H04L9/36 ,  H04L12/28 ,  H04L12/40006 ,  H04L63/0245 ,  H04L63/14 ,  H04L63/1441 ,  H04L67/12

Abstract: A gateway serving as a security apparatus connected to one or a plurality of buses includes a receiver that receives a frame from a bus, a parameter storage that stores an examination parameter defining a content of an examination of the frame, an updater configured to, in a case where a predetermined condition is satisfied for the frame received by the receiver, update the examination parameter stored in the parameter storage, and an examiner that performs an examination, based on the examination parameter stored in the parameter storage, in terms of judgment of whether or not the frame received by the receiver is an attack frame.

公开(公告)号：US12169708B2

公开(公告)日：2024-12-17

申请号：US18495971

申请日：2023-10-27

Applicant: PANASONIC INTELLECTUAL PROPERTY CORPORATION OF AMERICA

Inventor： Yoshihiro Ujiie ,  Hideki Matsushima ,  Jun Anzai ,  Toshihisa Nakano ,  Tomoyuki Haga ,  Manabu Maeda ,  Takeshi Kishikawa

IPC: G06F8/65 ,  B60R16/02 ,  B60R16/023 ,  G06F8/654 ,  G06F11/00 ,  G06F11/14 ,  G06F21/64 ,  H04L12/40 ,  H04L12/46 ,  H04L67/00 ,  H04L67/12 ,  H04W4/48

Abstract: A gateway device is connected to a plurality of electronic controllers on-board a vehicle. The gateway device acquires firmware update information, which includes at least a part of updated firmware to be applied to a first electronic controller, patch data, and information indicating where to apply the patch data. When the gateway device determines that the first electronic controller does not include a firmware cache for performing a pre-update firmware cache operation, the gateway device executes a proxy process. In this regard, the gateway device requests the first electronic controller to transmit boot ROM data to the gateway device, merges the patch data and existing firmware to create updated boot ROM data with updated firmware, and transmits the updated boot ROM data to the first electronic controller that updates the boot ROM data and resets the first electronic controller with the updated firmware.

公开(公告)号：US11949705B2

公开(公告)日：2024-04-02

申请号：US18150898

申请日：2023-01-06

Applicant: Panasonic Intellectual Property Corporation of America

Inventor： Tomoyuki Haga ,  Hideki Matsushima ,  Manabu Maeda ,  Yoshihiro Ujiie ,  Takeshi Kishikawa ,  Junichi Tsurumi ,  Jun Anzai

IPC: G06F21/00 ,  G07C5/08 ,  H04L9/40 ,  H04L12/40 ,  H04L67/12 ,  H04W4/40 ,  H04W4/44 ,  H04W4/08

CPC classification number: H04L63/1425 ,  G07C5/0808 ,  H04L12/40 ,  H04L63/1441 ,  H04L67/12 ,  H04W4/40 ,  H04W4/44 ,  H04L2012/40215 ,  H04L2012/40273 ,  H04W4/08

Abstract: An anomaly detection server is provided. The anomaly detection server is a server for counteracting an anomalous frame transmitted on an on-board network of a single vehicle. The anomaly detection server acquires information about multiple frames received on one or multiple on-board networks of one or multiple vehicles, including the single vehicle. The anomaly detection server, acting as an assessment unit that, based on the information about the multiple frames and information about a frame received on the on-board network of the single vehicle after the acquisition of the information about the multiple frames, assesses an anomaly level of the frame received on the on-board network of the single vehicle.

公开(公告)号：US11943233B2

公开(公告)日：2024-03-26

申请号：US17559749

申请日：2021-12-22

Applicant: PANASONIC INTELLECTUAL PROPERTY CORPORATION OF AMERICA

Inventor： Yoshihiro Ujiie ,  Jun Anzai ,  Yoshihiko Kitamura ,  Masato Tanabe ,  Hideki Matsushima ,  Tomoyuki Haga ,  Takeshi Kishikawa ,  Ryota Sugiyama

IPC: H04L29/00 ,  B60R16/023 ,  H04L9/40 ,  H04L12/40 ,  H04L67/12

CPC classification number: H04L63/123 ,  B60R16/023 ,  H04L12/40 ,  H04L63/08 ,  H04L63/102 ,  H04L63/20 ,  H04L67/12 ,  H04L2012/40215 ,  H04L2012/40273

Abstract: An electronic control unit is connected to a network in an in-vehicle network system. The electronic control unit includes a first control circuit and a second control circuit. The first control circuit is connected to the network via the second control circuit. The second control circuit performs a first determination process on a frame to determine conformity of the frame with a first rule. Upon determining that the frame conforms to the first rule, the second control circuit transmits the frame to the first control circuit. The first control circuit performs a second determination process on the frame to determine conformity of the frame with a second rule. The second rule is different from the first rule.

公开(公告)号：US11842185B2

公开(公告)日：2023-12-12

申请号：US18095185

申请日：2023-01-10

Applicant: PANASONIC INTELLECTUAL PROPERTY CORPORATION OF AMERICA

Inventor： Yoshihiro Ujiie ,  Hideki Matsushima ,  Jun Anzai ,  Toshihisa Nakano ,  Tomoyuki Haga ,  Manabu Maeda ,  Takeshi Kishikawa

IPC: G06F8/65 ,  G06F8/654 ,  B60R16/02 ,  B60R16/023 ,  G06F11/00 ,  G06F11/14 ,  H04L12/40 ,  H04L12/46 ,  H04W4/48 ,  G06F21/04 ,  H04L67/12 ,  H04L67/00 ,  G06F21/64

CPC classification number: G06F8/65 ,  B60R16/02 ,  B60R16/023 ,  G06F8/654 ,  G06F11/00 ,  G06F11/1433 ,  H04L12/40006 ,  H04L12/4625 ,  G06F21/64 ,  H04L67/12 ,  H04L67/34 ,  H04W4/48

Abstract: A gateway device is connected via network(s) to electronic controllers on-board a vehicle, where at least one of the electronic controllers is implemented in a virtual machine. The gateway device includes one or more memories, and circuitry that acquires firmware update information. The circuitry determines whether a first electronic controller satisfies a second condition based on second information, which is whether the first electronic controller includes a firmware cache for performing a pre-update firmware cache operation. The circuitry also causes, when the second condition is not satisfied, the gateway device to execute a proxy process, where the gateway device requests the first electronic controller to transmit boot ROM data to the gateway device, creates updated boot ROM data with the updated firmware, and transmits the updated boot ROM data to the first electronic controller that updates the boot ROM and resets the first electronic controller with the updated firmware.

公开(公告)号：US11336618B2

公开(公告)日：2022-05-17

申请号：US17152286

申请日：2021-01-19

Applicant: PANASONIC INTELLECTUAL PROPERTY CORPORATION OF AMERICA

Inventor： Manabu Maeda ,  Jun Anzai ,  Yoshihiro Ujiie ,  Masato Tanabe ,  Takeshi Kishikawa

IPC: H04L29/06 ,  B60R16/023 ,  G06F21/55 ,  H04L12/28 ,  H04L12/40 ,  G06F21/85 ,  H04L9/36 ,  H04L67/12

Abstract: A security apparatus includes a receiver that receives a frame front at least one network, a parameter storage that stores at least one examination parameter defining a content of an examination on a frame, and processing circuitry that performs operations. The operations include judging whether a predetermined condition is satisfied for the frame received by the receiver. When the predetermined condition is satisfied, updating the stored at least one examination parameter, and when the predetermined condition is not satisfied, not updating the stored at least one examination parameter. The operations also include executing an examination, based on the stored at least one examination parameter, as to whether the frame received by the receiver is an attack frame, and performing a process depending on a result of the execution of the examination such that an influence of an attack frame on at least one electronic control unit is suppressed.

公开(公告)号：US11283601B2

公开(公告)日：2022-03-22

申请号：US16820428

申请日：2020-03-16

Applicant: PANASONIC INTELLECTUAL PROPERTY CORPORATION OF AMERICA

Inventor： Tomoyuki Haga ,  Hideki Matsushima ,  Manabu Maeda ,  Yuji Unagami ,  Jun Anzai

IPC: H04L29/06 ,  H04L9/08 ,  G06F8/654 ,  G06F21/62 ,  G06F21/57 ,  G06F21/44 ,  B60R16/023 ,  G06F8/65 ,  H04L67/12

Abstract: An update management method is used in an onboard network system having a plurality of electronic control units (ECUs) that performs communication via a network and connects to an external tool. The method includes a master ECU storing a shared key and an expiration date of the shared key. When the master ECU receives an update message, verifying update authority information indicating authority of the external tool, and determining whether or not a transmission of the update message is within a range of an authority of the external tool. The method also includes acquiring external point-in-time information, determining whether or not the external point-in-time information is before the expiration date, and transmitting an alert message prompting an update of the shared key. The ECUs are prioritized according to a designated level of authority, including chassis-related functions, body-related functions, safety/comfort functions, and telematics/infotainment functions.

公开(公告)号：US11240253B2

公开(公告)日：2022-02-01

申请号：US15930093

申请日：2020-05-12

Applicant: PANASONIC INTELLECTUAL PROPERTY CORPORATION OF AMERICA

Inventor： Yoshihiro Ujiie ,  Jun Anzai ,  Yoshihiko Kitamura ,  Masato Tanabe ,  Hideki Matsushima ,  Tomoyuki Haga ,  Takeshi Kishikawa ,  Ryota Sugiyama

IPC: H04L29/00 ,  H04L29/06 ,  H04L29/08 ,  H04L12/40 ,  B60R16/023

Abstract: An electronic control unit is connected to a network in an in-vehicle network system. The electronic control unit includes a first control circuit and a second control circuit. The first control circuit is connected to the network via the second control circuit. The second control circuit performs a first determination process on a frame to determine conformity of the frame with a first rule. Upon determining that the frame conforms to the first rule, the second control circuit transmits the frame to the first control circuit. The first control circuit performs a second determination process on the frame to determine conformity of the frame with a second rule. The second rule is different from the first rule.