Search

EP-3903447-B1 - AUTOMATICALLY VERIFYING VEHICLE IDENTITY AND VALIDATING VEHICLE PRESENCE

EP3903447B1EP 3903447 B1EP3903447 B1EP 3903447B1EP-3903447-B1

Inventors

  • AMBROSIN, MORENO
  • SIVANESAN, KATHIRAVETPILLAI
  • MISOCZKI, RAFAEL
  • SHARMA, SRIDHAR
  • ALVAREZ, IGNACIO

Dates

Publication Date
20260506
Application Date
20191127

Claims (15)

  1. A semiconductor apparatus (190) for use in an infrastructure node (20, 40, IN) for automatically verifying vehicle identity and validating vehicle presence comprising: one or more substrates (192); and logic (194) coupled to the one or more substrates (192), wherein the logic (194) is implemented at least partly in one or more of configurable logic (194) or fixed-functionality hardware logic (194), the logic (194) coupled to the one or more substrates (192) to: conduct a mutual authentication with a vehicle; verify, if the mutual authentication is successful, location information received from the vehicle; and send a token to the vehicle if the location information is verified, wherein the token includes an attestation that the vehicle was present in a location associated with the location information at a specified moment in time.
  2. The semiconductor apparatus (190) of claim 1, wherein the attestation is a time stamp corresponding to the specified moment in time, a vehicle identifier, the location information, and a digital signature.
  3. The semiconductor apparatus (190) of claim 1 or 2, wherein the logic (194) coupled to the one or more substrates (192) is to: send, if the mutual authentication is successful, a secret key to the vehicle; and delete the token from local memory.
  4. The semiconductor apparatus (190) of claim 3, wherein the logic (194) is to derive the secret key from a seed value stored in the local memory.
  5. The semiconductor apparatus (190) of claim 3, wherein the logic (194) is to: retrieve, in response to a scene reconstruction request, a message authentication code and a payload from an untrusted storage platform, wherein the payload includes the location information and additional vantage point information; reconstruct the secret key; verify the message authentication code based on the reconstructed secret key; and decrypt the payload based on the reconstructed secret key.
  6. The semiconductor apparatus (190) of claim 1, wherein the logic (194) coupled to the one or more substrates (192) is to send a series of periodic tokens to the vehicle, and wherein each periodic token corresponds to a different moment in time.
  7. At least one computer readable storage medium comprising a set of instructions, which when executed by an infrastructure node (20, 40, IN), cause the infrastructure node (20, 40, IN) to: conduct a mutual authentication with a vehicle; verify, if the mutual authentication is successful, location information received from the vehicle; and send a token to the vehicle if the location information is verified, wherein the token includes an attestation that the vehicle was present in a location associated with the location information at a specified moment in time.
  8. The at least one computer readable storage medium of claim 7, wherein the attestation is a time stamp corresponding to the specified moment in time, a vehicle identifier, the location information, and a digital signature.
  9. The at least one computer readable storage medium of claim 7 or 8, wherein the instructions, when executed, further cause the infrastructure node to: send, if the mutual authentication is successful, a secret key to the vehicle; and delete the token from local memory.
  10. The at least one computer readable storage medium of claim 9, wherein the instructions, when executed, further cause the infrastructure node to derive the secret key from a seed value stored in the local memory.
  11. The at least one computer readable storage medium of claim 9, wherein the instructions, when executed, further cause the infrastructure node to: retrieve, in response to a scene reconstruction request, a message authentication code and a payload from an untrusted storage platform, wherein the payload includes the location information and additional vantage point information; reconstruct the secret key; verify the message authentication code based on the reconstructed secret key; and decrypt the payload based on the reconstructed secret key.
  12. The at least one computer readable storage medium of claim 7, wherein the instructions, when executed, cause the infrastructure node to send a series of periodic tokens to the vehicle, and wherein each periodic token corresponds to a different moment in time.
  13. A method of operating a vehicle for automatically verifying vehicle identity and validating vehicle presence comprising: conducting a mutual authentication with an infrastructure node; sending, if the mutual authentication is successful, location information to the infrastructure node; and receiving a token from the infrastructure node, wherein the token includes an attestation that the vehicle was present in a location associated with the location information at a specified moment in time.
  14. The method of claim 13, wherein the attestation is a time stamp corresponding to the specified moment in time, a vehicle identifier, the location information, and a digital signature.
  15. The method of claim 13 or 14, further comprising: receiving a secret key from the infrastructure node; encrypting a payload based on the secret key, wherein the payload includes the location information and additional vantage point information; computing a message authentication code based on the secret key; and sending the encrypted payload and the message authentication code to an untrusted storage platform.

Description

TECHNICAL FIELD Embodiments generally relate to monitoring vehicles. More particularly, embodiments relate to automatically verifying vehicle identity and validating vehicle presence. BACKGROUND Vehicle monitoring may be useful in a wide variety of settings such as crash investigations, autonomous fleet management, and so forth. For example, establishing who was present at a crash scene and from what vantage point can be important to an investigation. While environmental cameras (e.g., roadside cameras) may provide useful information regarding vehicle crash sites, coverage areas may be limited. Vehicle sensor data may be useful in certain circumstances, but there remains considerable room for improvement. For example, relying on vehicle sensor data to reconstruct crash scenes may lead to vulnerability concerns with respect to malicious actors who attempt to manipulate the scene reconstruction with false data. US 2016/323741 A1 discloses a method for collecting traffic accident information through communication between devices. The method comprises specifying a vehicle that has transmitted the vehicle accident information based on information about the time when the vehicle accident information was received and the location where the vehicle is placed. Further, when a vehicle is specified, the vehicle information collection apparatus requests from the vehicle information transmission apparatus of the corresponding vehicle authentication information. BRIEF DESCRIPTION OF THE DRAWINGS The various advantages of the embodiments will become apparent to one skilled in the art by reading the following specification and appended claims, and by referencing the following drawings, in which: FIG. 1 is a plan view of an example of a data collection from a crash scene that is attacked by a malicious actor according to an embodiment;FIG. 2 is a signaling diagram of an example of a communication between an infrastructure node and a vehicle according to an embodiment;FIG. 3 is an illustration of an example of a communication between a vehicle, an untrusted storage platform and an infrastructure node according to an embodiment;FIG. 4A is a flowchart of an example of a method of operating an infrastructure node according to an embodiment;FIG. 4B is a flowchart of an example of a method of responding to a scene reconstruction request according to an embodiment;FIG. 5 is a flowchart of an example of a method of operating a vehicle according to an embodiment;FIG. 6 is a flowchart of an example of a method of transferring location information and additional vantage point information to an untrusted storage platform according to an embodiment;FIG. 7 is a block diagram of an example of an infrastructure node according to an embodiment;FIG. 8 is a block diagram of an example of a vehicle according to an embodiment; andFIG. 9 is an illustration of an example of a semiconductor package apparatus according to an embodiment. DESCRIPTION OF EMBODIMENTS Turning now to FIG. 1, a crash scene 10 is shown in which a first vehicle 12 collides with a second vehicle 14 at an intersection. In the illustrated example, a third vehicle 16 is present during the collision and has a vision range 18 (e.g., field of view/FOV) that enables one or more sensors (e.g., cameras, light detection and ranging/lidar sensors, event data recorders/EDRs, etc.) of the third vehicle 16 to capture the collision from a particular vantage point. In an embodiment, the third vehicle 16 wirelessly reports the sensor data collected from the collision to an infrastructure node (IN) 20 such as, for example, a road side unit (RSU), edge node, base station, trusted/neutral entity, and so forth. Similarly, a fourth vehicle 22 is present during the collision and has a vision range 24 that enables one or more sensors of the fourth vehicle 22 to capture the collision from another vantage point. The illustrated fourth vehicle 22 wirelessly reports the sensor data collected from the collision to the infrastructure node 20. Thus, the infrastructure node 20 may use the sensor data collected from the third vehicle 16 and the fourth vehicle 22 to reconstruct the crash scene 10 (e.g., to determine who was at fault). The vehicles 12, 14, 16 and 22 may be autonomous, manually operated, etc., or any combination thereof. In the illustrated example, an attacker 26 sends false sensor data to the infrastructure node 20, wherein the false sensor data indicates that a fifth vehicle 28 (which does not exist) is present during the collision and has a vision range 30 that enables one or more sensors of the fifth vehicle 28 to capture the collision from yet another vantage point. Thus, the false sensor data might be used to bias the scene reconstruction to, for example, mis-assign fault in the collision. As will be discussed in greater detail, the infrastructure node 20 may conduct authentication operations that make it more difficult for the attacker 26 to misrepresent the identity of the fifth vehicl