公开(公告)号：US10680847B2

公开(公告)日：2020-06-09

申请号：US15398815

申请日：2017-01-05

Applicant: Panasonic Intellectual Property Corporation of America

Inventor： Yoshihiro Ujiie ,  Hideki Matsushima ,  Toshihisa Nakano ,  Tohru Wakabayashi ,  Hiroshi Amano ,  Tomoyuki Haga ,  Takeshi Kishikawa

IPC: H04L12/40 ,  H04L29/06 ,  H04L12/46 ,  H04B1/3822 ,  H04L12/66

Abstract: A gateway device for a vehicle network system, the vehicle network system including a bus, a first electronic control unit connected to the bus, and the gateway device connected to the bus. The gateway device comprising: one or more memories; and circuitry which, in operation, performs operations including: receiving a first frame transmitted to the bus by the first electronic control unit; when the first frame is received, including first control information in a second frame, the second frame including information based on content of the first frame, the first control information related to a restriction on processing, the restriction on processing being after a reception of the second frame; and transmitting the second frame to the bus.

公开(公告)号：US10462226B2

公开(公告)日：2019-10-29

申请号：US16170451

申请日：2018-10-25

Applicant: PANASONIC INTELLECTUAL PROPERTY CORPORATION OF AMERICA

Inventor： Takeshi Kishikawa ,  Hideki Matsushima ,  Tomoyuki Haga ,  Manabu Maeda ,  Yuji Unagami ,  Yoshihiro Ujiie

IPC: H04L29/06 ,  H04L9/32 ,  G06F7/04 ,  G06F17/00 ,  H04L29/08 ,  B60R16/023

Abstract: A fraud detection method for use in an in-vehicle network system including a plurality of electronic control units that communicate with one another via an in-vehicle network is provided. The method includes receiving at least one data frame sent to the in-vehicle network, verifying a specific identifier in the received data frame only when the received data frame is event-driven data and a state of a vehicle having the in-vehicle network system mounted therein is a predetermined state, detecting the received data frame as an authenticated data frame when the verifying is successful, and detecting the received data frame as a fraudulent data frame when the verifying fails. The predetermined state of the vehicle is the vehicle traveling.

公开(公告)号：US10277598B2

公开(公告)日：2019-04-30

申请号：US15209882

申请日：2016-07-14

Applicant: Panasonic Intellectual Property Corporation of America

Inventor： Takeshi Kishikawa ,  Hideki Matsushima ,  Tomoyuki Haga ,  Yoshihiro Ujiie ,  Yuji Unagami

IPC: H04L12/26 ,  H04L29/06 ,  H04L12/40 ,  B60R16/023 ,  H04W4/02

Abstract: A method for dealing with unauthorized frames that makes it possible to take appropriate measures when an unauthorized data frame is detected in a vehicle network system is provided. A plurality of ECUs in the vehicle network system are connected to a bus used for communicating frames. In the method for dealing with unauthorized frames, if a misuse detection ECU that checks a frame appearing in the bus detects an unauthorized frame that does not comply with a certain rule and a certain prevention condition is satisfied, a process for preventing the plurality of ECUs from performing a process corresponding to the unauthorized frame is performed (an error frame is transmitted) or, if the certain prevention condition is not satisfied, the process is not performed.

公开(公告)号：US12135783B2

公开(公告)日：2024-11-05

申请号：US18120749

申请日：2023-03-13

Applicant: PANASONIC INTELLECTUAL PROPERTY CORPORATION OF AMERICA

Inventor： Yoshihiro Ujiie ,  Hideki Matsushima ,  Tomoyuki Haga ,  Yuji Unagami ,  Takeshi Kishikawa

IPC: G06F21/55 ,  B60R16/02 ,  B60R16/023 ,  B60R25/30 ,  G06F13/36 ,  H04L9/40 ,  H04L12/28 ,  H04L12/40

Abstract: A method used in an on-board network system, having electronic controllers that exchange messages and a fraud-detecting electronic controller. The method includes receiving an inquiry for a vehicle status indicating whether a vehicle in which the fraud-detecting electronic controller is installed is running from an external device, transmitting the vehicle status to the external device, and determining whether a message transmitted conforms to fraud detection rules. The method also includes receiving from the external device the delivery data, including updated fraud detection rules and network type information indicating a network type that the updated fraud detection rules are to be applied. The method further includes determining whether the vehicle is running, and whether the network type information indicates a drive network that is connected to an electronic controller related to travel of the vehicle. When the network type information does not indicate the drive network, updating the fraud detection rules.

公开(公告)号：US12107876B2

公开(公告)日：2024-10-01

申请号：US17665218

申请日：2022-02-04

Applicant: Panasonic Intellectual Property Corporation of America

Inventor： Takeshi Kishikawa ,  Ryo Hirano ,  Tomoyuki Haga ,  Yoshihiro Ujiie

IPC: H04L9/40

CPC classification number: H04L63/1425 ,  H04L63/02 ,  H04L63/145

Abstract: The control network system is connected to electronic control unit(s) and a communication device, and includes security sensor(s) that transmits a security alert indicating that an indication of a security breach is detected to the network, if the indication is detected in at least one of the network, the electronic control unit(s), or the communication device. The intrusion path analysis device includes: an alert obtainer that obtains the security alert from the security sensor(s); an event obtainer that obtains an event history of an event that occurs in the control network system; and an intrusion path analyzer that performs an analysis on an intrusion path of an attack on the basis of the security alert, the event history, and an intrusion depth indicating an intrusion level to be assumed in a case the security alert occurs, and that outputs a result of the analysis.

公开(公告)号：US12028353B2

公开(公告)日：2024-07-02

申请号：US17211211

申请日：2021-03-24

Applicant: Panasonic Intellectual Property Corporation of America

Inventor： Tomoyuki Haga ,  Takamitsu Sasaki ,  Hajime Tasaki ,  Hideki Matsushima

IPC: H04L9/40 ,  G06F21/57 ,  H04W12/122

CPC classification number: H04L63/1416 ,  H04L63/1425

Abstract: A threat information analysis server includes: an update manager that manages update information indicating that function addition to an IoT device is performed; a threat information manager that stores threat information of a cyberattack; a risk level manager that manages risk level information defining a risk level of the IoT device; a related threat information manager that manages the threat information and related threat information associating the IoT device with the risk level; a risk level updater that associates the threat information and the risk level of the IoT device with each other and updates the related threat information, based on the update information; and an outputter that outputs the related threat information managed by the related threat information manager.

公开(公告)号：US11971978B2

公开(公告)日：2024-04-30

申请号：US17393713

申请日：2021-08-04

Applicant: PANASONIC INTELLECTUAL PROPERTY CORPORATION OF AMERICA

Inventor： Yoshihiro Ujiie ,  Masato Tanabe ,  Takeshi Kishikawa ,  Tomoyuki Haga ,  Hideki Matsushima

IPC: G06F21/00 ,  B60R16/023 ,  G06F13/42 ,  G06F21/44 ,  H04L9/40 ,  H04L12/40 ,  H04L29/06 ,  H04L67/12

CPC classification number: G06F21/44 ,  B60R16/0231 ,  G06F13/4208 ,  H04L12/40 ,  H04L63/123 ,  H04L2012/40215 ,  H04L67/12

Abstract: A vehicle network system employing a controller area network protocol includes a bus, a first electronic control unit, and a second electronic control unit. The first electronic control unit transmits, via the bus, at least one data frame including an identifier relating to data used for a calculation for obtaining a message authentication code indicating authenticity of transmission content. The second electronic control unit receives the at least one data frame transmitted vis the bus and verifies the message authentication code in accordance with the identifier included in the at least one data frame.

公开(公告)号：US11943243B2

公开(公告)日：2024-03-26

申请号：US17322371

申请日：2021-05-17

Applicant: Panasonic Intellectual Property Corporation of America

Inventor： Takamitsu Sasaki ,  Tomoyuki Haga ,  Daiki Tanaka ,  Makoto Yamada ,  Hisashi Kashima ,  Takeshi Kishikawa

IPC: G06F11/00 ,  G06F12/14 ,  G06F12/16 ,  G08B23/00 ,  H04L9/40 ,  H04L12/40

CPC classification number: H04L63/1425 ,  H04L12/40 ,  H04L63/1466 ,  H04L2012/40215 ,  H04L2463/142

Abstract: In an anomaly detection method that determines whether each frame in observation data constituted by a collection of frames sent and received over a communication network system is anomalous, a difference between a data distribution of a feature amount extracted from the frame in the observation data and a data distribution for a collection of frames sent and received over the communication network system, obtained at a different timing from the observation data, is calculated. A frame having a feature amount for which the difference is predetermined value or higher is determined to be an anomalous frame. An anomaly contribution level of feature amounts extracted from the frame determined to be an anomalous frame is calculated, and an anomalous payload part, which is at least one part of the payload corresponding to the feature amount for which the anomaly contribution level is at least the predetermined value, is output.

公开(公告)号：US11930021B2

公开(公告)日：2024-03-12

申请号：US17354213

申请日：2021-06-22

Applicant: Panasonic Intellectual Property Corporation of America

Inventor： Takeshi Kishikawa ,  Ryo Hirano ,  Yoshihiro Ujiie ,  Tomoyuki Haga

IPC: H04L9/40 ,  G06F21/55 ,  H04L67/12 ,  H04W4/48

CPC classification number: H04L63/1416 ,  H04L63/1466 ,  H04L63/20 ,  H04L67/12

Abstract: An unauthorized frame detection device that can keep an unauthorized ECU from spoofing as a legitimate server or client while suppressing an overhead during communication is provided. The unauthorized frame detection device includes a plurality of communication ports corresponding to the respective of networks, a communication controller, and an unauthorized frame detector. The plurality of communication ports are each connected to a corresponding predetermined network among the plurality of networks and each transmit or receive a frame via the predetermined network. The unauthorized frame detector determines whether an identifier of a service, a type of the service, and port information that are each included in the frame match a permission rule set in advance and outputs a result of the determination.

公开(公告)号：US11636201B2

公开(公告)日：2023-04-25

申请号：US17132824

申请日：2020-12-23

Applicant: PANASONIC INTELLECTUAL PROPERTY CORPORATION OF AMERICA

Inventor： Yoshihiro Ujiie ,  Hideki Matsushima ,  Tomoyuki Haga ,  Yuji Unagami ,  Takeshi Kishikawa

IPC: G06F21/55 ,  B60R16/02 ,  B60R16/023 ,  H04L12/28 ,  H04L9/40 ,  G06F13/36

Abstract: A method used in an on-board network system, having electronic controllers that exchange messages and a fraud detecting electronic controller. The method includes determining whether a message transmitted conforms to fraud detection rules, and querying an external device whether there is delivery data for updating the fraud detection rules. When there is the delivery data for updating the fraud detection rules, receiving from an external device the delivery data, including updated fraud detection rules and network type information indicating a network type that the updated fraud detection rules are to be applied. The method also includes determining whether a vehicle in which the on-board network system is installed is running, and whether the network type information indicates a drive network that is connected to an electronic controller related to travel of the vehicle. When the network type information does not indicate the drive network, updating the fraud detection rules.