Search

CN-122027186-A - Management of signal authentication between nodes of a communication system employing an E2E protection protocol

CN122027186ACN 122027186 ACN122027186 ACN 122027186ACN-122027186-A

Abstract

Techniques for centralized management of signal authentication of protected data messages are described. A computer-implemented method, performed by a data processing device of a system comprising a plurality of nodes each interconnected via a communication framework, may include repeatedly performing a transmission relay procedure at a defined execution frequency to control transmission of protected data messages between a sender node of the plurality of nodes and a corresponding receiver node of the plurality of nodes. The transmission relay process includes reading data entries issued by the sender node to a memory of the system, the data entries each including data content to be sent to a corresponding receiver node, generating protected data messages each including data content, and sending the protected data messages to the corresponding receiver node via the communication framework.

Inventors

  • P. Sandstrom
  • A. Ekobom

Assignees

  • 沃尔沃汽车公司

Dates

Publication Date
20260512
Application Date
20251110
Priority Date
20241111

Claims (20)

  1. 1. A computer-implemented method performed by a data processing device of a system comprising a plurality of nodes connected to each other via a communication framework, respectively, the method comprising: Repeatedly performing a transmission relay procedure at a defined execution frequency to control transmission of a protected data message between a sender node of the plurality of nodes and a corresponding receiver node of the plurality of nodes, wherein the transmission relay procedure comprises: reading data entries issued by the sender node to a memory of the system, the data entries each comprising data content to be sent to the corresponding receiver node; generating said protected data messages respectively comprising said data content, and The protected data message is sent to the respective receiver node via the communication framework.
  2. 2. The method of claim 1, wherein the data entry further comprises a timestamp and a validity threshold, respectively, the validity threshold indicating a duration of validity of the data content, and wherein the transmission relay process further comprises: Determining whether the data content is valid based on the validity threshold and a respective time difference between the timestamp and a current time, wherein the sending is responsive to the generating, and wherein the generating is responsive to a respective determination that the data content is valid.
  3. 3. The method of claim 2, wherein at least some of the effectiveness thresholds vary over time.
  4. 4. The method of claim 2, wherein the system is integrated on or within a vehicle, and wherein at least some of the effectiveness thresholds vary based on an environment of the vehicle.
  5. 5. The method of claim 1, wherein the data entries are repeatedly issued by the sender node to the memory of the system according to a respective issue frequency employed by the sender node.
  6. 6. The method of claim 5, wherein at least some of the publication frequencies are different.
  7. 7. The method of claim 5, wherein at least some of the publication frequencies are different relative to a defined execution frequency.
  8. 8. The method of claim 5, wherein at least some of the publication frequencies vary over time.
  9. 9. The method of claim 8, wherein at least some of the publication frequencies vary based on an environment of the system.
  10. 10. The method of claim 9, wherein the system is integrated on or within a vehicle, and wherein the environment of the system corresponds to a vehicle environment of the vehicle.
  11. 11. The method of claim 1, wherein the system is integrated on or within a vehicle.
  12. 12. The method of claim 11, wherein the plurality of nodes comprise electronic control units associated with different on-board systems of the vehicle and different applications executed by the data processing device.
  13. 13. The method of claim 1, wherein the performing comprises performing different instances of the transmission relay process, the different instances being customized for different types of the data content or different sender nodes, respectively.
  14. 14. The method of claim 13, wherein different instances of the transmission relay process are performed by separate software modules.
  15. 15. A system, comprising: a plurality of nodes connected to each other via a communication frame, respectively; Processor, and A memory storing executable instructions that when executed by the processor facilitate performance of operations comprising: Repeatedly performing a transmission relay procedure at a defined execution frequency to control transmission of a protected data message between a sender node of the plurality of nodes and a corresponding receiver node of the plurality of nodes, wherein the transmission relay procedure comprises: reading data entries issued by the sender node to a memory of the system, the data entries each comprising data content to be sent to the corresponding receiver node; generating said protected data messages respectively comprising said data content, and The protected data message is sent to the respective receiver node via the communication framework.
  16. 16. The system of claim 15, wherein the data entry further comprises a timestamp and a validity threshold, respectively, the validity threshold indicating a duration of validity of the data content, and wherein the transmission relay process further comprises: Determining whether the data content is valid based on the validity threshold and a respective time difference between the timestamp and a current time, wherein the sending is responsive to the generating, and wherein the generating is responsive to a respective determination that the data content is valid.
  17. 17. The system of claim 15, wherein the data entries are repeatedly published by the sender node to the memory of the system according to respective publication frequencies employed by the sender node, and wherein at least some of the publication frequencies are different relative to a defined execution frequency.
  18. 18. The system of claim 15, wherein the data entries are repeatedly published by the sender node to the memory of the system according to respective publication frequencies employed by the sender node, and wherein at least some of the publication frequencies vary over time.
  19. 19. The system of claim 15, wherein the system is integrated on or within a vehicle, and wherein the plurality of nodes comprise electronic control units associated with different on-board systems of the vehicle and different applications executed by the processor.
  20. 20. A non-transitory machine-readable storage medium comprising executable instructions that when executed by a processor of a system comprising a plurality of nodes connected to each other via the communication framework, respectively, facilitate performance of operations comprising: Repeatedly performing a transmission relay procedure at a defined execution frequency to control transmission of a protected data message between a sender node of the plurality of nodes and a corresponding receiver node of the plurality of nodes, wherein the transmission relay procedure comprises: reading data entries issued by the sender node to a memory of the system, the data entries each comprising data content to be sent to the corresponding receiver node; generating said protected data messages respectively comprising said data content, and The protected data message is sent to the respective receiver node via the communication framework.

Description

Management of signal authentication between nodes of a communication system employing an E2E protection protocol Cross Reference to Related Applications The present application claims priority from U.S. patent application Ser. No.18/943,340, entitled "MANAGEMENT OF SIGNAL VERIFICATION INTERNATIONING NODES OF A COMMUNICATION SYSTEM EMPLOYING E2E PROTECTION PROTOCOLS( management of signal authentication between nodes of a communication system employing E2E protection protocol, filed 11/2024, and is part of and a continuation-in-part of this U.S. patent application which is incorporated herein by reference in its entirety. Technical Field The disclosed subject matter relates to End-to-End (E2E) data communication protocols, and more particularly, to improved management of data signal authentication between nodes of a communication system employing an E2E protection protocol. Background The automotive open system architecture (Automotive Open System Architecture, AUTOSAR) is a global development co-ordination organization that creates a standardized software communication architecture for automotive systems, called AUTOSAR E2E (end-to-end). The purpose of the AUTOSAR E2E is to provide a data protection mechanism for safety critical communications in automotive systems. Since vehicles typically rely on complex network systems to control key functions such as braking, steering and safety functions, it is critical that the data transmitted through these systems be accurate and safe. Although the AUTOSAR E2E is primarily designed to protect data in communications between electronic control units (Electronic Control Units, ECUs) in automotive systems, its application is not strictly limited to ECUs. The E2E protocol may be used for any safety critical communication within automotive systems and other systems, especially where data integrity and fault tolerance are critical. For example, E2E protection mechanisms may also be used for communication between sensors (e.g., radar, lidar, ultrasound) and actuators within the vehicle control network, thereby ensuring that critical inputs such as speed, distance, and object detection data are reliable. In another example, modern vehicles typically use gateway modules to connect different communication buses (e.g., controller area network (Controller Area Network, CAN), local interconnect network (Local Interconnect Network, LIN), flexRay, ethernet, etc.). E2E protection helps to ensure that data transmitted over these networks maintains its integrity even though it is routed through the gateway. The AUTOSAR E2E protocol facilitates creating a more robust and secure communication infrastructure by implementing specific data protection and error detection techniques. In particular, the E2E protocol adds a check to the data to detect if it has been corrupted during transmission. This typically includes mechanisms such as cyclic redundancy check (Cyclic Redundancy Check, CRC) that help ensure that the receiving node can verify the integrity of the received data. The E2E protocol also detects common communication errors, such as data loss, corruption, or out-of-order messages, by adding a sequence counter to the message. While the AUTOSAR E2E protocol is very beneficial for ensuring reliable and secure communications between communication nodes in automotive systems, they do present certain challenges and limitations. In particular, the E2E protocol involves additional error checking mechanisms such as CRC and sequence counters, which increase the computational demands in terms of processing power and memory used by the communication nodes. Furthermore, in high-speed communications where large amounts of data need to be continuously verified, the E2E mechanism can significantly increase resource consumption. High resource consumption may require higher level hardware, which may increase costs, or may reduce available resources for other critical tasks, potentially affecting system performance. In addition, the AUTOSAR E2E uses different AUTOSAR E2E profiles for different ECUs, which are different configurations of E2E protection mechanisms appropriate for a particular application. Setting up and calibrating the E2E protocol may be complex because it involves configuring multiple parameters, such as sequence numbers, counters, timeout values, and CRC lengths, that are tailored to different E2E profiles, which parameters vary depending on security and timing requirements. Thus, adding an E2E protection mechanism may make the overall system more complex, both in terms of software architecture and ECU interaction, which may increase development time. More complex development procedures, testing requirements, and compliance verification may be necessary, which slows down project schedules and increases development costs. Furthermore, E2E protection mechanisms, particularly CRC calculations, can introduce delays that can affect real-time applications requiring fast response times, suc