Abstract: A fraud detection method for use in an in-vehicle network system including a plurality of electronic control units that communicate with one another via an in-vehicle network is provided. The method includes receiving at least one data frame sent to the in-vehicle network, verifying a specific identifier in the received data frame only when the received data frame is event-driven data and a state of a vehicle having the in-vehicle network system mounted therein is a predetermined state, detecting the received data frame as an authenticated data frame when the verifying is successful, and detecting the received data frame as a fraudulent data frame when the verifying fails. The predetermined state of the vehicle is the vehicle traveling.

Abstract: A method for use in a network communication system including a plurality of electronic controllers that communicate with each other via a bus in accordance with a Controller Area Network (CAN) protocol includes determining whether or not content of a predetermined field in a transmitted frame meets a predetermined condition indicating fraud, transmitting an error frame before an end of the frame is transmitted in a case where it is determined that the frame meets the predetermined condition, recording a number of times the error frame is transmitted, for each identifier (ID) represented by content of an ID field included in a plurality of frames which has been transmitted, and providing a notification in a case where the number of times recorded for an ID exceeds a predetermined count.

Abstract: In a fraud-detection method for use in an in-vehicle network system including a plurality of electronic control units (ECUs) that exchange messages on a plurality of buses, a plurality of fraud-detection ECUs each connected to a different one of the buses, and a gateway device, a fraud-detection ECU determines whether a message transmitted on a bus connected to the fraud-detection ECU is malicious by using rule information stored in a memory. The fraud-detection ECU transmits an error message including a message identifier of a message determined to be malicious. The gateway device receives updated rule information transmitted to a first bus among the buses, selects a second bus different from the first bus, and transfers the updated rule information only to the second bus. A fraud-detection ECU connected to the second bus acquires the updated rule information and updates the rule information stored therein by using the updated rule information.

Abstract: A method for a fraud detecting controller connected to networks for communication by a plurality of controllers, includes, storing fraud detection rules, determining whether a message transmitted on the network connected to the fraud detecting controller conforms to the rules, receiving data including updated fraud detection rules and network type information indicating one network type to which the updated fraud detection rules are to be applied; and determining whether a vehicle having an on-board network is running, the on-board network including the plurality of controllers. When the vehicle is running, additionally determining whether the network type information indicates a drive network which is connected to a controller related to vehicle travel, when the network type information indicates the drive network, not updating to the updated fraud detection rules, and when the network type information does not indicate the drive network, updating to the updated fraud detection rules.

Abstract: A first device, upon detecting participation in an authentication system, transmits new and old identification information of a first certificate revocation list that the first device manages to a second device. In a case where the new and old identification information of a second certificate revocation list that the second device manages is older than the new and old identification information of the received first certificate revocation list, the second device transmits a transmission request for the first certificate revocation list to the first device. Upon receiving the transmission request for the first certificate revocation list from the second device, the first device transmits the first certificate revocation list to the second device. the second device updates the second certificate revocation list using the received first certificate revocation list.

Abstract: An anomaly handling method using a roadside device is disclosed. The method includes receiving, from a vehicle, an anomaly detection notification, which includes level information indicating a level affecting safety, and a location of the vehicle. The method also includes obtaining a location of the roadside device and determining whether a distance between the location of the vehicle and the location of the roadside device is within a predetermined range. When the distance is within the predetermined range and shorter than a first predetermined distance, transmitting the received anomaly detection notification externally from the roadside device. When the distance is within the predetermined range and is longer than or equal to the first predetermined distance, changing to decrement a level indicated by the level information, and transmitting changed anomaly detection notification. When the distance is not within the predetermined range, not transmitting the received anomaly detection notification.

Abstract: An anomaly detection electronic controller performs anomaly detection processing and is connected to a bus, which a plurality of electronic controllers use for communication to communicate following a Controller Area Network (CAN) protocol. The anomaly detection electronic controller includes an anomaly detection processor that performs anomaly detection processing regarding a data frame. The anomaly detection controller also includes an anomaly detection processing requester that decides an anomaly detection processing timing in accordance with a state of a vehicle in which the bus is installed when receiving the data frame, the anomaly detection processing timing being a reception timing of one or multiple fields in the data frame. The anomaly detection processor further performs the anomaly detection processing regarding the data frame at the anomaly detection processing timing decided by the anomaly detection processing requester.

Abstract: Provided is a fraud detection rule updating method enabling the updating of rules that serve as the basis for detecting malicious frames as necessary in an on-board network system. In an on-board network system equipped with multiple electronic control units (ECUs) that communicate via buses and fraud detecting ECUs that determine, based on fraud detection rules, whether messages transmitted on the buses conform to the rules, a fraud detection rule updating method is used in which delivery data including updated fraud detection rules is received from a server external to the on-board network system, and if a certain update condition is satisfied, the fraud detection rules in a fraud detecting ECU are updated to the updated fraud detection rules.

Abstract: A communication device is a communication device connected to a mobility network which is a network mounted in a mobility and which is used by a plurality of electronic control devices for communication. The communication device includes: a holding unit which holds range information indicating a transferable path range determined for a message on the mobility network; a receiving unit which receives the message on the mobility network; and a determining unit which determines validity of the received message by using the range information.

Abstract: An anomaly handling method that suitably handles a case where the possibility of a vehicle being unauthorizedly controlled so as to suppress the effects thereof is provided. In an anomaly handling method used in one or a plurality of electronic control units installed in one vehicle, an inter-vehicle communication message transmitted from a device installed in the other vehicle is received as an anomaly detection notification, the anomaly detection notification being issued when an unauthorized frame is detected on an onboard network installed in another vehicle, and an anomaly handling processing is selected from a plurality of predetermined anomaly handling processing in accordance with the received content to transition to a safe state for example, and the selected anomaly handling processing is executed.

Abstract: An anomaly detection electronic control unit, that performs anomaly detection processing and that is connected to a bus which a plurality of electronic control units use for communication to communicate following a Controller Area Network (CAN) protocol, includes an anomaly detection processing requester that decides an anomaly detection processing timing based on an ID of a data frame acquired from the bus, and an anomaly detection processor that performs anomaly detection processing regarding the data frame at the anomaly detection processing timing decided by the anomaly detection processing requester.

Abstract: A frame transmission prevention apparatus connected to a network of a network system including a plurality of electronic control units communicating with one another via the network is provided. The apparatus includes a processor and a memory. The memory includes at least one set of instructions that causes the processor to perform processes when executed by the processor. The processes include receiving a first frame from the network and switching whether to perform a first process for preventing transmission of the first frame on the basis of management information indicating whether prevention of transmission of a frame is permitted if the first frame satisfies a first condition.

Abstract: An anomaly detection electronic control unit (ECU) that detects unauthorized messages on a communication path is provided. An ECU that periodically transmits a first-type message including data to be monitored, and an ECU that periodically transmits a second-type message including data for comparison, are connected to the communication path. The anomaly detection ECU includes: a receiver that successively receives first-type and second-type messages; a processor that determines whether a first-type message received is normal or anomalous; and a transmitter that transmits a predetermined message in accordance with results of the determining.

Abstract: A method for dealing with unauthorized frames that makes it possible to take appropriate measures when an unauthorized data frame is detected in a vehicle network system is provided. A plurality of ECUs in the vehicle network system are connected to a bus used for communicating frames. In the method for dealing with unauthorized frames, if a misuse detection ECU that checks a frame appearing in the bus detects an unauthorized frame that does not comply with a certain rule and a certain prevention condition is satisfied, a process for preventing the plurality of ECUs from performing a process corresponding to the unauthorized frame is performed (an error frame is transmitted) or, if the certain prevention condition is not satisfied, the process is not performed.

Abstract: An electronic control unit is connected to an in-vehicle network bus in an in-vehicle network system. The electronic control unit includes a first control circuit and a second control circuit. The first control circuit is connected to the in-vehicle network bus via the second control circuit over wired communication and/or wireless communication. The first control circuit performs a first determination process on a frame to determine conformity of the frame with a first rule. The second control circuit performs a second determination process on the frame to determine conformity of the frame with a second rule, and, upon determining that the frame conforms to the second rule, transmits the frame to the in-vehicle network bus.

Abstract: A fraud sensing method for use in an in-vehicle network system including a plurality of electronic control units that communicate with each other via a network includes detecting that a state of a vehicle satisfies a predetermined condition, and switching, upon detecting that the state of the vehicle satisfies the predetermined condition, an operation mode of a fraud-sensing electronic control unit connected to the network between a first mode in which a first type of sensing process for sensing a fraudulent message in the network is performed and a second mode in which the first type of sensing process is not performed.

Abstract: A method for use in an in-vehicle network system is provided. The in-vehicle network system includes a plurality of electronic control units that communicate a data frame having a message authentication code (MAC) added thereto with one another via a bus in accordance with the Controller Area Network (CAN) protocol. The method includes detecting the state of a vehicle having the in-vehicle network system mounted therein and updating a MAC key used to generate the MAC under the condition that the detected state of the vehicle is a predetermined state.

Abstract: A fraud detection method for use in an in-vehicle network system including a plurality of electronic control units that communicate with one another via an in-vehicle network is provided. The method includes receiving at least one data frame sent to the in-vehicle network, verifying a specific identifier in the received data frame only when the received data frame is event-driven data and a state of a vehicle having the in-vehicle network system mounted therein is a predetermined state, detecting the received data frame as an authenticated data frame when the verifying is successful, and detecting the received data frame as a fraudulent data frame when the verifying fails. The predetermined state of the vehicle is the vehicle traveling.

Abstract: A security apparatus is provided that is connected to a bus. The security apparatus includes a receiver that receives a first frame from the bus, a memory that stores an examination parameter defining a content of an examination on the first frame, and processing circuitry that performs operations. The performed operations include first determining whether a predetermined condition is satisfied for the first frame. The performed operations also include, in a case where the first determining determined that the predetermined condition is satisfied, updating the examination parameter stored in the memory. The performed operations further include second determining whether the first frame is an attack frame based on the updated examination parameter stored in the memory.

Abstract: An electronic control unit is connected to an in-vehicle network bus in an in-vehicle network system including a plurality of apparatuses that perform communication of frames via the bus. The electronic control unit includes a first control circuit and a second control circuit. The first control circuit is connected to the bus via the second control circuit over wired communication and/or wireless communication. The second control circuit performs a first determination process on a received frame received from the bus to determine the conformity with a first rule related to at least a reception interval, and, upon determining that the received frame conforms to the first rule, executes a predetermined process based on the content of the received frame. The first control circuit performs a second determination process on the received frame, received via the second control circuit, to determine the conformity with a second rule different from the first rule.