Patent Application
20250117806
Vehicles or transports, such as cars, motorcycles, trucks, planes, trains, etc., generally provide transportation needs to occupants and/or goods in a variety of ways. Functions related to vehicles may be identified and utilized by various computing devices, such as a smartphone or a computer located on and/or off the vehicle.
One example embodiment provides a method that includes one or more of detecting a request for a software application from a vehicle computer, wherein the software application includes source code comprising one or more embedded placeholders that are mapped to one or more secrets stored in a data store of a vehicle; identifying the one or more secrets stored in the data store that are associated with the one or more embedded placeholders; replacing the one or more embedded placeholders with the one or more secrets identified from the data store into the source code of the software application; and executing the source code of the software application to cause the vehicle to perform an action.
Another example embodiment provides a system that includes a memory communicably coupled to a processor, wherein the processor performs one or more of detects a request for a software application from a vehicle computer, wherein the software application includes source code that comprises one or more embedded placeholders that are mapped to one or more secrets stored in a data store of a vehicle; identifies the one or more secrets stored in the data store that are associated with the one or more embedded placeholders; replaces the one or more embedded placeholders with the one or more secrets identified from the data store into the source code of the software application; and executes the source code of the software application to cause the vehicle to perform an action.
A further example embodiment provides a computer readable storage medium comprising instructions, that when read by a processor, cause the processor to perform one or more of detecting a request for a software application from a vehicle computer, wherein the software application includes source code comprising one or more embedded placeholders that are mapped to one or more secrets stored in a data store of a vehicle; identifying the one or more secrets stored in the data store that are associated with the one or more embedded placeholders; replacing the one or more embedded placeholders with the one or more secrets identified from the data store into the source code of the software application; and executing the source code of the software application to cause the vehicle to perform an action.
It will be readily understood that the instant components, as generally described and illustrated in the figures herein, may be arranged and designed in a wide variety of different configurations. Thus, the following detailed description of the embodiments of at least one of a method, apparatus, computer readable storage medium and system, as represented in the attached figures, is not intended to limit the scope of the application as claimed but is merely representative of selected embodiments. Multiple embodiments depicted herein are not intended to limit the scope of the solution. The computer-readable storage medium may be a non-transitory computer readable media or a non-transitory computer readable storage medium. Although described in a particular manner, by example only, or more feature(s), element(s), and step(s) described herein be utilized together, and in various combinations, without exclusively, unless expressly indicated otherwise herein.
Communications between the vehicle(s) and certain entities, such as remote servers, other vehicles and local computing devices (e.g., smartphones, personal computers, vehicle-embedded computers, etc.) may be sent and/or received and processed by one or more ‘components’ which may be hardware, firmware, software or a combination thereof. The components may be part of any of these entities or computing devices or certain other computing devices. In one example, consensus decisions related to blockchain transactions may be performed by one or more computing devices or components (which may be any element described and/or depicted herein) associated with the vehicle(s) and one or more of the components outside or at a remote location from the vehicle(s).
The instant features, structures, or characteristics described in this specification may be combined in any suitable manner in one or more embodiments. For example, the usage of the phrases “example embodiments,” “some embodiments,” or other similar language, throughout this specification refers to the fact that a particular feature, structure, or characteristic described in connection with the embodiment may be included in at least one example. Thus, appearances of the phrases “example embodiments”, “in some embodiments”, “in other embodiments,” or other similar language, throughout this specification can all refer to the same embodiment. Thus, these embodiments may work in conjunction with any of the other embodiments, may not be functionally separate, and the described features, structures, or characteristics may be combined in any suitable manner in one or more embodiments. In the diagrams, any connection between elements can permit one-way and/or two-way communication, even if the depicted connection is a one-way or two-way arrow. In the current solution, a vehicle may include one or more of cars, trucks, Internal Combustion Engine (ICE) vehicles, battery electric vehicle (BEV), e-Palettes, fuel cell bus, motorcycles, scooters, bicycles, boats, recreational vehicles, planes, drones, Unmanned Aerial Vehicle (UAV) and any object that may be used to transport people and or goods from one location to another. In the diagrams, any connection between elements can permit one-way and/or two-way communication, even if the depicted connection is a one-way or two-way arrow. In the current solution, a vehicle may include one or more of cars, trucks, walking area battery electric vehicle (BEV), e-Palette, fuel cell bus, motorcycles, scooters, bicycles, boats, recreational vehicles, planes, and any object that may be used to transport people and or goods from one location to another.
In addition, while the term “message” may have been used in the description of embodiments, other types of network data, such as, a packet, frame, datagram, etc. may also be used. Furthermore, while certain types of messages and signaling may be depicted in exemplary embodiments they are not limited to a certain type of message and signaling.
Example embodiments provide methods, systems, components, non-transitory computer readable media, devices, and/or networks, which provide at least one of a transport (also referred to as a vehicle or car herein), a data collection system, a data monitoring system, a verification system, an authorization system, and a vehicle data distribution system. The vehicle status condition data received in the form of communication messages, such as wireless data network communications and/or wired communication messages, may be processed to identify vehicle status conditions and provide feedback on the condition and/or changes of a vehicle. In one example, a user profile may be applied to a particular vehicle to authorize a current vehicle event, service stops at service stations, to authorize subsequent vehicle rental services, and enable vehicle-to-vehicle communications.
Within the communication infrastructure, a decentralized database is a distributed storage system which includes multiple nodes that communicate with each other. A blockchain is an example of a decentralized database, which includes an append-only immutable data structure (i.e., a distributed ledger) capable of maintaining records between untrusted parties. The untrusted parties are referred to herein as peers, nodes, or peer nodes. Each peer maintains a copy of the database records, and no single peer can modify the database records without a consensus being reached among the distributed peers. For example, the peers may execute a consensus protocol to validate blockchain storage entries, group the storage entries into blocks, and build a hash chain via the blocks. This process forms the ledger by ordering the storage entries, as is necessary, for consistency. In public or permissionless blockchains, anyone can participate without a specific identity. Public blockchains can involve crypto-currencies and use consensus-based on various protocols such as proof of work (PoW). Conversely, a permissioned blockchain database can secure interactions among a group of entities, which share a common goal, but which do not or cannot fully trust one another, such as businesses that exchange funds, goods, information, and the like. The instant solution can function in a permissioned and/or a permissionless blockchain setting.
Smart contracts are trusted distributed applications which leverage tamper-proof properties of the shared or distributed ledger (which may be in the form of a blockchain) and an underlying agreement between member nodes, which is referred to as an endorsement or endorsement policy. In general, blockchain entries are “endorsed” before being committed to the blockchain while entries, which are not endorsed are disregarded. A typical endorsement policy allows smart contract executable code to specify endorsers for an entry in the form of a set of peer nodes that are necessary for endorsement. When a client sends the entry to the peers specified in the endorsement policy, the entry is executed to validate the entry. After validation, the entries enter an ordering phase in which a consensus protocol produces an ordered sequence of endorsed entries grouped into blocks.
Nodes are the communication entities of the blockchain system. A “node” may perform a logical function in the sense that multiple nodes of different types can run on the same physical server. Nodes are grouped in trust domains and are associated with logical entities that control them in various ways. Nodes may include different types, such as a client or submitting-client node, which submits an entry-invocation to an endorser (e.g., peer), and broadcasts entry proposals to an ordering service (e.g., ordering node). Another type of node is a peer node, which can receive client submitted entries, commit the entries and maintain a state and a copy of the ledger of blockchain entries. Peers can also have the role of an endorser. An ordering-service-node or orderer is a node running the communication service for all nodes and which implements a delivery guarantee, such as a broadcast to each of the peer nodes in the system when committing entries and modifying a world state of the blockchain. The world state can constitute the initial blockchain entry, which normally includes control and setup information.
A ledger is a sequenced, tamper-resistant record of all state transitions of a blockchain. State transitions may result from smart contract executable code invocations (i.e., entries) submitted by participating parties (e.g., client nodes, ordering nodes, endorser nodes, peer nodes, etc.). An entry may result in a set of asset key-value pairs being committed to the ledger as one or more operands, such as creates, updates, deletes, and the like. The ledger includes a blockchain (also referred to as a chain), which stores an immutable, sequenced record in blocks. The ledger also includes a state database, which maintains a current state of the blockchain. There is typically one ledger per channel. Each peer node maintains a copy of the ledger for each channel of which they are a member.
A chain is an entry log structured as hash-linked blocks, and each block contains a sequence of N entries where N is equal to or greater than one. The block header includes a hash of the blocks' entries, as well as a hash of the prior block's header. In this way, all entries on the ledger may be sequenced and cryptographically linked together. Accordingly, it is not possible to tamper with the ledger data without breaking the hash links. A hash of a most recently added blockchain block represents every entry on the chain that has come before it, making it possible to ensure that all peer nodes are in a consistent and trusted state. The chain may be stored on a peer node file system (i.e., local, attached storage, cloud, etc.), efficiently supporting the append-only nature of the blockchain workload.
The current state of the immutable ledger represents the latest values for all keys that are included in the chain entry log. Since the current state represents the latest key values known to a channel, it is sometimes referred to as a world state. Smart contract executable code invocations execute entries against the current state data of the ledger. To make these smart contract executable code interactions efficient, the latest values of the keys may be stored in a state database. The state database may be simply an indexed view into the chain's entry log and can therefore be regenerated from the chain at any time. The state database may automatically be recovered (or generated if needed) upon peer node startup and before entries are accepted.
A blockchain is different from a traditional database in that the blockchain is not a central storage but rather a decentralized, immutable, and secure storage, where nodes must share in changes to records in the storage. Some properties that are inherent in blockchain and which help implement the blockchain include, but are not limited to, an immutable ledger, smart contracts, security, privacy, decentralization, consensus, endorsement, accessibility, and the like.
Example embodiments provide a service to a particular vehicle and/or a user profile that is applied to the vehicle. For example, a user may be the owner of a vehicle or the operator of a vehicle owned by another party. The vehicle may require service at certain intervals, and the service needs may require authorization before permitting the services to be received. Also, service centers may offer services to vehicles in a nearby area based on the vehicle's current route plan and a relative level of service requirements (e.g., immediate, severe, intermediate, minor, etc.). The vehicle needs may be monitored via one or more vehicle and/or road sensors or cameras, which report sensed data to a central controller computer device in and/or apart from the vehicle. This data is forwarded to a management server for review and action. A sensor may be located on one or more of the interior of the vehicle, the exterior of the vehicle, on a fixed object apart from the vehicle, and on another vehicle proximate the vehicle. The sensor may also be associated with the vehicle's speed, the vehicle's braking, the vehicle's acceleration, fuel levels, service needs, the gear-shifting of the vehicle, the vehicle's steering, and the like. A sensor, as described herein, may also be a device, such as a wireless device in and/or proximate to the vehicle. Also, sensor information may be used to identify whether the vehicle is operating safely and whether an occupant has engaged in any unexpected vehicle conditions, such as during a vehicle access and/or utilization period. Vehicle information collected before, during and/or after a vehicle's operation may be identified and stored in a transaction on a shared/distributed ledger, which may be generated and committed to the immutable ledger as determined by a permission-granting consortium, and thus in a “decentralized” manner, such as via a blockchain membership group.
Each interested party (i.e., owner, user, company, agency, etc.) may want to limit the exposure of private information, and therefore the blockchain and its immutability can be used to manage permissions for each particular user vehicle profile. A smart contract may be used to provide compensation, quantify a user profile score/rating/review, apply vehicle event permissions, determine when service is needed, identify a collision and/or degradation event, identify a safety concern event, identify parties to the event and provide distribution to registered entities seeking access to such vehicle event data. Also, the results may be identified, and the necessary information can be shared among the registered companies and/or individuals based on a consensus approach associated with the blockchain. Such an approach could not be implemented on a traditional centralized database.
Various driving systems of the instant solution can utilize software, an array of sensors as well as machine learning functionality, light detection and ranging (Lidar) projectors, radar, ultrasonic sensors, etc. to create a map of terrain and road that a vehicle can use for navigation and other purposes. In some embodiments, GPS, maps, cameras, sensors and the like can also be used in autonomous vehicles in place of Lidar.
The instant solution includes, in certain embodiments, authorizing a vehicle for service via an automated and quick authentication scheme. For example, driving up to a charging station or fuel pump may be performed by a vehicle operator or an autonomous vehicle and the authorization to receive charge or fuel may be performed without any delays provided the authorization is received by the service and/or charging station. A vehicle may provide a communication signal that provides an identification of a vehicle that has a currently active profile linked to an account that is authorized to accept a service, which can be later rectified by compensation. Additional measures may be used to provide further authentication, such as another identifier may be sent from the user's device wirelessly to the service center to replace or supplement the first authorization effort between the vehicle and the service center with an additional authorization effort.
Data shared and received may be stored in a database, which maintains data in one single database (e.g., database server) and generally at one particular location. This location is often a central computer, for example, a desktop central processing unit (CPU), a server CPU, or a mainframe computer. Information stored on a centralized database is typically accessible from multiple different points. A centralized database is easy to manage, maintain, and control, especially for purposes of security because of its single location. Within a centralized database, data redundancy is minimized as a single storing place of all data also implies that a given set of data only has one primary record. A blockchain may be used for storing vehicle-related data and transactions.
Any of the actions described herein may be performed by one or more processors (such as a microprocessor, a sensor, an Electronic Control Unit (ECU), a head unit, and the like), with or without memory, which may be located on-board the vehicle and/or or off-board the vehicle (such as a server, computer, mobile/wireless device, etc.). The one or more processors may communicate with other memory and/or other processors on-board or off-board other vehicles to utilize data being sent by and/or to the vehicle. The one or more processors and the other processors can send data, receive data, and utilize this data to perform one or more of the actions described or depicted herein.
In some embodiments, the server 103 detects a request for a software application 135 from the processor 111 over a network 104. The software application 135, stored in the memory 105, includes source code 137 comprising one or more embedded placeholders 139 that are mapped to one or more secrets 131 stored in the data store 110 of the vehicle 102. For example, the one or more secrets 131 may contain proprietary or sensitive information that could be leaked if an unauthorized entity gains access to the source code 137. The embedded placeholders 139 may represent dummy values that take the place of the one or more secrets 131 in the source code 137. Accordingly, the one or more secrets 131 can be eliminated from the source code 137, and also kept out of source control management.
When a computer program is compiled with the one or more secrets 131 present, these secrets will remain in the program indefinitely and may be uncovered by malicious actors, eavesdroppers, and/or hackers. When the one or more secrets 131 are present in plain text, an attacker can simply dump a hard drive to view the one or more secrets 131. However, when the one or more embedded placeholders 139 are used to replace the one or more secrets 131, the attacker is prevented from accessing and viewing the one or more secrets.
An example of C-language pseudocode using embedded placeholders 139 and one or more secrets 131 is as follows:
In this example, aiDdzCOidNSdnaWdo==” constitutes embedded placeholders 139, and @SS_24@ constitutes a pointer to the one or more secrets 131 stored in data store 110.
In some embodiments, the processor 111 uses a mapping database 133 to identify the one or more secrets 131 stored in the data store 110 that are associated with the one or more embedded placeholders 139. The processor 111 replaces the one or more embedded placeholders 139 with the one or more secrets 131 identified from the data store 110 into the source code 137 of the software application 135. The processor 111 executes the source code 137 of the software application 135 to cause the vehicle 102 to perform an action. For example, the action may be associated with a global positioning system (GPS) 112 of the vehicle 102, a braking system 114 of the vehicle 102, a set of headlights 116 for the vehicle 102, a power steering system 118 of the vehicle 102, a throttle control 120 of the vehicle 120, or an ignition switch 122 of the vehicle 102. In some embodiments, the action may encompass inputting destination information into the GPS 112, controlling the braking system 114, controlling the power steering system 118, adjusting the throttle control 120, controlling the headlights 116, or starting the vehicle 102 using the ignition switch 122.
In some embodiments, the one or more secrets 131 are associated with a critical vehicle function that is integral to operating the vehicle 102. For example, the critical vehicle function may comprise steering the vehicle 102 by controlling the power steering system 118, braking the vehicle 102 by controlling the braking system 114, controlling the acceleration of the vehicle 102 by controlling the throttle control 120, or deactivating the vehicle 102 by controlling the ignition switch 122. Deploying the one or more secrets 131 may prevent hackers and malicious actors from accessing any of these critical vehicle functions. Any source code 137 accessed by the hacker or the malicious actor will include embedded placeholders 139 in place of the one or more secrets 131, thus thwarting efforts by hackers and malicious actors to take control of the vehicle 102.
In some embodiments, the one or more secrets 131 may comprise financial, banking, or personally-identifiable information about one or more occupants of the vehicle 102, such as an operator 106 of the vehicle 102. For example, the information about one or more occupants may comprise information that identifies a bank account of the operator 106, a bank balance of the operator 106, a name of the operator 106, an address of the operator 106, a credit card number for the operator 106, a personal identification (PIN) number associated with a bank card of the operator 106, a social security number of the operator 106, a birth date for the operator 106, and/or a driver's license number of the operator 106.
In some embodiments, the one or more secrets 131 may be associated with a geographic location of the vehicle 102. For example, the geographic location of the vehicle 102 could be provided by a global positioning system (GPS) 112 device in the vehicle 102 and then uploaded over the network 104 to the server 103. However, when one or more secrets 131 are associated with the geographic location, the privacy of the operator 106 is protected, as eavesdroppers, hackers, and malicious actors are prevented from readily uncovering the geographic location of the vehicle 102.
In some embodiments, the one or more secrets 131 identify a device associated with an occupant of the vehicle. For example, the operator 106 may be associated with a mobile device 107, such as a smartphone, tablet, or computer device. The vehicle 102 may obtain information about the mobile device 107 when the mobile device 107 communicates with a multimedia system 108 in the vehicle 102. Associating the one or more secrets 131 with information identifying the mobile device 107 prevents eavesdroppers, malicious actors, and hackers from readily discovering a telephone number, an email address, and/or other personal information associated with the operator 106.
In some embodiments, the replacing of the one or more embedded placeholders 139 with the one or more secrets 131 is performed in response to an initiation of a financial transaction at the vehicle 102. For example, the vehicle 102 may drive through an automated toll plaza along a highway. In response to a transponder at the toll plaza establishing data communications with a transponder aboard the vehicle 102, the toll plaza transponder may initiate a financial transaction to debit an account of the operator 106 of the vehicle 102. This account can be a bank account, or an account that is associated with a toll authority.
In some embodiments, the one or more secrets 131 comprise one or more symmetric key pairs. Symmetric key cryptography utilizes a shared key between two parties. Symmetric key encryption may employ stream ciphers or block ciphers. Stream ciphers encrypt digits (typically bytes), or letters (in substitution ciphers) of a message, one byte or digit at a time. Block ciphers encrypt a number of bits as a single unit, adding plaintext as necessary so that the cipher includes a number of bits that is a multiple of a desired block size. For example, blocks of 8, 16, 32, 64, 128, 256, or 512 bits can be used. An encryption algorithm called Advanced Encryption Standard (AES), approved by NIST in December 2001, can use a Galois/Counter Mode (GCM) block cipher mode of operation, with 128-bit blocks. Symmetric key cryptography can be referred to as secret-key, single-key, shared-key, one-key, or private-key encryption.
An embedded system may include a combination of a computer processor, a computer memory for storing the library, and one or more input/output peripheral devices. The embedded system may have a dedicated function within a larger mechanical or electronic system. The system can be embedded as part of a complete device, often including electrical or electronic hardware and mechanical parts. An embedded system may control one or more physical operations of a machine that it is embedded within. Embedded systems can be based on microcontrollers (i.e. microprocessors with integrated memory and peripheral interfaces), or microprocessors may be employed with external chips for memory and peripheral interface circuits). In either case, the processor(s) used may be types ranging from general purpose to those specialized in a certain class of computations or even custom-designed for the application at hand. One common class of dedicated processors is the digital signal processor (DSP). The program instructions written for embedded systems are referred to as firmware and may be stored in read-only memory or flash memory chips. In some examples, the instructions can run with limited computer hardware resources: little memory, a small or non-existent keyboard, and no display screen.
Since the embedded system may be dedicated to performing one or more specific tasks, design engineers can optimize the system to reduce the size and cost of the product and increase its reliability and performance. Some embedded systems are mass-produced, benefiting from economies of scale. Automobiles, electric vehicles, and hybrid vehicles increasingly use embedded systems to maximize efficiency and reduce pollution. Other automotive safety systems using embedded systems include an anti-lock braking system (ABS), electronic stability control (ESC/ESP), traction control (TCS) and automatic four-wheel drive.
In some embodiments, the data store 110 comprises an embedded library, and the replacing of the one or more embedded placeholders 139 with the one or more secrets 131 is performed by placing an execution call to the embedded library. In an embedded system, it may not be possible to reach out to the processor 111 to obtain the one or more secrets 131. Thus, a wrapped version of the one or more secrets 131 may be compiled at engineering time, with the embedded system provided with the functionality to unwrap the one or more secrets at run time.
In some embodiments, the replacing of the one or more embedded placeholders 139 with the one or more secrets 131 is performed by transforming a header file using a template header process that replaces a token with a corresponding value from a variable in a file stored in the data store 110 and having an identical name as the token, wherein the source code 137 is compiled using the transformed header file.
In some embodiments, a JavaScript Object Notation (JSON) file is created, which identifies the one or more secrets 131 that the processor 111 and/or the server 103 need to fetch at build time. The JSON file may also identify which server or processor needs to be contacted to obtain the one or more secrets 131. In a further embodiment, the one or more secrets 131 may be retrieved from a local cache if a server associated with the one or more secrets 131 cannot be reached.
In some embodiments, the one or more secrets 131 are associated with a type of data that was previously compromised in another vehicle 145. For example, a malicious actor may have accessed critical data in a data store 143 of the another vehicle 145, wherein the critical data controls a critical function of the another vehicle, such as braking, steering, or acceleration. It is possible for the malicious actor to use the accessed data to compromise the safety of the another vehicle 145, as well as the vehicle 102. Accordingly, if a certain type of data is compromised in the another vehicle 145, this data can be marked as ‘at risk’ and encapsulated in the one or more secrets 131 so that the safety of the vehicle 102 is not compromised. In a further embodiment, the another vehicle 145 and the vehicle 102 are similar vehicles that may both be vulnerable to a misuse of the compromised data.
In an alternate embodiment, processor 111 of vehicle 102 receives a request to access a software application. The request is not directed to the primary software but rather to an intermediary software layer, often referred to as the “middleware.” This middleware is specially designed to handle the interactions between the main application and the vehicle's data store 110. Upon receiving the request, the middleware communicates with a separate security module integrated into the vehicle's computer. This module may continuously monitor and manage all software application requests. It reviews the source code of the requested software application to detect and identify the embedded placeholders. Once these placeholders are recognized, the security module interfaces with the vehicle's data store 110. Instead of directly fetching the associated secrets, this module sends a query to the data store 110, requesting the required information. This extra layer of separation ensures a heightened level of security, as the middleware itself never gains direct access to the secrets 131. The data store 110 responds by sending the relevant secrets 131 to the security module. After receiving these secrets, the security module performs the task of replacing the placeholders within the software application's source code. Once the placeholders are replaced, the security module then forwards the modified source code back to the middleware. The middleware, with the now complete software application, initiates the execution process. The software application commands the vehicle's onboard system to carry out a specific action, all while ensuring the vehicle's computational integrity and security.
In one embodiment, the primary processor 111 sends a signal or message indicating the request for the software application. This software application contains specialized source code with embedded placeholders. These placeholders are strategically coded markers that are intended to be replaced by specific data, termed “secrets,” before the software application's full execution. The secrets corresponding to these placeholders are securely stored in a dedicated data store 110 within the vehicle's system. Upon the detection of the request, a secondary processor responsible for data retrieval is signaled to identify the associated secrets in the vehicle's data store 110. This processor searches the data store for the secrets mapped to the detected placeholders. Once the relevant secrets are identified, a message is sent back to the primary processor with the required information. The primary processor 111 then undertakes the task of replacing the placeholders embedded within the software application's source code with the identified secrets. This process ensures that the software application is now in its intended and complete form and ready for execution. Processor 111 executes the updated source code, which, in turn, instructs the vehicle to perform a specific action based on the now-replaced secrets in the code. Throughout this entire operation, continuous communication between processors via messages ensures seamless and synchronized processing, allowing the vehicle to interpret and execute the software application as intended.
In some embodiments of the instant solution, the vehicle's 102 onboard system is integrated with an advanced Distributed Ledger Technology (DLT) framework. When the vehicle's computer detects a request for a software application, it initiates a consensus protocol within the DLT network to validate the authenticity and security of the request. Upon validation, the network nodes work collaboratively to identify the embedded placeholders within the software application's source code. The placeholders are linked to secrets stored in a decentralized and tamper-proof data store managed by the DLT. Each secret corresponds to a transactional record within the ledger, ensuring full traceability and immutability. Once the relevant secrets are identified, a smart contract—self-executing scripts residing on the DLT—is triggered. The smart contract automatically facilitates the replacement of the placeholders with the actual secrets in the software application's source code. After the replacement is successfully executed and verified by the DLT consensus mechanism, the software application is permitted to run on the vehicle's computer. It then guides the vehicle to perform the requested action, with the entire process being transparent, secure, and logged on the distributed ledger, ensuring an added layer of security and accountability.
In some embodiments of the instant solution, the one or more secrets 131 may encompass information vital for the proper functioning and safety of the vehicle. These secrets could include key data related to critical vehicle functions such as steering, braking, acceleration, or other essential operations. For example, the control mechanisms for the power steering system, braking system, throttle control, or ignition switch of the vehicle may rely on these secrets. The instant solution is designed to recognize the critical nature of these vehicle functions and to encapsulate the associated secrets within the source code of the software application using embedded placeholders. This encapsulation ensures that these secrets remain protected and concealed from unauthorized access. Consequently, in case of any attempt by malicious actors to gain access to the source code or manipulate it, they would encounter these embedded placeholders instead of the actual secrets, thereby safeguarding the critical vehicle functions from any unauthorized interference. By implementing this method, the instant solution ensures that the security of the vehicle's critical functions is maintained at a high level, minimizing the risk of potential threats or unauthorized control attempts. This is particularly important in the context of vehicle safety and operation, where any compromise of these critical functions could have severe consequences.
In some embodiments of the instant solution, the one or more secrets 131 may encompass a wide range of sensitive information related to the occupants of the vehicle. This information may include but is not limited to, details such as the operator's bank account information, bank balance, name, address, credit card numbers, personal identification (PIN) numbers, social security numbers, birth dates, or driver's license numbers. These pieces of information are considered highly confidential and must be shielded from unauthorized access to prevent potential identity theft, fraud, or privacy breaches. The instant solution is designed to identify these sensitive details and encapsulate them within the source code of the software application using embedded placeholders. By doing so, the instant solution ensures that this personal and financial information is safeguarded against unauthorized access or exposure. In the event of any security breach or attempts by malicious actors to compromise the source code, they would encounter these embedded placeholders instead of the actual sensitive data, maintaining the confidentiality and security of the occupants' personal and financial information. This method ensures that the privacy and security of the vehicle's occupants are upheld, mitigating the risks associated with the potential exposure of personal and financial data.
In some embodiments of the instant solution, to enable the safeguarding of geographic location information associated with vehicle 102, the instant solution recognizes and captures the location data. Subsequently, this location data is encapsulated within the source code of the software application using embedded placeholders. This encapsulation process ensures that the geographic location information remains protected and concealed from unauthorized access. In case of any attempts by malicious actors to gain access to the source code or manipulate it, they would encounter these embedded placeholders instead of the actual location data, thus preserving the privacy and security of the vehicle's geographic information.
In some embodiments of the instant solution, the instant solution recognizes and captures data that identifies a device 107 associated with an occupant 106 of the vehicle 102. Subsequently, this device-related data is encapsulated within the source code of the software application using embedded placeholders. This encapsulation process ensures that the device-related information remains concealed from unauthorized access. In the event of security breaches or attempts by malicious actors to manipulate the source code, they would encounter these embedded placeholders instead of the actual device-related data, thus preserving the privacy and security of the occupant's device information.
In some embodiments of the instant solution, the one or more secrets 131 may encompass data that has been previously compromised in the another vehicle 145. This compromised data may involve critical information related to the operation and safety of the vehicle 102, such as data governing braking, steering, or acceleration. Malicious actors may have gained unauthorized access to this data in the past, raising concerns about the potential for misuse and compromise of the safety and security of the vehicle 102. To enable the protection of this data, the instant solution identifies the specific type of data that was previously compromised in the another vehicle 145. Subsequently, this “at-risk” data is encapsulated within the source code of the software application using embedded placeholders. This encapsulation process marks the compromised data as ‘at risk’ and safeguards it against unauthorized access or exposure. In case of any attempts by malicious entities to gain access to the source code or manipulate it, they would encounter these embedded placeholders instead of the actual compromised data. By doing so, the instant solution ensures that the safety and security of the vehicle 102 are not compromised due to the prior exposure of similar data in another vehicle 145.
In some embodiments of the instant solution, the replacement of embedded placeholders with secrets 131 is made, responsive to the initiation of a financial transaction at vehicle 102. The instant solution responds to specific triggers related to financial transactions within the vehicle 102. When a financial transaction is initiated, such as when the vehicle passes through an automated toll plaza or engages in any other relevant financial activity, the instant solution detects this event. This detection can occur through various means, including sensors, communication with external payment systems, or any other suitable method. Once the initiation of the financial transaction is detected, the instant solution proceeds to identify and retrieve the necessary secrets from the data store 110 associated with the vehicle. These secrets may include encryption keys, authentication tokens, or any other confidential information required to complete the financial transaction securely. With the relevant secrets obtained, the instant solution replaces the embedded placeholders within the software application's source code with these secrets. This replacement process ensures that the confidential information needed for the financial transaction is seamlessly integrated into the code, ready to be used as required.
In some embodiments of the instant solution, the use of one or more symmetric key pairs is used as the secrets 131 within the system. The instant solution utilizes symmetric key cryptography to safeguard sensitive information. Symmetric key cryptography relies on the use of shared keys, meaning the same key is used for both encryption and decryption of data. To enable this, the system employs symmetric key pairs, where each pair consists of an encryption key and a corresponding decryption key. When the system is initiated, it generates or retrieves a set of symmetric key pairs. These key pairs can be securely stored within the data store 110 associated with the vehicle 102. Each key pair is uniquely associated with specific functionalities or security aspects within the software application. These placeholders are configured to correspond to the specific symmetric key pairs stored in the data store 110. For example, a placeholder within the source code may be linked to a particular encryption key from the key pair. When the software application is executed, and the need for encryption or decryption arises, the system accesses the data store 110, retrieves the appropriate symmetric key pair based on the placeholders used in the code, and applies it to the cryptographic operations. This ensures that data is encrypted using the correct encryption key and decrypted using the corresponding decryption key, guaranteeing the security and integrity of the information.
In some embodiments of the instant solution, a data store is utilized that comprises an embedded library, with the replacement of embedded placeholders being performed by invoking an execution call to this embedded library. The instant solution incorporates a data store that includes an embedded library. This embedded library is a collection of pre-written, secured code snippets or functions designed to handle the replacement of embedded placeholders with secrets seamlessly and efficiently. System developers, at coding time, can specify within the code where embedded placeholders are located and which corresponding secrets should replace them. These specifications can include identifiers or markers indicating which parts of the code need secret information. As the application is compiled and executed on the vehicle 102, it reaches a point where placeholders are meant to be replaced with the associated secrets. Instead of performing the replacement manually or through complex custom code, the system simply calls upon the functions or routines within the embedded library. The execution call to the embedded library triggers the pre-written code snippets or functions to identify the placeholders, access the data store to retrieve the required secrets, and then seamlessly replace the placeholders within the source code with the retrieved secrets.
This approach significantly streamlines the process of replacing placeholders with secrets, reducing the chances of errors, and enhancing code maintainability. The approach ensures that sensitive information is securely integrated into the application without exposing it in the source code.
In one embodiment, Generative AI (GenAI) may be used by the instant solution in the transformation of data. Vehicles are equipped with diverse sensors, cameras, radars, and LIDARs, which collect a vast array of data, such as images, speed readings, GPS data, and acceleration metrics. However, raw data, once acquired, undergoes preprocessing that may involve normalization, anonymization, missing value imputation, or noise reduction to allow the data to be further used effectively.
The GenAI executes data augmentation following the preprocessing of the data. Due to the limitation of datasets in capturing the vast complexity of real-world vehicle scenarios, augmentation tools are employed to expand the dataset. This might involve image-specific transformations like rotations, translations, or brightness adjustments. For non-image data, techniques like jittering can be used to introduce synthetic noise, simulating a broader set of conditions.
In the instant solution, data generation is then performed on the data. Tools like Generative Adversarial Networks (GANs) and Variational Autoencoders (VAEs) are trained on existing datasets to generate new, plausible data samples. For example, GANs might be tasked with crafting images showcasing vehicles in uncharted conditions or from unique perspectives. As another example, the synthesis of sensor data may be performed to model and create synthetic readings for such scenarios, enabling thorough system testing without actual physical encounters.
A critical step in the use of GenAI, given the safety-critical nature of vehicles, is validation. This validation might include the output data being compared with real-world datasets or using specialized tools like a GAN's discriminator to gauge the realism of the crafted samples.
Flow diagrams depicted herein, such as
It is important to note that all the flow diagrams and corresponding processes derived from
The instant solution can be used in conjunction with one or more types of vehicles: battery electric vehicles, hybrid vehicles, fuel cell vehicles, internal combustion engine vehicles and/or vehicles utilizing renewable sources.
Although depicted as single vehicles, processors and elements, a plurality of vehicles, processors and elements may be present. Information or communication can occur to and/or from any of the processors 204, 204′ and elements 230. For example, the mobile phone 220 may provide information to the processor 204, which may initiate the vehicle 202 to take an action, may further provide the information or additional information to the processor 204′, which may initiate the vehicle 202′ to take an action, may further provide the information or additional information to the mobile phone 220, the vehicle 222, and/or the computer 224. One or more of the applications, features, steps, solutions, etc., described and/or depicted herein may be utilized and/or provided by the instant elements.
The processor 204 performs one or more of detecting a request for a software application from a vehicle computer, wherein the software application includes source code comprising one or more embedded placeholders that are mapped to one or more secrets stored in a data store of a vehicle 244C; identifying the one or more secrets stored in the data store that are associated with the one or more embedded placeholders 246C; replacing the one or more embedded placeholders with the one or more secrets identified from the data store into the source code of the software application 248C; and executing the source code of the software application to cause the vehicle to perform an action 250C.
The processor 204 replaces the one or more embedded placeholders with the one or more secrets identified from the data store into the source code of the software application, wherein one or more of: the one or more secrets are associated with a critical vehicle function that is integral to operating the vehicle 244D; the one or more secrets comprise financial, banking, or personally-identifiable information about one or more occupants of the vehicle 245D; the one or more secrets are associated with a geographic location of the vehicle 246D; the one or more secrets identify a device associated with an occupant of the vehicle 247D; the one or more secrets are associated with a type of data that was previously compromised in another vehicle 248D; the replacing is performed in response to an initiation of a financial transaction at the vehicle 249D; the one or more secrets comprise one or more symmetric key pairs 251D; the data store comprises an embedded library, and wherein the replacing is performed by placing an execution call to the embedded library 252D; wherein the replacing is performed by transforming a header file using a template header process that replaces a token with a corresponding value from a variable in a file stored in the data store and having an identical name as the token, and further including compiling the source code using the transformed header file 253D.
While this example describes in detail only one vehicle 202, multiple such nodes may be connected to the blockchain 206. It should be understood that the vehicle 202 may include additional components and that some of the components described herein may be removed and/or modified without departing from a scope of the instant application. The vehicle 202 may have a computing device or a server computer, or the like, and may include a processor 204, which may be a semiconductor-based microprocessor, a central processing unit (CPU), an application-specific integrated circuit (ASIC), a field-programmable gate array (FPGA), and/or another hardware device. Although a single processor 204 is depicted, it should be understood that the vehicle 202 may include multiple processors, multiple cores, or the like without departing from the scope of the instant application. The vehicle 202 could be a vehicle, server or any device with a processor and memory.
The processor 204 performs one or more of receiving a confirmation of an event from one or more elements described or depicted herein, wherein the confirmation comprises a blockchain consensus between peers represented by any of the elements 244E and executing a smart contract to record the confirmation on a blockchain-based on the blockchain consensus 246E. Consensus is formed between one or more of any element 230 and/or any element described or depicted herein, including a vehicle, a server, a wireless device, etc. In another example, the vehicle 202 can be one or more of any element 230 and/or any element described or depicted herein, including a server, a wireless device, etc.
The processors and/or computer readable media 242E may fully or partially reside in the interior or exterior of the vehicles. The steps or features stored in the computer readable media 242E may be fully or partially performed by any of the processors and/or elements in any order. Additionally, one or more steps or features may be added, omitted, combined, performed at a later time, etc.
Referring now to
The vehicle 302A sends data from the one or more sensors 304A to the machine learning subsystem 306A. The machine learning subsystem 306A provides the one or more sensor 304A data to the learning model 308A, which returns one or more predictions. The machine learning subsystem 306A sends one or more instructions to the vehicle 302A based on the predictions from the learning model 308A.
In a further embodiment, the vehicle 302A may send the one or more sensor 304A data to the machine learning training system 310A. In yet another example, the machine learning subsystem 306A may send the sensor 304A data to the machine learning subsystem 306A. One or more of the applications, features, steps, solutions, etc., described and/or depicted herein may utilize the machine learning network 400 as described herein.
The example embodiments may communicate with a host platform 320, as shown in the examples of
For example,
In this example, the host process 322 may control access to and execution of models that are stored within a model repository 323. For example, the models may include artificial intelligence (AI) models, machine learning models, neural networks, or the like. The system 300B may trigger the execution of a model from the model repository 323 via submission of a call to an application programming interface (API) 321 of the host process 322. The request may include an identifier of a model or models to be executed, a payload of data (e.g., to be input to the model during execution), and the like. The host process 322 may receive the call from the system 300B and retrieve the corresponding model from the model repository 323, deploy the model within a live runtime environment, execute the model on the input data, and return a result of the execution to the system 302. The result of the execution may include an output result from the execution of the model.
In some embodiments, the system 300B may provide feedback from the output provided by the model. For example, a user may input a confirmation that the prediction output by the model is correct or provide a notification that the model is incorrect. This information may be added to the results of execution and stored within a log 324. The log data may include an identifier of the input, an identifier of the output, an identifier of the model used, and feedback from the recipient. This information may be used to subsequently retrain the model, for example, using the model development environment shown in the example of
The system 300C may be used to design a model (via a user interface of the IDE), such as a machine learning model, etc. The model can then be executed/trained based on the training data established via the user interface. For example, the user interface may be used to build a new model. The training data for training such a new model may be provided from a training data store 325, which includes training samples from the web, from customers, and the like. Here, the model is executed on the training data via the host platform 320 to generate a result. The execution of the model causes the model to learn based on the input training data. When the model is fully trained, it may be stored within the model repository 323 via the IDE 340, or the like.
As another example, the IDE 340 may be used to retrain an existing model. Here, the training process may use executional results previously generated/output by the model 330 (including any feedback, etc.) to retrain the model 330. For example, predicted outputs that are identified as accurate, best, good, etc., may be distinguished from outputs that are inaccurate, incorrect, bad, etc. One or more of these types of outputs can be identified and used for retraining the model to help the model provide better outputs.
In the example of
In another example, the name of the object can be identified from a web page or a user interface 350 where the object is visible within a browser or the workspace 354 on the user device. A pop-up within the browser or the workspace 354 can be overlayed where the object is visible, which includes an option to navigate to the identified web page corresponding to the alternative object via a rule set.
Instead of breaking files into blocks stored on disks in a file system, the object storage 360 handles objects as discrete units of data stored in a structurally flat data environment. Here, the object storage may not use folders, directories, or complex hierarchies. Instead, each object may be a simple, self-contained repository that includes the data, the metadata, and the unique identifier that a client application 300C can use to locate and access it. In this case, the metadata is more descriptive than a file-based approach. The metadata can be customized with additional context that can later be extracted and leveraged for other purposes, such as data analytics.
The objects that are stored in the object storage 360 may be accessed via an application programming interface (API) 361. The API 361 may be a Hypertext Transfer Protocol (HTTP)-based RESTful API (also known as a RESTful Web service). The API 361 can be used by the client application 300C to query an object's metadata to locate the desired object (data) via the Internet from anywhere on any device. The API 361 may use HTTP commands such as “PUT” or “POST” to upload an object, “GET” to retrieve an object, “DELETE” to remove an object, and the like.
The object storage 360 may provide a directory 365 that uses the metadata of the objects to locate appropriate data files. The directory 365 may contain descriptive information about each object stored in the object storage 360, such as a name, a unique identifier, a creation timestamp, a collection name, etc. To query the object within the object storage 360, the client application 300C may submit a command, such as an HTTP command, with an identifier of the object 362, a payload, etc. The object storage 360 can store the actions and results described herein, including associating two or more lists of ranked assets with one another based on variables used by the two or more lists of ranked assets that have a correlation above a predetermined threshold.
The term ‘energy’, ‘electricity’, ‘power’, and the like may be used to denote any form of energy received, stored, used, shared, and/or lost by the vehicles(s). The energy may be referred to in conjunction with a voltage source and/or a current supply of charge provided from an entity to the vehicle(s) during a charge/use operation. Energy may also be in the form of fossil fuels (for example, for use with a hybrid vehicle) or via alternative power sources, including but not limited to lithium-based, nickel-based, hydrogen fuel cells, atomic/nuclear energy, fusion-based energy sources, and energy generated on-the-fly during an energy sharing and/or usage operation for increasing or decreasing one or more vehicles energy levels at a given time.
In one example, the charging station 406B manages the amount of energy transferred from the vehicle 402B such that there is sufficient charge remaining in the vehicle 402B to arrive at a destination. In one example, a wireless connection is used to wirelessly direct an amount of energy transfer between vehicles 408B, wherein the vehicles may both be in motion. In one embodiment, wireless charging may occur via a fixed charger and batteries of the vehicle in alignment with one another (such as a charging mat in a garage or parking space). In one example, an idle vehicle, such as a vehicle 402B (which may be autonomous) is directed to provide an amount of energy to a charging station 406B and return to the original location (for example, its original location or a different destination). In one example, a mobile energy storage unit (not shown) is used to collect surplus energy from at least one other vehicle 408B and transfer the stored surplus energy at a charging station 406B. In one example, factors determine an amount of energy to transfer to a charging station 406B, such as distance, time, as well as traffic conditions, road conditions, environmental/weather conditions, the vehicle's condition (weight, etc.), an occupant(s) schedule while utilizing the vehicle, a prospective occupant(s) schedule waiting for the vehicle, etc. In one example, the vehicle(s) 408B, the charging station(s) 406B and/or the electric grid(s) 404B can provide energy to the vehicle 402B.
In one embodiment, a location such as a building, a residence, or the like (not depicted), communicably coupled to one or more of the electric grid 404B, the vehicle 402B, and/or the charging station(s) 406B. The rate of electric flow to one or more of the location, the vehicle 402B, the other vehicle(s) 408B is modified, depending on external conditions, such as weather. For example, when the external temperature is extremely hot or extremely cold, raising the chance for an outage of electricity, the flow of electricity to a connected vehicle 402B/308B is slowed to help minimize the chance for an outage.
In one embodiment, vehicles 402B and 408B may be utilized as bidirectional vehicles. Bidirectional vehicles are those that may serve as mobile microgrids that can assist in the supplying of electrical power to the grid 404B and/or reduce the power consumption when the grid is stressed. Bidirectional vehicles incorporate bidirectional charging, which in addition to receiving a charge to the vehicle, the vehicle can take energy from the vehicle and “push” the energy back into the grid 404B, otherwise referred to as “V2G”. In bidirectional charging, the electricity flows both ways; to the vehicle and from the vehicle. When a vehicle is charged, alternating current (AC) electricity from the grid 404B is converted to direct current (DC). This may be performed by one or more of the vehicle's own converter or a converter on the charger 406B. The energy stored in the vehicle's batteries may be sent in an opposite direction back to the grid. The energy is converted from DC to AC through a converter usually located in the charger 406B, otherwise referred to as a bidirectional charger. Further, the instant solution as described and depicted with respect to
In one embodiment, anytime an electrical charge is given or received to/from a charging station and/or an electrical grid, the entities that allow that to occur are one or more of a vehicle, a charging station, a server, and a network communicably coupled to the vehicle, the charging station, and the electrical grid.
In one example, a vehicle 408C/404C can transport a person, an object, a permanently or temporarily affixed apparatus, and the like. In one example, the vehicle 408C may communicate with vehicle 404C via V2V communication through the computers associated with each vehicle 406C and 410C and may be referred to as a car, vehicle, automobile, and the like. The vehicle 404C/408C may be a self-propelled wheeled conveyance, such as a car, a sports utility vehicle, a truck, a bus, a van, or other motor or battery-driven or fuel cell-driven vehicle. For example, vehicle 404C/408C may be an electric vehicle, a hybrid vehicle, a hydrogen fuel cell vehicle, a plug-in hybrid vehicle, or any other type of vehicle with a fuel cell stack, a motor, and/or a generator. Other examples of vehicles include bicycles, scooters, trains, planes, boats, and any other form of conveyance that is capable of transportation. The vehicle 404C/408C may be semi-autonomous or autonomous. For example, vehicle 404C/408C may be self-maneuvering and navigate without human input. An autonomous vehicle may have and use one or more sensors and/or a navigation unit to drive autonomously. All of the data described or depicted herein can be stored, analyzed, processed and/or forwarded by one or more of the elements in
ECUs 410D, 408D, and Head Unit 406D may each include a custom security functionality element 414D defining authorized processes and contexts within which those processes are permitted to run. Context-based authorization to determine validity if a process can be executed allows ECUs to maintain secure operation and prevent unauthorized access from elements such as the vehicle's Controller Area Network (CAN Bus). When an ECU encounters a process that is unauthorized, that ECU can block the process from operating. Automotive ECUs can use different contexts to determine whether a process is operating within its permitted bounds, such as proximity contexts such as nearby objects, distance to approaching objects, speed, and trajectory relative to other moving objects, and operational contexts such as an indication of whether the vehicle is moving or parked, the vehicle's current speed, the transmission state, user-related contexts such as devices connected to the transport via wireless protocols, use of the infotainment, cruise control, parking assist, driving assist, location-based contexts, and/or other contexts.
Referring to
The processor 420E includes an arithmetic logic unit, a microprocessor, a general-purpose controller, and/or a similar processor array to perform computations and provide electronic display signals to a display unit 426E. The processor 420E processes data signals and may include various computing architectures, including a complex instruction set computer (CISC) architecture, a reduced instruction set computer (RISC) architecture, or an architecture implementing a combination of instruction sets. The vehicle 410E may include one or more processors 420E. Other processors, operating systems, sensors, displays, and physical configurations that are communicably coupled to one another (not depicted) may be used with the instant solution.
Memory 422E is a non-transitory memory storing instructions or data that may be accessed and executed by the processor 420E. The instructions and/or data may include code to perform the techniques described herein. The memory 422E may be a dynamic random-access memory (DRAM) device, a static random-access memory (SRAM) device, flash memory, or another memory device. In some embodiments, the memory 422E also may include non-volatile memory or a similar permanent storage device and media, which may include a hard disk drive, a floppy disk drive, a CD-ROM device, a DVD-ROM device, a DVD-RAM device, a DVD-RW device, a flash memory device, or some other mass storage device for storing information on a permanent basis. A portion of the memory 422E may be reserved for use as a buffer or virtual random-access memory (virtual RAM). The vehicle 410E may include one or more memories 422E without deviating from the current solution.
The memory 422E of the vehicle 410E may store one or more of the following types of data: navigation route data 418E, and autonomous features data 416E. In some embodiments, the memory 422E stores data that may be necessary for the navigation application 418E to provide the functions.
The navigation system 418E may describe at least one navigation route including a start point and an endpoint. In some embodiments, the navigation system 418E of the vehicle 410E receives a request from a user for navigation routes wherein the request includes a starting point and an ending point. The navigation system 418E may query a real-time data server 404E (via a network 402E), such as a server that provides driving directions, for navigation route data corresponding to navigation routes, including the start point and the endpoint. The real-time data server 404E transmits the navigation route data to the vehicle 410E via a wireless network 402E, and the communication system 424E stores the navigation data 418E in the memory 422E of the vehicle 410E.
The ECU 414E controls the operation of many of the systems of the vehicle 410E, including the ADAS systems 416E. The ECU 414E may, responsive to instructions received from the navigation system 418E, deactivate any unsafe and/or unselected autonomous features for the duration of a journey controlled by the ADAS systems 416E. In this way, the navigation system 418E may control whether ADAS systems 416E are activated or enabled so that they may be activated for a given navigation route.
The sensor set 412E may include any sensors in the vehicle 410E generating sensor data. For example, the sensor set 412E may include short-range sensors and long-range sensors. In some embodiments, the sensor set 412E of the vehicle 410E may include one or more of the following vehicle sensors: a camera, a Lidar sensor, an ultrasonic sensor, an automobile engine sensor, a radar sensor, a laser altimeter, a manifold absolute pressure sensor, an infrared detector, a motion detector, a thermostat, a sound detector, a carbon monoxide sensor, a carbon dioxide sensor, an oxygen sensor, a mass airflow sensor, an engine coolant temperature sensor, a throttle position sensor, a crankshaft position sensor, a valve timer, an air-fuel ratio meter, a blind spot meter, a curb feeler, a defect detector, a Hall effect sensor, a parking sensor, a radar gun, a speedometer, a speed sensor, a tire-pressure monitoring sensor, a torque sensor, a transmission fluid temperature sensor, a turbine speed sensor (TSS), a variable reluctance sensor, a vehicle speed sensor (VSS), a water sensor, a wheel speed sensor, a GPS sensor, a mapping functionality, and any other type of automotive sensor. The navigation system 418E may store the sensor data in the memory 422E.
The communication unit 424E transmits and receives data to and from the network 420E or to another communication channel. In some embodiments, the communication unit 424E may include a DSRC transceiver, a DSRC receiver, and other hardware or software necessary to make the vehicle 410E a DSRC-equipped device.
The vehicle 410E may interact with other vehicles 406E via V2V technology. V2V communication includes sensing radar information corresponding to relative distances to external objects, receiving GPS information of the vehicles, setting areas as areas where the other vehicles 406E are located based on the sensed radar information, calculating probabilities that the GPS information of the object vehicles will be located at the set areas, and identifying vehicles and/or objects corresponding to the radar information and the GPS information of the object vehicles based on the calculated probabilities, in one example.
For a vehicle to be adequately secured, the vehicle must be protected from unauthorized physical access as well as unauthorized remote access (e.g., cyber-threats). To prevent unauthorized physical access, a vehicle is equipped with a secure access system such as a keyless entry in one example. Meanwhile, security protocols are added to a vehicle's computers and computer networks to facilitate secure remote communications to and from the vehicle in one example.
Electronic Control Units (ECUs) are nodes within a vehicle that control tasks such as activating the windshield wipers to tasks such as an anti-lock brake system. ECUs are often connected to one another through the vehicle's central network, which may be referred to as a controller area network (CAN). State-of-the-art features such as autonomous driving are strongly reliant on implementing new, complex ECUs such as advanced driver-assistance systems (ADAS), sensors, and the like. While these new technologies have helped improve the safety and driving experience of a vehicle, they have also increased the number of externally-communicating units inside of the vehicle, making them more vulnerable to attack. Below are some examples of protecting the vehicle from physical intrusion and remote intrusion.
In one embodiment, a CAN includes a CAN bus with a high and low terminal and a plurality of electronic control units (ECUs), which are connected to the CAN bus via wired connections. The CAN bus is designed to allow microcontrollers and devices to communicate with each other in an application without a host computer. The CAN bus implements a message-based protocol (i.e., ISO 11898 standards) that allows ECUs to send commands to one another at a root level. Meanwhile, the ECUs represent controllers for controlling electrical systems or subsystems within the vehicle. Examples of the electrical systems include power steering, anti-lock brakes, air-conditioning, tire pressure monitoring, cruise control, and many other features.
In this example, the ECU includes a transceiver and a microcontroller. The transceiver may be used to transmit and receive messages to and from the CAN bus. For example, the transceiver may convert the data from the microcontroller into a format of the CAN bus and also convert data from the CAN bus into a format for the microcontroller. Meanwhile, the microcontroller interprets the messages and also decide what messages to send using ECU software installed therein in one example.
To protect the CAN from cyber threats, various security protocols may be implemented. For example, sub-networks (e.g., sub-networks A and B, etc.) may be used to divide the CAN into smaller sub-CANs and limit an attacker's capabilities to access the vehicle remotely. In one embodiment, a firewall (or gateway, etc.) may be added to block messages from crossing the CAN bus across sub-networks. If an attacker gains access to one sub-network, the attacker will not have access to the entire network. To make sub-networks even more secure, the most critical ECUs are not placed on the same sub-network, in one example.
In addition to protecting a vehicle's internal network, vehicles may also be protected when communicating with external networks such as the Internet. One of the benefits of having a vehicle connection to a data source such as the Internet is that information from the vehicle can be sent through a network to remote locations for analysis. Examples of vehicle information include GPS, onboard diagnostics, tire pressure, and the like. These communication systems are often referred to as telematics because they involve the combination of telecommunications and informatics. Further, the instant solution as described and depicted can be utilized in this and other networks and/or systems, including those that are described and depicted herein.
Upon receiving the communications from each other, the vehicles may verify the signatures with a certificate authority 406I or the like. For example, the vehicle 408I may verify with the certificate authority 406I that the public key certificate 404I used by vehicle 402I to sign a V2V communication is authentic. If the vehicle 408I successfully verifies the public key certificate 404I, the vehicle knows that the data is from a legitimate source. Likewise, the vehicle 402I may verify with the certificate authority 406I that the public key certificate 410I used by the vehicle 408I to sign a V2V communication is authentic. Further, the instant solution as described and depicted with respect to
In some embodiments, a computer may include security processor. In particular, the security processor may perform authorization, authentication, cryptography (e.g., encryption), and the like, for data transmissions that are sent between ECUs and other devices on a CAN bus of a vehicle, and also data messages that are transmitted between different vehicles. The security processor may include an authorization module, an authentication module, and a cryptography module. The security processor may be implemented within the vehicle's computer and may communicate with other vehicle elements, for example, the ECUs/CAN network, wired and wireless devices such as wireless network interfaces, input ports, and the like. The security processor may ensure that data frames (e.g., CAN frames, etc.) that are transmitted internally within a vehicle (e.g., via the ECUs/CAN network) are secure. Likewise, the security processor can ensure that messages transmitted between different vehicles and devices attached or connected via a wire to the vehicle's computer are also secured.
For example, the authorization module may store passwords, usernames, PIN codes, biometric scans, and the like for different vehicle users. The authorization module may determine whether a user (or technician) has permission to access certain settings such as a vehicle's computer. In some embodiments, the authorization module may communicate with a network interface to download any necessary authorization information from an external server. When a user desires to make changes to the vehicle settings or modify technical details of the vehicle via a console or GUI within the vehicle or via an attached/connected device, the authorization module may require the user to verify themselves in some way before such settings are changed. For example, the authorization module may require a username, a password, a PIN code, a biometric scan, a predefined line drawing or gesture, and the like. In response, the authorization module may determine whether the user has the necessary permissions (access, etc.) being requested.
The authentication module may be used to authenticate internal communications between ECUs on the CAN network of the vehicle. As an example, the authentication module 308J may provide information for authenticating communications between the ECUS. As an example, the authentication module may transmit a bit signature algorithm to the ECUs of the CAN network. The ECUs may use the bit signature algorithm to insert authentication bits into the CAN fields of the CAN frame. All ECUs on the CAN network typically receive each CAN frame. The bit signature algorithm may dynamically change the position, amount, etc., of authentication bits each time a new CAN frame is generated by one of the ECUs. The authentication module may also provide a list of ECUs that are exempt (safe list) and that do not need to use the authentication bits. The authentication module may communicate with a remote server to retrieve updates to the bit signature algorithm and the like.
The encryption module may store asymmetric key pairs to be used by the vehicle to communicate with other external user devices and vehicles. For example, the encryption module may provide a private key to be used by the vehicle to encrypt/decrypt communications, while the corresponding public key may be provided to other user devices and vehicles to enable the other devices to decrypt/encrypt the communications. The encryption module may communicate with a remote server to receive new keys, updates to keys, keys of new vehicles, users, etc., and the like. The encryption module may also transmit any updates to a local private/public key pair to the remote server.
In one embodiment, a vehicle may engage with another vehicle to perform various actions such as to share, transfer, acquire service calls, etc. when the vehicle has reached a status where the services need to be shared with another vehicle. For example, the vehicle may be due for a battery charge and/or may have an issue with a tire and may be in route to pick up a package for delivery. A vehicle processor resides in the vehicle and communication exists between the vehicle processor, a first database, and a transaction module. The vehicle may notify another vehicle, which is in its network and which operates on its blockchain member service. A vehicle processor resides in the another vehicle and communication exists between the vehicle processor, a second database, the vehicle processor and a transaction module. The another vehicle may then receive the information via a wireless communication request to perform the package pickup from the vehicle and/or from a server (not shown). The transactions are logged in the transaction modules and of both vehicles. The credits are transferred from vehicle to the another vehicle and the record of the transferred service is logged in the first and databases, assuming that the blockchains are different from one another, or are logged in the same blockchain used by all members. The first database can be one of a SQL database, an RDBMS, a relational database, a non-relational database, a blockchain, a distributed ledger, and may be on board the vehicle, may be off-board the vehicle, may be accessible directly and/or through a network.
The blockchain transactions 520 are stored in memory of computers as the transactions are received and approved by the consensus model dictated by the members' nodes. Approved transactions 526 are stored in current blocks of the blockchain and committed to the blockchain via a committal procedure, which includes performing a hash of the data contents of the transactions in a current block and referencing a previous hash of a previous block. Within the blockchain, one or more smart contracts 530 may exist that define the terms of transaction agreements and actions included in smart contract executable application code 532, such as registered recipients, vehicle features, requirements, permissions, sensor thresholds, etc. The code may be configured to identify whether requesting entities are registered to receive vehicle services, what service features they are entitled/required to receive given their profile statuses and whether to monitor their actions in subsequent events. For example, when a service event occurs and a user is riding in the vehicle, the sensor data monitoring may be triggered, and a certain parameter, such as a vehicle charge level, may be identified as being above/below a particular threshold for a particular period of time, then the result may be a change to a current status, which requires an alert to be sent to the managing party (i.e., vehicle owner, vehicle operator, server, etc.) so the service can be identified and stored for reference. The vehicle sensor data collected may be based on types of sensor data used to collect information about vehicle's status. The sensor data may also be the basis for the vehicle event data 534, such as a location(s) to be traveled, an average speed, a top speed, acceleration rates, whether there were any collisions, was the expected route taken, what is the next destination, whether safety measures are in place, whether the vehicle has enough charge/fuel, etc. All such information may be the basis of smart contract terms 530, which are then stored in a blockchain. For example, sensor thresholds stored in the smart contract can be used as the basis for whether a detected service is necessary and when and where the service should be performed.
In one embodiment, a blockchain logic example includes a blockchain application interface as an API or plug-in application that links to the computing device and execution platform for a particular transaction. The blockchain configuration may include one or more applications, which are linked to application programming interfaces (APIs) to access and execute stored program/application code (e.g., smart contract executable code, smart contracts, etc.), which can be created according to a customized configuration sought by participants and can maintain their own state, control their own assets, and receive external information. This can be deployed as an entry and installed, via appending to the distributed ledger, on all blockchain nodes.
The smart contract application code provides a basis for the blockchain transactions by establishing application code, which when executed causes the transaction terms and conditions to become active. The smart contract, when executed, causes certain approved transactions to be generated, which are then forwarded to the blockchain platform. The platform includes a security/authorization, computing devices, which execute the transaction management and a storage portion as a memory that stores transactions and smart contracts in the blockchain.
The blockchain platform may include various layers of blockchain data, services (e.g., cryptographic trust services, virtual execution environment, etc.), and underpinning physical computer infrastructure that may be used to receive and store new entries and provide access to auditors, which are seeking to access data entries. The blockchain may expose an interface that provides access to the virtual execution environment necessary to process the program code and engage the physical infrastructure. Cryptographic trust services may be used to verify entries such as asset exchange entries and keep information private.
The blockchain architecture configuration of
Within smart contract executable code, a smart contract may be created via a high-level application and programming language, and then written to a block in the blockchain. The smart contract may include executable code that is registered, stored, and/or replicated with a blockchain (e.g., distributed network of blockchain peers). An entry is an execution of the smart contract code, which can be performed in response to conditions associated with the smart contract being satisfied. The executing of the smart contract may trigger a trusted modification(s) to a state of a digital blockchain ledger. The modification(s) to the blockchain ledger caused by the smart contract execution may be automatically replicated throughout the distributed network of blockchain peers through one or more consensus protocols.
The smart contract may write data to the blockchain in the format of key-value pairs. Furthermore, the smart contract code can read the values stored in a blockchain and use them in application operations. The smart contract code can write the output of various logic operations into the blockchain. The code may be used to create a temporary data structure in a virtual machine or other computing platform. Data written to the blockchain can be public and/or can be encrypted and maintained as private. The temporary data that is used/generated by the smart contract is held in memory by the supplied execution environment, then deleted once the data needed for the blockchain is identified.
A smart contract executable code may include the code interpretation of a smart contract, with additional features. As described herein, the smart contract executable code may be program code deployed on a computing network, where it is executed and validated by chain validators together during a consensus process. The smart contract executable code receives a hash and retrieves from the blockchain a hash associated with the data template created by use of a previously stored feature extractor. If the hashes of the hash identifier and the hash created from the stored identifier template data match, then the smart contract executable code sends an authorization key to the requested service. The smart contract executable code may write to the blockchain data associated with the cryptographic details.
The instant system includes a blockchain that stores immutable, sequenced records in blocks, and a state database (current world state) maintaining a current state of the blockchain. One distributed ledger may exist per channel and each peer maintains its own copy of the distributed ledger for each channel of which they are a member. The instant blockchain is an entry log, structured as hash-linked blocks where each block contains a sequence of N entries. Blocks may include various components such as those shown in
The current state of the blockchain and the distributed ledger may be stored in the state database. Here, the current state data represents the latest values for all keys ever included in the chain entry log of the blockchain. Smart contract executable code invocations execute entries against the current state in the state database. To make these smart contract executable code interactions extremely efficient, the latest values of all keys are stored in the state database. The state database may include an indexed view into the entry log of the blockchain, it can therefore be regenerated from the chain at any time. The state database may automatically get recovered (or generated if needed) upon peer startup, before entries are accepted.
Endorsing nodes receive entries from clients and endorse the entry based on simulated results. Endorsing nodes hold smart contracts, which simulate the entry proposals. When an endorsing node endorses an entry, the endorsing nodes creates an entry endorsement, which is a signed response from the endorsing node to the client application indicating the endorsement of the simulated entry. The method of endorsing an entry depends on an endorsement policy that may be specified within smart contract executable code. An example of an endorsement policy is “the majority of endorsing peers must endorse the entry.” Different channels may have different endorsement policies. Endorsed entries are forward by the client application to an ordering service.
The ordering service accepts endorsed entries, orders them into a block, and delivers the blocks to the committing peers. For example, the ordering service may initiate a new block when a threshold of entries has been reached, a timer times out, or another condition. In this example, blockchain node is a committing peer that has received a data block 582A for storage on the blockchain. The ordering service may be made up of a cluster of orderers. The ordering service does not process entries, smart contracts, or maintain the shared ledger. Rather, the ordering service may accept the endorsed entries and specifies the order in which those entries are committed to the distributed ledger. The architecture of the blockchain network may be designed such that the specific implementation of ‘ordering’ (e.g., Solo, Kafka, BFT, etc.) becomes a pluggable component.
Entries are written to the distributed ledger in a consistent order. The order of entries is established to ensure that the updates to the state database are valid when they are committed to the network. Unlike a cryptocurrency blockchain system (e.g., Bitcoin, etc.) where ordering occurs through the solving of a cryptographic puzzle, or mining, in this example the parties of the distributed ledger may choose the ordering mechanism that best suits that network.
Referring to
The block data 590A may store entry information of each entry that is recorded within the block. For example, the entry data may include one or more of a type of the entry, a version, a timestamp, a channel ID of the distributed ledger, an entry ID, an epoch, a payload visibility, a smart contract executable code path (deploy tx), a smart contract executable code name, a smart contract executable code version, input (smart contract executable code and functions), a client (creator) identify such as a public key and certificate, a signature of the client, identities of endorsers, endorser signatures, a proposal hash, smart contract executable code events, response status, namespace, a read set (list of key and version read by the entry, etc.), a write set (list of key and value, etc.), a start key, an end key, a list of keys, a Merkel tree query summary, and the like. The entry data may be stored for each of the N entries.
In some embodiments, the block data 590A may also store transaction-specific data 586A, which adds additional information to the hash-linked chain of blocks in the blockchain. Accordingly, the data 586A can be stored in an immutable log of blocks on the distributed ledger. Some of the benefits of storing such data 586A are reflected in the various embodiments disclosed and depicted herein. The block metadata 588A may store multiple fields of metadata (e.g., as a byte array, etc.). Metadata fields may include signature on block creation, a reference to a last configuration block, an entry filter identifying valid and invalid entries within the block, last offset persisted of an ordering service that ordered the block, and the like. The signature, the last configuration block, and the orderer metadata may be added by the ordering service. Meanwhile, a committer of the block (such as a blockchain node) may add validity/invalidity information based on an endorsement policy, verification of read/write sets, and the like. The entry filter may include a byte array of a size equal to the number of entries in the block data 510A and a validation code identifying whether an entry was valid/invalid.
The other blocks 582B to 582n in the blockchain also have headers, files, and values. However, unlike the first block 582A, each of the headers 584A to 584n in the other blocks includes the hash value of an immediately preceding block. The hash value of the immediately preceding block may be just the hash of the header of the previous block or may be the hash value of the entire previous block. By including the hash value of a preceding block in each of the remaining blocks, a trace can be performed from the Nth block back to the genesis block (and the associated original file) on a block-by-block basis, as indicated by arrows 592, to establish an auditable and immutable chain-of-custody.
The above embodiments may be implemented in hardware, in a computer program executed by a processor, in firmware, or in a combination of the above. A computer program may be embodied on a computer readable media, such as a storage medium. For example, a computer program may reside in random access memory (“RAM”), flash memory, read-only memory (“ROM”), erasable programmable read-only memory (“EPROM”), electrically erasable programmable read-only memory (“EEPROM”), registers, hard disk, a removable disk, a compact disk read-only memory (“CD-ROM”), or any other form of storage medium known in the art.
An exemplary storage medium may be coupled to the processor such that the processor may read information from, and write information to, the storage medium. In the alternative, the storage medium may be integral to the processor. The processor and the storage medium may reside in an application-specific integrated circuit (“ASIC”). In the alternative, the processor and the storage medium may reside as discrete components. For example,
The distributed ledger 520E includes a blockchain which stores immutable, sequenced records in blocks, and a state database 524E (current world state) maintaining a current state of the blockchain 522E. One distributed ledger 520E may exist per channel and each peer maintains its own copy of the distributed ledger 520E for each channel of which they are a member. The blockchain 522E is a transaction log, structured as hash-linked blocks where each block contains a sequence of N transactions. The linking of the blocks (shown by arrows in
The current state of the blockchain 522E and the distributed ledger 522E may be stored in the state database 524E. Here, the current state data represents the latest values for all keys ever included in the chain transaction log of the blockchain 522E. Chaincode invocations execute transactions against the current state in the state database 524E. To make these chaincode interactions extremely efficient, the latest values of all keys are stored in the state database 524E. The state database 524E may include an indexed view into the transaction log of the blockchain 522E, it can therefore be regenerated from the chain at any time. The state database 524E may automatically get recovered (or generated if needed) upon peer startup, before transactions are accepted.
Endorsing nodes receive transactions from clients and endorse the transaction based on simulated results. Endorsing nodes hold smart contracts which simulate the transaction proposals. When an endorsing node endorses a transaction, the endorsing nodes creates a transaction endorsement which is a signed response from the endorsing node to the client application indicating the endorsement of the simulated transaction. The method of endorsing a transaction depends on an endorsement policy which may be specified within chaincode. An example of an endorsement policy is “the majority of endorsing peers must endorse the transaction.” Different channels may have different endorsement policies. Endorsed transactions are forward by the client application to ordering service 510E.
The ordering service 510E accepts endorsed transactions, orders them into a block, and delivers the blocks to the committing peers. For example, the ordering service 510E may initiate a new block when a threshold of transactions has been reached, a timer times out, or another condition. In the example of
The ordering service 510E may be made up of a cluster of orderers. The ordering service 510E does not process transactions, smart contracts, or maintain the shared ledger. Rather, the ordering service 510E may accept the endorsed transactions and specifies the order in which those transactions are committed to the distributed ledger 520E. The architecture of the blockchain network may be designed such that the specific implementation of ‘ordering’ (e.g., Solo, Kafka, BFT, etc.) becomes a pluggable component.
Transactions are written to the distributed ledger 520E in a consistent order. The order of transactions is established to ensure that the updates to the state database 524E are valid when they are committed to the network. Unlike a cryptocurrency blockchain system (e.g., Bitcoin, etc.) where ordering occurs through the solving of a cryptographic puzzle, or mining, in this example the parties of the distributed ledger 520E may choose the ordering mechanism that best suits that network.
When the ordering service 510E initializes a new data block 530E, the new data block 530E may be broadcast to committing peers (e.g., blockchain nodes 511E, 512E, and 513E). In response, each committing peer validates the transaction within the new data block 530E by checking to make sure that the read set and the write set still match the current world state in the state database 524E. Specifically, the committing peer can determine whether the read data that existed when the endorsers simulated the transaction is identical to the current world state in the state database 524E. When the committing peer validates the transaction, the transaction is written to the blockchain 522E on the distributed ledger 520E, and the state database 524E is updated with the write data from the read-write set. If a transaction fails, that is, if the committing peer finds that the read-write set does not match the current world state in the state database 524E, the transaction ordered into a block will still be included in that block, but it will be marked as invalid, and the state database 524E will not be updated.
Referring to
The block data 550 may store transactional information of each transaction that is recorded within the new data block 530. For example, the transaction data may include one or more of a type of the transaction, a version, a timestamp, a channel ID of the distributed ledger 520E, a transaction ID, an epoch, a payload visibility, a chaincode path (deploy tx), a chaincode name, a chaincode version, input (chaincode and functions), a client (creator) identify such as a public key and certificate, a signature of the client, identities of endorsers, endorser signatures, a proposal hash, chaincode events, response status, namespace, a read set (list of key and version read by the transaction, etc.), a write set (list of key and value, etc.), a start key, an end key, a list of keys, a Merkel tree query summary, and the like. The transaction data may be stored for each of the N transactions.
In some embodiments, blockchain data 563 contains one or more secrets 131 (
The block metadata 560 may store multiple fields of metadata (e.g., as a byte array, etc.). Metadata fields may include signature on block creation, a reference to a last configuration block, a transaction filter identifying valid and invalid transactions within the block, last offset persisted of an ordering service that ordered the block, and the like. The signature, the last configuration block, and the orderer metadata may be added by the ordering service 510E. Meanwhile, a committer of the block (such as blockchain node 512E) may add validity/invalidity information based on an endorsement policy, verification of read/write sets, and the like. The transaction filter may include a byte array of a size equal to the number of transactions in the block data 500D and a validation code identifying whether a transaction was valid/invalid.
In computing node 600 there is a computer system/server 602, which is operational with numerous other general purpose or special purpose computing system environments or configurations. Examples of well-known computing systems, environments, and/or configurations that may be suitable for use with computer system/server 602 include, but are not limited to, personal computer systems, server computer systems, thin clients, thick clients, hand-held or laptop devices, multiprocessor systems, microprocessor-based systems, set-top boxes, programmable consumer electronics, network PCs, minicomputer systems, mainframe computer systems, and distributed cloud computing environments that include any of the above systems or devices, and the like.
Computer system/server 602 may be described in the general context of computer system-executable instructions, such as program modules, being executed by a computer system. Generally, program modules may include routines, programs, objects, components, logic, data structures, and so on that perform particular tasks or implement particular abstract data types. Computer system/server 602 may be practiced in distributed cloud computing environments where tasks are performed by remote processing devices that are linked through a communications network. In a distributed cloud computing environment, program modules may be located in both local and remote computer system storage media including memory storage devices.
As shown in
The bus represents one or more of any of several types of bus structures, including a memory bus or memory controller, a peripheral bus, an accelerated graphics port, and a processor or local bus using any of a variety of bus architectures. By way of example, and not limitation, such architectures include Industry Standard Architecture (ISA) bus, Micro Channel Architecture (MCA) bus, Enhanced ISA (EISA) bus, Video Electronics Standards Association (VESA) local bus, and Peripheral Component Interconnects (PCI) bus.
Computer system/server 602 typically includes a variety of computer system readable media. Such media may be any available media that is accessible by computer system/server 602, and it includes both volatile and non-volatile media, removable and non-removable media. System memory 606, in one example, implements the flow diagrams of the other figures. The system memory 606 can include computer system readable media in the form of volatile memory, such as random-access memory (RAM) 608 and/or cache memory 610. Computer system/server 602 may further include other removable/non-removable, volatile/non-volatile computer system storage media. By way of example only, memory 606 can be provided for reading from and writing to a non-removable, non-volatile magnetic media (not shown and typically called a “hard drive”). Although not shown, a magnetic disk drive for reading from and writing to a removable, non-volatile magnetic disk (e.g., a “floppy disk”), and an optical disk drive for reading from or writing to a removable, non-volatile optical disk such as a CD-ROM, DVD-ROM or other optical media can be provided. In such instances, each can be connected to the bus by one or more data media interfaces. As will be further depicted and described below, memory 606 may include at least one program product having a set (e.g., at least one) of program modules that are configured to carry out the functions of various embodiments of the application.
Program/utility, having a set (at least one) of program modules, may be stored in memory 606 by way of example, and not limitation, as well as an operating system, one or more application programs, other program modules, and program data. Each of the operating system, one or more application programs, other program modules, and program data or some combination thereof, may include an implementation of a networking environment. Program modules generally carry out the functions and/or methodologies of various embodiments of the application as described herein.
As will be appreciated by one skilled in the art, aspects of the present application may be embodied as a system, method, or computer program product. Accordingly, aspects of the present application may take the form of an entirely hardware embodiment, an entirely software embodiment (including firmware, resident software, micro-code, etc.) or an embodiment combining software and hardware aspects that may all generally be referred to herein as a “circuit,” “module” or “system.” Furthermore, aspects of the present application may take the form of a computer program product embodied in one or more computer readable media(s) having computer readable program code embodied thereon.
Computer system/server 602 may also communicate with one or more external devices via an I/O device 612 (such as an I/O adapter), which may include a keyboard, a pointing device, a display, a voice recognition module, etc., one or more devices that enable a user to interact with computer system/server 602, and/or any devices (e.g., network card, modem, etc.) that enable computer system/server 602 to communicate with one or more other computing devices. Such communication can occur via I/O interfaces of the device 612. Still yet, computer system/server 602 can communicate with one or more networks such as a local area network (LAN), a general wide area network (WAN), and/or a public network (e.g., the Internet) via a network adapter. As depicted, device 612 communicates with the other components of computer system/server 602 via a bus. It should be understood that although not shown, other hardware and/or software components could be used in conjunction with computer system/server 602. Examples, include, but are not limited to: microcode, device drivers, redundant processing units, external disk drive arrays, RAID systems, tape drives, and data archival storage systems, etc.
Although an exemplary embodiment of at least one of a system, method, and non-transitory computer readable media has been illustrated in the accompanied drawings and described in the foregoing detailed description, it will be understood that the application is not limited to the embodiments disclosed, but is capable of numerous rearrangements, modifications, and substitutions as set forth and defined by the following claims. For example, the capabilities of the system of the various figures can be performed by one or more of the modules or components described herein or in a distributed architecture and may include a transmitter, receiver or pair of both. For example, all or part of the functionality performed by the individual modules, may be performed by one or more of these modules. Further, the functionality described herein may be performed at various times and in relation to various events, internal or external to the modules or components. Also, the information sent between various modules can be sent between the modules via at least one of: a data network, the Internet, a voice network, an Internet Protocol network, a wireless device, a wired device and/or via plurality of protocols. Also, the messages sent or received by any of the modules may be sent or received directly and/or via one or more of the other modules.
One skilled in the art will appreciate that a “system” could be embodied as a personal computer, a server, a console, a personal digital assistant (PDA), a cell phone, a tablet computing device, a smartphone or any other suitable computing device, or combination of devices. Presenting the above-described functions as being performed by a “system” is not intended to limit the scope of the present application in any way but is intended to provide one example of many embodiments. Indeed, methods, systems and apparatuses disclosed herein may be implemented in localized and distributed forms consistent with computing technology.
It should be noted that some of the system features described in this specification have been presented as modules to more particularly emphasize their implementation independence. For example, a module may be implemented as a hardware circuit comprising custom very-large-scale integration (VLSI) circuits or gate arrays, off-the-shelf semiconductors such as logic chips, transistors, or other discrete components. A module may also be implemented in programmable hardware devices such as field-programmable gate arrays, programmable array logic, programmable logic devices, graphics processing units, or the like.
A module may also be at least partially implemented in software for execution by various types of processors. An identified unit of executable code may, for instance, comprise one or more physical or logical blocks of computer instructions that may, for instance, be organized as an object, procedure, or function. Nevertheless, the executables of an identified module need not be physically located together but may comprise disparate instructions stored in different locations that, when joined logically together, comprise the module and achieve the stated purpose for the module. Further, modules may be stored on a computer-readable medium, which may be, for instance, a hard disk drive, flash device, random access memory (RAM), tape, or any other such medium used to store data.
Indeed, a module of executable code could be a single instruction, or many instructions, and may even be distributed over several different code segments, among different programs, and across several memory devices. Similarly, operational data may be identified and illustrated herein within modules and may be embodied in any suitable form and organized within any suitable type of data structure. The operational data may be collected as a single data set or may be distributed over different locations, including over different storage devices, and may exist, at least partially, merely as electronic signals on a system or network.
It will be readily understood that the components of the application, as generally described and illustrated in the figures herein, may be arranged and designed in a wide variety of different configurations. Thus, the detailed description of the embodiments is not intended to limit the scope of the application as claimed but is merely representative of selected embodiments of the application.
One having ordinary skill in the art will readily understand that the above may be practiced with steps in a different order and/or with hardware elements in configurations that are different from those which are disclosed. Therefore, although the application has been described based upon these preferred embodiments, it would be apparent to those of skill in the art that certain modifications, variations, and alternative constructions would be apparent.
While preferred embodiments of the present application have been described, it is to be understood that the embodiments described are illustrative only and the scope of the application is to be defined solely by the appended claims when considered with a full range of equivalents and modifications (e.g., protocols, hardware devices, software platforms etc.) thereto.
