公开(公告)号：US09282110B2

公开(公告)日：2016-03-08

申请号：US14091435

申请日：2013-11-27

Applicant: Cisco Technology, Inc.

Inventor： Tao Zhang ,  Helder Antunes ,  Siddhartha Aggarwal ,  Chintankumar Patel

IPC: G06F21/00 ,  H04L29/06 ,  G06F21/51 ,  G06F21/56 ,  H04W12/12 ,  H04L29/08

CPC classification number: H04L63/1408 ,  B60R25/00 ,  G06F21/51 ,  G06F21/564 ,  H04L9/3247 ,  H04L63/1416 ,  H04L63/1433 ,  H04L63/145 ,  H04L67/12 ,  H04L67/2861 ,  H04L2209/84 ,  H04W12/08 ,  H04W12/12

Abstract: In an example embodiment herein, there is provided methods and a system for cloud-assisted threat defense for connected vehicles. A vehicle suitably includes an on-board computer system for operating and/or controlling various systems on the vehicle. The on-board computer system suitably operates in connection with or includes an on-board threat defense module for detecting and protecting against malware attacks and other security threats to the vehicle. In an example embodiment, a cloud-based security component or security cloud assists with the detection and protection against security threats and malware attacks to the vehicle while minimizing the processing load and memory requirements for the on-board threat defense module.

Abstract translation: 在这里的示例性实施例中，提供了用于连接的车辆的云辅助威胁防御的方法和系统。 车辆适当地包括用于在车辆上操作和/或控制各种系统的车载计算机系统。 车载计算机系统适当地与车载威胁防御模块相关或包括用于检测和防止恶意软件攻击和对车辆的其他安全威胁的操作。 在示例实施例中，基于云的安全组件或安全云有助于检测和保护以防止对车辆的安全威胁和恶意软件攻击，同时最小化车载威胁防御模块的处理负载和存储器要求。

公开(公告)号：US20160072781A1

公开(公告)日：2016-03-10

申请号：US14482052

申请日：2014-09-10

Applicant: Cisco Technology, Inc

Inventor： Tao ZHANG ,  Helder Antunes ,  Aaron Lung ,  Chintan Patel ,  Ajith Thrivikramannair ,  Akshay Singhal

IPC: H04L29/06 ,  H04L29/08

CPC classification number: H04L63/08 ,  H04L9/0833 ,  H04L63/0464 ,  H04L63/065 ,  H04L63/104 ,  H04L63/105 ,  H04L67/1044 ,  H04L67/28 ,  H04L2209/84

Abstract: A gateway apparatus supports differentiated secure communications among heterogeneous electronic devices. A communication port communicates via communication networks of different types with two or more associated devices having diverse secure communication capabilities. The gateway logic selectively authenticates the associated devices for group membership into a Secure Communication Group (SCG), and selectively communicates Secure Communication Group Keys (SCGKs) to the devices having the diverse secure communication capabilities for selectively generating session keys locally by the associated devices for mutual secure communication in accordance with the group membership of the associated devices in the SCG.

Abstract translation: 网关装置支持异构电子设备之间差异化的安全通信。 通信端口通过具有不同安全通信能力的两个或多个相关联的设备通过不同类型的通信网络进行通信。 网关逻辑选择性地认证相关联的设备以使组成员进入安全通信组（SCG），并且选择性地将安全通信组密钥（SCGK）传送到具有各种安全通信能力的设备，以便由相关设备本地选择性地生成会话密钥， 根据SCG中相关设备的组成员资格进行相互安全的通信。

公开(公告)号：US09532194B2

公开(公告)日：2016-12-27

申请号：US14273948

申请日：2014-05-09

Applicant: Cisco Technology, Inc.

Inventor： Tao Zhang ,  Helder Antunes ,  Chintan Patel ,  Mahbubul Alam

IPC: H04W72/00 ,  H04W4/12 ,  H04W64/00 ,  H04L29/08 ,  H04W28/26 ,  G08G1/16

CPC classification number: H04W4/12 ,  G08G1/163 ,  H04L67/12 ,  H04W28/26 ,  H04W64/006

Abstract: Apparatus, methods and logic for vehicles to determine vehicle to vehicle (V2V) safety message transmission rates for transmitting V2V safety messages based on how frequently the vehicles actually need to exchange safety messages, including factors such as vehicle velocities, distances among vehicles, and on how quickly the inter-vehicle distances are closing up. The determined V2V safety message transmission rates are selectively dynamically adjusted in accordance with detected significant changes in one or more of the inter-vehicle distances or inter-vehicle speeds. To avoid needless frequent changes to the transmission rate, statistical modeling techniques including hypothesis testing and sequential change detection are selectively used to more accurately detect significant changes in inter-vehicle distances or inter-vehicle speeds that warrant a change to the message transmission rate.

Abstract translation: 根据车辆实际需要交换安全信息的频率，确定车辆与车辆（V2V）安全信息传输速度的装置，方法和逻辑（V2V），用于传输V2V安全信息，包括车辆速度，车辆距离和 车辆间距离关闭多快。 所确定的V2V安全消息传输速率根据车辆间距离或车间速度中的一个或多个中检测到的显着变化而被选择性地动态地调节。 为了避免不必要地频繁地改变传输速率，选择性地使用包括假设测试和顺序改变检测在内的统计建模技术来更准确地检测车辆间距离或车辆间车辆速度的显着变化，这样可以改变消息传输速率。

公开(公告)号：US09344856B2

公开(公告)日：2016-05-17

申请号：US14154314

申请日：2014-01-14

Applicant: Cisco Technology, Inc.

Inventor： Tao Zhang ,  Douglas Chan ,  Helder Antunes

IPC: G06F11/00 ,  G06F12/14 ,  G06F12/16 ,  G08B23/00 ,  H04W4/04 ,  B60W30/09 ,  G08G1/16 ,  H04W12/10 ,  H04W4/22

CPC classification number: H04W4/046 ,  B60W30/09 ,  G08G1/163 ,  H04W4/90 ,  H04W12/10

Abstract: The trustworthiness of vehicle-to-vehicle (V2V) messages received from one or more associated vehicles in the vicinity of a subject vehicle is determined autonomously by a false signal detection system of the subject vehicle. Physical evidence relating to the associated vehicles is collected, and a statistical model is used to perform an analysis of the collected data. A V2V message is received by the system from a first one of the associated vehicles and a trustworthiness level of the message is determined in accordance with a correlation between the received V2V message and the result of the analyzed physical data relating to the first associated vehicle. The correlation may be a comparison of data contained in the received V2V message relative to a result of a stochastic analysis of the physical data. The received V2V message may be any V2V safety message including Emergency Electronic Brake Light (EEBL) messages.

Abstract translation: 从本车辆附近的一个或多个相关联的车辆接收到的车对车（V2V）消息的可靠性由本车辆的虚假信号检测系统自主确定。 收集与相关车辆有关的物证，采用统计模型对收集的数据进行分析。 系统从相关联的车辆中的第一个接收V2V消息，并且根据接收到的V2V消息和与第一关联车辆相关的分析的物理数据的结果之间的相关性来确定消息的可信赖级别。 相关性可以是与所接收的V2V消息中包含的数据相对于物理数据的随机分析的结果的比较。 所接收的V2V消息可以是包括紧急电子制动灯（EEBL）消息的任何V2V安全消息。

公开(公告)号：US09380044B2

公开(公告)日：2016-06-28

申请号：US14482052

申请日：2014-09-10

Applicant: Cisco Technology, Inc.

Inventor： Tao Zhang ,  Helder Antunes ,  Aaron Lung ,  Chintan Patel ,  Ajith Thrivikramannair ,  Akshay Singhal

IPC: H04L9/00 ,  H04L29/06 ,  H04L29/08

CPC classification number: H04L63/08 ,  H04L9/0833 ,  H04L63/0464 ,  H04L63/065 ,  H04L63/104 ,  H04L63/105 ,  H04L67/1044 ,  H04L67/28 ,  H04L2209/84

Abstract: A gateway apparatus supports differentiated secure communications among heterogeneous electronic devices. A communication port communicates via communication networks of different types with two or more associated devices having diverse secure communication capabilities. The gateway logic selectively authenticates the associated devices for group membership into a Secure Communication Group (SCG), and selectively communicates Secure Communication Group Keys (SCGKs) to the devices having the diverse secure communication capabilities for selectively generating session keys locally by the associated devices for mutual secure communication in accordance with the group membership of the associated devices in the SCG.

Abstract translation: 网关装置支持异构电子设备之间差异化的安全通信。 通信端口通过具有不同安全通信能力的两个或多个相关联的设备通过不同类型的通信网络进行通信。 网关逻辑选择性地认证相关联的设备以使组成员进入安全通信组（SCG），并且选择性地将安全通信组密钥（SCGK）传送到具有各种安全通信能力的设备，以便由相关设备本地选择性地生成会话密钥， 根据SCG中相关设备的组成员资格进行相互安全的通信。

公开(公告)号：US20150365389A1

公开(公告)日：2015-12-17

申请号：US14306440

申请日：2014-06-17

Applicant: Cisco Technology, Inc.

Inventor： Tao Zhang ,  Helder Antunes ,  Aaron Lung ,  Chintan Patel ,  Ajith Thrivikramannair ,  Akshay Singhal

IPC: H04L29/06 ,  H04L9/08

CPC classification number: H04L63/08 ,  H04L9/0833 ,  H04L9/0861 ,  H04L9/0891 ,  H04L9/321 ,  H04L63/0281 ,  H04L63/0869 ,  H04L63/0884 ,  H04L67/12 ,  H04L2209/76 ,  H04L2209/84

Abstract: A system authenticates in-vehicle electronic devices having unequal capabilities such as having varying different communication and processing capabilities. A Connected Vehicle Gateway portion of a selected in-vehicle device acts as an onboard authentication proxy and onboard key server functionality for other in-vehicle devices, and serves as an interface between an in-vehicle network and one or more associated external networks, thereby eliminating the need for explicit peer discovery protocol and the requirement of devices to perform key establishment with each individual communication peer. Instead, each in-vehicle device establishes the group keys as a result of its authentication with the onboard key server and uses the group keys to locally generate and update its session keys. The onboard key server selectively obtains the keys from one or more off-board authentication servers and distributes them to selected in-vehicle devices.

Abstract translation: 系统认证具有不同能力的车载电子设备，例如具有不同的通信和处理能力。 所选择的车载设备的连接车辆网关部分用作车载设备的车载认证代理和车载密钥服务器功能，并且用作车载网络和一个或多个相关联的外部网络之间的接口，从而 消除了对显式对等体发现协议的需要，以及设备对每个单独通信对等体执行密钥建立的要求。 相反，每个车载设备作为其与板载密钥服务器的认证的结果来建立组密钥，并且使用组密钥来本地生成和更新其会话密钥。 车载密钥服务器选择性地从一个或多个舷外认证服务器获取密钥并将其分配给所选择的车载设备。

公开(公告)号：US09215228B1

公开(公告)日：2015-12-15

申请号：US14306440

申请日：2014-06-17

Applicant: Cisco Technology, Inc.

Inventor： Tao Zhang ,  Helder Antunes ,  Aaron Lung ,  Chintan Patel ,  Ajith Thrivikramannair ,  Akshay Singhal

IPC: H04L9/00 ,  H04L29/06 ,  H04L9/08

CPC classification number: H04L63/08 ,  H04L9/0833 ,  H04L9/0861 ,  H04L9/0891 ,  H04L9/321 ,  H04L63/0281 ,  H04L63/0869 ,  H04L63/0884 ,  H04L67/12 ,  H04L2209/76 ,  H04L2209/84

Abstract: A system authenticates in-vehicle electronic devices having unequal capabilities such as having varying different communication and processing capabilities. A Connected Vehicle Gateway portion of a selected in-vehicle device acts as an onboard authentication proxy and onboard key server functionality for other in-vehicle devices, and serves as an interface between an in-vehicle network and one or more associated external networks, thereby eliminating the need for explicit peer discovery protocol and the requirement of devices to perform key establishment with each individual communication peer. Instead, each in-vehicle device establishes the group keys as a result of its authentication with the onboard key server and uses the group keys to locally generate and update its session keys. The onboard key server selectively obtains the keys from one or more off-board authentication servers and distributes them to selected in-vehicle devices.

Abstract translation: 系统认证具有不同能力的车载电子设备，例如具有不同的通信和处理能力。 所选择的车载设备的连接车辆网关部分用作车载设备的车载认证代理和车载密钥服务器功能，并且用作车载网络和一个或多个相关联的外部网络之间的接口，从而 消除了对显式对等体发现协议的需要，以及设备对每个单独通信对等体执行密钥建立的要求。 相反，每个车载设备作为其与板载密钥服务器的认证的结果来建立组密钥，并且使用组密钥来本地生成和更新其会话密钥。 车载密钥服务器选择性地从一个或多个舷外认证服务器获取密钥并将其分配给所选择的车载设备。

公开(公告)号：US20150150124A1

公开(公告)日：2015-05-28

申请号：US14091435

申请日：2013-11-27

Applicant: Cisco Technology, Inc.

Inventor： Tao Zhang ,  Helder Antunes ,  Siddhartha Aggarwal ,  Chintankumar Patel

IPC: H04L29/06

CPC classification number: H04L63/1408 ,  B60R25/00 ,  G06F21/51 ,  G06F21/564 ,  H04L9/3247 ,  H04L63/1416 ,  H04L63/1433 ,  H04L63/145 ,  H04L67/12 ,  H04L67/2861 ,  H04L2209/84 ,  H04W12/08 ,  H04W12/12

Abstract: In an example embodiment herein, there is provided methods and a system for cloud-assisted threat defense for connected vehicles. A vehicle suitably includes an on-board computer system for operating and/or controlling various systems on the vehicle. The on-board computer system suitably operates in connection with or includes an on-board threat defense module for detecting and protecting against malware attacks and other security threats to the vehicle. In an example embodiment, a cloud-based security component or security cloud assists with the detection and protection against security threats and malware attacks to the vehicle while minimizing the processing load and memory requirements for the on-board threat defense module.

Abstract translation: 在这里的示例性实施例中，提供了用于连接的车辆的云辅助威胁防御的方法和系统。 车辆适当地包括用于在车辆上操作和/或控制各种系统的车载计算机系统。 车载计算机系统适当地与车载威胁防御模块相关或包括用于检测和防止恶意软件攻击和对车辆的其他安全威胁的操作。 在示例实施例中，基于云的安全组件或安全云有助于检测和保护以防止对车辆的安全威胁和恶意软件攻击，同时最小化车载威胁防御模块的处理负载和存储器要求。