Abstract: A first node for updating at least one security rule in a controller area network, CAN, having a CAN bus and a host processor, is described, The first node includes: a transceiver configured to transmit and receive messages on the CAN bus; a CAN controller operably coupled to the transceiver and configured to determine an identifier (ID) contained with received messages; and a memory configured to contain a list of IDs of at least one second node that the first node is allowed to transmit messages to and/or receive messages from. The memory includes a privileged node ID configured to identify, and associated solely with, the first node and the CAN controller is configured to generate at least one CAN security rule update message to be sent to the at least one secondary node in the CAN that updates at least one security rule employed by the at least one secondary node in the CAN.

Abstract: A method is provided for generating a public/private key pair on an IC and to provision an IoT device having the IC. In the method, a first entity manufacturers an integrated circuit (IC) for use in a device. The IC, or chip, has a root secret embedded therein. A public key is generated on the IC using a unique identifier (ID) and the root secret. The IC is provided to a second entity for manufacturing the device using the IC. A reference IC is provided to a third entity. The reference IC has the same embedded root secret as the IC. The reference IC is configured to use the unique ID of the IC and the embedded root secret to generate a derived public key. The third entity is enabled to verify that the public key of the IC is associated with the unique ID by using the derived public key of the reference IC. The method allows the IoT device to be provisioned without using a public key infrastructure.

Abstract: A method is provided for generating a public/private key pair on an IC and to provision an IoT device having the IC. In the method, a first entity manufacturers an integrated circuit (IC) for use in a device. The IC, or chip, has a root secret embedded therein. A public key is generated on the IC using a unique identifier (ID) and the root secret. The IC is provided to a second entity for manufacturing the device using the IC. A reference IC is provided to a third entity. The reference IC has the same embedded root secret as the IC. The reference IC is configured to use the unique ID of the IC and the embedded root secret to generate a derived public key. The third entity is enabled to verify that the public key of the IC is associated with the unique ID by using the derived public key of the reference IC. The method allows the IoT device to be provisioned without using a public key infrastructure.

Abstract: A first node for updating at least one security rule in a controller area network, CAN, having a CAN bus and a host processor, is described, The first node includes: a transceiver configured to transmit and receive messages on the CAN bus; a CAN controller operably coupled to the transceiver and configured to determine an identifier (ID) contained with received messages; and a memory configured to contain a list of IDs of at least one second node that the first node is allowed to transmit messages to and/or receive messages from. The memory includes a privileged node ID configured to identify, and associated solely with, the first node and the CAN controller is configured to generate at least one CAN security rule update message to be sent to the at least one secondary node in the CAN that updates at least one security rule employed by the at least one secondary node in the CAN.

Abstract: A Controller Area Network (CAN) device is disclosed. The CAN device includes a CAN controller and a transceiver coupled to the CAN controller. The transceiver includes a transmitter and a receiver coupled to a CAN bus interface. The CAN device also includes a security module coupled to the receiver. The security module includes an identifier table and a receiver controller. The security module is configured to receive an incoming CAN message, retrieve an identifier from the incoming CAN message, search the identifier table for the identifier and to alter the incoming message based on a result of the search.