Abstract: The present disclosure relates to a Controller Area Network (CAN) system including: a CAN device and a monitoring device. The CAN device includes a transmit data (TXD) interface, a transmitter, a CAN BUS interface, and a control unit. The control unit reads out an identifier from a TXD message and compares the identifier with a reference tag. The CAN device generates a CAN BUS signal based on the TXD message at the CAN BUS interface. The control unit, if the comparison indicates that the identifier does not correspond to the reference tag, invalidates a representation of the TXD message by the CAN BUS signal and temporarily prevents another CAN BUS signal from being generated by the CAN device at the CAN BUS interface. The monitoring device receives an instruction message over a CAN BUS network and, in response, tests for reachability other CAN devices on the CAN BUS network.

Abstract: A Controller Area Network, CAN, device comprising: a compare module configured to interface with a CAN transceiver, a CAN decoder configured to decode an identifier of a CAN message received from the RXD input interface; an identifier memory configured to store an entry that corresponds to at least one identifier; compare logic configured to compare a received identifier from a CAN message to the entry that is stored in the identifier memory and to output a match signal upon a match; a signal generator configured to output, in response to the match signal, a signal to invalidate the CAN message, wherein the signal is output from the TXD output interface to the CAN transceiver; and wherein the signal generated by the signal generator provides for one or more dominant bits that are timed so that at a bit immediately following a FDF field or the FDF field bit is made dominant.

Abstract: An apparatus for use with a Controller Area Network (“CAN”) transceiver includes a first input for receiving transmit-data and; a second input for receiving receive-data. The transmit-data includes data generated by a CAN controller to cause a CAN transceiver to transmit signalling that represents the transmit-data on the CAN bus and the receive-data indicates signalling from the CAN bus. The apparatus is configured to detect, in the receive-data, one or more fields of a CAN frame. The apparatus is then configured to prevent the CAN transceiver from transmitting the signalling that represents the transmit-data at times corresponding to the detected one or more fields of the CAN frame, thereby preventing an error frame in the transmit-data from being transmitted.

Abstract: An apparatus for a CAN transceiver configured to couple to a CAN bus and generate receive-data based on signals therefrom and generate signals on the CAN bus in response to transmit-data received from a CAN controller, wherein the apparatus is configured to: receive the receive-data comprising a plurality of bits; and for each of one or more bits of the receive-data, sample at a respective sample time to determine a respective value of each of the one or more bits; and with an edge detector determine, during a respective edge detector window, the occurrence of an edge in the receive-data and generate metadata indicative thereof, wherein the edge detector window comprises a period of time that includes the sample time; and wherein the apparatus is configured to determine whether transmit-data is compliant with one or more rules based on the respective values and the metadata.

Abstract: An apparatus for a controller area network, CAN, node, the node comprising a CAN controller and a CAN transceiver that is configured to couple to a CAN bus, the apparatus comprising a CAN protocol decoder and circuitry, the apparatus configured to: receive an RX-bitstream generated by the CAN transceiver for the CAN controller; receive a TX-bitstream generated by the CAN controller for receipt by the CAN transceiver; wherein the CAN protocol decoder is configured to receive a bitstream based on the TX-bitstream for decoding CAN frames therein for monitoring of the CAN controller; and wherein the circuitry is configured to: detect an idle state; based on the detection of the idle state, modify the bitstream received by the CAN protocol decoder such that it includes a Start-of-Frame bit further based on detection of a Start-of-frame bit in the RX-bitstream.

Abstract: A network node comprising: a message handling module configured to control the sending of messages to one or more output ports of the network node based on a rule set stored at the network node, the rule set comprising one or more rules; a communication module configured to receive at least one update to the rule set from a controller node, separate from the network node, for changing the rule set; a supervisor module configured to verify that the changes to the rule set instructed by the update comply with at least a first set of rule-compliance-criteria and, if so, the network node is configured to modify the rule set to implement the changes of the update and, if not, the network node is configured not to implement the changes to the rule set.

Abstract: A transceiver for sending and receiving data from a controller area network (CAN) bus is disclosed. The transceiver includes a microcontroller port, a transmitter and a receiver. The transceiver is configured to receive a data frame from a microcontroller via the microcontroller port and to determine if the microcontroller is authorized to send the data frame or part of it based on a message identifier in the data frame and the outcome of the arbitration process. If the microcontroller is unauthorized to send the data, the transceiver is configured to invalidate the data frame and disconnect the microcontroller from the CAN bus for a predetermined period.

Abstract: A communication system includes a network device including a plurality of communication ports and a plurality of communication nodes coupled with the network device through the plurality of communication ports. The communication system further includes a controller that is configured to generate a security key and to send a new configuration along with a message authentication code to the network device, wherein the controller is further configured to break the security key into parts and send the parts of the security key to at least some of the plurality of communication nodes such that each of the at least some of the plurality of communication node receiving one part of the parts of the security key. The network device is configured to retrieve the parts of the security key from the at least some of the plurality of communication nodes, to assemble the security key from the retrieved parts of the security key and using the assembled security key to authenticate the new configuration.

Abstract: A Controller Area Network, CAN, device comprising: a compare module configured to interface with a CAN transceiver, a CAN decoder configured to decode an identifier of a CAN message received from the RXD input interface; an identifier memory configured to store an entry that corresponds to at least one identifier; compare logic configured to compare a received identifier from a CAN message to the entry that is stored in the identifier memory and to output a match signal upon a match; a signal generator configured to output, in response to the match signal, a signal to invalidate the CAN message, wherein the signal is output from the TXD output interface to the CAN transceiver; and wherein the signal generated by the signal generator provides for one or more dominant bits that are timed so that at a bit immediately following a FDF field or the FDF field bit is made dominant.

Abstract: A transceiver for sending and receiving data from a controller area network (CAN) bus is disclosed. The transceiver includes a microcontroller port, a transmitter and a receiver. The transceiver is configured to detect a CRC delimiter or an error signal in a CAN frame and after the detection, allow a microcontroller coupled with the microcontroller port to only send a predetermined data pattern until a bus idle is detected.

Abstract: A vehicle network system is disclosed. The vehicle network system includes a first controller area network (CAN) bus including a first node and a first secure transceiver and a second CAN bus including a second node and a second secure transceiver, a gateway to enable transmission of a CAN message from the first node to the second node. The vehicle network system also includes an auxiliary communication link to transmit an auxiliary data derived from the CAN message from the first secure transceiver to the second secure transceiver.

Abstract: A transceiver for sending and receiving data from a controller area network (CAN) bus is disclosed. The transceiver includes a microcontroller port, a transmitter and a receiver. The transceiver is configured to receive a data frame from a microcontroller via the microcontroller port and to determine if the microcontroller is authorized to send the data frame or part of it based on a message identifier in the data frame and the outcome of the arbitration process. If the microcontroller is unauthorized to send the data, the transceiver is configured to invalidate the data frame and disconnect the microcontroller from the CAN bus for a predetermined period.

Abstract: A communication system is disclosed. The communication system includes a network device including a plurality of communication ports and a plurality of communication nodes coupled with the network device through the plurality of communication ports. The communication system further includes a controller that is configured to generate a security key and to send a new configuration along with a message authentication code to the network device, wherein the controller is further configured to break the security key into parts and send the parts of the security key to at least some of the plurality of communication nodes such that each of the at least some of the plurality of communication node receiving one part of the parts of the security key.

Abstract: A network node comprising: a message handling module configured to control the sending of messages to one or more output ports of the network node based on a rule set stored at the network node, the rule set comprising one or more rules; a communication module configured to receive at least one update to the rule set from a controller node, separate from the network node, for changing the rule set; a supervisor module configured to verify that the changes to the rule set instructed by the update comply with at least a first set of rule-compliance-criteria and, if so, the network node is configured to modify the rule set to implement the changes of the update and, if not, the network node is configured not to implement the changes to the rule set.

Abstract: A method for providing an authenticated update in a distributed network is provided. The distributed network has a plurality of nodes coupled to a serial bus. The method begins with transmitting a credential from an external device to a first node. The update data and an authentication code are provided to a processor of a second node from the external device. The processor of the second node provides the update data and the authentication code to the transceiver of the second node. The authenticated update is finalized by the processor of the second node. The authenticated update is closed by the transceiver of the first node. The credential of the authenticated update is provided to the transceiver of the second node. The transceiver of the second node verifies the update data using the credential and the authentication code. After being verified, the authenticated update data is stored.

Abstract: A vehicle network system is disclosed. The vehicle network system includes a first controller area network (CAN) bus including a first node and a first secure transceiver and a second CAN bus including a second node and a second secure transceiver, a gateway to enable transmission of a CAN message from the first node to the second node. The vehicle network system also includes an auxiliary communication link to transmit an auxiliary data derived from the CAN message from the first secure transceiver to the second secure transceiver.

Abstract: A network node and a method of updating and distributing secret keys in a distributed network is suggested. The network comprises a plurality of nodes connected to a shared medium of the distributed network. Each node of the plurality of nodes is member of at least one group of a plurality of groups. Each group is associated with a secret group key. Each node of the plurality of nodes stores only the one or more secret group keys, of which it is member. A first node of the plurality of nodes generates an authenticated update key request. The authenticated update key request comprises an indication of a membership, of which the first node is member. The first node broadcasts the authenticated update key request on the shared medium of the distributed network. Each remaining nodes of the plurality of nodes receives the authenticated key update.

Abstract: A method and system of authenticating a node in a distributed network is provided. The distributed network comprises a plurality of nodes connected to a shared medium of the distributed network. Each of the plurality of nodes is provisioned with an identity certificate comprising a public key, a private key associated with the public key and an identification sequence. The identification sequence is unique to the system comprising the distributed network. A second node of the plurality of nodes generates a node authenticity related information for authenticating at a first node of the plurality of nodes. The node authenticity related information comprises a signature generated using the private key of the second node from a sequence, which comprises the identification sequence. The second node transmits the node authenticity related information together with the identity certificate provisioned at the second node to the first node.

Abstract: A method for performing a secure boot of a data processing system, and the data processing system are provided. The method includes: processing a command issued from a processor of the data processing system, the command directed to a memory; determining that the command is a command that causes the memory to be modified; performing cryptographic verification of the memory; and incrementing a first counter in response to the determining that the command is a command that causes the memory to be modified. The data processing system includes a processor, a memory, and a counter. The memory is coupled to the processor, and the memory stores data used by a bootloader during a secure boot. The counter is incremented by a memory controller in response to a command being a type of command that modifies the data stored by the memory.

Abstract: The present application relates to an apparatus and method of authenticating and verifying a message frame on a multi-master access bus with message broadcasting. Logic bus identifier, LID, are associated with each one of a several logical groups of nodes out of a plurality of nodes connected to the multi-master access bus. A key is assigned to each logical group. The keys assigned to different logical groups differ from each other. For message authentication, a logic bus identifier, LID is provided and a key associated with the logic bus identifier, LID, is retrieved. A cryptographic hash value, MAC, is generated using the retrieved key and based on at least the logic bus identifier, LID. A message frame is composed, which comprises the logic bus identifier, LID, and the cryptographic hash value, MAC. For message verification, a message frame is received, which comprises at least a logic bus identifier, LID, and a cryptographic hash value, MAC.