Search

EP-4742595-A1 - MANAGEMENT OF SIGNAL VERIFICATION AMONGST NODES OF A COMMUNICATION SYSTEM EMPLOYING E2E PROTECTION PROTOCOLS

EP4742595A1EP 4742595 A1EP4742595 A1EP 4742595A1EP-4742595-A1

Abstract

Techniques for centralized management of signal verification of protected data messages are described. A computer-implemented method, performed by a data processing device of a system comprising a plurality of nodes respectively connected to one another via a communication framework, can comprise intercepting protected data messages sent by one or more sender nodes of the plurality of nodes via the communication framework and directed to one or more receiver nodes of the plurality of nodes, the protected data messages being configured in accordance with a secure communication protocol. The method further comprises performing a validation process of the secure communication protocol to validate the protected data messages sequentially in time as intercepted over time, extracting data content from respective messages of the protected data messages in response to successful validation of the respective messages, and providing the data content to the one or more receiver nodes via the communication framework.

Inventors

  • SANDSTRÖM, Per
  • EKBOM, Andreas

Assignees

  • Volvo Car Corporation

Dates

Publication Date
20260513
Application Date
20251030

Claims (15)

  1. A computer-implemented method, performed by a data processing device of a system comprising a plurality of nodes respectively connected to one another via a communication framework, comprising: intercepting (702) protected data messages sent by one or more sender nodes of the plurality of nodes via the communication framework and directed to one or more receiver nodes of the plurality of nodes, the protected data messages being configured in accordance with a secure communication protocol; performing (704) a verification process of the secure communication protocol to verify the protected data messages sequentially in time as intercepted over time; extracting (706) data content from respective messages of the protected data messages in response to successful verification of the respective messages; and providing (708) the data content to the one or more receiver nodes via the communication framework.
  2. The method of claim 1, wherein the protected data messages comprise different types of messages, and wherein performing a verification process comprises performing different instances of the verification process for each type of the different types of messages, the different instances respectively tailored to the different types of messages.
  3. The method of claim 2, wherein the one or more sender nodes comprise a plurality of sender nodes and wherein the different types of messages correspond to different sender nodes of the plurality of sender nodes.
  4. The method of claim 2, wherein the different instances of the verification process employ different activation frequencies respectively tailored to the different types of messages.
  5. The method of claim 4, wherein providing the data content comprises publishing, via the communication framework, the data content to a memory of the system with timestamps respectively indicating timing of interception of corresponding messages of the respective messages, wherein the one or more receiver nodes are configured to read the data content from the memory via the communication framework.
  6. The method of claim 5, wherein at least one receiver node of the one or more receiver nodes is configured to read the data content associated with a same type of messages of the different types of messages from the shared memory at a different read frequency relative to a corresponding activation frequency of a corresponding instance of the verification process employed for the same type of messages.
  7. The method of claim 5, wherein at least some of the one or more receiver nodes are configured to read the data content associated with a same type of messages of the different types of messages from the memory at different read frequencies.
  8. The method of claim 5, wherein the one or more sender nodes comprise a first sender node configured to send first protected data messages of a first type of messages of the different types of messages at a first frequency, wherein performing a verification process comprises performing a first instance of the verification process tailored to the first type of messages and using an activation frequency corresponding to the first frequency, and wherein the one or more receiver nodes comprise at least one receiver node configured to read the data content as extracted from the first protected data messages from the memory at a lower frequency relative to the first frequency.
  9. The method of claim 2, further comprising: for same protected data messages belonging to a same type of messages of the different types of messages, detecting changes to the data content as extracted from the same protected data messages sequentially in time, and wherein the providing comprises providing the data content to the one or more receiver nodes based on detection of a change to the data content.
  10. The method of claim 9, further comprising: sending, via the communication framework, a notification to at least one receiver node of the one or more receiver nodes regarding the detection of the change.
  11. A system, comprising: a plurality of nodes respectively connected to one another via a communication framework; a processor; and a memory that stores executable instructions that, when executed by the processor, facilitate performance of operations, comprising: intercepting (702) protected data messages sent by one or more sender nodes of the plurality of nodes via the communication framework and directed to one or more receiver nodes of the plurality of nodes, the protected data messages being configured in accordance with a secure communication protocol; performing (704) a verification process of the secure communication protocol to verify the protected data messages sequentially in time as intercepted over time; extracting (706) data content from respective messages of the protected data messages in response to successful verification of the respective messages; and providing (708) the data content to the one or more receiver nodes via the communication framework.
  12. The system of claim 11, wherein the protected data messages comprise different types of messages, and wherein performing a verification process comprises performing different instances of the verification process for each type of the different types, the different instances respectively tailored to the different types of messages, and wherein at least some of the different instances of the verification process employ different activation frequencies respectively tailored to the different types of messages.
  13. The system of claim 12, wherein providing the data content comprises publishing, via the communication framework, the data content to the memory or another memory of the system with timestamps respectively indicating timing of interception of corresponding messages of the respective messages, wherein the one or more receiver nodes are configured to read the data content from the memory or the other memory via the communication framework.
  14. The system of claim 13, wherein at least one receiver node of the one or more receiver nodes is configured to read the data content associated with a same type of the different types from the memory or the other memory at a different read frequency relative to a corresponding activation frequency of a corresponding instance of the verification process employed for the same type.
  15. A non-transitory machine-readable storage medium, comprising executable instructions that, when executed by a processor of a system comprising a plurality of nodes respectively connected to one another via the communication framework, facilitate performance of operations, comprising: intercepting protected data messages sent by one or more sender nodes of the plurality of nodes via the communication framework and directed to one or more receiver nodes of the plurality of nodes, the protected data messages being configured in accordance with a secure communication protocol; performing a verification process of the secure communication protocol to verify the protected data messages sequentially in time as intercepted over time; extracting data content from respective messages of the protected data messages in response to successful verification of the respective messages; and publishing, via the communication framework, the data content to a memory of the system with timestamps respectively indicating timing of interception of corresponding messages of the respective messages, wherein the one or more receiver nodes are configured to read the data content from the memory via the communication framework.

Description

TECHNICAL FIELD The disclosed subject matter relates to end-to-end (E2E) data communication protocols, more particularly, to improved management of data signal verification amongst nodes of a communication system employing E2E protection protocols. BACKGROUND The Automotive Open System Architecture (AUTOSAR), is a worldwide development partnership that creates standardized software communication architecture for automotive systems, referred to as AUTOSAR E2E (End-to-End). The purpose of AUTOSAR E2E is to provide data protection mechanisms for safety-critical communication in automotive systems. Since vehicles often rely on complex, networked systems to control critical functions such as braking, steering, and safety features, it's essential that data transferred across these systems is both accurate and secure. While AUTOSAR E2E is primarily designed for protecting data in communication between Electronic Control Units (ECUs) in automotive systems, its application is not strictly limited to ECUs. The E2E protocols can be used for any safety-critical communication within an automotive system and other systems, especially where data integrity and fault tolerance are essential. For example, E2E protection mechanisms can also be used in communication between sensors (e.g., radar, lidar, ultrasonic) and actuators within the vehicle's control network, ensuring that critical inputs like speed, distance, and object detection data are reliable. In another example, modern vehicles often use gateway modules to connect different communication buses (e.g., a Controller Area Network (CAN), a Local Interconnect Network (LIN), a FlexRay, an Ethernet, etc.). E2E protection helps ensure that data transferred across these networks maintains its integrity, even as it's routed through gateways. AUTOSAR E2E protocols facilitate creating a more robust and secure communication infrastructure by implementing specific data protection and error-detection techniques. In particular, the E2E protocols adds checks to data to detect if it has been corrupted during transmission. This often includes mechanisms like Cyclic Redundancy Checks (CRCs), which helps ensure the receiving node can verify the integrity of the data received. The E2E protocols also detect common communication errors such as data loss, corruption, or out-of-order messages by adding sequence counters to messages. Although AUTOSAR E2E protocols are highly beneficial for ensuring reliable and secure communication between communication nodes in automotive systems, they do come with certain challenges and limitations. In particular, E2E protocols involve additional error-checking mechanisms, such as CRC and sequence counters, which increase computational demands in terms of processing power and memory used by the communication nodes. Moreover, in high-speed communications where a large amount of data needs to be verified continuously, E2E mechanisms can significantly increase resource consumption. High resource consumption may require more advanced hardware, which can increase costs, or may reduce available resources for other critical tasks, potentially affecting system performance. In addition, AUTOSAR E2E uses varying AUTOSAR E2E profiles for different ECUs, which are different configurations of E2E protection mechanisms suited for specific applications. Setting up and calibrating E2E protocols can be complex, as it involves configuring multiple parameters tailored to different E2E profiles, like sequence numbers, counters, timeout values, and CRC lengths, which vary depending on safety and timing requirements. Thus, adding E2E protection mechanisms can make the overall system more complex, both in terms of software architecture and in the ECU interactions, which can increase development time. More complex development processes, testing requirements, and compliance checks might be necessary, which can slow down project timelines and add development costs. Further, E2E protection mechanisms, especially CRC calculations, can introduce latency, which might impact real-time applications that require fast response times, like braking or collision detection systems. For example, in high-speed or low-latency automotive networks (like in-vehicle Ethernet), these delays can reduce the effectiveness of time-critical applications, posing a challenge to achieving stringent timing requirements. The above-described background relating to issues associated with AUTOSAR E2E is merely intended to provide a contextual overview of some current issues and is not intended to be exhaustive. Other contextual information may become further apparent upon review of the following detailed description. SUMMARY The following presents a summary to provide a basic understanding of one or more embodiments of the disclosed technology. This summary is not intended to identify key or critical elements or delineate any scope of the particular embodiments or any scope of the claims. Its sole purpose is to pr