-
公开(公告)号:US11526602B2
公开(公告)日:2022-12-13
申请号:US16757672
申请日:2018-12-04
申请人: AUDI AG
发明人: Markus Klein , Kamil Zawadzki , Changsup Ahn , Hans Georg Gruber , Jürgen Lerzer , Christoph Dalke
摘要: A data-processing device includes a computing unit and an interface unit using a packet-based communication protocol, in particular PCI Express. The data-processing device also includes an intrusion detection unit that is connected via a signal connection to a filter device of the interface unit, and/or to a secure element, in the form of a Trusted Execution Environment, of an authentication arrangement related to the communication protocol. The intrusion detection unit evaluates input signals received via the signal connection for a rule infringement in a set of intrusion detection rules The filter device, at least part of which is hardware, is designed to forward only the communication data meeting an approval condition from the interface unit to an additional component of the data-processing device according to configuration information predetermined in the data-processing device and containing the approval condition. At least one intrusion detection rule relates to the infringement of the approval condition and/or to an authentication error.
-
公开(公告)号:US11582189B2
公开(公告)日:2023-02-14
申请号:US16632611
申请日:2018-08-22
申请人: Audi AG
发明人: Changsup Ahn , Kamil Zawadzki , Markus Klein , Hans Georg Gruber
摘要: A method for filtering communication data arriving from a communication partner via a communication connection, which provides access to at least one storage means of a receiving data processing device having at least one computation unit, in the data processing device, wherein PCI Express, in an interface unit, receiving the communication data, of the data processing device, a filter means, at least part of which is embodied as hardware, is used so that, according to configuration information, prescribed on the data processing device, containing at least one approval condition that rates the at least one property of the useful data contained in the communication data, only the communication data meeting at least one approval condition are forwarded from the interface unit to at least one further component of the data processing device.
-
公开(公告)号:US11531788B2
公开(公告)日:2022-12-20
申请号:US16768137
申请日:2019-04-18
申请人: AUDI AG
发明人: Markus Klein , Kamil Zawadzki , Changsup Ahn , Tim Krämer , Mathias Bösl
IPC分类号: G06F21/85 , G06F3/0354 , G06F3/041 , H04L9/32
摘要: An approach for operating at least one touch-sensitive, flat input device of a complete device, the input device being connected via a message-based bus connection to a control device of the complete device, and messages containing touch datasets describing touch data events being transmitted to the control device, which evaluates the messages for input information for an application program implemented by the control device, wherein when a security function in the control device that queries sensitive input information is accessed, the touch datasets are transmitted from the input device to the control apparatus via the bus connection in encrypted form until the associated input process has ended.
-
公开(公告)号:US11783093B2
公开(公告)日:2023-10-10
申请号:US16652553
申请日:2018-10-16
申请人: Audi AG
发明人: Markus Klein , Kamil Zawadzki , Changsup Ahn , Hans Georg Gruber
CPC分类号: G06F21/76 , G06F21/554 , G06F2221/034
摘要: Single-chip system, having multiple computing units, in particular computer cores and/or CPUs, at least one input/output unit, a memory unit, and an input/output control unit that coordinates the communication between the computing units and the at least one input/output unit, wherein the single-chip system further has an attack detection unit, produced as hardware, that is connected by means of a hardware signal connection to at least the input/output control unit as a component of the single-chip system and evaluates input signals received from the input/output control unit for a rule infringement in a set of attack detection rules, which rule infringement needs to be logged and/or responded to with at least one measure.
-
公开(公告)号:US11244082B2
公开(公告)日:2022-02-08
申请号:US16762732
申请日:2018-11-19
申请人: Audi AG
发明人: Markus Klein , Kamil Zawadzki , Changsup Ahn , Hans Georg Gruber
摘要: The present disclosure relates to a one-chip system for a control device of a vehicle with at least one bus, at least one control unit connected to the at least one bus for controlling a peripheral device assigned to the at least one control unit and several processors connected to the at least one bus.
-
公开(公告)号:US10783242B2
公开(公告)日:2020-09-22
申请号:US16609104
申请日:2018-10-17
申请人: AUDI AG
发明人: Markus Klein , Kamil Zawadzki , Changsup Ahn , Hans-Georg Gruber
摘要: The disclosure relates to a method for protecting an operating system of a security system, which is stored in a working memory of a control device of a vehicle, against irregular modification.
-
7.发明授权公开(公告)号:US11902300B2
公开(公告)日:2024-02-13
申请号:US17291952
申请日:2019-11-25
申请人: AUDI AG
CPC分类号: H04L63/1416 , H04L12/40 , H04L63/08 , H04L67/12
摘要: An approach for monitoring a data transmission system that uses a data transmission means such as a vehicle bus or a vehicle network of a motor vehicle. This system includes a monitoring device that transmits a request message to a transmitting device and to a receiving device. The transmitting device generates a particular transmitter response on the basis of the request message, where the transmitter response is transmitted to the monitoring device. The receiving device generates a particular receiver response on the basis of the request message, where the receiver response is transmitted to the monitoring device. The monitoring device receives the transmitter response and the receiver response and checks compliance with a trigger condition which depends on the transmitter response and the receiver response, the compliance of which indicates an event relevant to monitoring.
-
公开(公告)号:US11212118B2
公开(公告)日:2021-12-28
申请号:US16627622
申请日:2018-06-18
申请人: AUDI AG
发明人: Markus Klein , Kamil Zawadzki , Changsup Ahn , Michael Schmailzl
摘要: The application relates to a method for checking the data transport across a first communication connection between two data processing devices, said first communication connection being realized between two first interface units, wherein the payload to be transferred can be divided into payload blocks and there is at least one second communication connection between the data processing devices, which is established by means of second interface units, and wherein, in order to implement a challenge-response authentication, a request requiring retrieval of randomly selected data units from identifiable, randomly selected payload blocks of the payload is sent as a challenge by an authentication unit to the first interface units by means of the second communication connection, an authentication assembly of each of the first interface units extracts the requested response data from the payload and transmits the same back to the authentication unit and a successful check is determined if the response data match.
-
公开(公告)号:US10949552B2
公开(公告)日:2021-03-16
申请号:US16605149
申请日:2018-07-05
申请人: AUDI AG
发明人: Changsup Ahn , Kamil Zawadzki , Markus Klein , Hans-Georg Gruber
摘要: An apparatus includes an authentication arrangement for a communication connection, using a communication protocol, between two data processing devices of the apparatus. The data processing devices each have an interface unit for the communication connection and a computation unit. The interface units each have an encryption/decryption device, where the encryption/decryption device is at least partially produced by hardware for encrypting at least some of the user data to be transmitted via the communication connection as part of the authentication arrangement. The encryption/decryption device can be applied in a communication layer of the communication protocol to the user data prepared for the physical user data transmission or to the physically received user data. Each data processing device has a security unit, implemented as dedicated hardware that the computation unit cannot access and/or in a manner logically isolated from the computation unit. The security unit produces a trusted execution environment, of the authentication arrangement with a hardware-encoded key information, on the basis of which the user data are encrypted by the encryption/decryption device.
-
-
-
-
-
-
-
-
搜索结果
9 条记录 (耗时 0.014 秒)
