[go: up one dir, main page]

GB2564909A - Message monitoring and transmission device and method - Google Patents

Message monitoring and transmission device and method Download PDF

Info

Publication number
GB2564909A
GB2564909A GB1712122.9A GB201712122A GB2564909A GB 2564909 A GB2564909 A GB 2564909A GB 201712122 A GB201712122 A GB 201712122A GB 2564909 A GB2564909 A GB 2564909A
Authority
GB
United Kingdom
Prior art keywords
message
vehicle
monitoring
transmission device
vehicle bus
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Withdrawn
Application number
GB1712122.9A
Other versions
GB201712122D0 (en
Inventor
Stylianides Christian
Ellafi Taha
Brierley Steven
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
MT Tech Ltd
M T Tech Ltd
Original Assignee
MT Tech Ltd
M T Tech Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by MT Tech Ltd, M T Tech Ltd filed Critical MT Tech Ltd
Priority to GB1712122.9A priority Critical patent/GB2564909A/en
Publication of GB201712122D0 publication Critical patent/GB201712122D0/en
Publication of GB2564909A publication Critical patent/GB2564909A/en
Withdrawn legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • H04L12/40Bus networks
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/629Protecting access to data via a platform, e.g. using keys or access control rules to features or functions of an application
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/82Protecting input, output or interconnection devices
    • G06F21/85Protecting input, output or interconnection devices interconnection devices, e.g. bus-connected or in-line devices
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • H04L12/40Bus networks
    • H04L2012/40208Bus networks characterized by the use of a particular bus standard
    • H04L2012/40215Controller Area Network CAN
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • H04L12/40Bus networks
    • H04L2012/40267Bus for use in transportation systems
    • H04L2012/40273Bus for use in transportation systems the transportation system being a vehicle
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/101Access control lists [ACL]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1416Event detection, e.g. attack signature detection

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • General Engineering & Computer Science (AREA)
  • Signal Processing (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Health & Medical Sciences (AREA)
  • General Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • Computing Systems (AREA)
  • Alarm Systems (AREA)

Abstract

A message monitoring and transmission device 200 for connection to a vehicle bus 110 comprises a first connector (210, fig. 2), a second connector (220) and a controller (230). The first and second connectors are arranged such that the device can be inserted in line with components of the vehicle bus, e.g. form a plug and socket arrangement. The controller is arranged to receive a first message, to identify the contents of the message, and to transmit a second message which is different to the first message in response to the contents of the first message. In one embodiment if the first message concerns an actionable event on a list, e.g. a key creation message to create a new key for accessing and starting the vehicle, the second message is transmitted to prevent this from happening. The second message may comprise a reset message, false data or corrupt data. The device may have a control interface for receiving software updates and commands. The controller may log information from received messages. In an alternative embodiment the invention is provided by a component already connected to the bus, e.g. an Electronic Control Unit (ECU).

Description

This invention relates to a message monitoring and transmission device for connection to a vehicle bus, a method for controlling a vehicle using such a device, and to a method for message monitoring and transmission in a vehicle.
BACKGROUND
As vehicle technology advances to meet market and consumer demands, more specialised electronic systems are being fitted to vehicles. Twenty years ago a vehicle might have been fitted with one custom Electronic Control Unit (ECU), however it is now common to see over seventy standardised ECUs on more advanced models of vehicle.
These additional electronic systems can manage the functions, performance and status of the vehicle and provide significant improvements in its day to day operation. However, as a system becomes more complicated, it can become more difficult to keep that system secure. Each additional electronic component attached to a vehicle bus may provide security loopholes which could be used, for example, to steal the vehicle. Therefore it is desirable to provide additional features as part of a vehicle bus, and in particular it can be desirable to provide additional security features.
A specific, and very popular, example of an ECU is a device which is sometimes called the Keyless Vehicle Module (KVM), which provides a Start /Stop button for the vehicle engine in place of a traditional key-turned ignition switch. This allows the owner to start and stop the vehicle at the press of a button provided that they have a key within a certain range of sensors fitted to the vehicle, typically one to two metres. However, this advance in luxury and ease to the vehicle owner can present additional security challenges.
New vehicles are typically supplied with two keys as standard, and often it is the case that additional keys can be learnt by the vehicle provided that one of those two original keys is present. However if this were the only way to produce a new key then that would render the entire vehicle useless if both of the original keys were lost or broken. Hence many manufacturers provide a way to learn a new key to these vehicles without having an existing key present. This represents a potential security flaw in the vehicle, which, with the aid of a specialised device, has been known to allow thieves to drive off in under a minute.
Therefore it is desirable to provide some device or method which can help to reduce the risk of this manner of theft.
SUMMARY OF THE INVENTION
In accordance with an aspect of the present invention there is provided a message monitoring and transmission device for connection to a vehicle bus, the device comprising a first connector, a second connector and a controller. The first and second connectors are arranged such that the device can be inserted in line with components of the vehicle bus. The controller is arranged to receive a first message, to identify the contents of the message, and to transmit a second message which is different to the first message in response to the contents of the first message.
In this way the invention provides a message monitoring and transmission device which can be used to generate messages in a vehicle bus. By monitoring messages, vehicle behaviour can be monitored and recorded. By generating suitable messages, many vehicle components can be controlled, either directly in the case of ECUs, or indirectly in the case of components connected to ECUs. Therefore, vehicle behaviour can be changed as desired by a user who controls the message monitoring and transmission device.
The second message may comprise the first message repeated a plurality of times.
Typically, the controller is arranged to transmit a second message if the contents of the first message conform to a preconfigured criteria, and not to transmit a second message otherwise. The preconfigured criteria may include that the first message comprises a particular instruction, or an instruction for a particular vehicle component or ECU, or the preconfigured criteria may include that the first message comprises a password set by a user of the device.
The vehicle bus comprises a communication network for components of the vehicle. The vehicle bus may be a Control Area Network (CAN) bus.
It may be that the first message is transmitted over the vehicle bus. Where this is the case, the controller may be arranged to transmit a second message if the first message comprises a particular message, such as a key creation message. It may be that the second message is intended to prevent the creation of a key.
It may be that the second message is transmitted over the vehicle bus, either to a specific vehicle component, or to a plurality of vehicle components, or to all available vehicle components.
Typically, the first connector is a plug and the second connector is a socket. In a particular embodiment, the plug and socket may be arranged that the device can be inserted between a vehicle component such as an ECU and its network connection, by connecting the network connection to the message monitoring and transmission device and then connecting the message monitoring and transmission device to the vehicle component.
It may be that the second message comprises at least one of a general reset message, a specific reset message, false data or corrupt data. A general reset message is one which will cause a reset in all vehicle systems which receive the message and which are capable of carrying out a reset. A specific reset message is one which will cause a reset in one or a specific subset of vehicle systems which receive the message and which are capable of carrying out a reset. False data is data which is incorrect, and may be data which is designed to cause a specific vehicle function, such as key creation, to fail. Corrupt data is data which will cause a vehicle component to halt a current operation due to an error when it receives the corrupt data.
Typically, the message monitoring and transmission device comprises a memory, and it may be that the controller is arranged to record information related to a first message in the memory.
Typically the message monitoring and transmission device comprises a further interface. The further interface may comprise a wireless transceiver. The further interface may comprise an interface port such as an OBD-II interface port. The further interface may comprise input detection means such as at least one button or switch.
Where the further interface comprises a wireless transceiver, the wireless transceiver may be any one or a combination of a Bluetooth transceiver, a GSM transceiver, a 3G transceiver, a 4G transceiver, a Wi-Fi transceiver and any other suitable transceiver.
The message monitoring and transmission device may comprise a display screen.
The first message may be received over the further interface, for example through the wireless transceiver. The second message may be sent over the further interface, for example through the wireless transceiver.
It may be that the controller is further arranged to receive a third message through the further interface and identify the contents of the third message, the controller being arranged to act on the transmission of the second message in response to the contents of the third message. The third message may arrive before, at the same time as or after the first message. The controller may act on the transmission of the second message by preventing transmission of the second message.
A further embodiment of the invention provides vehicle bus which comprises a message monitoring and transmission device as described above. A still further embodiment of the invention provides a vehicle comprising such a vehicle bus.
The invention also provides a method of controlling a vehicle, the method comprising inserting a message monitoring and transmission device as described above into the bus of that vehicle.
A further embodiment of the invention provides a message monitoring and transmission method which comprises providing a first device for connecting to a vehicle bus, wherein the first device is configured to:
receive a first message concerning an actionable event of the vehicle which is transmitted over the vehicle bus;
determine whether the first message is on a predefined list; and transmit a second message over the vehicle bus which is intended to prevent the actionable event if the first message is on the predefined list.
The first device may be any device which is suitable for connecting to a vehicle bus. The first device may perform other roles within the vehicle, for example the first device may be an ECU which is also used for functions other than the ones connected with this method. The predefined list may be derived from a set of rules. The first device may be arranged to determine whether the first message is on a predefined list by referring to a further list indicating if the actionable event is currently allowed. The definition of messages which are on the predefined list may include messages which concern one or more actionable events which are not currently allowed. It may be that if an actionable event is not allowed, then the first message is on the predefined list. The first device may determine if the actionable event is currently allowed by referring to a set actionable event allowance, which may be recorded in a memory in the vehicle bus. The set actionable event allowance indicates whether the actionable event is allowed. The memory which records the set actionable event allowance may be located in the first device.
The actionable event of the vehicle may be an action carried out by a component of the vehicle which is connected to the vehicle bus, such as an ECU. The actionable event may be a function carried out by a component of the vehicle. It may be that the actionable event is key creation.
It may be that the second message is transmitted over the vehicle bus, either to a specific vehicle component, or to a plurality of vehicle components, or to all available vehicle components.
It may be that the second message comprises at least one of a general reset message, a specific reset message, false data or corrupt data. A general reset message is one which will cause a reset in all vehicle systems which receive the message and which are capable of carrying out a reset. A specific reset message is one which will cause a reset in one or a specific subset of vehicle systems which receive the message and which are capable of carrying out a reset. False data is data which is incorrect, and may be data which is designed to cause a specific vehicle actionable event, such as key creation, to fail. Corrupt data is data which will cause a vehicle component to halt a current operation due to an error when it receives the corrupt data.
Typically, the first device comprises a memory, and it may be that the first device is arranged to record information related to a first message in the memory. The memory may be used to store the predefined list, or rules from which the predefined list can be derived.
The first device may comprise a further interface. The further interface may comprise a wireless transceiver. The further interface may comprise an interface port such as an OBD-II interface port. The further interface may comprise input detection means such as at least one button or switch. Alternatively, a further interface may be provided by a second device which is connected to the vehicle bus, such that messages received by the further interface of the second device are transmitted over the vehicle bus to the first device, and messages transmitted from the first device to the second device over the vehicle bus may be transmitted by the further interface.
Where the further interface comprises a wireless transceiver, the wireless transceiver may be any one or a combination of a Bluetooth transceiver, a GSM transceiver, a 3G transceiver, a 4G transceiver, a Wi-Fi transceiver and any other suitable transceiver.
The message monitoring and transmission device may comprise a display screen.
The first device may be arranged to receive a message over the further interface, for example through the wireless transceiver. The first device may also be arranged to send messages over the further interface, for example through the wireless transceiver.
In a message monitoring and transmission method as described above, the first device may be further configured to determine whether the first message sets an actionable event allowance and record the set actionable event allowance according to the first message.
The set actionable event allowance may be an indication that an actionable event is allowed, or that the actionable event can be executed a predetermined number times, or that the actionable event is allowed in a certain time frame. The first device may determine whether the actionable event is currently allowed by checking the set actionable event allowance.
The first device can be configured to, in response to receiving a first message concerning an actionable event on the predefined list of actionable events which is not currently allowed, transmit a query as to whether the actionable event should be permitted. The method may further comprise: allowing the actionable event to proceed if a response is received comprising a permission for the actionable event to proceed; and transmitting a second message over the vehicle bus which is intended to prevent the actionable event otherwise.
The query may be sent over the bus, or over the further interface. The response may be received over the bus, or over the further interface.
A first device in the message monitoring and transmission method may be further configured to carry out any of the actions of the message monitoring and transmission device described above.
Instructions may be provided to more than one device in the vehicle bus so that more than one device in the plurality of devices behaves as a first device.
A still further embodiment of the invention provides a first device as described above. The first device according to this embodiment may be configured to carry out any of the methods or actions described in relation to a first device or a message monitoring and transmission device above.
Another embodiment of the invention provides a machine-readable storage medium encoded with instructions for a device which is connectable to a vehicle bus, the instructions executable by a processor of the device to cause the device to:
receive a first message concerning an actionable event of the vehicle which is transmitted over the vehicle bus;
determine whether the first message is on a predefined list; and transmit a second message over the vehicle bus which is intended to prevent the actionable event if the first message is on the predefined list.
The machine readable storage medium may be encoded with instructions which are executable by the processor of the first device to cause the first device to carry out any of the methods or actions described above in relation to a first device or a message monitoring and transmission device.
BRIEF DESCRIPTION OF THE DRAWINGS
Exemplary embodiments of the invention are further described hereinafter with reference to the accompanying drawings, in which:
Figures 1 shows a vehicle bus system;
Figure 2 shows a message monitoring and transmission device according to the present invention;
Figures 3, 4 and 5 show a vehicle bus system provided with one or more message monitoring and transmission devices according to the present invention; and
Figure 6 shows a process for message monitoring and transmission according to the invention.
DETAILED DESCRIPTION
Figure 1 shows a vehicle network 100. The vehicle network 100 comprises a bus 110 which connects a number of Electronic Control Units 120, 130, 140, 150 in a vehicle. The ECUs 120, 130, 140, 150 operate by receiving and transmitting messages over the bus 110, which is also connected to various vehicle systems which are not shown in Figure 1.
The first electronic control unit is a Keyless Vehicle Module (KVM) 120 in this example, and the other electronic control units may include modules for controlling components of the vehicle such as the powertrain, the brakes or the transmission. The other electronic control units may also monitor or control aspects of the vehicle’s operation such as its speed, location, or seat or mirror positions. An ECU can be created to monitor or control any aspect of the vehicle which can be connected to the vehicle network 100.
Figure 2 shows a message monitoring and transmission device 200 according to the present invention. The message monitoring and transmission device 200 comprises a first connector 210 and a second connector 220 which are arranged such that the device can be inserted in line with the components of the vehicle bus 120. The message monitoring and transmission device further comprises a controller 230 which is connected to the first connector 210 and the second connector 220. The controller 230 is further connected to a memory unit 240, a wireless transceiver 250, and a geographical position detection unit 260.
The geographical position detection unit 260 in the present embodiment can determine the geographical position of the message monitoring and transmission device 200 by identifying the geographical location of systems which are connected to using the wireless transceiver. In further embodiments according to the invention, the geographical position detection unit 260 may further comprises hardware for determining the geographical location of the message monitoring and transmission device 200, such as a GPS unit.
In addition, the message control device 200 comprises a gyroscope 270. The gyroscope can provide real time data on the movement of the vehicle, and the data can be used to detect unauthorised vehicle movement and therefore trigger an action. The data can also be displayed on a terminal for performance monitoring, or logged for future reference.
Figure 3 shows a vehicle network 100 similar to the one shown in Figure 1 into which the message monitoring and transmission device 200 has been fitted. In this particular example, the first and second connectors 210, 220 comprise a plug and socket which are compatible with the plug and socket arrangement used to connect the KVM 130 to the network 120. Therefore the message monitoring and transmission device 200 can be fitted by unplugging the keyless vehicle module 120 from the bus 110, and connecting the message monitoring and transmission device 200 to both the bus 110 and the keyless vehicle module 120 so that it is in line with the components of the vehicle network 100.
Once it is connected, the message monitoring and transmission device 200 will receive messages transmitted over the bus 110 as part of the operation of the vehicle network 100. The controller 230 is arranged to execute a program stored on the memory 240 and to identify the messages received through the first and second connectors 210, 220 from the bus 110. The controller 230 is further arranged, as part of the program, to send messages over the bus 110 in response to the received messages.
In a particular example, if the controller 230 identifies a key creation message which is intended to create a new key for accessing the vehicle and starting the engine, then the controller 230 is arranged to transmit an interrupt message. The key creation message may comprise a message which directly instructs the creation of a new key, or it may comprise a message which indicates that a new key is being or about to be created. For example, the controller 230 may be arranged to transmit an interrupt message on detecting a diagnostic session opening to the KVM, or another ECU, via diagnostic header and ECU address pointer. The controller 230 may be arranged to transmit an interrupt message on passing security to KVM at level 1, level 2 or level 3. The controller 230 may be arranged to transmit an interrupt message on detecting an available keys present query. The controller 230 may be arranged to transmit an interrupt message on detecting an initialise key learn function. The controller 230 may be arranged to transmit an interrupt message on any subsequent step in key learn function.
The interrupt message in the present embodiment comprises a general reset command. The general reset command will cause systems connected to the bus 110 to reset, interrupting any instructions that they may be executing, so that the creation of the new key is interrupted.
In an alternative embodiment, the controller 230 may be arranged to transmit a specific reset message in response to the key creation message. The specific reset message may only cause a specific component or set of components to reset, such as for example the KVM 120, in order to interrupt the key creation, and the specific reset message may be a specific to ECU reset command. In a further alternative embodiment, the controller 230 may be arranged to transmit false information in response to the key creation message. The false information may comprise information which, when received by other components in the vehicle network 100, will cause the key creation process to fail, such as false information concerning data which should be recorded about the new key. The false information may be sent to all devices on the network, or it may be sent to a specific ECU or ECUs. In a further alternative embodiment, the controller 230 may be arranged to transmit corrupt information in response to the key creation message. The corrupt information may for example be information which will cause certain components of the vehicle to experience an error which will lead them to halt a current operation, interrupting the key creation process.
As such, key creation in the vehicle is interrupted by the message monitoring and transmission device 200, preventing the vehicle from being stolen by creating a new key.
The wireless transceiver 250 is designed to and transmit and receive messages to and from outside the vehicle. In the present embodiment, the wireless transceiver 250 comprises both a Bluetooth transceiver and a GSM transceiver. The Bluetooth transceiver can be standard Bluetooth transceiver, or it can be a Bluetooth Low Energy transceiver.
The message monitoring and transmission device 200 is able to download updates to its own software using the wireless transceiver, as well as receive other messages. As such, the user can communicate with the message monitoring and transmission device 200 through the wireless transceiver 250 by using any suitable wireless terminal, such as a smart phone or personal computer. Therefore, if a user wishes to create a new key for their vehicle, which has been fitted with a message monitoring and transmission device 200, then the user will:
(i) access a control application for the message monitoring and transmission device on their terminal;
(ii) identify themselves as a registered user by entering a password into the application so that it is transmitted to the message monitoring and transmission device 200 through the wireless transceiver 250; and (iii) temporarily disable the key creation blocking function of the message monitoring and transmission device 200 by issuing a command using the application.
The message monitoring and transmission device will then not block the next key creation attempt made using the vehicle network 100.
In an alternative embodiment, a message monitoring and transmission device according to the invention may be provided with an interface which required a physical connection, such as an OBD-II interface port. This may be provided in place of a wireless transceiver, so that a user would have to physically access the message monitoring and transmission device in order to connect to it and provide instructions to allow a key to be created.
io
In a further alternative embodiment, a message monitoring and transmission device according to the invention may comprise a physical switch, which must be accessed and switched in order to allow a key to be created.
In a still further alternative embodiment, a message monitoring and transmission device according to the invention may not be provided with any sort of control interface. In such an embodiment, it would be necessary to physically remove the message monitoring and transmission device if the user wished to create a new key.
The message monitoring and transmission device 200 provides a number of other services for the user. For example, the controller 230 is arranged to log information from messages received over the bus 110 by recording that information in the memory 240. The user can access these logs through their terminal, so that they can be used for diagnostic or maintenance work on the vehicle. The controller of the message monitoring and transmission device 200 is also arranged to transmit messages over the bus 110 which request information from ECUs, so that the information it receives in return can be stored in its log. Information on all aspects of the vehicles function can be stored in the log, including speed and location records, temperature records for the engine and the driver’s compartment, oil pressure and fuel records and records of error messages produced by components connected to the vehicle network 100.
In response to certain instructions received from the user via the wireless transceiver 250, the message monitoring and transmission device 200 is arranged to perform specific actions. For example, in response to an instruction from the user the message monitoring and transmission device 200 can transmit messages to ECUs and other components in the vehicle over the bus 110. These messages include instructions for service resets of ECUS and flashing ECUs during services or remapping. A message from the message monitoring and transmission device 200 may remotely start the vehicle engine, allowing the user to start their vehicle remotely so that it can warm up on a cold morning before the vehicle is driven, or alternatively a message may remotely stop the engine when the vehicle is not moving. Messages can also enable or disable an immobiliser, or vehicle tracking.
The controller 230 is arranged to transmit a message using the wireless transceiver if certain preconfigured criteria are met. For example, if the engine temperature exceeds a predetermined level, or the battery charge drops below a predetermined level, or a particular error message is received, the controller 230 may transmit a warning.
The controller 230 is arranged to identify if the vehicle is being stolen. This can be done in a number of ways. For example, the controller 230 may detect certain suspicious activity in the vehicle bus. Alternatively, the controller 230 may detect that the car is being driven at an unusual time of day, or in an unusual location. Tracking the location of the vehicle can be done by using the controller’s own internal geographical position detection unit 260, or by using the vehicle’s own GPS or any other suitable and available tracking system.
Once a theft is detected, the message monitoring and transmission device 200 will respond according to settings chosen by the user. The message monitoring and transmission device 200 may send a message to the user’s terminal using the wireless transceiver 250, for example using the GSM transceiver, including the vehicle’s location and the reason that a theft is believed to be occurring. In this way the user can track their vehicle if it is moved, and communicate the location to a third party such as the police.
Either automatically, or in response to instructions from the user, the message monitoring and transmission device 200 may take actions to immobilise the vehicle. For example, the controller 230 may be configured to transmit general resets, specific resets, incorrect information or corrupt information which prevent the engine from starting. The controller 230 may also transmit information which activates the engine’s immobilisation and anti-theft measures, including audible alarms and flashing lights. In order to immobilise the engine in a more permanent manner, the controller 230 may be arranged to corrupt the function of one or more ECU’s by programing the ECU with encrypted data so that it no longer functions. In the event that the vehicle is recovered, the controller 230 may be configured to decrypt the information on the ECU in response to an instruction from the user so that the vehicle can be used again. The controller 230 may also be arranged to short a twelve volt line or other high voltage line in the vehicle through the vehicle network 100 in order to overload and hence permanently disable the ECUs.
The message monitoring and transmission device 200 does not have to be connected in line with the KVM 120. Figure 4 shows an embodiment in which the message monitoring and transmission device 200 is connected in line with a second ECU 130. From this location, the message monitoring and transmission device can still receive and transmit message over the bus 110. In this way, a message monitoring and transmission device 200 can be positioned almost anywhere on the vehicle, provided only that the vehicle network 100 extends there or can be connected by an ECU. This makes it difficult to find and remove the message monitoring and transmission device 200 unless you already know where it is installed.
Figure 5 shows an embodiment in which a vehicle is provided with multiple message monitoring and transmission devices 200, one in line with the KVM 120, one in line with the third ECU 140, and one located elsewhere in the bus 110. In order to successfully steal a vehicle which comprises a vehicle bus as shown in Figure 5 by creating a new key, a thief would have to locate and disable all three of the message monitoring and transmission devices, which could be located anywhere, from the engine compartment to behind the dashboard to the boot of the vehicle.
In a further embodiment of the invention, instructions may be provided to a component of a vehicle network 100 such as the second, third or fourth ECU 130, 150, 160. Theses instructions may cause the component to behave in the same way as the message control device 200 described above. In this way, theft can be prevented by a component which may already be present in the vehicle, such as an ECU.
Figure 6 shows a first process 300 which may be carried out by a first device which is connected to a vehicle bus according to an embodiment of the invention. The vehicle bus may be a vehicle bus 110 and the first device may be a message control device 200 or it may be another component of a vehicle network 100 such as the electronic control units 130, 140, 150 shown in Figure 1. The vehicle may be provided with a plurality of first devices, which may be any combination of message control devices 200 and electronic control units such as electronic control units 130, 140, 150. The process starts at step S301 and proceeds to step S302, in which the first device receives a first message. The first message may be transmitted over the bus 110 of the vehicle network 100, or it may be received at the first device using through a further interface, such as a wireless transceiver. Instructions stored on the first device cause the first device to identify the contents of the first message in step S303.
As a part of identifying the contents of the first message, the instructions stored on the first device cause the first device to identify if any data sets included in the first message are flagged for logging. In step S304, the device logs any data sets in the first message which are flagged for logging. The first device can be configured to collect any sort of data which it receives, including any sort of data which may be transmitted over a vehicle bus. Examples of data sets which can be flagged for logging may include information which could indicate a theft attempt, such as suspicious activity surrounding key creation, as well as information concerning the operation of the vehicle, such as location data, fuel data, data concerning the tyres or data concerning the engine such as oil levels or mileage statistics. Once any relevant data is logged, the process proceeds to step S305.
In step S305, the first device determines whether the message is on a predefined trigger list. The predefined trigger list may comprise messages concerning specific functions of the vehicle, such as key creation, so that the first device may determine whether the message concerns the creation of a key in step S305. In order to concern the creation of a key the first message may comprise a key creation message, or it may comprise a message which instructs a component other a key creation message, such as a message instructing the KVM 120 to prepare to create a key. If the contents of the first message are not on the predefined list, then the first process 300 ends at step S306. However, if at step S305 the first message is determined to be on the predefined list, then the process proceeds to step S307.
In step S307, the instructions stored on the first device cause the first device to determine whether the first message comprises instructions for the first device. For example, the first message may set an actionable event allowance In particular embodiments, the first message may set a key creation allowance, which determines whether key creation is allowed in the vehicle network 100 as described below, and can be set by a user by sending a message to the first device. The process proceeds to step S308 if the first message does contain instructions for the first device, wherein the instructions are applied. The first device may require that the first message comprise a unique password in order for instructions contained on the first device to be implemented. If the first message does set an actionable event allowance, then the first device records metadata concerning the set actionable event allowance in step S308 by storing the set actionable event allowance on a memory which may be part of the first device or may be part of another component in the vehicle network 100. The process then ends at step S309. If the first message does not comprise instructions for the first device, then the first process 300 proceeds to step S310.
In step S310, the instructions stored on the first device cause the first device to transmit a query, for example a query asking if an actionable event associated with the first message should be permitted. The query may be sent to a terminal such as a device operated by the user or to a third party. The query may be transmitted by a wireless transceiver. The wireless transceiver may be a part of the first device, or the wireless transceiver may be located outside the first device, for example in another component of the vehicle network 100.
The process then causes the first device to wait for a predetermined interval at step S311.
In step S312, the instructions on the first device cause the first device to determine if a response has been received in the form of a valid incoming command. The incoming command may be a command authorising the actionable event. The first device may require that the incoming command comprise a password or some other unique identifier in order for the command to be valid. If a valid command is received then the process proceeds to step S313, in which the first device performs actions according to the command. The command may instruct the first device to allow the actionable event to proceed, or the command may instruct the first device to respond to the specific trigger in a particular fashion. If the command contains no instructions to the contrary, the first device may be arranged to perform a predefined response to the specific trigger at this stage. For example, the command may instruct the first device to allow a key creation event to occur, or the command may instruct the first device to proceed with security measures such as triggering an alarm or immobilising the vehicle in response to a key creation event. Having performed actions according to the command, the process ends at step S314. If no command is received, or if a command which is received is not valid, then the process proceeds to step
5315.
At step S315, the instructions stored on the first device cause the first device to perform a predefined response in response to the specific trigger. For example, where the specific trigger concerns the creation of a key, the first device may transmit a second message which is intended to prevent the creation of a new key. The second message may comprise an interrupt message, such as a general reset command or a specific reset message. The interrupt message may comprise false information. The interrupt message may comprise corrupt information. The first device is further configured to record its activity and to transmit an alert indicating that an actionable event has been detected and the actions taken at step
5316. The alert may comprise information on whether the intervention of step S315 succeeded or failed. The alert may comprise data concerning the state of the first device. The alert may comprise data concerning the state of the vehicle, such as location data. The alert may be sent to the user or to a third party. The alert may be transmitted by a wireless transceiver as is described above in reference to other embodiments. The wireless transceiver may be a part of the first device, or the wireless transceiver may be located outside the first device, for example in another component of the vehicle network 100. The first process 300 then ends at step S317.
The first device may be further configured to transmit alerts at steps S306, S309 and S314. These alerts may for example contain acknowledgements of instructions, confirmation that instructions were implemented, updated information on the vehicle and updated information on the first device.
Once it has ended, the process may restart at step S301.
In an alternative embodiment, the first device may be configured to proceed straight from establishing that a first message does not contain instructions for the first device at step S307 to step S315 and perform a predefined response to the specific trigger. In this way, the process will skip the step of transmitting a query and waiting for a response.
In the examples shown above, the bus 110 comprises connections which allow any ECU to communicate with any other ECU. However, the network may also comprise private sections which can only be reached by passing messages through a gateway ECU. Where this is the case, the message monitoring and transmission device may also transmit messages to the gateway ECU as a part of its function, in order to transmit and receive messages across a private part of the network.
Throughout the description and claims of this specification, the words “comprise” and “contain” and variations of them mean “including but not limited to”, and they are not intended to (and do not) exclude other moieties, additives, components, integers or steps. Throughout the description and claims of this specification, the singular encompasses the plural unless the context otherwise requires. In particular, where the indefinite article is used, the specification is to be understood as contemplating plurality as well as singularity, unless the context requires otherwise.
Features, integers, characteristics, compounds, chemical moieties or groups described in conjunction with a particular aspect, embodiment or example of the invention are to be understood to be applicable to any other aspect, embodiment or example described herein unless incompatible therewith. All of the features disclosed in this specification (including any accompanying claims, abstract and drawings), and/or all of the steps of any method or process so disclosed, may be combined in any combination, except combinations where at least some of such features and/or steps are mutually exclusive. The invention is not restricted to the details of any foregoing embodiments. The invention extends to any novel one, or any novel combination, of the features disclosed in this specification (including any accompanying claims, abstract and drawings), or to any novel one, or any novel combination, of the steps of any method or process so disclosed.

Claims (24)

1. A message monitoring and transmission device for connection to a vehicle bus, the device comprising:
a first connector;
a second connector; and a controller, the first and second connectors being arranged such that the device can be inserted in line with components of the vehicle bus, wherein the controller is arranged to receive a first message, to identify the contents of the message, and to transmit a second message which is different to the first message in response to the contents of the first message.
2. A message monitoring and transmission device according to claim 1, wherein the first message is transmitted over the vehicle bus.
3. A message monitoring and transmission device according to claim 2, wherein the controller is arranged to transmit a second message if the first message comprises a key creation message.
4. A message monitoring and transmission device according to claim 3, wherein the second message is intended to prevent the creation of a key.
5. A message monitoring and transmission device according to any preceding claim, wherein the second message is transmitted over the vehicle bus to a vehicle component.
6. A message monitoring and transmission device according to any preceding claim, wherein the first connector is a plug and the second connector is a socket.
7. A message monitoring and transmission device according to any preceding claim, wherein the second message comprises at least one of a general reset message, a specific reset message, false data or corrupt data.
8. A message monitoring and transmission device according to any preceding claim, wherein the message monitoring and transmission device comprises a memory, and the controller is arranged to record information related to the first message in the memory.
9. A message monitoring and transmission device according to any preceding claim, wherein the message monitoring and transmission device comprises a further interface.
10. A message monitoring and transmission device according to claim 9, wherein the further interface comprises a wireless transceiver.
11. A message monitoring and transmission device according to claim 10, wherein the controller is further arranged to receive a third message through the wireless transceiver and identify the contents of the third message, the controller being arranged to act on the transmission of the second message in response to the contents of the third message.
12. A vehicle bus comprising a message monitoring and transmission device according to any preceding claim.
13. A vehicle comprising a vehicle bus according to claim 12.
14. A method of controlling a vehicle, the method comprising inserting a message monitoring and transmission device according to any of claims 1 to 11 into a vehicle bus.
15. A message monitoring and transmission method which comprises providing a first device for connecting to a vehicle bus, wherein the first device is configured to:
receive a first message concerning an actionable event of the vehicle which is transmitted over the vehicle bus;
determine whether the first message is on a predefined list; and transmit a second message over the vehicle bus which is intended to prevent the actionable event if the first message is on the predefined list.
16. A message monitoring and transmission method according to claim 15, wherein the actionable event is key creation.
17. A message monitoring and transmission method according to claim 15 or claim 16, wherein the second message comprises at least one of a general reset message, a specific reset message, false data or corrupt data.
18. A message monitoring and transmission method according to any of claims 15 to 17, wherein the first device comprises a memory, and the first device is further configured to record information related to the first message in the memory.
19. A message monitoring and transmission method according to any of claims 15 to 18, wherein the message first device comprises a further interface.
20. A message monitoring and transmission method according to claim 19, wherein the further interface comprises a wireless transceiver.
21. A message monitoring and transmission method according to any of claims 15 to 20, wherein the first device is further configured to:
determine whether the first message sets an actionable event allowance; and record the set actionable event allowance according to the first message if the first message sets an actionable event allowance.
22. A message monitoring and transmission method according to any of claims 15 to 21, wherein the first device is configured to, in response to receiving a first message concerning an actionable event on the predefined list of actionable events which is not currently allowed, transmit a query as to whether the actionable event should be permitted, the method further comprising:
allowing the actionable event to proceed if a response is received comprising a permission for the actionable event to proceed; and transmitting a second message over the vehicle bus which is intended to prevent the actionable event otherwise.
23. A first device according to any of claims 15 to 22.
24. A machine-readable storage medium encoded with instructions for a device which is connectable to a vehicle bus, the instructions executable by a processor of the device to cause the device to:
receive a first message concerning an actionable event of the vehicle which is transmitted over the vehicle bus;
determine whether the first message is on a predefined list; and transmit a second message over the vehicle bus which is intended to prevent the actionable event if the first message is on the predefined list
GB1712122.9A 2017-07-27 2017-07-27 Message monitoring and transmission device and method Withdrawn GB2564909A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
GB1712122.9A GB2564909A (en) 2017-07-27 2017-07-27 Message monitoring and transmission device and method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
GB1712122.9A GB2564909A (en) 2017-07-27 2017-07-27 Message monitoring and transmission device and method

Publications (2)

Publication Number Publication Date
GB201712122D0 GB201712122D0 (en) 2017-09-13
GB2564909A true GB2564909A (en) 2019-01-30

Family

ID=59778852

Family Applications (1)

Application Number Title Priority Date Filing Date
GB1712122.9A Withdrawn GB2564909A (en) 2017-07-27 2017-07-27 Message monitoring and transmission device and method

Country Status (1)

Country Link
GB (1) GB2564909A (en)

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20050273211A1 (en) * 2004-05-20 2005-12-08 General Motors Corporation Programmable wireless in-line connector
US20100293311A1 (en) * 2006-11-03 2010-11-18 Siegfried Hahn Device and method for manipulating communication messages
US20150020152A1 (en) * 2012-03-29 2015-01-15 Arilou Information Security Technologies Ltd. Security system and method for protecting a vehicle electronic system
EP2892199A1 (en) * 2014-01-06 2015-07-08 Argus Cyber Security Ltd. Global automotive safety system
US20160197944A1 (en) * 2015-01-05 2016-07-07 International Business Machines Corporation Controller area network bus monitor
EP3113529A1 (en) * 2015-06-29 2017-01-04 Argus Cyber Security Ltd System and method for time based anomaly detection in an in-vehicle communication network
WO2017013622A1 (en) * 2015-07-22 2017-01-26 Arilou Information Security Technologies Ltd. Vehicle communications bus data security

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20050273211A1 (en) * 2004-05-20 2005-12-08 General Motors Corporation Programmable wireless in-line connector
US20100293311A1 (en) * 2006-11-03 2010-11-18 Siegfried Hahn Device and method for manipulating communication messages
US20150020152A1 (en) * 2012-03-29 2015-01-15 Arilou Information Security Technologies Ltd. Security system and method for protecting a vehicle electronic system
EP2892199A1 (en) * 2014-01-06 2015-07-08 Argus Cyber Security Ltd. Global automotive safety system
US20160197944A1 (en) * 2015-01-05 2016-07-07 International Business Machines Corporation Controller area network bus monitor
EP3113529A1 (en) * 2015-06-29 2017-01-04 Argus Cyber Security Ltd System and method for time based anomaly detection in an in-vehicle communication network
WO2017013622A1 (en) * 2015-07-22 2017-01-26 Arilou Information Security Technologies Ltd. Vehicle communications bus data security

Also Published As

Publication number Publication date
GB201712122D0 (en) 2017-09-13

Similar Documents

Publication Publication Date Title
US11878652B2 (en) Vehicle remote control system
CA2953144C (en) Method and apparatus for providing vehicle security
CN107251105B (en) Motor vehicle security and motor vehicle safety systems
CN107539271B (en) Low-power-consumption high-safety vehicle anti-theft tracking system and method thereof
EP3297874B1 (en) Independent vehicle security method and apparatus
US20050242971A1 (en) System and method for safe disablement of mobile pieces of equipment (MPEs)
US10793106B2 (en) Automobile tracking and notification device and service
RU2556383C2 (en) Method of preventing unauthorised use of vehicle equipment
US10857882B2 (en) System and method for remotely controlling and monitoring vehicle based on IOT
US20160090923A1 (en) Payment enforcement system
CN106537463B (en) Method and device for improving vehicle safety
CN108482308B (en) Electric vehicle safety control method and device, storage medium and electric vehicle
US20180265037A1 (en) Method for controlling the operation of at least one functional component of a motor vehicle and motor vehicle
GB2564909A (en) Message monitoring and transmission device and method
WO2008034944A1 (en) Method and system for locating a computer
CN104890624A (en) Anti-theft method and device for vehicle
US11203322B2 (en) Vehicle control system with wirelessly-coupled underhood components
CN116788200B (en) Vehicle control methods, devices, and storage media
CN119078726A (en) A vehicle intelligent anti-theft method and device
CN121357224A (en) Vehicle remote ventilation control method and device, readable storage medium and vehicle
WO2024250096A1 (en) Anti-theft system for a vehicle
WO2025023925A1 (en) Digital vehicle key providing for limited use of a vehicle
KR101665460B1 (en) System and method for protecting of vehicle
CN116788200A (en) Method, device and storage medium for controlling vehicle

Legal Events

Date Code Title Description
WAP Application withdrawn, taken to be withdrawn or refused ** after publication under section 16(1)