WO2021244932A1 - Sécurisation de la connexion entre un véhicule et un serveur distant de gestion dudit véhicule - Google Patents
Sécurisation de la connexion entre un véhicule et un serveur distant de gestion dudit véhicule Download PDFInfo
- Publication number
- WO2021244932A1 WO2021244932A1 PCT/EP2021/064155 EP2021064155W WO2021244932A1 WO 2021244932 A1 WO2021244932 A1 WO 2021244932A1 EP 2021064155 W EP2021064155 W EP 2021064155W WO 2021244932 A1 WO2021244932 A1 WO 2021244932A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- vehicle
- management server
- remote management
- communication module
- sending
- Prior art date
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/40—Security arrangements using identity modules
- H04W12/45—Security arrangements using identity modules using multiple identity modules
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/03—Protecting confidentiality, e.g. by encryption
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/12—Detection or prevention of fraud
- H04W12/121—Wireless intrusion detection systems [WIDS]; Wireless intrusion prevention systems [WIPS]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W4/00—Services specially adapted for wireless communication networks; Facilities therefor
- H04W4/30—Services specially adapted for particular environments, situations or purposes
- H04W4/40—Services specially adapted for particular environments, situations or purposes for vehicles, e.g. vehicle-to-pedestrians [V2P]
- H04W4/44—Services specially adapted for particular environments, situations or purposes for vehicles, e.g. vehicle-to-pedestrians [V2P] for communication between vehicles and infrastructures, e.g. vehicle-to-cloud [V2C] or vehicle-to-home [V2H]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W88/00—Devices specially adapted for wireless communication networks, e.g. terminals, base stations or access point devices
- H04W88/02—Terminal devices
- H04W88/06—Terminal devices adapted for operation in multiple networks or having at least two operational modes, e.g. multi-mode terminals
Definitions
- the present invention relates generally to the fields of telecommunications and the automobile, and more specifically relates to the securing of the telematics services provided to a vehicle and the software of this vehicle.
- Telematics services offered by a manufacturer on a vehicle expose and use sensitive data and functions. These services are generally performed by on the one hand an on-board logic residing in the vehicle and on the other hand an off-board logic residing on at least one server remote from the manufacturer or a third party.
- a fundamental issue in securing telematics services and car software in general revolves around the communication link between these two logics.
- the manufacturer sets up secure communication mechanisms between the on-board part and the off-board part of the software of these telematic services. It is also setting up administration centers for its fleet of vehicles. Thanks to these administration tools, the manufacturer can detect anomalies and trigger preventive or corrective actions within the vehicle to respond to malfunctions or potential cyber attacks, by updating the vehicle's software, for example.
- One of the aims of the invention is to remedy at least part of the drawbacks of the prior art by providing a low cost vehicle, a system and a method which ensure a trusted communication between the vehicle and the administration center managing the cyber security of the vehicle, while allowing a user of the vehicle to access the internet via his own cellular telephone subscription.
- the invention provides a vehicle comprising a communication module capable of using two telecommunication identifier cards, one relating to a subscription between the manufacturer of said vehicle and a telecommunication operator, the other relating to a subscription between a user of said vehicle and a telecommunications operator, said vehicle comprising a trusted execution environment in which security functions of the vehicle are hosted, and an execution environment of a multimedia system hosting at least part of said module communication, said vehicle being characterized in that said trusted execution environment comprises a module for supervising the connection between said vehicle and a remote server for managing said vehicle.
- a single modem uses either a connection using the vehicle's subscription or a connection using the user's subscription, but the connection between the vehicle and the remote server is monitored.
- the modem can for example switch to the vehicle manufacturer's SIM card to benefit from prevention and correction measures against cyber attacks, these measurements being provided by the operator linked to the manufacturer, without requiring an expensive “active dual-SIM” modem.
- said supervision module is able to regularly test said connection by sending and receiving signed, unique and predefined messages, respectively intended for said remote management server and coming from said remote management server. This implementation allows in particular anti-replay protection.
- said supervision module is able to regularly test said connection by receiving messages signed, unique and predefined, from said remote management server. In this variant, the supervision module therefore does not send test messages but monitors the correct reception of test messages.
- said supervision module is able to detect a connection anomaly when:
- said communication module indicates that the cellular connection of the vehicle is functioning while said communication module does not confirm the sending of one of said messages to said remote management server or that it does not transmit one of said messages sent by said remote management server, - or that said communication module indicates that the cellular connection of the vehicle is unavailable for a period greater than a first predefined time interval.
- cellular connection of the vehicle is understood to mean the ability to receive or send messages by radio due in particular to sufficient cellular telephone network coverage.
- the messages sent by said supervision module include information representative of a detection of connection anomaly between said vehicle and said remote management server, or representative of the absence of such detection. This allows the remote management server to intervene to deny or confirm the anomaly when possible, and to implement remedial actions such as a remote update of vehicle software.
- the vehicle according to the invention comprises at least one of the sending means chosen from a list comprising:
- a first means of sending an instruction to the communication module triggering the inhibition of communications with the outside for the non-secure applications of the vehicle
- a second means of sending an instruction to the communication module triggering the selection by the communication module of the telecommunication identifier card relating to the subscription of the manufacturer of said vehicle as the only means of connection, and the inhibition by the communication module of any communication other than with said remote management server
- the vehicle according to the invention benefits from a curative solution independent of the remote management server.
- the vehicle according to the invention comprises at least said first sending means, said activation means being configured to activate only said first sending means when said communication module indicates that the cellular connection of the vehicle is unavailable. for a period longer than said first predefined time interval. This prevents too much degradation of the user experience in the event of false detection of an anomaly due to a loss of radio coverage.
- the vehicle according to the invention comprises at least said second sending means, said activation means being configured to activate said second sending means to the exclusion of sending means chosen from among said third or fourth means. sending, when said communication module indicates that the cellular connection is unavailable for a period greater than a second predefined time interval greater than the first predefined time interval.
- the vehicle according to the invention incorporates the third and / or the fourth sending means, these are not implemented initially, in particular as long as the vehicle is not stationary.
- the remote management server SG thus has time to intervene to avoid the implementation of the third and fourth sending means in the event of false detection. The degradation of the user experience is thus little degraded while securing the vehicle while the probability of a suspicious anomaly becomes greater.
- the vehicle according to the invention comprises at least said third or said fourth sending means, said activation means being configured to activate said third or fourth sending means only when said vehicle is stationary. This makes it possible to degrade the user experience for securing the vehicle only at the most opportune times, particularly outside of a vehicle running phase.
- the invention also relates to a system comprising a vehicle according to the invention, as well as said remote management server, characterized in that said remote management server comprises:
- the remote management server prevents the vehicle from carrying out remedial actions degrading the user experience during false detection due to a momentary or long loss of radio coverage.
- said remote management server further comprises: - a means of detecting a cyber attack as soon as anomalies are reported by a number of vehicles greater than a predefined threshold,
- the invention finally relates to a method of securing the connection between a vehicle according to the invention and said remote server for managing said vehicle, comprising the steps of:
- FIG. 1 shows a vehicle and a system according to the invention, in this preferred embodiment of the invention
- FIG. 4 represents a state diagram of a curative logic implemented in the vehicle according to the invention, in this preferred embodiment of the invention.
- a vehicle V has various execution environments hosting various software.
- the security software of the vehicle V such as engine control or driving assistance software are hosted on secure computers, for example accessible only via a secure gateway integrating a trusted execution environment TEE (according to the (English "Trusted Execution Environment")
- the trust environment TEE hosts security functions SF of the vehicle V, as well as an MR module hosting curative functions triggered in the event of detection of a cyber attack, and an MS module for supervising the connection between the vehicle V and a remote server SG for managing the vehicle V.
- the trusted environment TEE is for example hosted in the secure gateway which forms the link between the zone secure vehicle software giving access to secure vehicle computers, and the software area including multimedia communication functionalities communicating with the exterior of the vehicle.
- the vehicle V also comprises at least one non-secure execution environment, here the EESM execution environment of a multimedia system hosting the information and entertainment part called “infotainment” of the vehicle V.
- the environment of EESM execution therefore hosts AC applications intended for use by vehicle users and which are exposed to data flows coming from or going to the Internet, such as geolocation services, on-board browsers, etc.
- the EESM runtime environment also accommodates unsafe LF functions of the vehicle such as functions for adjusting the audio outputs or the graphic interfaces of the vehicle V.
- the EESM runtime environment hosts an MC communication module.
- the MC communication module integrates a cellular radio modem capable of converting Ethernet network signals into GSM radio signals (after the English "Global System for Mobile Communications"), 3G, 4G, 5G (G as a generation of communication technology. mobile telephony) or Wi-Fi (according to IEEE 802.11 standards) and vice versa.
- the communication module MC converts other types of wired protocols into other types of radio protocols, in particular depending on the country of use of the vehicle and its electrical / electronic architecture.
- the modem is used to convert CAN (Controller Area Network) signals into CDMA2000 signals.
- the MC communication module is integrated into the EESM runtime environment, especially to allow insecure applications to communicate with the outside, some of its functions are secure. These secure functions are implemented by a secure electronic circuit, or in a secure computer such as a microcontroller.
- the EESM runtime environment therefore includes insecure software as well as secure software and / or hardware circuits. These functions notably allow the trusted execution environment TEE to force the communication module MC to switch to a telecommunication identifier card specific to the manufacturer of the vehicle V as described below.
- TEE trusted execution environment
- the modem of the MC communication module has the "dual-SIM" capability which allows it to use two SIM cards, which are in this exemplary embodiment:
- SIM card referenced UCA for a telecommunications identifier relating to the subscription between a user of the vehicle V and a telecommunications operator
- SIM card referenced VCA with a telecommunications identifier relating to the subscription between the manufacturer of the vehicle V and a telecommunications operator which may be different from the telecommunications operator who provided the UCA card.
- the UCA card that the communication module MC uses is for example a virtual SIM, that is to say that the user does not need to put his SIM card in a specific location of the vehicle modem V, but that he simply has to enter authentication data for his personal SIM card in the vehicle for the latter to generate this virtual SIM card.
- the MC communication module has a physical location allowing the user to insert his personal SIM card therein.
- the modem of the MC communication module does not have the capacity to use both UCA and VCA cards, but has the capacity to use either of them. these cards at the same time, by switching from one card to another for the establishment of a communication with the outside according to the context. It therefore does not have the so-called “active dual-SIM” capacity.
- the communication module uses the UCA card to establish an LSU communication session with the Internet network INT. This communication session is established with a standard level of security specific to an individual cellular telephone subscription, and can be used to also communicate with the remote management server SG.
- the communication module MC uses on the other hand the VCA card for establish an LSV communication session with the remote management server SG.
- This LSV communication session benefits from a security level that may be higher than the security level of the LSU communication session, for example it uses a secure APN (from the English “Access Point Name”).
- the MC communication module also has the ability to report the state of the cellular connection to the TEE execution environment. In particular, it indicates whether the radio network coverage is too weak or missing to establish a communication session with the outside world.
- the remote management server SG comprises a logic VAL for general administration of the manufacturer's vehicles, as well as a module for supervision SMM of the communication link between the vehicle V and the remote management server SG.
- the main risk when using the UCA card is that an attack from the Internet allows a hacker to take control of the vehicle's unsecured computers and execution environments, which could allow the hacker to shut down. communication between the remote management server SG and the trusted execution environment TEE, preventing the latter from receiving orders to trigger corrective actions and return to normal.
- the supervision module MS supervises the connection between the vehicle V and the remote management server SG when using the vehicle V, in particular by testing this connection regularly.
- the supervision module is thus able to detect an abnormal interruption in the communication between the vehicle V and the remote management server SG.
- the supervision module MS activates safety functions SF, implemented in modules M1 to M4, as represented in FIG. 2.
- the supervision module MS puts in place a supervision of the connection between the vehicle and the remote management server SG, distinct from the standardized supervision mechanisms implemented by the communication module MC, in particular distinct from the message encryption mechanisms as made compulsory by the communication standard GSM, 3G, 4G, 5G or Wi-Fi used by the MC communication module.
- this supervision module is able to detect an abnormal interruption of the communication between the vehicle V and the server. remote management SG, that is to say due to an attack on the software integrity of the communication module MC.
- the supervision module MS comprises an activation module MA receiving as input an anomaly code, the state of the cellular connection and the state of the vehicle V.
- the module d MA activation activates one or more of the modules M1 to M4.
- the module M1 is a software means of sending an instruction to the secure microcontroller of the communication module MC, triggering the inhibition of communications with the outside for non-secure applications of the vehicle, that is to say cutting off all communication from the EESM runtime environment to the Internet.
- the M2 module is a software means of sending an instruction to the secure microcontroller of the MC communication module, triggering the selection by the MC communication module of the VCA card to communicate with the outside, and inhibition by the module.
- the module M3 is a software means of sending an instruction to the secure microcontroller of the communication module MC, triggering the restart of the communication module MC, and an instruction to a secure part MB1 of the EESM execution environment. to restart it.
- only one instruction is necessary in particular when the microcontroller is connected to the secure part MB1.
- These secure reboots trigger the erasure of the RAM on these systems, and force the selection to use the VCA card to communicate with the remote SG management server, without an internet connection.
- the M4 module is a software means of sending an instruction triggering the secure restart of all or part of other execution environments or of other software MB2 to MBn of the vehicle V.
- This secure restart triggers the erasure of the memory of these other environments and software and possibly blocks the use of certain parts of the software that are more susceptible to attacks than others.
- An example of the use of one of these means by the supervision module MS is represented in the form of a method for securing the connection between the vehicle V and the remote management server SG according to the invention, in FIG. 3.
- the MC communication module first uses the UCA card to communicate with the outside.
- Step E1 is the sending and receiving of signed, unique and predefined messages, respectively to the remote management server SG and from the vehicle V, by the supervision module MS.
- the supervision module MS sends a message periodically to the remote management server SG, which allows the remote management server SG to authenticate it.
- This message is for example signed using an asymmetric encryption algorithm such as RSA encryption (according to its inventors Rivest, Shamir and Adleman).
- the supervision module MS uses a signature obtained by a hashing algorithm of the HMAC type (according to the English "keyed-hash message authentication code") using an encryption key known to the manufacturer only (and contained in a secure manner. in the vehicle V and the remote management server SG).
- messages sent by the MS supervision module can include anti-replay data such as a timestamp, a count or a predefined number generated by an algorithm known only to the vehicle V and to the remote management server SG.
- the messages sent by the MS supervision module also include an error code, the values and their meanings of which are for example:
- the first threshold of predetermined duration T1 is for example set at 30 minutes and the second threshold of predetermined duration T2 is for example set at 60 minutes.
- the trouble codes focus in particular on connection breaks due to real or false network coverage gaps, to simplify.
- the fault codes are possibly more nuanced.
- a different code is allocated to the following situations:
- the supervision module MS sent a test message and received an immediate protocol return, but does not receive a response from the remote management server SG,
- the supervision module MS sent a test message but did not receive an immediate protocol return, while the communication module MC indicates that a connection is established with the remote management server SG,
- the supervision module MS is unable to transmit a test message and the communication module MC indicates that there is no longer a connection established with the remote management server SG, while the cellular connection is operating in mode data transfer,
- the MC communication module indicates that there is no longer a cellular connection available in data transfer mode while network coverage is available
- the MC communication module indicates that there is no more network coverage.
- time counters corresponding to the durations T1 and T2 are applied more broadly to cases where the communication module MC indicates that there is no longer a connection established with the remote server SG, in order to activate the modules M1 and M2 respectively.
- the messages sent by the remote management server SG in response to the messages that it receives from the supervision module MS are signed and include anti-replay data, in a similar manner to the messages sent by the supervision module MS.
- the response messages from the remote management server SG possibly include information confirming or denying the existence of a lack of network coverage previously reported by the supervision module MS, or an instruction triggering a remedial action on the vehicle V, such as a software update or a safe restart instruction when the V.
- Step E2 of the process is the detection of a connection anomaly by the MS supervision module.
- the MS supervision module detects such an anomaly:
- This detection may take place after several retransmission attempts or at the expiration of a time counter set to a predefined response time, for example set at fifteen minutes; this detection corresponds to anomaly code 3 defined above;
- Step E3 is the activation of curative means by the supervision module MS, making it possible to re-establish a communication of confidence between the vehicle V and the remote management server SG even if the EESM execution environment is compromised by an attack .
- These means are chosen so as to best preserve the user experience, in particular in the event that the anomaly detected does not correspond to a cyber attack but to a real loss of network coverage. For this the impact in terms of user connection possibilities and of the vehicle V is gradually increased depending on the state of the vehicle V and the real risk of cyber-attack.
- the supervision module MS makes more attempts to return a message than when the communication module MC indicates an available network coverage.
- the predefined duration thresholds T1 or T2 are for example set as a function of geolocation data. Thus if the vehicle detects an entry into a white zone, these thresholds are for example adapted to the estimated journey time in this zone. Depending on the code of the anomaly detected, the curative actions are also more or less impactful. In this example of use of the invention, it is assumed that the vehicle V is in use and that the fault code returned is 3. In this case, step E3 consists of activating the module M2, which triggers the switching of the communication between the vehicle V and the remote management server SG on a connection using the VCA card.
- the module M2 sends an instruction to the communication module MC to temporarily cut off the communication between the vehicle V and the remote management server SG and re-establish a connection between these two entities using the subscription of the manufacturer of the vehicle V.
- the supervision module MS sends the fault code 3 in a message to the remote management server SG.
- the SMM supervision module of the remote management server SG then sends, in the corresponding response message or separately, an instruction allowing the implementation of a remedial action by the safety functions SF of the vehicle, for example a software update or a safe restart of the EESM environment, which will be implemented as soon as the vehicle stops, preferably with the engine off.
- the vehicle V itself implements this remedial action.
- the remote management server SG is able to check whether the vehicle V is in an area in which the network coverage is indeed poor or non-existent. If this is the case, the supervision module SMM of the remote management server SG informs the vehicle V that it was in such a zone as soon as communication with the vehicle V is reestablished, which makes it possible to avoid a secure restart. no need for the EESM execution environment the next time the vehicle stops.
- the supervision module SMM of the remote management server SG informs the vehicle V as soon as communication with the vehicle V is reestablished and sends it an instruction for a secure restart or for updating the EESM execution environment as soon as the vehicle is stopped, preferably with the engine off.
- the secure re-starts of the communication module MC and of the EESM environment are preferably deferred by a few tens of seconds after stopping the vehicle so that the end-of-mission processing operations are not interrupted.
- the sending and reception of test messages are stopped to preserve the vehicle's battery.
- the remote management server SG administering a whole fleet of vehicles, it is able to detect a cyber attack by correlating the anomalies reported by the vehicles of this fleet.
- this fleet of vehicles reports a number of anomalies greater than a predefined threshold, for example 1000 over a short period and in geographical areas with acceptable network coverage
- the SMM supervision module detects a cyber attack and programs a setting. software update on its vehicles with secure restart.
- an example of logic implemented in the supervision module MS and making it possible to minimize the impact of the securing method according to the invention on the user experience comprises states S0 to S5.
- the vehicle V In the SO state, the vehicle V is stationary with the engine off and not on, that is to say the ignition is not on. In this state, the vehicle V communicates with the remote management server SG only with the VCA card, no internet communication is established.
- the logic goes to state S1.
- state S1 the user can enter their personal SIM card data into the vehicle and access the internet on the EESM runtime environment through the UCA card. If these data have already been entered in vehicle V during previous use of vehicle V, the communication module MC switches to the UCA card as soon as the vehicle is switched on. The supervision module MS then supervises the connection between the vehicle V and the remote management server SG. In this S1 state, the logic returns to the SO state when the user turns off the vehicle.
- state S1 the supervision module MS receives an instruction from the remote management server SG to perform a secure restart of the communication module MC and of the execution environment EESM with a possible update of these entities , then the logic passes to state S2 of secure restart (with possible update) of these entities. At the end of this secure restart in this state S2, the logic passes to the secure communication state S4 which will be described later.
- the supervision module MS detects an anomaly of code 1 or 3
- the supervision module MS activates the module M1 and the logic goes to state S3 in which the communication module MC continues to '' use the UCA card but prohibits any internet communication other than with the remote SG management server.
- the MS supervision module detects a code 2 or 3 anomaly, i.e. the MC communication module indicates that there has been no network coverage for an hour or that the communication module MC has not sent or received any message for fifteen minutes without indication of loss of network coverage, then the logic passes to state S4 of secure communication. If in state S3, the vehicle V is switched off by the user without the remote management server SG having been able to invalidate the code 1 or 3 anomaly which triggered the transition to state S3 and notify the vehicle thereof. V, then the logic goes to state S5 of secure restart of the communication module MC forcing the communication module to use the VCA card only; at the end of this restart, the logic passes to the secure communication state S4.
- a code 2 or 3 anomaly i.e. the MC communication module indicates that there has been no network coverage for an hour or that the communication module MC has not sent or received any message for fifteen minutes without indication of loss of network coverage
- the remote management server SG denies the fault code 1 or 3 that triggered the transition to state S3, then the logic goes to state S1.
- the communication module MC is authorized to use only the VCA card to communicate with the remote management server SG, whether the vehicle V is on or off. If the vehicle V is switched on in this state S4, and the user switches off his vehicle V without the remote management server SG having been able to invalidate the anomaly 1, 2 or 3 which led to the transition to state S4 and the notify the vehicle V, then the logic loops back to state S4. On the contrary, if in this state S4, the remote management server SG invalidates the anomaly 1, 2 or 3 which led to the transition to state S4 and notifies it to the vehicle V, then the logic loops back to state S0 if the vehicle is off, or in state S1 if the vehicle is on.
- this logic is only one embodiment of the invention.
- Other logics can be implemented in other variant embodiments of the vehicle, of the system or of the method according to the invention.
- the vehicle implements only the M2 and M3 modules
- the S3 and S4 states are combined.
- the remote management server SG is owned by a third party.
- the exchange of a private key for signing the messages exchanged between the supervision module MS and the remote management server SG is carried out by a first encrypted exchange using, for example, the asymmetric RSA encryption algorithm.
- the supervision module MS supervises the correct operation of the connection.
- the supervision module sends test messages to the remote supervision server SG, these test messages not containing an anomaly code, or containing only when an anomaly is detected.
- the management server SG sends a message alerting the vehicle V just before the latter enters a white zone, in order to deactivate the time counters linked to the thresholds T1 and T2, up to the exit from the white zone.
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Mobile Radio Communication Systems (AREA)
- Telephonic Communication Services (AREA)
Abstract
Description
Claims
Priority Applications (5)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
JP2022574727A JP2023528905A (ja) | 2020-06-04 | 2021-05-27 | 車両と前記車両を管理するためのリモート管理サーバとの間の接続のセキュリティ保護 |
KR1020227046222A KR20230019878A (ko) | 2020-06-04 | 2021-05-27 | 차량과 이 차량을 관리하기 위한 원격 관리 서버 사이의 연결 보안 |
CN202180043584.9A CN115769620A (zh) | 2020-06-04 | 2021-05-27 | 确保车辆与用于管理所述车辆的远程管理服务器之间的连接安全 |
US18/000,670 US20230262070A1 (en) | 2020-06-04 | 2021-05-27 | Securing the connection between a vehicle and a remote management server for managing said vehicle |
EP21727897.7A EP4162719A1 (fr) | 2020-06-04 | 2021-05-27 | Sécurisation de la connexion entre un véhicule et un serveur distant de gestion dudit véhicule |
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
FR2005876A FR3111204B1 (fr) | 2020-06-04 | 2020-06-04 | Sécurisation de la connexion entre un véhicule et un serveur distant de gestion dudit véhicule |
FRFR2005876 | 2020-06-04 |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2021244932A1 true WO2021244932A1 (fr) | 2021-12-09 |
Family
ID=72266534
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/EP2021/064155 WO2021244932A1 (fr) | 2020-06-04 | 2021-05-27 | Sécurisation de la connexion entre un véhicule et un serveur distant de gestion dudit véhicule |
Country Status (7)
Country | Link |
---|---|
US (1) | US20230262070A1 (fr) |
EP (1) | EP4162719A1 (fr) |
JP (1) | JP2023528905A (fr) |
KR (1) | KR20230019878A (fr) |
CN (1) | CN115769620A (fr) |
FR (1) | FR3111204B1 (fr) |
WO (1) | WO2021244932A1 (fr) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2024049084A1 (fr) * | 2022-09-02 | 2024-03-07 | 삼성전자 주식회사 | Dispositif électronique pour un véhicule et son procédé de fonctionnement |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20090325572A1 (en) * | 2008-06-26 | 2009-12-31 | Samsung Electronics Co. Ltd. | Apparatus and method for providing network service in a portable communication system |
US20160050609A1 (en) * | 2014-08-18 | 2016-02-18 | Trimble Navigation Limited | Changing wireless carriers during a mobile gateway session |
DE102016007183A1 (de) * | 2016-06-14 | 2017-12-14 | Audi Ag | Kraftfahrzeug-Steuervorrichtung und Verfahren zum Übenwachen einer mobilen Internetverbindung sowie Kraftfahrzeug |
DE102017128063A1 (de) * | 2017-11-28 | 2019-05-29 | Peiker Acustic Gmbh & Co. Kg | Verfahren zur Erfassung von Leistungskennzahlen von Kommunikationsnetzwerken und Telematikeinheit |
-
2020
- 2020-06-04 FR FR2005876A patent/FR3111204B1/fr active Active
-
2021
- 2021-05-27 KR KR1020227046222A patent/KR20230019878A/ko active Search and Examination
- 2021-05-27 US US18/000,670 patent/US20230262070A1/en active Pending
- 2021-05-27 EP EP21727897.7A patent/EP4162719A1/fr active Pending
- 2021-05-27 JP JP2022574727A patent/JP2023528905A/ja active Pending
- 2021-05-27 WO PCT/EP2021/064155 patent/WO2021244932A1/fr unknown
- 2021-05-27 CN CN202180043584.9A patent/CN115769620A/zh active Pending
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20090325572A1 (en) * | 2008-06-26 | 2009-12-31 | Samsung Electronics Co. Ltd. | Apparatus and method for providing network service in a portable communication system |
US20160050609A1 (en) * | 2014-08-18 | 2016-02-18 | Trimble Navigation Limited | Changing wireless carriers during a mobile gateway session |
DE102016007183A1 (de) * | 2016-06-14 | 2017-12-14 | Audi Ag | Kraftfahrzeug-Steuervorrichtung und Verfahren zum Übenwachen einer mobilen Internetverbindung sowie Kraftfahrzeug |
DE102017128063A1 (de) * | 2017-11-28 | 2019-05-29 | Peiker Acustic Gmbh & Co. Kg | Verfahren zur Erfassung von Leistungskennzahlen von Kommunikationsnetzwerken und Telematikeinheit |
Non-Patent Citations (1)
Title |
---|
UNKNOWN: "Trusted Execution Environment TEE 101: A primer WHITE PAPER", 1 April 2018 (2018-04-01), XP055768342, Retrieved from the Internet <URL:https://www.securetechalliance.org/wp-content/uploads/TEE-101-White-Paper-FINAL2-April-2018.pdf> [retrieved on 20210125] * |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2024049084A1 (fr) * | 2022-09-02 | 2024-03-07 | 삼성전자 주식회사 | Dispositif électronique pour un véhicule et son procédé de fonctionnement |
Also Published As
Publication number | Publication date |
---|---|
EP4162719A1 (fr) | 2023-04-12 |
US20230262070A1 (en) | 2023-08-17 |
FR3111204A1 (fr) | 2021-12-10 |
CN115769620A (zh) | 2023-03-07 |
FR3111204B1 (fr) | 2023-12-22 |
JP2023528905A (ja) | 2023-07-06 |
KR20230019878A (ko) | 2023-02-09 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
EP2134115B1 (fr) | Detection d'anomalie de trafic emis par un terminal mobile dans un réseau de radiocommunication | |
EP1022922B1 (fr) | Procédé d'authentification, avec établissement d'un canal sécurise, entre un abonné et un fournisseur de services accessible via un opérateur de télécommunications | |
EP2163114B1 (fr) | Interface d'enregistrement d'application utilisée pour un dispositif mobile | |
EP1536606A1 (fr) | Méthode d'authentification d'applications | |
EP1683388A2 (fr) | Methode de gestion de la s curit d' applications avec un module de securite | |
US10999318B2 (en) | Algorithmic packet-based defense against distributed denial of service | |
CN101248615A (zh) | 安全数据连接会话的暂停和恢复 | |
EP3625928A1 (fr) | Procede de securisation d'une communication sans gestion d'etats | |
FR2941584A1 (fr) | Procede de traitement de flux de donnees recues par un appareil de communication sans fil et necessitant au moins en partie des traitements cryptographiques et appareil correspondant | |
WO2021244932A1 (fr) | Sécurisation de la connexion entre un véhicule et un serveur distant de gestion dudit véhicule | |
EP3840324B1 (fr) | Liaison série asynchrone sécurisée | |
EP1709827B1 (fr) | Procédé de sécurisation de l'identitifiant d'un téléphone portable, et téléphone portable correspondant | |
EP2266289A2 (fr) | Mode de communication de defense pour un equipement apte a communiquer au moyen de differents services de communication | |
WO2017085284A1 (fr) | Unite electronique, systeme comprenant une telle unite electronique et procede de deverrouiillage | |
EP2773067B1 (fr) | Procédé de fiabilisation de la génération de messages d'alerte sur un réseau synchronisé de données | |
CN113114705B (zh) | 可信可编排的视频物联网终端内生安全检测方法及装置 | |
FR3071946B1 (fr) | Dispositif electronique et procede de surveillance de donnees stockees au sein d'un appareil avionique, programme d'ordinateur associe | |
WO2009106432A1 (fr) | Procede de gestion dans les equipements de securite et entite de securite | |
EP1510904B1 (fr) | Procédé et système d'évaluation du niveau de sécurité de fonctionnement d'un équipement électronique et d'accès conditionnel à des ressources | |
WO2024121283A1 (fr) | Télécommande de cybersécurisation | |
EP4338375A1 (fr) | Procede de defense contre une tentative de deconnexion entre deux entites, systeme associe | |
CN117955866A (zh) | 交易监控方法、装置、电子设备和介质 | |
FR2798032A1 (fr) | Dispositif de transmission de tentatives de fraude a un systeme de supervision d'un reseau de telephones publics | |
FR2888432A1 (fr) | Procedes de protection des trames de gestion echangees entre deux equipements sans fil, de reception et d'emission de telles trames, programmes d'ordinateur et supports de donnees contenant ces programmes d'ordinateur |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
121 | Ep: the epo has been informed by wipo that ep was designated in this application |
Ref document number: 21727897 Country of ref document: EP Kind code of ref document: A1 |
|
ENP | Entry into the national phase |
Ref document number: 2022574727 Country of ref document: JP Kind code of ref document: A |
|
ENP | Entry into the national phase |
Ref document number: 20227046222 Country of ref document: KR Kind code of ref document: A |
|
NENP | Non-entry into the national phase |
Ref country code: DE |
|
ENP | Entry into the national phase |
Ref document number: 2021727897 Country of ref document: EP Effective date: 20230104 |