Search

CN-122027187-A - Management of signal authentication between nodes of a communication system employing an E2E protection protocol

CN122027187ACN 122027187 ACN122027187 ACN 122027187ACN-122027187-A

Abstract

Techniques for centralized management of signal authentication of protected data messages are described. A computer-implemented method performed by a data processing apparatus of a system including a plurality of nodes each interconnected by a communication framework may include intercepting a protected data message sent by one or more sender nodes of the plurality of nodes via the communication framework and directed to one or more receiver nodes of the plurality of nodes, the protected data message being configured according to a secure communication protocol. The method further includes performing an authentication process of the secure communication protocol to sequentially authenticate the secured data messages intercepted over time, extract data content from respective ones of the secured data messages in response to successfully authenticating the respective messages, and provide the data content to one or more receiver nodes via the communication framework.

Inventors

  • P. Sandstrom
  • A. Ekobom

Assignees

  • 沃尔沃汽车公司

Dates

Publication Date
20260512
Application Date
20251110
Priority Date
20241111

Claims (20)

  1. 1. A computer-implemented method, comprising: Repeatedly performing, by a receiver node of a system comprising a plurality of nodes connected to each other via the communication framework, respectively, a data reading process associated with consuming data content repeatedly sent to the receiver node by a sender node of the plurality of nodes in a protected format, wherein the plurality of nodes comprises the receiver node and the sender node, wherein the receiver node is coupled to at least one processor, and wherein the data reading process comprises: The method further includes reading, by the receiver node, data content in an unprotected format included in a memory of the system accessible to the plurality of nodes, wherein the repeatedly performing includes repeatedly performing the data reading process at a read frequency that is different from a transmit frequency at which the transmitter node is configured to repeatedly send the data content to the receiver node.
  2. 2. The method of claim 1, wherein the data content in the unprotected format included in the shared memory further includes a timestamp indicating a time at which the sender node last sent the data content, and wherein the method further comprises: determining, by the receiver node, whether the data content meets a freshness criterion based on a time difference between the timestamp and a read time at which a read is performed, and Consuming, by the receiver node, the data content based on a determination that the data content meets the freshness criteria.
  3. 3. The method of claim 1, wherein the read frequency is lower than the transmit frequency.
  4. 4. The method of claim 1, wherein the read frequency is responsive to a trigger event.
  5. 5. The method of claim 1, wherein the read frequency varies, and wherein the transmit frequency is fixed.
  6. 6. The method of claim 1, wherein the data content is included in the unprotected format in the memory in response to: Intercepting, by a communication management application of the system, a respective protected data message comprising data content repeatedly transmitted by a transmitter node, and The data content is published to the memory by the communication management application in the unprotected format extracted from the respective protected data message by the communication management application.
  7. 7. The method of claim 6, wherein the publishing is further responsive to verifying, by the communication management application, the validity of the data content according to a secure communication protocol.
  8. 8. The method of claim 7, wherein verifying the validity is based on a respective counter included in the respective protected data message.
  9. 9. The method of claim 1, wherein the system is integrated on or within a vehicle.
  10. 10. The method of claim 9, wherein the plurality of nodes comprise electronic control units associated with different on-board systems of the vehicle and different applications executed by data processing devices of the systems.
  11. 11. The method of claim 10, wherein the data processing device comprises the processor, and wherein the receiver node comprises an application of the disparate applications.
  12. 12. A system, comprising: a plurality of nodes connected to each other via a communication frame, respectively; Processor, and A memory storing executable instructions that when executed by the processor facilitate performance of operations comprising: Repeatedly performing, by a receiver node of the plurality of nodes, a data reading process associated with consuming data content repeatedly sent by a sender node of the plurality of nodes to the receiver node in a protected format, wherein the data reading process comprises: The method further includes reading, by the receiver node, data content in an unprotected format included in a memory of the system accessible to the plurality of nodes, wherein the repeatedly performing includes repeatedly performing the data reading process at a read frequency that is different from a transmit frequency at which the transmitter node is configured to repeatedly send the data content to the receiver node.
  13. 13. The system of claim 12, wherein the data content in the unprotected format included in the shared memory further includes a timestamp indicating a time when the transmitter node last transmitted the data content, and wherein the data reading process further comprises: determining, by the receiver node, whether the data content meets a freshness criterion based on a time difference between the timestamp and a read time at which a read is performed, and Consuming, by the receiver node, the data content based on a determination that the data content meets the freshness criteria.
  14. 14. The system of claim 12, wherein the read frequency is lower than the transmit frequency.
  15. 15. The system of claim 12, wherein the read frequency is responsive to a trigger event.
  16. 16. The system of claim 12, wherein the read frequency varies, and wherein the transmit frequency is fixed.
  17. 17. The system of claim 12, wherein the data content is included in the unprotected format in the memory in response to: Intercepting, by a communication management application of the system, a respective protected data message comprising data content repeatedly transmitted by a transmitter node, and The data content is published to the memory by the communication management application in the unprotected format extracted from the respective protected data message by the communication management application.
  18. 18. The system of claim 17, wherein the publishing is further responsive to verifying, by the communication management application, the validity of the data content according to a secure communication protocol.
  19. 19. The system of claim 12, wherein the system is integrated on or within a vehicle.
  20. 20. A non-transitory machine-readable storage medium comprising executable instructions that when executed by a processor of a system comprising a plurality of nodes connected to each other via the communication framework, respectively, facilitate performance of operations comprising: Repeatedly performing, by a receiver node of the plurality of nodes, a data reading process associated with consuming data content repeatedly sent by a sender node of the plurality of nodes to the receiver node in a protected format, wherein the data reading process comprises: The method further includes reading, by the receiver node, data content in an unprotected format included in a memory of the system accessible to the plurality of nodes, wherein the repeatedly performing includes repeatedly performing the data reading process at a read frequency that is different from a transmit frequency at which the transmitter node is configured to repeatedly send the data content to the receiver node.

Description

Management of signal authentication between nodes of a communication system employing an E2E protection protocol Cross Reference to Related Applications The present application claims priority and continuation of U.S. patent application Ser. No.18/943,340, entitled "MANAGEMENT OF SIGNAL VERIFICATION INTERNATIONING NODES OF A COMMUNICATION SYSTEM EMPLOYING E2E PROTECTION PROTOCOLS( management of signal authentication between nodes of a communication system employing E2E protection protocol, filed 11/2024, incorporated herein by reference in its entirety. Technical Field The disclosed subject matter relates to End-to-End (E2E) data communication protocols, and more particularly, to improved management of data signal authentication between nodes of a communication system employing an E2E protection protocol. Background The automotive open system architecture (Automotive Open System Architecture, AUTOSAR) is a global development co-ordination organization that creates a standardized software communication architecture for automotive systems, called AUTOSAR E2E (end-to-end). The purpose of the AUTOSAR E2E is to provide a data protection mechanism for safety critical communications in automotive systems. Since vehicles typically rely on complex network systems to control key functions such as braking, steering and safety functions, it is critical that the data transmitted through these systems be accurate and safe. Although the AUTOSAR E2E is primarily designed to protect data in communications between electronic control units (Electronic Control Units, ECUs) in automotive systems, its application is not strictly limited to ECUs. The E2E protocol may be used for any safety critical communication within automotive systems and other systems, especially where data integrity and fault tolerance are critical. For example, E2E protection mechanisms may also be used for communication between sensors (e.g., radar, lidar, ultrasound) and actuators within the vehicle control network, thereby ensuring that critical inputs such as speed, distance, and object detection data are reliable. In another example, modern vehicles typically use gateway modules to connect different communication buses (e.g., controller area network (Controller Area Network, CAN), local interconnect network (Local Interconnect Network, LIN), flexRay, ethernet, etc.). E2E protection helps to ensure that data transmitted over these networks maintains its integrity even though it is routed through the gateway. The AUTOSAR E2E protocol facilitates creating a more robust and secure communication infrastructure by implementing specific data protection and error detection techniques. In particular, the E2E protocol adds a check to the data to detect if it has been corrupted during transmission. This typically includes mechanisms such as cyclic redundancy check (Cyclic Redundancy Check, CRC) that help ensure that the receiving node can verify the integrity of the received data. The E2E protocol also detects common communication errors, such as data loss, corruption, or out-of-order messages, by adding a sequence counter to the message. While the AUTOSAR E2E protocol is very beneficial for ensuring reliable and secure communications between communication nodes in automotive systems, they do present certain challenges and limitations. In particular, the E2E protocol involves additional error checking mechanisms such as CRC and sequence counters, which increase the computational demands in terms of processing power and memory used by the communication nodes. Furthermore, in high-speed communications where large amounts of data need to be continuously verified, the E2E mechanism can significantly increase resource consumption. High resource consumption may require higher level hardware, which may increase costs, or may reduce available resources for other critical tasks, potentially affecting system performance. In addition, the AUTOSAR E2E uses different AUTOSAR E2E profiles for different ECUs, which are different configurations of E2E protection mechanisms appropriate for a particular application. Setting up and calibrating the E2E protocol may be complex because it involves configuring multiple parameters, such as sequence numbers, counters, timeout values, and CRC lengths, that are tailored to different E2E profiles, which parameters vary depending on security and timing requirements. Thus, adding an E2E protection mechanism may make the overall system more complex, both in terms of software architecture and ECU interaction, which may increase development time. More complex development procedures, testing requirements, and compliance verification may be necessary, which slows down project schedules and increases development costs. Furthermore, E2E protection mechanisms, particularly CRC calculations, can introduce delays that can affect real-time applications requiring fast response times, such as braking or collision detection systems. For example, in high-sp