Authentication system for electronic control unit on a bus

Description

BACKGROUND

The present disclosure pertains to preventing unauthorized messages in communication systems.

SUMMARY

The disclosure reveals an authentication system having a communications bus, a transmitter connected to the bus, and a receiver connected to the bus. A physical layer signal may be applied by the transmitter to a message on the bus for authenticating the transmitter. The physical layer signal may incorporate an identifier (ID) of the transmitter. The receiver may receive the message and decode the physical layer signal on the message. Decoding the physical layer signal on the message may reveal the ID of the transmitter sending the message. The receiver may look up the ID on a list of IDs corresponding to transmitters approved to send the message, to determine whether the ID of the transmitter sending the message matches an ID on the list. Only if the ID of the transmitter matches an ID on the list, then the transmitter may be authenticated and authorized to send the message.

BRIEF DESCRIPTION OF THE DRAWING

FIG. 1 is a diagram of what modern vehicles may incorporate in terms of on-board computing functions;

FIG. 2 is a diagram that contrasts a standard internet protocol environment with a controller area network bus environment;

FIG. 3a is a diagram of an electronic control unit source authentication system;

FIG. 3b is a diagram of a simplified version of applying a unique signal to a message from an electronic control unit by a dedicated modulator;

FIG. 4 is a diagram of a bus incorporating a two-wire system;

FIGS. 5a and 5b are diagrams of differential signals or voltages on a bus;

FIG. 6 is a diagram of a raw bus signal waveform without modulation;

FIG. 7 is a diagram of a representation of a modulated signal;

FIG. 8 is a diagram of a modulation scheme integrated within a transceiver on a chip;

FIG. 9 is a diagram of an electronic control unit fingerprint applied to a controller area network message;

FIG. 10 is a diagram of a controller area unit bus signal on an oscilloscope;

FIG. 11 is a diagram of a waveform having a recessive logic signal and a dominant logic signal;

FIG. 12 shows a diagram of a system for authentication of components for allowing transmission of messages;

FIGS. 13, 14 and 15 are diagrams of message packets used for timing analysis in aiding of determining authentication with transmission and decoding in order to prevent a successful transmission of messages from unauthorized sources;

FIG. 16 is a diagram of a transmit portion of an example of the present system; and

FIG. 17 is a diagram of a receiving portion of an example of the present system.

DESCRIPTION

The present system and approach may incorporate one or more processors, computers, controllers, user interfaces, wireless and/or wire connections, and/or the like, in an implementation described and/or shown herein.

This description may provide one or more illustrative and specific examples or ways of implementing the present system and approach. There may be numerous other examples or ways of implementing the system and approach.

Aspects of the system or approach may be described in terms of symbols in the drawing. Symbols may have virtually any shape (e.g., a block) and may designate hardware, objects, components, activities, states, steps, procedures, and other items.

Authentication system and approach for electronic control unit on a bus may involve electronic control unit (ECU) radio frequency (RF) identification. A present system may integrate some of the identification/authentication functions into a transceiver in order to reduce costs.

The present system and approach may use controller area network (CAN) herein for illustrative purposes, but instead media such as other wired media, optical media, radio frequency media, or so on, may be used singularly or in combination.

A CAN based bus used within the automotive environment does not necessarily appear to provide source authentication of messages on the bus. This may be a security issue. Cryptographic methods of providing source authentication may be problematic due to protocol restrictions and the complexities of key management in the repair environment.

A feature of the present system can be unique because it may eliminate a need for costly and complex cryptographic key management. The system may provide an ability to authenticate the sources of a message on the CAN bus. This may in turn allow a higher level of security for connected cars and self-driving cars (aka, highly automated vehicles).

This system may draw licensing revenue if offered to CAN bus transceiver vendors. There may be a market for companies to offer a CAN intrusion detection system (IDS) with a capability that may differentiate it from other systems.

The present system may add a modulator function to the CAN bus transceiver such that each node on the network applies a unique analog fingerprint to the messages it sends. A secure/authenticating receiver may then check the message type and fingerprint to ensure that the message is from an authorized source. If the message is not from an authorized source, the authenticating receiver may block the message in such a way that all other ECUs on the bus also reject the unauthorized message.

The present system may have an embedded software type. The software may run in a device/unit (e.g., firmware).

A CAN transceiver vendor may be available, such as Texas Instruments or NXP. The system may improve automotive software CAN bus intrusion detection.

Modern vehicles may incorporate on-board computing functions (e.g., electronic control units (ECUs) 13 connected by a controller area network (CAN) bus 12 as shown by architecture 11 in FIG. 1. The CAN bus may be a non-authenticated broadcast bus. This means that any ECU on the bus may send a message and other ECUs on the bus may assume that the message came from the proper source and may act upon the message.

Hackers have demonstrated the ability to hack into such systems in cars and interfere with critical functions such as braking and steering. Thus, vehicle manufacturers may be looking for a low-cost way to address the security issues. Some approaches may attempt to apply cryptography to CAN bus messages as a way of performing source authentication. There may be some issues associated with CAN bus encryption.

One issue may involve key management. When cryptography is used, each ECU may need a unique cryptographic key to allow the source of messages to be cryptographically authenticated. When a vehicle is produced in the factory, the original equipment manufacturer (OEM) may generate the keys and load them into the vehicle. However, when vehicle maintenance requires the replacement of a module, the new module needs to be loaded with the appropriate key. One may ask from where the new key comes. Many issues may be associated with obtaining a copy of the original key. There may be also issues if the module is loaded with a new randomly generated key. That implies that all other modules in the vehicle need to be updated to recognize the new key/module pair. Many security issues arise with attackers manipulating the key management system to extract real keys or to inject false keys. Given the number of years a vehicle may be in service and the range of repair options (dealers, independent shops, and owners), using new parts or parts from a salvage yard, key management may become complex and error prone.

Another issue may involve a cryptographic algorithm and mode. The issue with the CAN bus may be that the payload is only 8 bytes (64 bits). Thus, there may be issues using modern cryptographic algorithms such as the advanced encryption standard (AES) which operates on 128 bit blocks. One may consider using non-standard cryptographic algorithms and modes. However, history appears to be littered with cases of home grown cryptography being broken. An alternate approach may be using a newer CAN protocol, a flexible data rate (CAN-FD). This approach may permit for larger data frames and thus allow a use of strong cryptography. However, CAN-FD based approaches may still suffer from the key management issues noted above.

The present system may allow ECUs on the bus to authenticate to a secure gateway/vehicle security module without the need for cryptography. Thus, there may be no compatibility issues between cryptographic algorithms and the CAN protocol. So, the complexity of key management in the vehicle maintenance environment may be reduced or eliminated.

The present system may be different than other CAN bus authentication proposals in that it explicitly takes advantage of an unbroken physical layer (as defined by an open system interconnect (OSI), a seven-layer model 14 or similar model) among ECUs on a bus. A diagram of FIG. 2 may contrast a standard IP environment 15 with the CAN bus environment 16. Within a typical IP environment 15, there is not necessarily a continuous physical layer path between a sender 17 and receiver 18. Therefore, the physical layer signal may be received and regenerated by intermediate network nodes such as routers 19 and Ethernet switches 19. This may force the use of cryptography at a layer above the physical layer to provide source authentication.

FIG. 2 is a diagram of typical IP environment contrasted with the CAN environment. Within CAN bus environment 16, virtually all devices on the same CAN bus may be connected by the same physical medium 21. Thus, a physical layer signal applied by the sender 17 or transmitter may be observed by the receiver 18. The physical layer signal, since it is preserved from a sender 17 to the receiver 18, may be used as an alternative to cryptographic authentication.

The present system may solve the issue of ECU authentication according to the following approach. First, an analog signal (at the physical layer) may be applied to the message being transmitted. This signal may be unique for each transmitter on the bus. Thus, if there are 20 ECUs on a CAN bus, then 20 different analog signals may be used. These signals may be differentiated by time (when the analog signal starts and stops), frequency, type of modulation (amplitude, frequency/phase shift) or any combination of these factors. One implementation is to encode an ID number of the transmitter within the signal. The analog signal does not necessarily need to cover all bits of the message as in traditional communications. The analog signal only needs to cover enough bits so that the detector in the authenticating receiver can determine the ECU ID.

Second, one authenticating receiver 23 may be employed per bus 25. Receiver 23 may contain electronics to detect the analog signal and then determine the ECU 24 bound to that analog signal. This in effect may identify the ECU 24 which is transmitting. The authenticating receiver 23 may then check the message being transmitted against the set of ECUs 24 authorized to transmit the message. If a transmitter is sending an authorized message, the authenticating receiver 23 may allow the message to be transmitted. If the transmitter is sending an unauthorized message, then authenticating receiver may block the message by corrupting the cyclic redundancy code (CRC) on the message (FIG. 9). The corrupted CRC may cause virtually all the other receivers on the bus to discard the message. The result may be that only messages that are sent from authorized ECUs 24 are accepted (e.g., processed) by receiving ECUs. The ECU source authentication system is shown in FIG. 3a. A simplified version of applying a unique signal to a message from an ECU n 24 by a dedicated modulator n 26 to CAN bus 25 is shown in a diagram of FIG. 3b.

Each ECU 24 on a bus 25 which is to be authenticated may have a modulator 26 associated with its CAN bus transceiver 27. This modulator 26 may apply an analog signal to the messages sent by an ECU 24. The analog signal may be unique to the ECU 24 identifier. Thus, ECU_1 messages may be tagged with an analog signal 1. ECU_2 messages may be tagged with an analog signal 2, and so on. ECUs 24 may apply a similar analog signal (e.g., at the same frequency) but at different times. For example, ECU_1 may apply the analog signal to bits 0-3 of the messages while ECU_2 applies the same analog signal to bits 4-7 of the message. These ECUs 24 may apply the standard CRC check as specified by the CAN bus 25 protocol.

The number of possible schemes (frequency, timing, modulation, binary encoding of an ID number, and so forth) for tagging CAN bus 25 messages may be nearly unlimited. No attempt is necessarily made here to enumerate all the possible combinations. The parameters that a designer should work with may include the following items. One may be frequency. The frequency of the signal may be varied such that a low frequency represents one tag and a higher frequency represents a second tag. Another may be timing. The timing of when the modulation is applied, may be varied. The modulation may start at different bit times within a message, and its duration may also vary. It is also possible to support various patterns such as, for example, modulation on for 3 bits, off for 4 bits and then on for 5 bits. A binary number may be encoded using a modulation scheme such as frequency shift keying, on/off keying or other encoding techniques.

Another parameter may be waveform. There are many waveforms which may be used for signaling in addition to a simple sine wave. For example, quadrature phase shift keying may be used to encode many transmitter IDs.

Another parameter may be amplitude. The amplitude of the signal may be varied. While amplitude variation is possible, it may introduce potential issues of noise, attenuation and other physical issues which could make signal detection more complex.

Each ECU 24 on bus 25, which does not necessarily require source authentication, may have a legacy transceiver without a modulator. Thus, authenticating ECUs and non-authenticating ECUs may be mixed on the same bus and interoperate. There may be a risk that a non-authenticating ECU could transmit an unauthorized message. However, the reality of vehicle production may require that ECUs without authentication capability be accommodated until the supply chain is switched over to authenticating ECUs. The non-authenticating ECU may still apply a standard CRC check as specified by CAN bus protocol. The authenticating receiver should contain a list of messages (arbitration IDs) which require authentication. If a non-authenticating ECU attempts to forge a message which requires authentication, the authenticating receiver may detect the missing analog signature and mark the message as unauthorized by stomping on the CRC, thus causing all ECUs 24 to reject the non-authenticated message. Therefore, the non-authenticating ECU may still discard messages which the authenticating receiver marks as unauthorized by corrupting the CRC.

For each CAN bus 25, there may be an authenticating receiver 23 (sometimes called a vehicle security module). Vehicle manufacturers may place multiple authenticating receivers 23 in a gateway module which connects multiple CAN busses 25. The authenticating receiver 23 may perform the following functions.

One may be demodulation. The CAN bus signal may be received and demodulated. A demodulator 31 may convert the analog signal on the CAN message to an input to the ECU identification 32. This input may indicate one or more characteristics of frequency, timing, and modulation type, or all three of the characteristics. Depending upon the analog scheme chosen for the implementation, demodulator 31 may also directly output the number of the transmitting ECUs 24.

Another function may be ECU identification 32. For generality, one may assume that the demodulator 31 outputs characteristics of the demodulated signal that are used by the ECU identification 32 function to determine the ECU identifier. The ECU identifier may be able to output an identity of the transmitting ECU 24 in digital form (e.g., 1, 2, and so on).

Another function may be intrusion detector 33. The intrusion detector 33 function may receive two inputs. The function may accept the ECU identifier from the ECU identification 32 function. It also may accept CAN bus 25 data from the transceiver 27 (typically co-located with demodulator 26). Intrusion detector 33 may use the message identifier (i.e., an arbitration ID) on the message together with the ECU identifier 32 to determine if the message is from an ECU 24 which is authorized to send the message. This determination may be implemented from a lookup table. If the intrusion detection 33 function determines that the transmitting ECU 24 is authorized to transmit the message, then intrusion detection does not necessarily invoke a function of a bit stomper 34. However, if the intrusion detector 33 determines that the transmitting ECU 24 is not authorized to send the message (based upon the message ID), then bit stomper 34 may be activated. Bit stomper 34 may actively drive the signal on the CAN bus 25 to force a CRC error. The CRC error in turn may cause all ECUs 24 on bus 25 to reject the message.

A result of the present system is that an ECU 24 may be prevented from transmitting an unauthorized message that is accepted by other ECUs on bus 25. CAN bus 25 signaling may be described in a context of the modulation scheme which adds an analog component.

CAN bus 25 may be a two-wire system as shown in FIG. 4. The two lines 41 and 42 of bus 25 may carry CAN high (H) and CAN low (L) signals, respectively. Bus 25 may be terminated at both ends with 120 ohms across lines 41 and 42. CAN transceivers 27 may be connected across lines 41 and 42 with stubs 43 and 44, respectively.

Each of differential signals or voltages 45 and 46 on CAN bus 25 may be a 5V or 3.3 V signal, as shown in FIGS. 5a and 5b, respectively. The signals CANL (CAN-L) and CANH (CAN-H) may have recessive logic H, dominant logic L, recessive logic H, and so on, along a time axis (t) versus typical bias voltage (V).

FIG. 6 is a diagram of a raw CAN bus signal waveform 47 without modulation. Like that of FIGS. 5a and 5b, the recessive logic H and dominant logic L portions of the waveform are revealed.

A representation of the modulated CAN signal (i.e., with an analog signature 49 added) is shown in a waveform 48 in FIG. 7. The modulation does not necessarily have to be applied to every bit. The timing scheme may apply modulation 49 only at specific times. Waveform 48 shows modulation 49 occurring within the dominant portion of the signal. Modulation may also be applied during the recessive portion so long as it is within the noise margins. The modulated signal may still meet the CAN bus signal specifications. One or more modulation types may be selected from a group comprising frequency shift keying (FSK), amplitude shift keying, (ASK) on/off keying (OOK), phase shift keying (PSK), quadrature phase shift keying (QPSK), quadrature amplitude modulation (QAM) and continuous phase modulation (CPM).

The modulator function may be applied in any of four locations. First, the modulator function may be integrated in a CAN bus connector. A modulator chip may be embedded into the CAN bus connector connecting a legacy (i.e., with no modulator capability) ECU to the CAN bus.

Second, the modulator function may be integrated between the CAN wiring harness and the ECU. An additional “modulating connector” may be spliced between the existing CAN connector and the legacy ECU.

Third, the modulator function may be integrated as a chip on the ECU PCB. The modulator function may be implemented on a printed circuit board (PCB) of the ECU outside of the legacy transceiver.

Fourth, the modulator function may be integrated into the CAN transceiver. The modulation function may be integrated into the transceiver chip itself. FIG. 8 is a diagram of a modulation scheme integrated within a transceiver 50. The modulation scheme (i.e., the analog signature) may be applicable to both a traditional CAN as well as a newer CAN with a flexible data rate (CAN-FD).

Line 51 may be for a CAN transmit data input, also called TXD, a driver input. Line 52 may be a CAN mode select, low power versus high speed. Line 51 may go to an input of an amp 53 that may provide inverted and non-inverted outputs, first and second outputs, respectively, to a gate of a P-channel FET 54 and to a gate of an N-channel FET 55. FET 54 may have a source connected to a cathode of a Zener diode 56 and a drain connected to a modulator circuit 58. FET 55 may have a drain connected to a cathode of a Zener diode 57 and a source connected to a ground (GND) terminal. An anode of diode 56 may be connected to a voltage supply (Vcc). An anode of diode 57 may be connected to modulator 58. An output 61 from modulator 58 may be a CANH, a high level CAN bus line. An output 62 from modulator 58 may be a CANL, a low level CAN bus line. Outputs 61 and 62 may be connected to a Schmitt trigger 63. An output 64 from trigger 63 may be CAN received data, also called RXD. Input 52 may go to a slope control and mode logic circuit 65, which may have an output to amp 53 and an output to trigger 63.

As to FIG. 3, a simple modulator may be placed in line between an ECU and CAN bus 25. The modulator may deliberately add a signature to a native electrical signal from the ECU. There may be modulator implementation options. It may be part of the wiring harness. It may be a dedicated IC placed after a transceiver 27 or be part of a CAN bus transceiver. Implementation may incorporate programmability at the factory or the field, or not be programmable.

FIG. 9 is a diagram of an electronic control unit fingerprint applied to a Controller Area Network message.

The portions of an ECU fingerprint may incorporate one bit for a Start of Frame (SF) 81, 11 to 29 bits for a message identifier 82, 6 bits for control 83, up to 64 bits for data 84, 16 bits for CRC 85, 2 bits for ACK 86 and 7 bits for End of Frame (EF) 87. The ECU identification may be applied during the transmission of control bits and data bits. The bit stomping could be applied during the transmission of the control, data or CRC bits.

FIG. 10 is a diagram of a CAN bus signal 91 on a scope. Signal 91 may have a differential voltage of a dominant logic L signal at levels 92 and 93, for example. The waveform may reveal ringing 94, rise time 95 amplitude 96 and bit time variance 97 of signal 91.

FIG. 11, like FIGS. 5a, 5b, 6, 7, and 11, shows a logic signal 101 having a recessive logic “1” signal and dominant logic “0” signal. Corresponding to logic signal 101 are CAN-H and CAN-L signals 102 that have a magnitude of 2.5 volts each or a differential magnitude of about zero volts at the recessive logic H signal. The CAN-H and CAN-L signals 102 have magnitudes of 3.75 volts and 1.25 volts, respectively, and together have a differential magnitude of about 2.5 volts at the dominant logic L signal.

FIG. 12 shows the block diagram of a demonstration system. The purpose of the system may be to demonstrate that the RF (analog) identification signals and native CAN signals can coexist on the same physical channel (twisted pair). The timing of the transmission, decoding by a vehicle security module and enforcement decision may all be performed within the timing constraints of an operational CAN bus. The system may typically integrate the RF transmission and receiver functions in CAN transceivers in order to reduce cost size and power requirements.

Requirements for classic CAN device authentication transmitter may be noted. The authenticating transmitter may start transmitting an FSK modulated carrier when the device transmitter begins a transmission. Due to delays in responding to a start of transmission indication, this should occur <1-2 uS after the CAN transmission starts.

The message may consist of a packet containing, at a minimum, a sync header and ID number for the CAN ECU. The ID number may be the base CAN ID (11 bit ID) in systems where multiple virtual devices exist in a single ECU.

The data rate for the authentication transmission should be sufficiently fast such that the authentication message is complete well before the shortest CAN message can be transmitted. For a standard rate CAN bus {1 MHz), this may be before the end of the 36th bit of the message (assuming a single 8 bit data field), or 36 microseconds (uS). The design must allow sufficient time for the authenticating receiver to process the message and act upon it.

The authenticating receiver may use a microcontroller or hardware based logic (e.g., a gate array) to accomplish the required calculations within the required time.

Needs for a CAN device authentication receiver may be noted. The authenticating receiver of a vehicle security module (VSM) may listen continuously for transmissions containing analog authenticating transmissions. When a CAN transmission is detected, the message ID may be decoded and compared to the analog ID received, if any. The CAN message ID may be compared against the analog ID to see what types of commands this ECU is allowed to transmit. If this is a valid message for this particular ECU to transmit (i.e., a correct analog ID, allowed command type for this particular ECU), no action is necessarily taken.

If the message from the ECU is not accompanied by a validating analog (RF) transmission with the correct ID number and this ECU is required to be accompanied by a validating analog (RF) transmission, the authenticating receiver should short the bus (assert a dominant 1 bit) for more than 6 bit times before releasing the bus. This should invalidate the bus traffic as this is not necessarily a valid message for this ECU, real or spoofed, to send.

If the message from the ECU is accompanied by a validating analog (RF) transmission with the correct ID number, the authenticating receiver should decode the command field of the message and determine if this device is allowed to transmit this command. If it is not allowed to transmit this command, then the authenticating receiver should short the bus (assert a dominant 1 bit) for more than 6 bit times before releasing the bus. This may invalidate the bus traffic as this is not necessarily a valid message for this ECU, real or spoofed, to send.

If this message is from an ECU that is not required to have an accompanying validating RF transmission, then the authenticating receiver may still need to decode the message and determine if this is a valid command for this ECU to send. If it is not, then the VSM should short the bus (assert a dominant 1 bit) for more than 6 bit times before releasing the bus. This may invalidate the bus traffic as this is not necessarily a valid message for this ECU, real or spoofed, to send.

It may be noted that it is not necessarily needed for all ECU's to have an authenticating analog (FSK) transmission, but all messages from all ECU's should be checked against a list of valid commands for any particular ECU to send.

An analysis for the system may include looking at the timing budget for the sender to apply the electronic control unit (ECU) identifier and for the receiver (policy enforcement) to decode the signal and make a decision whether or not to stomp on the CRC.

FIG. 12 may also be regarded as a diagram of an instance of a present system 201, which may have an ECU module 202 and a vehicle security module 203. In module 202, an ECU (#1) 204, for example, may have an output (Tx.d) 205 connected to a transceiver 206 and an RF transmitter 207. ECU 204 may have another output (Tx/Rx) 208 connected to transceiver 206. An output (Rx.d) 209 from transceiver 206 may go to ECU 204. Transceiver 206 may be a Silicon Labs SLWSTK6221A 434 MHz dev kit. Transceiver 206 may be instead a circuit capable of applying an analog ID signal. Transceiver 206 may be connected to lines 211 and 212 of a bus 213. RF transmitter 207 may have lines 214 and 215 connected to a first winding of a transformer 218. A second winding of transformer 218 may have lines 221 and 222 connected to first terminals of capacitors 216 and 217, respectively. A nominal value of each capacitor may be 10 pf, but it may be another value as desired. Second terminals of capacitors 216 and 217 may be connected to lines 211 and 212, respectively, of bus 213. Transformer 218 may be a Minicircuits ADT2-1T-1P+ 1:2 transformer.

Vehicle security module 203 may have an RF receiver/decoder 225. RF receiver/decoder 225 may be a TI CC1200 dev kit or other model as desired. An output line (Tx.d) 226 and line (Tx/Rx) 227 of RF receiver/decoder 225 may go to a transceiver 229. An output line (Rx.d) 228 may go to receiver/decoder 225. Output lines 231 and 232 may go from receiver/decoder 225 to a first winding of a transformer 233. A model of transformer 233 may be like that of transformer 218. Lines 234 and 235 may go from a second winding of transformer 233 to first terminals of capacitors 236 and 237, respectively. The second terminals of capacitors 336 and 337 may be connected to lines 211 and 212, respectively, of bus 213.

FIG. 13 is a diagram that shows an additional analysis of the transmission of the ECU identification. It may reveal a message packet 105. Bit 107 may be a start of a frame. Bits 102-112 may represent an arbitration field 108. Bit 13 may represent a remote transmitter request 109. Bit 14 may represent an ID extension bit 110. Bit 15 may represent a reserved bit 111. Bits 13-16 may represent an 8 uS (microsecond) Tx start-up 112. Bits 16-19 may represent data length 113. Bits 20-27 represent 8 bit data 114. Bits 28-42 may represent a 15 bit CRC 115. Bits 17-27 may represent a 22 uS transmission 116. Bits 28-36 may represent an 18 uS stomp decision 117. Bit 43 may represent a CRC delimiter 118. Message packet 105 may be run on a CAN bus at 500 kbps.

A message packet 106 may run on a CAN FD at 250 bkbps, which is one-half the speed that packet 105 is run. Bits 15, 17 and 18 may represent flexible data 121, bit rate switch 122 and error status indicator, respectively. Data length 113 may be represented by bits 19-22. Eight-bit data length 114 may be represented by bits 23-30. A seventeen bit CRC 115 may be represented by bits 31-47. CRC delimiter 118 may be represented by bit 48.

A 20 uS mark 125 may occur at bit 10 in packet 105. That may be a 40 uS mark 126 at bit 10 in packet 106. Each bit may be 2 uS in packet 105 and 4 uS in packet 106.

Bus Tx startup 112 may be during bits 12 and 13 in packet 106. An 88 uS transmission 116 may be during bits 14-36. A 20 uS stomp decision 117 may be during bits 37-41. Seven bits 119 may remain after stomp decision 117.

Requirements for a CAN authentication transmitter may be noted. The authenticating transmitter should decode the ECU 10 field while monitoring both the transmitter enable line and transmitter data line on the ECU in order to determine if the ECU to which the ID transmitter is attached has actually taken control of the bus. This may be done by decoding the transmitted address. Normally, a non-bit-stuffed ECU 10 field may be 11 bits in length. Because CAN data is limited to a run length of 5 bits, maximum, this could expand the 10 field to as long as 13 bits if there are two sequences of run length limits in the 10 field. The authenticating RF transmitter should monitor the transmitted 10 field and determine if bit-stuffing has occurred in order to properly determine when the end of the 10 field occurs. If the transmitter is still active after the last bit of the bit-stuffed ID field, then the device may have taken control of the bus and the authenticating transmitter may be engaged to send the RF ID data to the authenticating receiver (VSM).

FIG. 14 is a diagram of a packet 130. Some differences may be apparent when compared to packet 106. Message packet 130 may be run on a CAN at 125 kbps. An 8 uS Tx startup 112 may occur during bit 12, which is the remote Tx request. Transmission time available may occur from bit 13 to about one-fourth way through bit 34. A stomp decision 117 may run from about one-fourth way through bit 34 up to bit 37. Seven bits 119 may remain after bit 36 through bit 43. There may be an 80 uS preamble with 40 symbols beginning at bit 13. There may be a 4 byte sync of 32 uS beginning at bit 22. There also may be an 8 uS data at bit 26 and a 16 uS CRC at bits 29 and 30. There may be a 136 uS verification transmission length beginning at bit 12. A 48 uS stomp decision 117 may begin during bit 31.

FIG. 15 may be a diagram of a timing analysis that shows that the system can perform the needed transmission and decoding in order to prevent a successful transmission of messages from unauthorized sources. RF startup time for CC1200 transition may be from Rx to Tx state (43 uS). Reducing the preamble from 40 to 20 symbols may increase the stomp decision time to 61 uS. This should be more than adequate, even with allowing additional time to initialize the Tx and decode the message in the Rx. One may note that the RF symbol rate is 500 ksps due to using 4(G) FSK transmission to achieve 1 Mbps throughput.

For proof of the present system, the RF components may be implemented outside of the CAN transceiver chip. The proof of concept design for the transmitting ECU is shown herein.

FIG. 15 has the diagram of a packet 135 running on a 125 kbps CAN. After bit 11, there may be a 43 uS Tx startup. The pattern of packet 135 may be the same as packet 130. There may be a 200 uS total time available after bit 11. A 40 uS preamble with 20 symbols may start during bit 17. There may be a 4 byte sync of 32 uS beginning during bit 21. Bus data may occur for about one bit after the sync. A 16 uS CRC may begin during bit 26. A 61 uS stomp decision may occur after the CRC. Seven bits may remain after the stomp decision. A 96 uS verification transmission length may begin during bit 17.

Packet 135 may begin with a start of frame bit 107. An arbitration field 108 may follow bit 107. A Tx start up 112 may run from field 108 to a start of a 20 symbol preamble 136. Sync bits 137 may follow preamble 136 up to data 138. CRC 139 may go from data 138 to a stomp decision 117. If there is no stomp decision, then CRC 139 may continue, including 7 bits remaining 119, to CRC delimiter 118. Bits following Tx start up 112 up to stomp decision 117 may be a verification transmission length 141. Total time available may run from a beginning of Tx start up 112 through stomp decision 117.

FIG. 16 is a diagram showing a transmit portion of the system. A chip CC1200 may ideally wake on Tx/Rx->Tx and watch the Tx.d and Rx.d data lines to determine if ECU #1 has: 1) Started to transmit; 2) Captured the bus by comparing the transmitted ID to the received ID in that a mismatch indicates that the bus was not captured; and 3) Finished transmitting the ECU ID field so that a radio can start sending the ECU ID.

A transmission may be initiated by pressing the button attached to the ECU. An LED may light up to indicate that a bus transaction has started. When the ECU has captured the bus and has finished sending its ID, the transceiver may switch from receive to transmit and send out a preamble, sync sequence, the ECU ID #, and the message CRC. This may identify the device originating the transmission and the validity of the transmission may be determined by the vehicle security module.

For our demonstration purposes, a CC1200 need only delay after the start of the transmission because there will be necessarily no devices contending for the bus. A receive function of the RF transceiver can be used only to hold the transmit frequency. This appears necessary to speed up the time from transmitter initiation to actual RF output.

FIG. 16 may also be regarded as a diagram of a transmitting portion 140 of a version of the present system. A freescale/NXP transceiver 142 that may incorporate an ECU 143 and a transceiver 144. ECU 143 may have a transmit button 145 and an LED indicator 146. Transmitting portion 140 may further incorporate a CC 1200 RF transceiver 147. Transceiver 147 may be instead one of several other available models. ECU 143 may have an output (Tx.d) 148 to transceiver 144 and transceiver 147, and an output (Tx/Rx) 149 to transceiver 144 and transceiver 147. Transceiver 144 may have an output (Rx.d) 151 to ECU 143 and transceiver 147. Transceiver 144 may have connections to lines 152 and 153 of a bus 154. Transceiver 147 may have connections to lines 155 and 156 to a first winding of a Minicircuits ADT2-1T-1P+ 1:2 transformer 157. Transformer 157 may be instead one of several other available models. A second winding of transformer 157 may be connected to lines 158 and 159, which in turn may be connected to first terminals of capacitors 161 and 162, respectively. The second terminals of capacitors 161 and 162 may be connected to lines 152 and 153, respectively, of bus 154. Nominal values of capacitors 161 and 162 may be 10 pf, or other values as desired.

The receiver (vehicle security module which may perform enforcement) is shown in FIG. 17. The RF receiver components may typically be integrated in the CAN bus transceiver. CC1200 may be virtually always in a receive mode listening for an RF signal on the bus. When the VSM detects bus activity, the microcontroller may decode the bus ID field and wait for a message from the CC1200 indicating that it received data. The microcontroller may retrieve the data and compare the bus address with the ECU ID. The RF ID and the CAN ID may be compared to a table of allowed RF ID and CAN ID pairs. If the table indicates they are allowed to communicate, nothing appears to happen and the microcontroller may go back to sleep. If the table indicates that this is not an allowed transaction, the microcontroller may turn on the CAN transceiver and send out either a 7 byte sequence of solid zeros or a hash of random data to jam the bus and invalidate the transmission.

If no RF appears in the receiver before 200 uS has elapsed, the microcontroller may turn on the CAN transceiver and send out either a 7 byte sequence of solid zeros or a hash of random data to jam the bus and invalidate the transmission. After the 7 byte quash/jam sequence is sent, the VSM may go back to sleep. A red LED may indicates that the VSM has quashed a transmission. A green LED may indicate that an authenticated transmission has occurred. A red LED may indicate that an invalid transmission was detected. The LED indication may be for illustrative purposes.

FIG. 17 may also be regarded as a diagram of a receiving portion 150 of a version of the present system. Portion 150 may be regarded as a vehicle security module. A microcontroller 164 may have an output (Tx.d) 166 to a transceiver 165 and also an output (Tx/Rx) 167 to transceiver 165. Transceiver 165 may have an output (Rx.d) 168 to microcontroller 164. Microcontroller 164 may be a Cortex M4 @ 200 MHz or a Cortex A9 @ 1 GHz. Microcontroller 164 may be one of several other available models.

Microcontroller 164 may have an LED indicator 169. Lines 171 and 172 may connect microcontroller 164 to a CC1200 RF transceiver 174. Transceiver 165 may be connected to lines 152 and 153 of bus 154. Transceiver 174 may have lines 175 and 176 connected to a first winding of a Minicircuits ADT2-1T-1P+ 1:2 transformer 177. Transformer 177 may be instead one of several other available models. A second winding of transformer 177 may be connected to lines 178 and 179, which in turn may be connected to first terminals of capacitors 181 and 182, respectively. The second terminals of capacitors 181 and 182 may be connected to lines 152 and 153, respectively, of bus 154. Nominal values of capacitors 181 and 182 may be 10 pf, or other values as desired.

To recap, an authentication system may incorporate a bus, a transmitter connected to the bus, and a receiver connected to the bus. A physical layer signal may be applied by the transmitter to a message on the bus for authenticating the transmitter. The physical layer signal may incorporate an identifier (ID) of the transmitter. The receiver may receive the message and decode the physical layer signal on the message. A decoding of the physical layer signal on the message may reveal the ID of the transmitter sending the message. The receiver may look up the ID on a list of IDs corresponding to transmitters approved to send the message, to determine whether the ID of the transmitter sending the message matches an ID on the list. If the ID of the transmitter matches an ID on the list, then the transmitter may be authenticated and authorized to send the message.

If the transmitter is authenticated, the message sent by the transmitter that is received by the receiver may be processed by the receiver. If the transmitter cannot be authenticated, then the message sent by the transmitter that is received by the receiver may be blocked and not processed by the receiver.

A message having a physical layer signal, may be received by the receiver without interference to an ability of the receiver to receive and decode another message that is a normal signal digitized data message per a communications standard.

The bus may be a controller area network (CAN). The message may be a CAN message. The CAN message may have a dominant portion and a recessive portion. The physical layer signal may be applied to a dominant portion, a recessive portion, or both a dominant and a recessive portion of the CAN message. Or one or more media may be selected from a group incorporating wired media, optical media, radio frequency media, that may be used singularly or in combination for the system.

The bus may incorporate one or more additional receivers that detect the blocking of the message by the receiver that checks the ID decoded from the physical layer signal on the message from the transmitter and determines that the ID of the transmitter does not match an ID on a list of IDs corresponding to transmitters approved to send the message, and in turn blocks the message.

Only one receiver on the bus needs to receive the message and decode the physical layer signal applied to the message. The system only needs one authenticating receiver because the bit stomping function, together with the CRC allows the authenticating receiver to block other receivers from receiving the message. However, the system may have one or more receivers on the bus which can decode the physical layer signal applied to the message.

The bit stomping function is not necessarily the only way to block an unauthorized message. Having one authenticating receiver which performs bit stomping (invalidating the CRC) may be a cost effective way of implementing the system because one authenticating receiver can block the unauthorized message from all receivers. A system could have two or more authenticating receivers which decode the authentication signal and simply prevent the local node from processing the message, i.e., they do not necessarily do bit stomping to prevent other nodes from receiving the message.

If a transmitter is authorized to transmit a message, the receiver may allow the message to be processed without interfering with the message.

If the transmitter is not authorized to transmit a message, according to an ID check, then the receiver may block a processing of the message by asserting a signal on the bus that causes a cyclic redundancy code (CRC) associated with the message to be corrupted.

One or more nodes on the bus having receivers may detect corruption of the CRC associated with the message and thus may not process the message.

Two or more receivers on the bus may receive and decode a physical layer signal on the message to obtain an ID of the transmitter of the message and determine whether the ID matches an ID on a list of IDs of transmitters authorized to send the message.

If the any one of the two or more receivers determines that the transmitter is authorized to transmit the message, then the any one of the two or more receivers may allow the message to be processed by a local processor. If the any one of the two or more receivers determines that the entity was not authorized to transmit the message, then the any one of the two or more receivers may block a processing of the message by the local processor.

The transmitter may apply a modulated signal to the physical layer signal to code an ID for authentication of the transmitter. One or more modulation types may be selected from a group having frequency shift keying (FSK), amplitude shift keying, (ASK) on/off keying (OOK), phase shift keying (PSK), quadrature phase shift keying (QPSK), quadrature amplitude modulation (QAM) and continuous phase modulation (CPM).

The bus may incorporate one of the following receiver and transmitter combinations of components: one or more authenticating receivers, and one or more authenticating transmitters; one or more authenticating receivers, one or more authenticating transmitters, and one or more non-authenticating receivers; one or more authenticating receivers, one or more authenticating transmitters, and one or more non-authenticating transmitters; one or more authenticating receivers, one or more authenticating transmitters, one or more non-authenticating receivers, and one or more mon-authenticating transmitters; only one authenticating receiver and only one authenticating transmitter; only one authenticating receiver, only one authenticating transmitter, and one or more non-authenticating receivers; only one authenticating receiver, only one authenticating transmitter, and one or more non-authenticating transmitters; or only one authenticating receiver, only one authenticating transmitter, one or more non-authenticating receivers, and one or more non-authenticating transmitters.

A receiver and transmitter combination that has components that perform authenticating functions and non-authenticating functions may interoperate in accordance with a security policy applied by one or more authenticating components.

An authentication approach may incorporate applying a physical layer authentication signal to a message to be sent by a transmitter on a bus; decoding an identifier (ID) from the physical layer authentication signal on the message to be received by a receiver on the bus; and looking up the ID on a list of IDs corresponding to transmitters approved to send the message, to determine whether the ID decoded from the physical layer authentication signal matches an ID on the list. If the ID matches an ID on the list, then the message on the bus may be authorized. If the ID matches no ID on the list, then the message on the bus may be unauthorized.

The approach may further incorporate accepting and processing the message on the bus if the message is authorized, and blocking the message on the bus if the message on the bus is unauthorized.

Only one receiver on the bus may receive the message and decode the physical layer authentication signal applied to the message.

A mechanism for authenticating transmissions, may incorporate a transmitting entity, a receiving entity, and a bus connected to the transmitting entity and the receiving entity. A physical layer signal may be applied by the transmitting entity to a message on the bus to authenticate the transmitting entity. The physical layer signal may incorporate an identifier (ID) of the transmitting entity. The receiving entity may receive the message and decode the physical layer signal on the message. A decoding of the physical layer signal on the message may reveal the ID of the transmitting entity sending the message. The receiving entity may look up the ID on a list of IDs corresponding to transmitting entities approved to send the message, to determine whether the ID of the transmitting entity sending the message matches an ID on the list. If the ID of the transmitting entity matches an ID on the list, then the transmitting entity may be authenticated. If the ID of the transmitting entity does not match an ID on the list, then the transmitting entity may be not authenticated.

If the transmitting entity is authenticated, the message sent by the transmitting entity that is received by the receiving entity may be processed by the receiving entity. If the transmitting entity is not authenticated, then the message sent by the transmitting entity that is received by the receiving entity may be blocked and not processed by the receiving entity.

A message having a physical layer signal, may be received by the receiving entity without interference to an ability of the receiving entity to receive and decode another message that is a normal signal digitized data message per a communications standard.

Any publication or patent document noted herein is hereby incorporated by reference to the same extent as if each publication or patent document was specifically and individually indicated to be incorporated by reference.

In the present specification, some of the matter may be of a hypothetical or prophetic nature although stated in another manner or tense.

Although the present system and/or approach has been described with respect to at least one illustrative example, many variations and modifications will become apparent to those skilled in the art upon reading the specification. It is therefore the intention that the appended claims be interpreted as broadly as possible in view of the related art to include all such variations and modifications.

Claims

1. An authentication system comprising: a bus;a plurality of transmitters connected to the bus;an authenticating receiver connected to the bus; andone or more additional receivers connected to the bus; andwherein:physical layer signals are applied by the transmitters to messages on the bus for authenticating a transmitter of the plurality of transmitters that sent a message;the physical layer signal incorporates an identifier (ID) of the transmitter that sent the message;each of the transmitters applies a unique modulated analog signal associated with the ID of the transmitter to the physical layer signal to incorporate and encode the ID of the transmitter in the physical layer;the authenticating receiver receives the message and decodes the physical layer signal on the message;the decoding of the physical layer signal on the message includes demodulating the unique modulated analog signal to determine the ID of the transmitter sending the message and identifying a message type of the message;the authenticating receiver looks up the ID of the transmitter on a list of IDs corresponding to transmitters approved to send the message to determine whether the ID of the transmitter sending the message matches an ID on the list and compare a message type of the message to message types authorized to be sent by the transmitter sending the message; andif the ID of the transmitter matches an ID on the list and the message type is authorized to be sent by the transmitter, then the transmitter is authenticated and authorized to send the message; andif 1) the ID of the transmitter matches no ID on the list or 2) the ID of the transmitter matches an ID on the list and the transmitter is not authorized to send the message type of the message, then the message on the bus may be unauthorized and the authenticating receiver blocks a processing of the message by the one or more additional receivers by asserting a signal on the bus that causes a code associated with the message to be corrupted.
2. The system of claim 1, wherein: if the transmitter is authenticated, the message sent by the transmitter that is received by the authenticating receiver is processed by the authenticating receiver; andif the transmitter cannot be authenticated, then the message sent by the transmitter that is received by the authenticating receiver is blocked and not processed by the receiver.
3. The system of claim 2, wherein the bus comprises one or more additional receivers that detect the blocking of the message by the authenticating receiver that checks the ID decoded from the physical layer signal on the message from the transmitter and determines that the ID of the transmitter does not match an ID on a list of IDs corresponding to transmitters approved to send the message, and in turn blocks the message.
4. The system of claim 1, wherein a message having a physical layer signal, can be received by the authenticating receiver without interference to an ability of the authenticating receiver to receive and decode another message that is a normal signal digitized data message per a communications standard.
5. The system of claim 1, wherein: the bus is a controller area network (CAN);the message is a CAN message;the CAN message has a dominant portion and a recessive portion; andthe physical layer signal is applied to a recessive portion or a dominant and a recessive portion of the CAN message.
6. The system of claim 1, wherein only one receiver on the bus needs to receive the message and decode the physical layer signal applied to the message.
7. The system of claim 1, wherein if a transmitter is authorized to transmit a message, the authenticating receiver allows the message to be processed without interfering with the message.
8. The system of claim 1, wherein: the code is cyclic redundancy code (CRC); andthe one or more receivers detect corruption of the CRC associated with the message.
9. The system of claim 1, wherein two or more receivers on the bus can receive and decode a physical layer signal on the message to obtain an ID of the transmitter of the message and determine whether the ID matches an ID on a list of IDs of transmitters authorized to send the message.
10. The system of claim 9 wherein: if the any one of the two or more receivers determines that the transmitter is authorized to transmit the message, then the any one of the two or more receivers will allow the message to be processed by a local processor; andif the any one of the two or more receivers determines that the transmitter was not authorized to transmit the message, then the any one of the two or more receivers will block a processing of the message by the local processor.
11. The system of claim 1, wherein the bus comprises one of the following receiver and transmitter combinations of components: one or more authenticating receivers, and one or more authenticating transmitters;one or more authenticating receivers, one or more authenticating transmitters, and one or more non-authenticating receivers;one or more authenticating receivers, one or more authenticating transmitters, and one or more non-authenticating transmitters;one or more authenticating receivers, one or more authenticating transmitters, one or more non-authenticating receivers, and one or more non-authenticating transmitters;only one authenticating receiver and only one authenticating transmitter;only one authenticating receiver, only one authenticating transmitter, and one or more non-authenticating receivers;only one authenticating receiver, only one authenticating transmitter, and one or more non-authenticating transmitters; oronly one authenticating receiver, only one authenticating transmitter, one or more non-authenticating receivers, and one or more non-authenticating transmitters.
12. The system of claim 11, wherein a receiver and transmitter combination that has components that perform authenticating functions and non-authenticating functions interoperate in accordance with a security policy applied by one or more authenticating components.
13. An authentication method comprising: applying a physical layer authentication signal to a message to be sent by a transmitter on a bus;the transmitter applying a unique modulated analog signal encoding an identifier (ID) of the transmitter to the physical layer authentication signal;decoding the physical layer authentication signal on the message to be received by a receiver on the bus, the decoding the physical layer includes demodulating the unique modulated analog signal to determine the ID of the transmitter sending the message and identifying a message type of the message; andlooking up the ID of the transmitter on a list of IDs corresponding to transmitters approved to send the message to determine whether the ID decoded from the physical layer authentication signal matches an ID on the list and compare a message type of the message to message types authorized to be sent by the transmitter sending the message; andwherein:if the ID matches an ID on the list and the message type is authorized to be sent by the transmitter, then the message on the bus is authorized; andif 1) the ID matches no ID on the list or 2) the ID matches an ID on the list and the transmitter is not authorized to send the message type of the message, then the message on the bus is unauthorized and the further comprises blocking a processing of the message by the receiver by asserting a signal on the bus that causes a cyclic redundancy code (CRC) associated with the message to be corrupted.
14. The method of claim 13, further comprising: accepting and processing the message on the bus if the message is authorized; andblocking the message on the bus if the message on the bus is unauthorized.
15. The method of claim 14, wherein only one receiver on the bus receives the message and decodes the physical layer authentication signal applied to the message.
16. A mechanism for authenticating transmissions, comprising: a transmitting entity;an authenticating receiving entity; anda bus connected to the transmitting entity and the authenticating receiving entity;wherein:a physical layer signal is applied by the transmitting entity to a message on the bus to authenticate the transmitting entity;the physical layer signal incorporates an identifier (ID) of the transmitting entity;the transmitting entity applies a unique modulated analog signal encoding the ID of the transmitting entity to the physical layer signal;the authenticating receiving entity receives the message and decodes the physical layer signal on the message;the decoding of the physical layer signal on the message includes demodulating the unique modulated analog signal to determine the ID of the transmitting entity sending the message and identifying a message type of the message;the authenticating receiving entity looks up the ID of the transmitting entity on a list of IDs corresponding to transmitting entities approved to send the message to determine whether the ID of the transmitting entity sending the message matches an ID on the list and compare a message type of the message to message types authorized to be sent by the transmitter sending the message;if the ID of the transmitting entity matches an ID on the list and the message type is authorized to be sent by the transmitter, then the transmitting entity is authenticated and authorized to send the message; andif 1) the ID of the transmitting entity does not match an ID on the list or 2) the ID of the transmitting entity matches an ID on the list and the transmitter is not authorized to send the message type of the message, then the transmitting entity is not authenticated and the authenticating receiving entity blocks a processing of the message by one or more additional receiving entities connected to the bus by asserting a signal on the bus that causes a cyclic redundancy code (CRC) associated with the message to be corrupted.
17. The mechanism of claim 16, wherein: if the transmitting entity is authenticated, the message sent by the transmitting entity that is received by the authenticating receiving entity is processed by the authenticating receiving entity; andif the transmitting entity is not authenticated, then the message sent by the transmitting entity that is received by the authenticating receiving entity is blocked and not processed by the authenticating receiving entity.
18. The mechanism of claim 16, wherein a message having a physical layer signal, can be received by the authenticating receiving entity without interference to an ability of the authenticating receiving entity to receive and decode another message that is a normal signal digitized data message per a communications standard.

US Referenced Citations (538)

Number	Name	Date	Kind
3744461	Davis	Jul 1973	A
4005578	McInerney	Feb 1977	A
4055158	Marsee	Oct 1977	A
4206606	Yamada	Jun 1980	A
4252098	Tomczak et al.	Feb 1981	A
4359991	Stumpp et al.	Nov 1982	A
4383441	Willis et al.	May 1983	A
4426982	Lehner et al.	Jan 1984	A
4438497	Willis et al.	Mar 1984	A
4440140	Kawagoe et al.	Apr 1984	A
4456883	Bullis et al.	Jun 1984	A
4485794	Kimberley et al.	Dec 1984	A
4601270	Kimberley et al.	Jul 1986	A
4616308	Morshedi et al.	Oct 1986	A
4653449	Kamel et al.	Mar 1987	A
4671235	Hosaka	Jun 1987	A
4735181	Kaneko et al.	Apr 1988	A
4947334	Massey et al.	Aug 1990	A
4962570	Hosaka et al.	Oct 1990	A
5044337	Williams	Sep 1991	A
5076237	Hartman et al.	Dec 1991	A
5089236	Clerc	Feb 1992	A
5094213	Dudek et al.	Mar 1992	A
5095874	Schnaibel et al.	Mar 1992	A
5108716	Nishizawa et al.	Apr 1992	A
5123397	Richeson	Jun 1992	A
5150289	Badavas	Sep 1992	A
5186081	Richardson et al.	Feb 1993	A
5233829	Komatsu	Aug 1993	A
5270935	Dudek et al.	Dec 1993	A
5273019	Matthews et al.	Dec 1993	A
5282449	Takahashi et al.	Feb 1994	A
5293553	Dudek et al.	Mar 1994	A
5349816	Sanbayashi et al.	Sep 1994	A
5365734	Takeshima	Nov 1994	A
5394322	Hansen	Feb 1995	A
5394331	Dudek et al.	Feb 1995	A
5398502	Watanabe	Mar 1995	A
5408406	Mathur et al.	Apr 1995	A
5431139	Grutter et al.	Jul 1995	A
5452576	Hamburg et al.	Sep 1995	A
5477840	Neumann	Dec 1995	A
5560208	Halimi et al.	Oct 1996	A
5570574	Yamashita et al.	Nov 1996	A
5598825	Neumann	Feb 1997	A
5609139	Ueda et al.	Mar 1997	A
5611198	Lane et al.	Mar 1997	A
5682317	Keeler et al.	Oct 1997	A
5690086	Kawano et al.	Nov 1997	A
5692478	Nogi et al.	Dec 1997	A
5697339	Esposito	Dec 1997	A
5704011	Hansen et al.	Dec 1997	A
5740033	Wassick et al.	Apr 1998	A
5746183	Parke et al.	May 1998	A
5765533	Nakajima	Jun 1998	A
5771867	Amstutz et al.	Jun 1998	A
5785030	Paas	Jul 1998	A
5788004	Friedmann et al.	Aug 1998	A
5842340	Bush et al.	Dec 1998	A
5846157	Reinke et al.	Dec 1998	A
5893092	Driscoll	Apr 1999	A
5917405	Joao	Jun 1999	A
5924280	Tarabulski	Jul 1999	A
5942195	Lecea et al.	Aug 1999	A
5964199	Atago et al.	Oct 1999	A
5970075	Wasada	Oct 1999	A
5974788	Hepburn et al.	Nov 1999	A
5995895	Watt et al.	Nov 1999	A
6029626	Bruestle	Feb 2000	A
6035640	Kolmanovsky et al.	Mar 2000	A
6048620	Zhong et al.	Apr 2000	A
6048628	Hilman et al.	Apr 2000	A
6055810	Borland et al.	May 2000	A
6056781	Wassick et al.	May 2000	A
6058700	Yamashita et al.	May 2000	A
6067800	Kolmanovsky et al.	May 2000	A
6076353	Freudenberg et al.	Jun 2000	A
6105365	Deeba et al.	Aug 2000	A
6122555	Lu	Sep 2000	A
6134883	Kato et al.	Oct 2000	A
6153159	Engeler et al.	Nov 2000	A
6161528	Akao et al.	Dec 2000	A
6170259	Boegner et al.	Jan 2001	B1
6171556	Burk et al.	Jan 2001	B1
6178743	Hirota et al.	Jan 2001	B1
6178749	Kolmanovsky et al.	Jan 2001	B1
6208914	Ward et al.	Mar 2001	B1
6216083	Ulyanov et al.	Apr 2001	B1
6233922	Maloney	May 2001	B1
6236956	Mantooth et al.	May 2001	B1
6237330	Takahashi et al.	May 2001	B1
6242873	Drozdz et al.	Jun 2001	B1
6263672	Roby et al.	Jul 2001	B1
6273060	Cullen	Aug 2001	B1
6279551	Iwano et al.	Aug 2001	B1
6312538	Latypov et al.	Nov 2001	B1
6314351	Chutorash	Nov 2001	B1
6314662	Ellis, III	Nov 2001	B1
6314724	Kakuyama et al.	Nov 2001	B1
6321538	Hasler et al.	Nov 2001	B2
6327361	Harshavardhana et al.	Dec 2001	B1
6338245	Shimoda et al.	Jan 2002	B1
6341487	Takahashi et al.	Jan 2002	B1
6347619	Whiting et al.	Feb 2002	B1
6360159	Miller et al.	Mar 2002	B1
6360541	Waszkiewicz et al.	Mar 2002	B2
6360732	Bailey et al.	Mar 2002	B1
6363715	Bidner et al.	Apr 2002	B1
6363907	Arai et al.	Apr 2002	B1
6379281	Collins et al.	Apr 2002	B1
6389203	Jordan et al.	May 2002	B1
6425371	Majima	Jul 2002	B2
6427436	Allansson et al.	Aug 2002	B1
6431160	Sugiyama et al.	Aug 2002	B1
6445963	Blevins et al.	Sep 2002	B1
6446430	Roth et al.	Sep 2002	B1
6453308	Zhao et al.	Sep 2002	B1
6463733	Zhao et al.	Sep 2002	B1
6463734	Tamura et al.	Oct 2002	B1
6466893	Latwesen et al.	Oct 2002	B1
6470682	Gray, Jr.	Oct 2002	B2
6470862	Isobe et al.	Oct 2002	B2
6470886	Jestrabek-Hart	Oct 2002	B1
6481139	Weldle	Nov 2002	B2
6494038	Kobayashi et al.	Dec 2002	B2
6502391	Hirota et al.	Jan 2003	B1
6505465	Kanazawa et al.	Jan 2003	B2
6510351	Blevins et al.	Jan 2003	B1
6512974	Houston et al.	Jan 2003	B2
6513495	Franke et al.	Feb 2003	B1
6532433	Bharadwaj et al.	Mar 2003	B2
6542076	Joao	Apr 2003	B1
6546329	Bellinger	Apr 2003	B2
6549130	Joao	Apr 2003	B1
6550307	Zhang et al.	Apr 2003	B1
6553754	Meyer et al.	Apr 2003	B2
6560528	Gitlin et al.	May 2003	B1
6560960	Nishimura et al.	May 2003	B2
6571191	York et al.	May 2003	B1
6579206	Liu et al.	Jun 2003	B2
6591605	Lewis	Jul 2003	B2
6594990	Kuenstler et al.	Jul 2003	B2
6601387	Zurawski et al.	Aug 2003	B2
6612293	Schweinzer et al.	Sep 2003	B2
6615584	Ostertag	Sep 2003	B2
6625978	Eriksson et al.	Sep 2003	B1
6629408	Murakami et al.	Oct 2003	B1
6637382	Brehob et al.	Oct 2003	B1
6644017	Takahashi et al.	Nov 2003	B2
6647710	Nishiyama et al.	Nov 2003	B2
6647971	Vaughan et al.	Nov 2003	B2
6651614	Flamig-Vetter et al.	Nov 2003	B2
6662058	Sanchez	Dec 2003	B1
6666198	Mitsutani	Dec 2003	B2
6666410	Boelitz et al.	Dec 2003	B2
6671596	Kawashima et al.	Dec 2003	B2
6671603	Cari et al.	Dec 2003	B2
6672052	Taga et al.	Jan 2004	B2
6672060	Buckland et al.	Jan 2004	B1
6679050	Takahashi et al.	Jan 2004	B1
6687597	Sulatisky et al.	Feb 2004	B2
6688283	Jaye	Feb 2004	B2
6694244	Meyer et al.	Feb 2004	B2
6694724	Tanaka et al.	Feb 2004	B2
6705084	Allen et al.	Mar 2004	B2
6718254	Hashimoto et al.	Apr 2004	B2
6718753	Bromberg et al.	Apr 2004	B2
6725208	Hartman et al.	Apr 2004	B1
6736120	Sumilla	May 2004	B2
6738682	Pasadyn	May 2004	B1
6739122	Kitajima et al.	May 2004	B2
6742330	Genderen	Jun 2004	B2
6743352	Ando et al.	Jun 2004	B2
6748936	Kinomura et al.	Jun 2004	B2
6752131	Poola et al.	Jun 2004	B2
6752135	McLaughlin et al.	Jun 2004	B2
6757579	Pasadyn	Jun 2004	B1
6758037	Terada et al.	Jul 2004	B2
6760631	Berkowitz et al.	Jul 2004	B1
6760657	Katoh	Jul 2004	B2
6760658	Yasui et al.	Jul 2004	B2
6770009	Badillo et al.	Aug 2004	B2
6772585	Iihoshi et al.	Aug 2004	B2
6775623	Ali et al.	Aug 2004	B2
6779344	Hartman et al.	Aug 2004	B2
6779512	Mitsutani	Aug 2004	B2
6788072	Nagy et al.	Sep 2004	B2
6789533	Hashimoto et al.	Sep 2004	B1
6792927	Kobayashi	Sep 2004	B2
6804618	Junk	Oct 2004	B2
6814062	Esteghlal et al.	Nov 2004	B2
6817171	Zhu	Nov 2004	B2
6823667	Braun et al.	Nov 2004	B2
6826903	Yahata et al.	Dec 2004	B2
6827060	Huh	Dec 2004	B2
6827061	Nytomt et al.	Dec 2004	B2
6827070	Fehl et al.	Dec 2004	B2
6834497	Miyoshi et al.	Dec 2004	B2
6837042	Colignon et al.	Jan 2005	B2
6839637	Moteki et al.	Jan 2005	B2
6849030	Yamamoto et al.	Feb 2005	B2
6857264	Ament	Feb 2005	B2
6873675	Kurady et al.	Mar 2005	B2
6874467	Hunt et al.	Apr 2005	B2
6879906	Makki et al.	Apr 2005	B2
6882929	Liang et al.	Apr 2005	B2
6904751	Makki et al.	Jun 2005	B2
6911414	Kimura et al.	Jun 2005	B2
6915779	Sriprakash	Jul 2005	B2
6920865	Lyon	Jul 2005	B2
6923902	Ando et al.	Aug 2005	B2
6925372	Yasui	Aug 2005	B2
6925796	Nieuwstadt et al.	Aug 2005	B2
6928362	Meaney	Aug 2005	B2
6928817	Ahmad	Aug 2005	B2
6931840	Strayer et al.	Aug 2005	B2
6934931	Plumer et al.	Aug 2005	B2
6941744	Tanaka	Sep 2005	B2
6945033	Sealy et al.	Sep 2005	B2
6948310	Roberts, Jr. et al.	Sep 2005	B2
6953024	Linna et al.	Oct 2005	B2
6965826	Andres et al.	Nov 2005	B2
6968677	Tamura	Nov 2005	B2
6971258	Rhodes et al.	Dec 2005	B2
6973382	Rodriguez et al.	Dec 2005	B2
6978744	Yuasa et al.	Dec 2005	B2
6988017	Pasadyn et al.	Jan 2006	B2
6990401	Neiss et al.	Jan 2006	B2
6996975	Radhamohan et al.	Feb 2006	B2
7000379	Makki et al.	Feb 2006	B2
7013637	Yoshida	Mar 2006	B2
7016779	Bowyer	Mar 2006	B2
7028464	Rosel et al.	Apr 2006	B2
7039475	Sayyarrodsari et al.	May 2006	B2
7047938	Flynn et al.	May 2006	B2
7050863	Mehta et al.	May 2006	B2
7052434	Makino et al.	May 2006	B2
7055311	Beutel et al.	Jun 2006	B2
7059112	Bidner et al.	Jun 2006	B2
7063080	Kita et al.	Jun 2006	B2
7067319	Wills et al.	Jun 2006	B2
7069903	Sumilla et al.	Jul 2006	B2
7082753	Dalla Betta et al.	Aug 2006	B2
7085615	Persson et al.	Aug 2006	B2
7106866	Astorino et al.	Sep 2006	B2
7107978	Itoyama	Sep 2006	B2
7111450	Sumilla	Sep 2006	B2
7111455	Okugawa et al.	Sep 2006	B2
7113835	Boyen et al.	Sep 2006	B2
7117046	Boyden et al.	Oct 2006	B2
7124013	Yasui	Oct 2006	B2
7149590	Martin et al.	Dec 2006	B2
7151976	Lin	Dec 2006	B2
7152023	Das	Dec 2006	B2
7155334	Stewart et al.	Dec 2006	B1
7164800	Sun	Jan 2007	B2
7165393	Betta et al.	Jan 2007	B2
7165399	Stewart	Jan 2007	B2
7168239	Ingram et al.	Jan 2007	B2
7182075	Shahed et al.	Feb 2007	B2
7184845	Sayyarrodsari et al.	Feb 2007	B2
7184992	Polyak et al.	Feb 2007	B1
7188637	Dreyer et al.	Mar 2007	B2
7194987	Mogi	Mar 2007	B2
7197485	Fuller	Mar 2007	B2
7200988	Yamashita	Apr 2007	B2
7204079	Audoin	Apr 2007	B2
7212908	Li et al.	May 2007	B2
7275374	Stewart et al.	Oct 2007	B2
7275415	Rhodes et al.	Oct 2007	B2
7277010	Joao	Oct 2007	B2
7281368	Miyake et al.	Oct 2007	B2
7292926	Schmidt et al.	Nov 2007	B2
7302937	Ma et al.	Dec 2007	B2
7321834	Chu et al.	Jan 2008	B2
7323036	Boyden et al.	Jan 2008	B2
7328577	Stewart et al.	Feb 2008	B2
7337022	Wojsznis et al.	Feb 2008	B2
7349776	Spillane et al.	Mar 2008	B2
7357125	Kolavennu	Apr 2008	B2
7375374	Chen et al.	May 2008	B2
7376471	Das et al.	May 2008	B2
7380547	Ruiz	Jun 2008	B1
7383118	Imai et al.	Jun 2008	B2
7389773	Stewart et al.	Jun 2008	B2
7392129	Hill et al.	Jun 2008	B2
7397363	Joao	Jul 2008	B2
7398082	Schwinke et al.	Jul 2008	B2
7398149	Ueno et al.	Jul 2008	B2
7400933	Rawlings et al.	Jul 2008	B2
7400967	Ueno et al.	Jul 2008	B2
7413583	Langer et al.	Aug 2008	B2
7415389	Stewart et al.	Aug 2008	B2
7418372	Nishira et al.	Aug 2008	B2
7430854	Yasui et al.	Oct 2008	B2
7433743	Pistikopoulos et al.	Oct 2008	B2
7444191	Caldwell et al.	Oct 2008	B2
7444193	Cutler	Oct 2008	B2
7447554	Cutler	Nov 2008	B2
7467614	Stewart et al.	Dec 2008	B2
7469177	Samad et al.	Dec 2008	B2
7474953	Hulser et al.	Jan 2009	B2
7493236	Mock et al.	Feb 2009	B1
7505879	Tomoyasu et al.	Mar 2009	B2
7505882	Jenny et al.	Mar 2009	B2
7515975	Stewart	Apr 2009	B2
7522963	Boyden et al.	Apr 2009	B2
7536232	Boyden et al.	May 2009	B2
7577483	Fan et al.	Aug 2009	B2
7587253	Rawlings et al.	Sep 2009	B2
7591135	Stewart	Sep 2009	B2
7599749	Sayyarrodsari et al.	Oct 2009	B2
7599750	Piche	Oct 2009	B2
7603185	Stewart et al.	Oct 2009	B2
7603226	Henein	Oct 2009	B2
7627843	Dozorets et al.	Dec 2009	B2
7630868	Turner et al.	Dec 2009	B2
7634323	Vermillion et al.	Dec 2009	B2
7634417	Boyden et al.	Dec 2009	B2
7650780	Hall	Jan 2010	B2
7668704	Perchanok et al.	Feb 2010	B2
7676318	Allain	Mar 2010	B2
7698004	Boyden et al.	Apr 2010	B2
7702519	Boyden et al.	Apr 2010	B2
7712139	Westendorf et al.	May 2010	B2
7721030	Fuehrer et al.	May 2010	B2
7725199	Brackney et al.	May 2010	B2
7734291	Mazzara, Jr.	Jun 2010	B2
7738975	Denison et al.	Jun 2010	B2
7743606	Havelena et al.	Jun 2010	B2
7748217	Muller	Jul 2010	B2
7752840	Stewart	Jul 2010	B2
7765792	Rhodes et al.	Aug 2010	B2
7779680	Sasaki et al.	Aug 2010	B2
7793489	Wang et al.	Sep 2010	B2
7798938	Matsubara et al.	Sep 2010	B2
7808371	Blanchet et al.	Oct 2010	B2
7813884	Chu et al.	Oct 2010	B2
7826909	Attarwala	Nov 2010	B2
7831318	Bartee et al.	Nov 2010	B2
7840287	Wojsznis et al.	Nov 2010	B2
7844351	Piche	Nov 2010	B2
7844352	Vouzis et al.	Nov 2010	B2
7846299	Backstrom et al.	Dec 2010	B2
7850104	Havlena et al.	Dec 2010	B2
7856966	Saitoh	Dec 2010	B2
7860586	Boyden et al.	Dec 2010	B2
7861518	Federle	Jan 2011	B2
7862771	Boyden et al.	Jan 2011	B2
7877239	Grichnik et al.	Jan 2011	B2
7878178	Stewart et al.	Feb 2011	B2
7891669	Araujo et al.	Feb 2011	B2
7904280	Wood	Mar 2011	B2
7905103	Larsen et al.	Mar 2011	B2
7907769	Sammak et al.	Mar 2011	B2
7925399	Comeau	Apr 2011	B2
7930044	Attarwala	Apr 2011	B2
7933849	Bartee et al.	Apr 2011	B2
7958730	Stewart et al.	Jun 2011	B2
7970482	Srinivasan et al.	Jun 2011	B2
7987145	Baramov	Jul 2011	B2
7996140	Stewart et al.	Aug 2011	B2
8001767	Kakuya et al.	Aug 2011	B2
8019911	Dressler et al.	Sep 2011	B2
8025167	Schneider et al.	Sep 2011	B2
8032235	Sayyar-Rodsari	Oct 2011	B2
8046089	Renfro et al.	Oct 2011	B2
8046090	MacArthur et al.	Oct 2011	B2
8060290	Stewart et al.	Nov 2011	B2
8078291	Pekar et al.	Dec 2011	B2
8108790	Morrison, Jr. et al.	Jan 2012	B2
8109255	Stewart et al.	Feb 2012	B2
8121818	Gorinevsky	Feb 2012	B2
8145329	Pekar et al.	Mar 2012	B2
8146850	Havlena et al.	Apr 2012	B2
8157035	Whitney et al.	Apr 2012	B2
8185217	Thiele	May 2012	B2
8197753	Boyden et al.	Jun 2012	B2
8200346	Thiele	Jun 2012	B2
8209963	Kesse et al.	Jul 2012	B2
8213321	Butts	Jul 2012	B2
8229163	Coleman et al.	Jul 2012	B2
8245501	He et al.	Aug 2012	B2
8246508	Matsubara et al.	Aug 2012	B2
8265854	Stewart et al.	Sep 2012	B2
8281572	Chi et al.	Oct 2012	B2
8295951	Crisalle et al.	Oct 2012	B2
8311653	Zhan et al.	Nov 2012	B2
8312860	Yun et al.	Nov 2012	B2
8316235	Boehl et al.	Nov 2012	B2
8360040	Stewart et al.	Jan 2013	B2
8370052	Lin et al.	Feb 2013	B2
8379267	Mestha et al.	Feb 2013	B2
8396644	Kabashima et al.	Mar 2013	B2
8402268	Dierickx	Mar 2013	B2
8418441	He et al.	Apr 2013	B2
8453431	Wang et al.	Jun 2013	B2
8473079	Havlena	Jun 2013	B2
8478506	Grichnik et al.	Jul 2013	B2
RE44452	Stewart et al.	Aug 2013	E
8504175	Pekar et al.	Aug 2013	B2
8505278	Farrell et al.	Aug 2013	B2
8543170	Mazzara, Jr. et al.	Sep 2013	B2
8555613	Wang et al.	Oct 2013	B2
8571689	Macharia et al.	Oct 2013	B2
8596045	Tuomivaara et al.	Dec 2013	B2
8620461	Kihas	Dec 2013	B2
8634940	Macharia et al.	Jan 2014	B2
8639925	Schuetze	Jan 2014	B2
8649884	MacArthur et al.	Feb 2014	B2
8649961	Hawkins et al.	Feb 2014	B2
8667288	Yavuz	Mar 2014	B2
8694197	Rajagopalan et al.	Apr 2014	B2
8700291	Herrmann	Apr 2014	B2
8737426	Fredriksson	May 2014	B1
8751241	Oesterling et al.	Jun 2014	B2
8762026	Wolfe et al.	Jun 2014	B2
8763377	Yacoub	Jul 2014	B2
8768996	Shokrollahi et al.	Jul 2014	B2
8813690	Kumar et al.	Aug 2014	B2
8825243	Yang et al.	Sep 2014	B2
8839967	Schneider et al.	Sep 2014	B2
8867746	Ceskutti et al.	Oct 2014	B2
8892221	Kram et al.	Nov 2014	B2
8899018	Frazier et al.	Dec 2014	B2
8904760	Mital	Dec 2014	B2
8983069	Merchan et al.	Mar 2015	B2
9100193	Newsome et al.	Aug 2015	B2
9141996	Christensen et al.	Sep 2015	B2
9170573	Kihas	Oct 2015	B2
9175595	Ceynow et al.	Nov 2015	B2
9223301	Stewart et al.	Dec 2015	B2
9243576	Yu et al.	Jan 2016	B2
9253200	Schwarz et al.	Feb 2016	B2
9325494	Boehl	Apr 2016	B2
9367701	Merchan et al.	Jun 2016	B2
9367968	Giraud et al.	Jun 2016	B2
9419737	Fredriksson	Aug 2016	B2
9432488	Fredriksson	Aug 2016	B2
9483881	Comeau et al.	Nov 2016	B2
9560071	Ruvio et al.	Jan 2017	B2
9779742	Newsome, Jr.	Oct 2017	B2
20020112469	Kanazawa et al.	Aug 2002	A1
20040006973	Makki et al.	Jan 2004	A1
20040044908	Markham	Mar 2004	A1
20040086185	Sun	May 2004	A1
20040144082	Mianzo et al.	Jul 2004	A1
20040199481	Hartman et al.	Oct 2004	A1
20040226287	Edgar et al.	Nov 2004	A1
20050171667	Morita	Aug 2005	A1
20050187643	Sayyar-Rodsari et al.	Aug 2005	A1
20050193739	Brunnell et al.	Sep 2005	A1
20050210868	Funabashi	Sep 2005	A1
20060047607	Boyden et al.	Mar 2006	A1
20060111881	Jackson	May 2006	A1
20060137347	Stewart et al.	Jun 2006	A1
20060168945	Samad et al.	Aug 2006	A1
20060185626	Allen et al.	Aug 2006	A1
20060212140	Brackney	Sep 2006	A1
20070144149	Kolavennu et al.	Jun 2007	A1
20070156259	Baramov et al.	Jul 2007	A1
20070240213	Karam et al.	Oct 2007	A1
20070261648	Reckels et al.	Nov 2007	A1
20070275471	Coward	Nov 2007	A1
20080010973	Gimbres	Jan 2008	A1
20080103747	Macharia et al.	May 2008	A1
20080132178	Chatterjee et al.	Jun 2008	A1
20080208778	Sayyar-Rodsari et al.	Aug 2008	A1
20080289605	Ito	Nov 2008	A1
20090041247	Barany	Feb 2009	A1
20090172416	Bosch et al.	Jul 2009	A1
20090312998	Berckmans et al.	Dec 2009	A1
20100122523	Vosz	May 2010	A1
20100126481	Willi et al.	May 2010	A1
20100300069	Herrmann et al.	Dec 2010	A1
20110056265	Yacoub	Mar 2011	A1
20110060424	Havlena	Mar 2011	A1
20110125295	Bednasch et al.	May 2011	A1
20110131017	Cheng et al.	Jun 2011	A1
20110161673	Shin	Jun 2011	A1
20110167025	Danai et al.	Jul 2011	A1
20110173315	Aguren	Jul 2011	A1
20110264353	Atkinson et al.	Oct 2011	A1
20110270505	Chaturvedi et al.	Nov 2011	A1
20120024089	Couey et al.	Feb 2012	A1
20120109620	Gaikwad et al.	May 2012	A1
20120174187	Argon et al.	Jul 2012	A1
20130024069	Wang et al.	Jan 2013	A1
20130067894	Stewart et al.	Mar 2013	A1
20130111878	Pachner et al.	May 2013	A1
20130111905	Pekar et al.	May 2013	A1
20130131954	Yu et al.	May 2013	A1
20130131956	Thibault et al.	May 2013	A1
20130158834	Wagner et al.	Jun 2013	A1
20130204403	Zheng et al.	Aug 2013	A1
20130242706	Newsome, Jr.	Sep 2013	A1
20130326232	Lewis et al.	Dec 2013	A1
20130326630	Argon	Dec 2013	A1
20130338900	Ardanese et al.	Dec 2013	A1
20140032189	Hehle et al.	Jan 2014	A1
20140034460	Chou	Feb 2014	A1
20140171856	McLaughlin et al.	Jun 2014	A1
20140258736	Merchan et al.	Sep 2014	A1
20140270163	Merchan	Sep 2014	A1
20140280636	Fredriksson	Sep 2014	A1
20140316683	Whitney et al.	Oct 2014	A1
20140318216	Singh	Oct 2014	A1
20140343713	Ziegler et al.	Nov 2014	A1
20140358254	Chu et al.	Dec 2014	A1
20150121071	Schwarz et al.	Apr 2015	A1
20150275783	Wong et al.	Oct 2015	A1
20150321642	Schwepp et al.	Nov 2015	A1
20150324576	Quirant et al.	Nov 2015	A1
20150334093	Mueller	Nov 2015	A1
20150354877	Burns et al.	Dec 2015	A1
20160003180	McNulty et al.	Jan 2016	A1
20160043832	Ahn et al.	Feb 2016	A1
20160108732	Huang et al.	Apr 2016	A1
20160127357	Libuschka et al.	May 2016	A1
20160216699	Pekar et al.	Jul 2016	A1
20160239593	Pekar et al.	Aug 2016	A1
20160259584	Schlottmann et al.	Sep 2016	A1
20160330204	Baur et al.	Nov 2016	A1
20160344705	Stumpf et al.	Nov 2016	A1
20160362838	Badwe et al.	Dec 2016	A1
20160365977	Boutros et al.	Dec 2016	A1
20170031332	Santin	Feb 2017	A1
20170048063	Mueller	Feb 2017	A1
20170093659	Elend	Mar 2017	A1
20170126679	Fredriksson	May 2017	A1
20170126701	Glas et al.	May 2017	A1
20170218860	Pachner et al.	Aug 2017	A1
20170235698	van der Maas	Aug 2017	A1
20170300713	Fan et al.	Oct 2017	A1
20170306871	Fuxman et al.	Oct 2017	A1
20180115575	Hartkopp	Apr 2018	A1
20180181743	Hofman	Jun 2018	A1
20180336338	Hofman	Nov 2018	A1

Foreign Referenced Citations (53)

Number	Date	Country
102063561	May 2011	CN
102331350	Jan 2012	CN
19628796	Oct 1997	DE
10219382	Nov 2002	DE
102009016509	Oct 2010	DE
102011103346	Aug 2012	DE
0301527	Feb 1989	EP
0877309	Jun 2000	EP
1134368	Sep 2001	EP
1180583	Feb 2002	EP
1221544	Jul 2002	EP
1225490	Jul 2002	EP
1245811	Oct 2002	EP
1273337	Jan 2003	EP
0950803	Sep 2003	EP
1420153	May 2004	EP
1447727	Aug 2004	EP
1498791	Jan 2005	EP
1425642	Nov 2005	EP
1686251	Aug 2006	EP
1399784	Oct 2007	EP
2107439	Oct 2009	EP
2146258	Jan 2010	EP
1794339	Jul 2011	EP
1529941	Nov 2011	EP
2543845	Jan 2013	EP
2551480	Jan 2013	EP
2589779	May 2013	EP
2617975	Jul 2013	EP
2267559	Jan 2014	EP
2919079	Sep 2015	EP
59190433	Oct 1984	JP
2010282618	Dec 2010	JP
0144629	Jun 2001	WO
0169056	Sep 2001	WO
0232552	Apr 2002	WO
02097540	Dec 2002	WO
02101208	Dec 2002	WO
03023538	Mar 2003	WO
03048533	Jun 2003	WO
03065135	Aug 2003	WO
03078816	Sep 2003	WO
03102394	Dec 2003	WO
2004027230	Apr 2004	WO
2006021437	Mar 2006	WO
2007078907	Jul 2007	WO
2008033800	Mar 2008	WO
2008115911	Sep 2008	WO
2012076838	Jun 2012	WO
2013119665	Aug 2013	WO
2014165439	Oct 2014	WO
2016053194	Apr 2016	WO
WO-2017013622	Jan 2017	WO

Non-Patent Literature Citations (184)

Entry
Litichever, Gil et al. U.S. Appl. No. 62/195,419 (Specification). Available at least Jan. 26, 2017. (Year: 2017).
Extended European Search Report for EP Application No. 17151521.6, dated Oct. 23, 2017.
Extended European Search Report for EP Application No. 17163452.0, dated Sep. 26, 2017.
Greenberg, “Hackers Cut a Corvette's Brakes Via a Common Car Gadget,” downloaded from https://www.wired.com2015/08/hackers-cut-corvettes-brakes-v..., 14 pages, Aug. 11, 2015, printed Dec. 11, 2017.
http://www.blackpoolcommunications.com/products/alarm-immo...., “OBD Security OBD Port Protection—Alarms & Immobilizers . . . ,” 1 page, printed Jun. 5, 2017.
http://www.cnbc.com/2016/09/20/chinese-company-hacks-tesla-car-remotely.html, “Chinese Company Hacks Tesla Car Remotely,” 3 pages, Sep. 20, 2016.
ISO, “ISO Document No. 13185-2:2015(E),” 3 pages, 2015.
Ding, “Characterising Combustion in Diesel Engines, Using Parameterised Finite Stage Cylinder Process Models,” 281 pages, Dec. 21, 2011.
Docquier et al., “Combustion Control and Sensors: a Review,” Progress in Energy and Combustion Science, vol. 28, pp. 107-150, 2002.
Dunbar, “Model Predictive Control: Extension to Coordinated Multi-Vehicle Formations and Real-Time Implementation,” CDS Technical Report 01-016, 64 pages, Dec. 7, 2001.
Egnell, “Combustion Diagnostics by Means of Multizone Heat Release Analysis and NO Calculation,” SAE Technical Paper Series 981424, International Spring Fuels and Lubricants Meeting and Exposition, 22 pages, May 4-6, 1998.
Ericson, “NOx Modelling of a Complete Diesel Engine/SCR System,” Licentiate Thesis, 57 pages, 2007.
Finesso et al., “Estimation of the Engine-Out NO2/NOx Ration in a Euro VI Diesel Engine,” SAE International 2013-01-0317, 15 pages, Apr. 8, 2013.
Fleming, “Overview of Automotive Sensors,” IEEE Sensors Journal, vol. 1, No. 4, pp. 296-308, Dec. 2001.
Ford Motor Company, “2012 My OBD System Operation Summary for 6.7L Diesel Engines,” 149 pages, Apr. 21, 2011.
Formentin et al., “NOx Estimation in Diesel Engines Via In-Cylinder Pressure Measurement,” IEEE Transactions on aontrol Systems Technology, vol. 22, No. 1, pp. 396-403, Jan. 2014.
Galindo, “An On-Engine Method for Dynamic Characterisation of NOx Concentration Sensors,” Experimental Thermal and Fluid Science, vol. 35, pp. 470-476, 2011.
Gamma Technologies, “Exhaust Aftertreatment with GT-Suite,” 2 pages, Jul. 17, 2014.
GM “Advanced Diesel Technology and Emissions,” powertrain technologies—engines, 2 pages, prior to Feb. 2, 2005.
Goodwin, “Researchers Hack a Corvette's Brakes Via Insurance Black Box,” Downloaded from http://www.cnet.com/roadshow/news/researchers-hack-a-corvettes-brakes-via-insurance-black-box/, 2 pages, Aug. 2015.
Greenberg, “Hackers Remotely Kill a Jeep on the Highway—With Me in It,” Downloaded from http://www.wired.com/2015/07/hackers-remotely-kill-jeep-highway/, 24 pages, Jul. 21, 2015.
Guardiola et al., “A Bias Correction Method for Fast Fuel-to-Air Ratio Estimation in Diesel Engines,” Proceedings of the Institution of Mechanical Engineers, Part D: Journal of Automobile Engineering, vol. 227, No. 8, pp. 1099-1111, 2013.
Guardiola et al., “A Computationally Efficient Kalman Filter Based Estimator for Updating Look-Up Tables Applied to NOx Estimation in Diesel Engines,” Control Engineering Practice, vol. 21, pp. 1455-1468.
Guerreiro et al., “Trajectory Tracking Nonlinear Model Predictive Control for Autonomous Surface Craft,” Proceedings of the European Control Conference, Budapest, Hungary, 6 pages, Aug. 2009.
Guzzella et al., “Introduction to Modeling and Control of Internal Combustion Engine Systems,” 303 pages, 2004.
Guzzella, et al., “Control of Diesel Engines,” IEEE Control Systems Magazine, pp. 53-71, Oct. 1998.
Hahlin, “Single Cylinder ICE Exhaust Optimization,” Master's Thesis, retrieved from https://pure.ltu.se/portal/files/44015424/LTU-EX-2013-43970821.pdf, 50 pages, Feb. 1, 2014.
Hammacher Schlemmer, “The Windshield Heads Up Display,” Catalog, p. 47, prior to Apr. 26, 2016.
Havelena, “Componentized Architecture for Advanced Process Management,” Honeywell International, 42 pages, 2004.
Heywood, “Pollutant Formation and Control,” Internal Combustion Engine Fundamentals, pp. 567-667, 1988.
Hiranuma, et al., “Development of DPF System for Commercial Vehicle—Basic Characteristic and Active Regeneration Performance,” SAE Paper No. 2003-01-3182, Mar. 2003.
Hirsch et al., “Dynamic Engine Emission Models,” Automotive Model Predictive Control, Chapter 5, 18 pages, LNCIS 402, 2012.
Hirsch et al., “Grey-Box Control Oriented Emissions Models,” The International Federation of Automatic Control (IFAC), Proceedings of the 17th World Congress, pp. 8514-8519, Jul. 6-11, 2008.
Hockerdal, “EKF-based Adaptation of Look-Up Tables with an Air Mass-Flow Sensor Application,” Control Engineering Practice, vol. 19, 12 pages, 2011.
Honeywell, “Profit Optimizer a Distributed Quadratic Program (DQP) Concepts Reference,” 48 pages, prior to Feb. 2, 2005.
http://nexceris.com/news/nextech-materials/, “NEXTECH Materials is Now NEXCERIS,” 7 pages, printed Oct. 4, 2016.
http://www.arb.ca.gov/msprog/obdprog/hdobdreg.htm, “Heavy-Duty OBD Regulations and Rulemaking,” 8 pages, printed Oct. 4, 2016.
http://www.not2fast.wryday.com/turbo/glossary/turbo_glossary.shtml, “Not2Fast: Turbo Glossary,” 22 pages, printed Oct. 1, 2004.
http://www.tai-cwv.com/sb1106.0.html, “Technical Overview—Advanced Control Solutions,” 6 pages, printed Sep. 9, 2004.
https://www.dieselnet.com/standards/us/obd.php, “Emission Standards: USA: On-Board Diagnostics,” 6 pages, printed Oct. 3, 2016.
https://www.en.wikipedia.org/wiki/Public-key_cryptography, “Public-Key Cryptography,” 14 pages, printed Feb. 26, 2016.
Ishida et al., “An Analysis of the Added Water Effect on NO Formation in D.I. Diesel Engines,” SAE Technical Paper Series 941691, International Off-Highway and Power-Plant Congress and Exposition, 13 pages, Sep. 12-14, 1994.
Ishida et al., “Prediction of NOx Reduction Rate Due to Port Water Injection in a DI Diesel Engine,” SAE Technical Paper Series 972961, International Fall Fuels and Lubricants Meeting and Exposition, 13 pages, Oct. 13-16, 1997.
Jensen, “The 13 Monitors of an OBD System,” http://www.oemoffhighway.com/article/1 0855512/the-13-monito..., 3 pages, printed Oct. 3, 2016.
Johansen et al., “Hardware Architecture Design for Explicit Model Predictive Control,” Proceedings of ACC, 6 pages, 2006.
Johansen et al., “Hardware Synthesis of Explicit Model Predictive Controllers,” IEEE Transactions on Control Systems Technology, vol. 15, No. 1, Jan. 2007.
Jonsson, “Fuel Optimized Predictive Following in Low Speed Conditions,” Master's Thesis, 46 pages, Jun. 28, 2003.
Kelly, et al., “Reducing Soot Emissions from Diesel Engines Using One Atmosphere Uniform Glow Discharge Plasma,” SAE Paper No. 2003-01-1183, Mar. 2003.
Keulen et al., “Predictive Cruise Control in Hybrid Electric Vehicles,” World Electric Journal, vol. 3, ISSN 2032-6653, 11 pages, May 2009.
Khair et al., “Emission Formation in Diesel Engines,” Downloaded from https://www.dieselnet.com/tech/diesel_emiform.php, 33 pages, printed Oct. 14, 2016.
Kihas et al., “Chapter 14, Diesel Engine SCR Systems: Modeling Measurements and Control,” Catalytic Reduction Technology (book), Part 1, Chapter 14, prior to Jan. 29, 2016.
Kolmanovsky et al., “Issues in Modeling and Control of Intake Flow in Variable Geometry Turbocharged Engines”, 18th IFIP Conf. System Modeling and Optimization, pp. 436-445, Jul. 1997.
Krause et al., “Effect of Inlet Air Humidity and Temperature on Diesel Exhaust Emissions,” SAE International Automotive Engineering Congress, 8 pages, Jan. 8-12, 1973.
Kulhavy et al. “Emerging Technologies for Enterprise Optimization in the Process Industries,” Honeywell, 12 pages, Dec. 2000.
Lavoie et al., “Experimental and Theoretical Study of Nitric Oxide Formation in Internal Combustion Engines,” Combustion Science and Technology, vol. 1, pp. 313-326, 1970.
Locker, et al., “Diesel Particulate Filter Operational Characterization,” Corning Incorporated, 10 pages, prior to Feb. 2, 2005.
Lu, “Challenging Control Problems and Engineering Technologies in Enterprise Optimization,” Honeywell Hi-Spec Solutions, 30 pages, Jun. 4-6, 2001.
“Aftertreatment Modeling of RCCI Engine During Transient Operation,” University of Wisconsin—Engine Research Center, 1 page, May 31, 2014.
“Chapter 14: Pollutant Formation,” Fluent Manual, Release 15.0, Chapter 14, pp. 313-345, prior to Jan. 29, 2016.
“Chapter 21, Modeling Pollutant Formation,” Fluent Manual, Release 12.0, Chapter 21, pp. 21-1-21-54, Jan. 30, 2009.
“J1979 E/E Diagnostic Test Modules,” Proposed Regulation, Vehicle E.E. System Diagnostic Standards Committee, 1 page, Sep. 28, 2010.
“MicroZed Zynq Evaluation and Development and System on Module, Hardware User Guide,” Avnet Electronics Marketing, Version 1.6, Jan. 22, 2015.
“Model Predictive Control Toolbox Release Notes,” The Mathworks, 24 pages, Oct. 2008.
“Model Predictive Control,” Wikipedia, pp. 1-5, Jan. 22, 2009. http://en.wikipedia.org/w/index.php/title=Special:Book&bookcmd=download&collecton_id=641cd1b5da77cc22&writer=rl&return_to=Model predictive control, retrieved Nov. 20, 2012.
“MPC Implementation Methods for the Optimization of the Response of Control Valves to Reduce Variability,” Advanced Application Note 002, Rev. A, 10 pages, 2007.
“SCR, 400-csi Coated Catalyst,” Leading NOx Control Technologies Status Summary, 1 page prior to Feb. 2, 2005.
Actron, “Elite AutoScanner Kit—Enhanced OBD I & II Scan Tool, OBD 1300,” Downloaded from https://actron.com/content/elite-autoscanner-kit-enhanced-obd-i-and-obd-ii-scan-tool?utm_..., 5 pages, printed Sep. 27, 2016.
Advanced Petroleum-Based Fuels-Diesel Emissions Control (APBF-DEC) Project, “Quarterly Update,” No. 7, 6 pages, Fall 2002.
Allanson, et al., “Optimizing the Low Temperature Performance and Regeneration Efficiency of the Continuously Regenerating Diesel Particulate Filter System,” SAE Paper No. 2002-01-0428, 8 pages, Mar. 2002.
Amstuz, et al., “EGO Sensor Based Robust Output Control of EGR in Diesel Engines,” IEEE TCST, vol. 3, No. 1, 12 pages, Mar. 1995.
Andersson et al., “A Predictive Real Time NOx Model for Conventional and Partially Premixed Diesel Combustion,” SAE International 2006-01-3329, 10 pages, 2006.
Andersson et al., “A Real Time NOx Model for Conventional and Partially Premixed Diesel Combustion,” SAE Technical Paper Series 2006-01-0195, 2006 SAE World Congress, 13 pages, Apr. 3-6, 2006.
Arregle et al., “On Board NOx Prediction in Diesel Engines: A Physical Approach,” Automotive Model Predictive Control, Models Methods and Applications, Chapter 2, 14 pages, 2010.
Asprion, “Optimal Control of Diesel Engines,” PHD Thesis, Diss ETH No. 21593, 436 pages, 2013.
Assanis et al., “A Predictive Ignition Delay Correlation Under Steady-State and Transient Operation of a Direct Injection Diesel Engine,” ASME, Journal of Engineering for Gas Turbines and Power, vol. 125, pp. 450-457, Apr. 2003.
Axehill et al., “A Dual Gradiant Projection Quadratic Programming Algorithm Tailored for Model Predictive Control,” Proceedings of the 47th IEEE Conference on Decision and Control, Cancun Mexico, pp. 3057-3064, Dec. 9-11, 2008.
Axehill et al., “A Dual Gradient Projection Quadratic Programming Algorithm Tailored for Mixed Integer Predictive Control,” Technical Report from Linkopings Universitet, Report No. Li-Th-ISY-R-2833, 58 pages, Jan. 31, 2008.
Baffi et al., “Non-Linear Model Based Predictive Control Through Dynamic Non-Linear Partial Least Squares,” Trans IChemE, vol. 80, Part A, pp. 75-86, Jan. 2002.
Bako et al., “A Recursive Identification Algorithm for Switched Linear/Affine Models,” Nonlinear Analysis: Hybrid Systems, vol. 5, pp. 242-253, 2011.
Barba et al., “A Phenomenological Combustion Model for Heat Release Rate Prediction in High-Speed DI Diesel Engines with Common Rail Injection,” SAE Technical Paper Series 2000-01-2933, International Fall Fuels and Lubricants Meeting Exposition, 15 pages, Oct. 16-19, 2000.
Bemporad et al., “Model Predictive Control Toolbox 3, User's Guide,” Matlab Mathworks, 282 pages, 2008.
Bemporad et al., “The Explicit Linear Quadratic Regulator for Constrained Systems,” Automatica, 38, pp. 3-20, 2002.
Bemporad, “Model Predictive Control Based on Linear Programming—The Explicit Solution,” IEEE Transactions on Automatic Control, vol. 47, No. 12, pp. 1974-1984, Dec. 2002.
Bemporad, “Model Predictive Control Design: New Trends and Tools,” Proceedings of the 45th IEEE Conference on Decision & Control, pp. 6678-6683, Dec. 13-15, 2006.
Bemporad, et al., “Explicit Model Predictive Control,” 1 page, prior to Feb. 2, 2005.
Bertsekas, “On the Goldstein-Levitin-Polyak Gradient Projection Method,” IEEE Transactions on Automatic Control, vol. AC-21, No. 2, pp. 174-184, Apr. 1976.
Bertsekas, “Projected Newton Methods for Optimization Problems with Simple Constraints*,” SIAM J. Control and Optimization, vol. 20, No. 2, pp. 221-246, Mar. 1982.
Blanco-Rodriguez, “Modelling and Observation of Exhaust Gas Concentrations for Diesel Engine Control,” Phd Dissertation, 242 pages, Sep. 2013.
Blue Streak Electronics Inc., “Ford Modules,” 1 page, May 12, 2010.
Borrelli et al., “An MPC/Hybrid System Approach to Traction Control,” IEEE Transactions on Control Systems Technology, vol. 14, No. 3, pp. 541-553, May 2006.
Borrelli, “Constrained Optimal Control of Linear and Hybrid Systems,” Lecture Notes in Control and Information Sciences, vol. 290, 2003.
Borrelli, “Discrete Time Constrained Optimal Control,” A Dissertation Submitted to the Swiss Federal Institute of Technology (ETH) Zurich, Diss. ETH No. 14666, 232 pages, Oct. 9, 2002.
Bourn et al., “Advanced Compressor Engine Controls to Enhance Operation, Reliability and Integrity,” Southwest Research Institute, DOE Award No. DE-FC26-03NT41859, SwRI Project No. 03.10198, 60 pages, Mar. 2004.
Catalytica Energy Systems, “Innovative NOx Reduction Solutions for Diesel Engines,” 13 pages, 3rd Quarter, 2003.
Charalampidis et al., “Computationally Efficient Kalman Filtering for a Class of Nonlinear Systems,” IEEE Transactions on Automatic Control, vol. 56, No. 3, pp. 483-491, Mar. 2011.
Chatterjee, et al. “Catalytic Emission Control for Heavy Duty Diesel Engines,” JM, 46 pages, prior to Feb. 2, 2005.
Chew, “Sensor Validation Scheme with Virtual NOx Sensing for Heavy Duty Diesel Engines,” Master's Thesis, 144 pages, 2007.
European Search Report for EP Application No. 11167549.2 dated Nov. 27, 2012.
European Search Report for EP Application No. 12191156.4-1603 dated Feb. 9, 2015.
European Search Report for EP Application No. EP 10175270.7-2302419 dated Jan. 16, 2013.
European Search Report for EP Application No. EP 15152957.5-1807 dated Feb. 10, 2015.
Extended European Search Report for EP Application No. 15155295.7-1606, dated Aug. 4, 2015.
Extended European Search Report for EP Application No. 15179435.1, dated Apr. 1, 2016.
De Oliveira, “Constraint Handling and Stability Properties of Model Predictive Control,” Carnegie Institute of Technology, Department of Chemical Engineering, Paper 197, 64 pages, Jan. 1, 1993.
De Schutter et al., “Model Predictive Control for Max-Min-Plus-Scaling Systems,” Proceedings of the 2001 American Control Conference, Arlington, VA, pp. 319-324, Jun. 2001.
Delphi, Delphi Diesel NOx Trap (DNT), 3 pages, Feb. 2004.
Diehl et al., “Efficient Numerical Methods for Nonlinear MPC and Moving Horizon Estimation,” Int. Workshop on Assessment and Future Directions of NMPC, 24 pages, Pavia, Italy, Sep. 5-9, 2008.
Maciejowski, “Predictive Control with Constraints,” Prentice Hall, Pearson Education Limited, 4 pages, 2002.
Manchur et al., “Time Resolution Effects on Accuracy of Real-Time NOx Emissions Measurements,” SAE Technical Paper Series 2005-01-0674, 2005 SAE World Congress, 19 pages, Apr. 11-14, 2005.
Mariethoz et al., “Sensorless Explicit Model Predictive Control of the DC-DC Buck Converter with Inductor Current Limitation,” IEEE Applied Power Electronics Conference and Exposition, pp. 1710-1715, 2008.
Marjanovic, “Towards a Simplified Infinite Horizon Model Predictive Controller,” 6 pages, Proceedings of the 5th Asian Control Conference, 6 pages, Jul. 20-23, 2004.
Mehta, “The Application of Model Predictive Control to Active Automotive Suspensions,” 56 pages, May 17, 1996.
Mohammadpour et al., “A Survey on Diagnostics Methods for Automotive Engines,” 2011 American Control Conference, pp. 985-990, Jun. 29-Jul. 1, 2011.
Moore, “Living with Cooled-EGR Engines,” Prevention Illustrated, 3 pages, Oct. 3, 2004.
Moos, “Catalysts as Sensors —A Promising Novel Approach in Automotive Exhaust Gas Aftertreatment,” http://www.mdpi.com/1424-8220/10/7/6773htm, 10 pages, Jul. 13, 2010.
Murayama et al., “Speed Control of Vehicles with Variable Valve Lift Engine by Nonlinear MPC,” ICROS-SICE International Joint Conference, pp. 4128-4133, 2009.
National Renewable Energy Laboratory (NREL), “Diesel Emissions Control—Sulfur Effects Project (DECSE) Summary of Reports,” U.S. Department of Energy, 19 pages, Feb. 2002.
Olsen, “Analysis and Simulation of the Rate of Heat Release (ROHR) in Diesel Engines,” MSc-Assignment, 105 pages, Jun. 2013.
Ortner et al., “MPC for a Diesel Engine Air Path Using an Explicit Approach for Constraint Systems,” Proceedings of the 2006 IEEE Conference on Control Applications, Munich Germany, pp. 2760-2765, Oct. 4-6, 2006.
Ortner et al., “Predictive Control of a Diesel Engine Air Path,” IEEE Transactions on Control Systems Technology, vol. 15, No. 3, pp. 449-456, May 2007.
Pannocchia et al., “Combined Design of Disturbance Model and Observer for Offset-Free Model Predictive Control,” IEEE Transactions on Automatic Control, vol. 52, No. 6, 6 pages, 2007.
Patrinos et al., “A Global Piecewise Smooth Newton Method for Fast Large-Scale Model Predictive Control,” Tech Report TR2010-02, National Technical University of Athens, 23 pages, 2010.
Payri et al., “Diesel NOx Modeling with a Reduction Mechanism for the Initial NOx Coming from EGR or Re-Entrained Burned Gases,” 2008 World Congress, SAE Technical Paper Series 2008-01-1188, 13 pages, Apr. 14-17, 2008.
Payri et al., “Methodology for Design and Calibration of a Drift Compensation Method for Fuel-to-Air Ratio,” SAE International 2012-01-0717, 13 pages, Apr. 16, 2012.
Pipho et al.' “NO2 Formation in a Diesel Engine,” SAE Technical Paper Series 910231, International Congress and Exposition, 15 pages, Feb. 25-Mar. 1, 1991.
Qin et al., “A Survey of Industrial Model Predictive Control Technology,” Control Engineering Practice, 11, pp. 733-764, 2003.
Querel et al., “Control of an SCR System Using a Virtual NOx Sensor,” 7th IFAC Symposium on Advances in Automotive Control, The International Federation of Automotive Control, pp. 9-14, Sep. 4-7, 2013.
Rajamani, “Data-based Techniques to Improve State Estimation in Model Predictive Control,” Ph.D. Dissertation, 257 pages, 2007.
Rawlings, “Tutorial Overview of Model Predictive Control,” IEEE Control Systems Magazine, pp. 38-52, Jun. 2000.
Ricardo Software, “Powertrain Design at Your Fingertips,” retrieved from http://www.ricardo.com/PageFiles/864/WaveFlyerA4_4PP.pdf, 2 pages, downloaded Jul. 27, 2015.
Salvat, et al., “Passenger Car Serial Application of a Particulate Filter System on a Common Rail Direct Injection Engine,” SAE Paper No. 2000-01-0473, 14 pages, Feb. 2000.
Santin et al., “Combined Gradient/Newton Projection Semi-Explicit QP Solver for Problems with Bound Constraints,” 2 pages, prior to Jan. 29, 2016.
Schauffele et al., “Automotive Software Engineering Principles, Processes, Methods, and Tools,” SAE International, 10 pages, 2005.
Schilling et al., “A Real-Time Model for the Prediction of the NOx Emissions in DI Diesel Engines,” Proceedings of the 2006 IEEE International Conference on Control Applications, pp. 2042-2047, Oct. 4-7, 2006.
Schilling, “Model-Based Detection and Isolation of Faults in the Air and Fuel Paths of Common-Rail DI Diesel Engines Equipped with a Lambda and a Nitrogen Oxides Sensor,” Doctor of Sciences Dissertation, 210 pages, 2008.
Shahzad et al., “Preconditioners for Inexact Interior Point Methods for Predictive Control,” 2010 American Control Conference, pp. 5714-5719, Jun. 30-Jul. 2010.
Shamma, et al. “Approximate Set-Valued Observers for Nonlinear Systems,” IEEE Transactions on Automatic Control, vol. 42, No. 5, May 1997.
Signer et al., “European Programme on Emissions, Fuels and Engine Technologies (EPEFE)—Heavy Duty Diesel Study,” International Spring Fuels and Lubricants Meeting, SAE 961074, May 6-8, 1996.
Soltis, “Current Status of NOx Sensor Development,” Workshop on Sensor Needs and Requirements for PEM Fuel Cell Systems and Direct-Injection Engines, 9 pages, Jan. 25-26, 2000.
Stefanopoulou, et al., “Control of Variable Geometry Turbocharged Diesel Engines for Reduced Emissions,” IEEE Transactions on Control Systems Technology, vol. 8, No. 4, pp. 733-745, Jul. 2000.
Stewart et al., “A Model Predictive Control Framework for Industrial Turbodiesel Engine Control,” Proceedings of the 47th IEEE Conference on Decision and Control, 8 pages, 2008.
Stewart et al., “A Modular Model Predictive Controller for Turbodiesel Problems,” First Workshop on Automotive Model Predictive Control, Schloss Muhldorf, Feldkirchen, Johannes Kepler University, Linz, 3 pages, 2009.
Storset et al., “Air Charge Estimation for Turbocharged Diesel Engines,” vol. 1 Proceedings of the American Control Conference, 8 pages, Jun. 28-30, 2000.
Stradling et al., “The Influene of Fuel Properties and Injection Timing on the Exhaust Emissions and Fuel Consumption of an Iveco Heavy-Duty Diesel Engine,” International Spring Fuels and Lubricants Meeting, SAE 971635, May 5-8, 1997.
Takacs et al., “Newton-Raphson Based Efficient Model Predictive Control Applied on Active Vibrating Structures,” Proceeding of the European Control Conference 2009, Budapest, Hungary, pp. 2845-2850, Aug. 23-26, 2009.
The MathWorks, “Model-Based Calibration Toolbox 2.1 Calibrate complex powertrain systems,” 4 pages, prior to Feb. 2, 2005.
The MathWorks, “Model-Based Calibration Toolbox 2.1.2,” 2 pages, prior to Feb. 2, 2005.
Theiss, “Advanced Reciprocating Engine System (ARES) Activities at the Oak Ridge National Lab (ORNL), Oak Ridge National Laboratory,” U.S. Department of Energy, 13 pages, Apr. 14, 2004.
Tondel et al., “An Algorithm for Multi-Parametric Quadratic Programming and Explicit MPC Solutions,” Automatica, 39, pp. 489-497, 2003.
Traver et al., “A Neural Network-Based Virtual NOx Sensor for Diesel Engines,” 7 pages, prior to Jan. 29, 2016.
Tschanz et al., “Cascaded Multivariable Control of the Combustion in Diesel Engines,” The International Federation of Automatic Control (IFAC), 2012 Workshop on Engine and Powertrain Control, Simulation and Modeling, pp. 25-32, Oct. 23-25, 2012.
Tschanz et al., “Control of Diesel Engines Using NOx-Emission Feedback,” International Journal of Engine Research, vol. 14, No. 1, pp. 45-56, 2013.
Tschanz et al., “Feedback Control of Particulate Matter and Nitrogen Oxide Emissions in Diesel Engines,” Control Engineering Practice, vol. 21, pp. 1809-1820, 2013.
Turner, “Automotive Sensors, Sensor Technology Series,” Momentum Press, Unable to Obtain the Entire Book, a Copy of the Front and Back Covers and Table of Contents are Provided, 2009.
Van Basshuysen et al., “Lexikon Motorentechnik,” (Dictionary of Automotive Technology) published by Vieweg Verlag, Wiesbaden 039936, p. 518, 2004. (English Translation).
Van Den Boom et al., “MPC for Max-Plus-Linear Systems: Closed-Loop Behavior and Tuning,” Proceedings of the 2001 American Control Conference, Arlington, Va, pp. 325-330, Jun. 2001.
Van Heiden et al., “Optimization of Urea SCR deNOx Systems for HD Diesel Engines,” SAE International 2004-01-0154, 13 pages, 2004.
Van Keulen et al., “Predictive Cruise Control in Hybrid Electric Vehicles,” World Electric Vehicle Journal vol. 3, ISSN 2032-6653, pp. 1-11, 2009.
VDO, “UniNOx-Sensor Specification,” Continental Trading GmbH, 2 pages, Aug. 2007.
Vereschaga et al., “Piecewise Affine Modeling of NOx Emission Produced by a Diesel Engine,” 2013 European Control Conference (ECC), pp. 2000-2005, Jul. 17-19, 2013.
Wahlstrom et al., “Modelling Diesel Engines with a Variable-Geometry Turbocharger and Exhaust Gas Recirculation by Optimization of Model Parameters for Capturing Non-Linear System Dynamics,” (Original Publication) Proceedings of the Institution of Mechanical Engineers, Part D, Journal of Automobile Engineering, vol. 225, No. 7, 28 pages, 2011.
Wang et al., “Fast Model Predictive Control Using Online Optimization,” Proceedings of the 17th World Congress, the International Federation of Automatic Control, Seoul, Korea, pp. 6974-6979, Jul. 6-11, 2008.
Wang et al., “PSO-Based Model Predictive Control for Nonlinear Processes,” Advances in Natural Computation, Lecture Notes in Computer Science, vol. 3611/2005, 8 pages, 2005.
Wang et al., “Sensing Exhaust NO2 Emissions Using the Mixed Potential Principal,” SAE 2014-01-1487, 7 pages, Apr. 1, 2014.
Wilhelmsson et al., “A Fast Physical NOx Model Implemented on an Embedded System,” Proceedings of the IFAC Workshop on Engine and Powertrain Control, Simulation and Modeling, pp. 207-215, Nov. 30-Dec. 2, 2009.
Wilhemsson et al., “A Physical Two-Zone NOx Model Intended for Embedded Implementation,” SAE 2009-01-1509, 11 pages, 2009.
Winkler et al., “Incorporating Physical Knowledge About the Formation of Nitric Oxides into Evolutionary System Identification,” Proceedings of the 20th European Modeling and Simulation Symposium (EMSS), 6 pages, 2008.
Winkler et al., “On-Line Modeling Based On Genetic Programming,” 12 pages, International Journal on Intelligent Systems Technologies and Applications 2, 2007.
Winkler et al., “Using Genetic Programming in Nonlinear Model Identification,” 99 pages, prior to Jan. 29, 2016.
Winkler et al., “Virtual Sensors for Emissions of a Diesel Engine Produced by Evolutionary System Identification,” LNCS, vol. 5717, 8 pages, 2009.
Wong, “CARB Heavy-Duty OBD Update,” California Air Resources Board, SAE OBD TOPTEC, Downloaded from http://www.arb.ca.gov/msprog/obdprog/hdobdreg.htm, 72 pages, Sep. 15, 2005.
Wright, “Applying New Optimization Algorithms to Model Predictive Control,” 5th International Conference on Chemical Process Control, 10 pages, 1997.
Yao et al., “The Use of Tunnel Concentration Profile Data to Determine the Ratio of NO2/NOx Directly Emitted from Vehicles,” HAL Archives, 19 pages, 2005.
Zaman, “Lincoln Motor Company: Case study 2015 Lincoln MKC,” Automotive Electronic Design Fundamentals, Chapter 6, 2015.
Zavala et al., “The Advance-Step NMPC Controller: Optimality, Stability, and Robustness,” Automatica, vol. 45, pp. 86-93, 2009.
Zeilinger et al., “Real-Time MPC—Stability Through Robust MPC Design,” Joint 48th IEEE Conference on Decision and Control and 28th Chinese Control Conference, Shanghai, P.R. China, pp. 3980-3986, Dec. 16-18, 2009.
Zeldovich, “The Oxidation of Nitrogen in Combustion and Explosions,” ACTA Physiochimica U.R.S.S., vol. XX1, No. 4, 53 pages, 1946.
Zelenka, et al., “An Active Regeneration as a Key Element for Safe Particulate Trap Use,” SAE Paper No. 2001-0103199, 13 pages, Feb. 2001.
Zhu, “Constrained Nonlinear Model Predictive Control for Vehicle Regulation,” Dissertation, Graduate School of the Ohio State University, 125 pages, 2008.
Zhuiykov et al., “Development of Zirconia-Based Potentiometric NOx Sensors for Automotive and Energy Industries in the Early 21st Century: What Are the Prospects for Sensors?”, Sensors and Actuators B, vol. 121, pp. 639-651, 2007.
Desantes et al., “Development of NOx Fast Estimate Using NOx Sensor,” EAEC 2011 Congress, 2011. Unable to Obtain a Copy of This Reference.
Andersson et al., “Fast Physical NOx Prediction in Diesel Engines, The Diesel Engine: The Low CO2 and Emissions Reduction Challenge,” Conference Proceedings, Lyon, 2006. Unable to Obtain a Copy of This Reference.
Winkler, “Evolutionary System Identification—Modern Approaches and Practical Applications,” Kepler Universitat Linz, Reihe C: Technik and Naturwissenschaften, Universitatsverlag Rudolf Trauner, 2009. Unable to Obtain a Copy of This Reference.
Smith, “Demonstration of a Fast Response On-Board NOx Sensor for Heavy-Duty Diesel Vehicles,” Technical report, Southwest Research Institute Engine and Vehicle Research Division SwRI Project No. 03-02256 Contract No. 98-302, 2000. Unable to Obtain a Copy of This Reference.

Related Publications (1)

	Number	Date	Country
	20190116045 A1	Apr 2019	US

Authentication system for electronic control unit on a bus

Information

Patent Number

Date Filed

Date Issued

Inventors

Original Assignees

Examiners

Agents

CPC

Field of Search

CPC

International Classifications