RU2421352C1 - Data protection device for automotive equipment control systems - Google Patents

Abstract

FIELD: transport.

SUBSTANCE: invention relates to automotive safety systems. Proposed device offers additional control over immobiliser, engine control unit and onboard computer. It incorporates module to identify user from USB key, module of internetwork display and anti-virus, module to lock unauthorised access and data integrity control, module of authorised control over access to automobile systems, module of functional self-control of subsystems, and events monitoring module. In case unauthorised access is registered, immobiliser is initiated and engine control unit is locked, as well as onboard computer is cut on in generating access lock/limit signal by data protection device via automobile electric equipment control console.

EFFECT: protection against unauthorised access of internal intruder by protecting data flow coming from primary and secondary transducers and data for navigation and multimedia systems.

3 dwg

Description

The invention relates to multimedia, navigation systems, a fuel injection controller, an immobilizer and an on-board computer of a car with counteraction to unauthorized access of an internal intruder, which can be used to protect information coming from primary, secondary converters of car systems, as well as protection for a navigation, multimedia system, audio and video systems.

A device for a multimedia, navigation, audio and video system of a car is selected for the prototype, which is used as an integrated multimedia system in a car (simultaneous use of various forms of presenting information and processing it in a single container object), navigation (technology for calculating the optimal travel route of a vehicle funds on the roads and subsequent route guidance using visual and voice prompts about maneuvers), audio and video systems [US patent 2004/0237111 A1, November 25, 2004].

The disadvantage of this device is the impossibility of countering the unauthorized access of the internal intruder to the information coming from the primary, secondary converters of the vehicle equipment systems, as well as to the data in the multimedia, navigation, audio and video systems. Due to the lack of an information protection device (Fig. 1, module 7) for vehicle electrical control systems, the probability of confidential data leakage may increase.

The purpose of the invention is the expansion of the functionality of multimedia, navigation, audio and video systems of a car, achieved by integrating an information protection device that includes an immobilizer, an electronic engine control unit, an on-board computer, a user identification module with a USB key, a software protection module, event audit module, unauthorized access blocking module and information integrity control module, authority module for access control to electrical equipment components Ania car module functional electrical systems of self-control, event monitoring module.

The proposed information protection device for a multimedia system, a navigation system, an on-board computer of a car, an electronic engine control unit and an immobilizer is illustrated by drawings. Figure 1 presents a functional diagram of the flow of information between the components of the electrical equipment of the car during the integration of the information protection device, figure 2 shows a functional diagram of the operation of the information protection device for a multimedia system, navigation system, on-board computer of the car, electronic engine control unit and immobilizer, Fig. .3 a fragment of the algorithm, the operation of an information protection device for a multimedia system, a navigation system, an on-board computer Car computer, electronic engine control unit and immobilizer.

Functional diagram (Fig. 1) of data flow through the integration of an information protection device for vehicle electrical control systems includes an on-board computer 1, an electronic engine control unit 2, an immobilizer 3, a multimedia system 4, a navigation system 5, an electrical equipment control console 6, an information protection device for car systems 7, output from information sensors of the on-board computer 71, output from sensors of the state of the engine, transmission, fuel injection system 7 9, output from the engine control unit, non-volatile memory of the immobilizer 70, output from information readers of the multimedia system 78, output from the navigation system 72.

The formation of control signals of the actuators according to the given algorithms is carried out as follows. Depending on the formation of control signals for actuating devices from the electrical equipment control console 6 (Fig. 1, module 6), requests may be sent to the electrical systems of the vehicle 1, 2, 3, 4, 5. The peculiarity of the passage of the output stream of electrical information and data from sensors (primary converters) of the on-board computer 1, the electronic engine control unit 2, the immobilizer 3 and the data from the multimedia system 4, the navigation system 5 is that the entire data stream passes through the device protection of information of the electrical systems of the vehicle 7 (Fig. 1, module 7) and when registering unauthorized access by an internal intruder, a signal is generated to restrict or block access by the information protection device (Fig. 1, module 7) through the vehicle electrical control console (Fig. 1, module 6).

If the user forms a request through the control console 6 to the on-board computer 1 of the car, then information is received from the information sensors 71, the data passes through 7 the information protection device and is sent to the on-board computer 1 to generate a signal to the actuators.

If the user makes a request through the control console 6 to the electronic engine control unit 2, then information is received from the engine condition sensors, the transmission 79, the data passes through the information protection device 7 and goes directly to the electronic engine control unit 2 (Fig. 1, module 2 )

If the user forms a request through the control console 6 to the immobilizer, then data is received from the engine control unit and the non-volatile memory of the immobilizer 70, the received data is processed by the information protection device of the vehicle equipment 7 and then sent to the immobilizer 3.

When a user request is generated to the multimedia system 4, data is received from the information reading devices of the multimedia system 78, the data is processed by the information protection device to prevent unauthorized access 7 and is transmitted to the multimedia system 4 for playback.

If a request to the navigation system is received from the user through the control console 6, then data is received from the sensors 72 (car movement, speed, throttle position), then the data is processed by the information protection device 7 and fed to the navigation device to calculate the optimal route for the car to travel given coordinates.

Figure 2 presents a functional diagram of the operation of an information protection device for a multimedia system, a navigation system, an on-board computer of a car, an electronic engine control unit and an immobilizer. The information protection device 7 includes a user identification module 23 with a USB key, a software protection module 24, an event auditing module 25, an unauthorized access blocking and data integrity control module 28, an authority access control module for electrical systems 29, a subsystem functional self-control module 30, a module 31 event monitoring.

The information security device operates as follows. The receipt and generation of data from primary, secondary converters and the formation of control signals for the executive devices of car systems (navigation system 5, multimedia system 4, on-board computer 1, electronic engine control unit 2, immobilizer 3) is carried out through the vehicle information protection device 7.

Before starting a session of the operation of electrical systems, the user needs to go through the authentication process through the module 23 user identification with a USB key. This module (figure 2, module 23) contains confidential user information and individual parameters of the functioning of electrical systems. Next, user data is generated, which is transmitted to the module 29 of the authorized access control to electrical systems, where, depending on the user’s authority, access rights to individual components of electrical systems are differentiated. After granting the user authority, a call is made to module 30 (Fig. 2, module 30) of the functional self-monitoring of the main components of the electrical equipment, where the states of the control parameters of the functioning of the electrical equipment are compared with the reference parameters. The user’s interaction with the individual components of the vehicle’s electrical systems is monitored in real time by the event monitoring module 31, which, in case of detection of internal intruder access, redirects the data stream to the module 28 to block unauthorized access and control data integrity.

If the user through the control console 6 accesses the navigation system 5 (Fig. 2, module 5), then the generated signal via the data bus 44 is transmitted to the data receiving module 41 of the vehicle’s travel route, where the values from the sensors 42 (motion, speed, throttle, etc.). After processing the received data from the sensors and information about the vehicle’s travel route, the generated signal is transmitted via the data bus 44 to the information protection device 7, where the data is processed by the module 24. If the security policy is violated, the data is sent to the access blocking module 28 for further processing. Further, the information goes to the event audit module 25, where filtering is carried out (Fig. 2, module 26, module 27) of authorized, unauthorized events, depending on the operating mode of the electrical components. When identifying an internal intruder in the system, data is redirected to the module 28 for blocking unauthorized access, monitoring the integrity of the data and generating a signal to restrict or block access by the information protection device through the vehicle electrical control console. Next, the adapted information flow is transmitted via the 44 data bus to the vehicle navigation device 5 (FIG. 2, module 5) to calculate the optimal travel route.

When the user accesses 1 on-board computer, a request is generated to read data from the engine revolution sensor 10, the motion sensor 11, and the engine temperature sensor 12. The received information from the sensors via the data bus 44 is transmitted to the information protection device 7, where, using the event auditing module 25, events are filtered (Fig. 2, module 26, module 27) depending on the mode of operation of the on-board computer. When identifying an internal intruder, the information flow is redirected to module 28 (FIG. 2, module 28) to block unauthorized access, control data integrity and further generate a signal to restrict or block access by the information protection device through the vehicle’s electrical equipment control console. Next, the adapted information flow is transmitted via the 44 data bus to 1 on-board computer for generating signals to actuators according to specified algorithms.

When the user accesses the multimedia system 4, a request is generated, which can be transmitted via the data bus 44 to the module 45 for reading information from CD / DVD - ROM, CARD READER, USB PORT, module 46 for transmitting Wi-Fi data, module 47 Bluetooth. The flow of information from the modules 45, 46, 47 via the data bus 44 is transmitted to the information protection device 7, where events are filtered using the event audit module 25 (FIG. 2, module 26, module 27) depending on the mode of operation of the multimedia system. Further, the information is processed in accordance with the established management decision-making algorithm and the security policy regulation of the software protection module 24. When identifying an internal intruder in a multimedia system, a data integrity violation signal is generated and information is redirected to module 28 (Fig. 2, module 28) for blocking unauthorized access, data integrity monitoring and generating a signal to limit or block access by the information protection device through the electrical equipment control console a car. Next, the adapted information stream is transmitted via the data bus 44 to the car multimedia system 4 for further processing of the audio and video data stream.

If the user makes a request via the control console 6 to the immobilizer 3, then the main engine operation parameters are read from 18 electronic engine control units, 19 immobilizer control units, 20 non-volatile memory and further data is redirected to the information protection device 7. The data transmitted to the information protection device 7 using the event audit module 25 is filtered (FIG. 2, module 26, module 27) depending on the mode of operation of the immobilizer. When identifying unauthorized access by an internal intruder, the data stream is redirected to module 28 (Fig. 2, module 28) to block unauthorized access, control data integrity, and generate a signal to restrict or block access by the information protection device through the vehicle’s electrical equipment control console to generate a signal to the immobilizer.

When the user contacts and generates a signal through the 6 control console to the controller 2 of the fuel injection system, data is read from the sensor 14 of the engine status, sensor 15 of the user's control actions, sensor 16 (figure 2, module 16) of the transmission status and further transmission via the data bus 44 on 7 information protection device. The generated data stream is redirected to the event audit module 25, where, depending on the operating mode 2 of the fuel injection system controller, the event audit is filtered (FIG. 2, module 26, module 27). When identifying an internal intruder in the system, the data stream is redirected to module 28 (FIG. 2, module 28) of unauthorized access blocking and data integrity control. Further, via the data bus 44, data is transmitted to the electronic engine control unit 2, where a decision is made on the injection distribution system.

Figure 3 presents a fragment of the algorithm of the operation of the information protection device for a multimedia system, a navigation system, an on-board computer of a car, an electronic engine control unit and an immobilizer.

The action of the fragment of the algorithm is based on the following. The user makes a request to one of the systems through the 6 management console. Next, the user needs to identify himself with an individual USB key 23 (Fig. 3, module 23), and after successfully passing the identification, user data is transmitted to the module 29 of the authority to control access to the car's systems to further determine the established access rights to the electrical systems of the car. Next, the data stream enters the module 30 functional self-monitoring of the subsystems, where the control parameters of the functioning of the components of electrical equipment are compared with the reference values. All user actions in real time are recorded by the event monitoring module 31, and in the case of the identification of the presence of an internal intruder, a signal is generated to restrict or block access by the information protection device 7 through the vehicle’s 6 electrical control console.

When the user requests the car’s 5 navigation system, data is received on the 41 route of the car’s movement and information from the sensors 42 of the movement, speed, throttle position of the car and further redirected to the information protection device 7 for equipment control systems. All received data from the sensors goes to the module 24 software protection. When identifying an internal intruder, the data is transmitted to the module 28 blocking unauthorized access, data integrity control and the signal is generated to restrict or block access by the information protection device 7 through the vehicle’s 6 electrical control console. Further, all information is transmitted to the event audit module 25 and, depending on the operating mode of the vehicle’s electrical equipment, event filtering is performed. If the electrical system is in operation mode 54, then 26 partial filtering of the audit of events is carried out by blocks, and when the electrical system is in "sleep" mode 55, the entire audit block of events is filtered 27. If 58 internal intruder is identified in the electrical system, the data is transmitted to the module 28 blocking unauthorized access, data integrity control and the formation of a signal to restrict or block access by the device 7 information protection 6 atsii vehicle electrical control console. Next, the processed data stream is sent for execution to the 5th navigation device.

If the generated signal is not addressed to the navigation system 5, then the request is redirected to other electrical systems of the vehicle, where the request is compared and executed according to the given algorithms.

In the process of functioning of electrical systems, the number of users (entities), components of systems (objects) can dynamically change. Changes can be made, for example, as a result of registration and removal of users, installation and uninstallation of electrical components, changes in access rights of subjects to objects. Accordingly, in the process, the functioning of electrical components should dynamically change the user access matrix to the corresponding vehicle systems. The dynamics of changes in the sets of subjects and objects, as well as the access matrix during the formation of many operations are represented by the system.

Here S is a set of subjects; O is the set of objects, moreover, S⊆О; M [s, o] is the access matrix. The elements of the matrix M are the access rights g∈G.

The initial value S'∈O when registering a new user (s') (subject) of the vehicle electrical systems:

The possible initial value o'∈O when installing a new object (o ') of the electrical systems of the car:

With the initial value of the sets of the system o'∈0, o'∈S, in the case of uninstalling the components of electrical systems:

The initial value of the system s' = S when deleting the user account (subject) of the vehicle electrical systems, recording the state:

Possible initial values of the parameters s∈S, о∈О when adding access rights g for the user from the matrix of values M [s, o]:

At the initial value of the state of the parameters s∈S, о∈O in the process of removing the user access rights g from the value matrix M [s, o], which records the state of the system:

The dynamics of changes in the sets of subjects (users) S and objects (components of automobile systems) О, as well as a change in the matrix of values of M, can be considered by adding a new user account (subject s'). When a subject s 'is added, a user account is additionally added to the elements S and O. A new row is added to the access matrix corresponding to the new subject M' [s, o] = M [s, o]. Since the subject was created, but his rights with respect to existing subjects and objects (components of the electrical systems of the car) are not defined, then M '[s', o] = Ø; M '[s', s] = Ø. Access matrices to one degree or another can be used for protected vehicle electrical systems.

The proposed device can reduce the possible consequences of unauthorized access by an internal intruder to multimedia, navigation, audio and video electrical systems, an immobilizer, an electronic engine control unit, an on-board computer, and also protect information from primary and secondary converters from leakage. This is achieved by generating a signal to restrict or block access from the information protection device for vehicle equipment systems to the vehicle electrical control console.

Claims (1)

Information protection device for vehicle systems, including multimedia, navigation, audio and video systems, characterized in that, to expand the functionality of the device by countering the unauthorized access of an internal intruder by protecting the flow of information coming from the primary, secondary converters of the vehicle’s electrical equipment, as well as data protection for navigation and multimedia systems, it is made with the possibility of additional control of the immobilizer, control unit engine, on-board computer, at the same time a user identification module with a USB key, a firewall and antivirus module, an event audit module, an unauthorized access blocking and data integrity control module, an authority control module for access to vehicle systems, a subsystem functional self-control module, a module were introduced monitoring of events, and in the case of registration of unauthorized access, the immobilizer is turned on and the engine control unit, on-board com a computer by generating a signal to restrict or block access by the information protection device through the vehicle electrical control console.

Images