Patent Application
20190044738
The present disclosure relates to cryptographic certificate exchanges, and more particularly to improve the robustness for safety systems with efficient certificate exchanges.
The United States Department of Transportation is working on federal motor vehicle safety standards related to vehicle-to-everything (V2X) technology called Dedicated Short-Range Communications (DSRC). The IEEE has developed various standards relating to V2X communications. V2X concerns exchanging information between entities in vehicular environments, such as between vehicles, Road Side Units (RSUs), other infrastructure, pedestrians, etc. V2X complements onboard sensors (OBS) used for semi-autonomous and autonomous driving, enabling cars to better understand its surrounding environment beyond the immediate range of onboard sensors such as radar, Lidar and camera etc. An example V2V based collision avoidance, where vehicles exchange Basic Safety Messages (BSMs) every 100 ms to communicate critical driving status, e.g., the current position, yaw rate, speed and acceleration of the vehicle, based on which intelligent predictions can be made to alert the drivers of the danger if imminent crash is foreseen.
DSRC is also known as the IEEE Wireless Access in Vehicular Environments (WAVE), which includes the IEEE 802.11p and IEEE 1609 series of standards for vehicular communications. In particular, IEEE 1609.2 standard defines security services for applications and management messages. IEEE 1609.2 relies on certificates and the public key infrastructure to establish trust for vehicular communications. Digital signatures are used to provide message integrity; the message receiver can use the signing certificate, and its associated certificate chain, to validate the signature. The authenticity and integrity of a message may be validated through the signature with multiple certificates, represented by a certificate chain, where the signing certificate is validated by a certificate from a more senior authority, which in turn may be authenticated by a more senior authority, etc., going back to a root authority, e.g., a root Certificate Authority (CA) known to be trusted. If all verifications succeed, then the message is deemed trustable.
However, to improve communication efficiency, IEEE 1609.2 does not mandate inclusion of the whole certificate chain inside signed messages. A signed message might only carry the signing certificate, or a partial certificate chain. The dynamic nature of V2X scenarios, the focus on reducing latency for safety critical applications and reducing the overhead introduced to the communication channels, and the potentially large space of Certificate Authorities (CAs) and their certificates that may be used, makes certificate distribution particularly challenging in V2X. Therefore, given these certificate distribution concerns, and since latency may increase risk, a receiver of a signed message might be unable to immediately re-construct the complete certificate chain associated to the signed message; reduced latency is prioritized over complete authentication.
IEEE 1609.2 in part addresses certificate reconstruction, especially at the V2V level, and defines the Peer-to-Peer Certificate Distribution (P2PCD) protocol. P2PCD allows a receiver unable to validate a signature due to not recognizing the issuer of the topmost certificate provided within the signed message, to request missing certificates from local peers, e.g., by broadcasting Certificate Learning Request (CLR) to vehicles in transmission range. Responders, who receive the CLR, may broadcast back a relevant certificate, if they have it.
Unfortunately, any vehicles, including unauthenticated/malicious ones, can launch this P2PCD procedure. Therefore, P2PCD protocol may bring vulnerability for a Denial of Service (DoS) attack on the V2V network's availability. On the other hand, mitigating DoS by reducing the frequency of P2PCD executions (e.g., set large values for time out parameters defined in P2PCD protocol) may increase the latency for signature verification, and hence impact the V2V service availability. Moreover, with a pure ad hoc fashion, the success of obtaining the requested certificate from local neighboring vehicles cannot be guaranteed.
One reason for P2PCD was to increase messaging efficiency to improve safety-critical applications, such as collision avoidance, hence the vulnerability and inefficiency may reduce safety. While this attack problem may be mitigated in part by providing certificates to receivers through an out-of-band channel, e.g., proactively by pre-installing CA certificates inside the vehicle to anticipate future needs, this solution may be impractical. Worldwide, there may be too many CAs, and CA certificates, that may be accommodated in a vehicle. And while a regional approach to CA pre-installation may be used to minimize the burden, vehicles are by definition mobile and as they travel they may come in contact with many vehicles from other regions/countries, and need to resolve missing certificates. Also, certificates have a lifecycle and eventually need to be renewed/updated, making pre-installment impractical; safe dynamic distribution is needed.
Embodiments will be readily understood by the following detailed description in conjunction with the accompanying drawings. To facilitate this description, like reference numerals designate like structural elements. Embodiments are illustrated by way of example, and not by way of limitation, in the figures of the accompanying drawings.
In the following detailed description, reference is made to the accompanying drawings that form a part hereof wherein like numerals designate like parts throughout, and in which is shown by way of illustration embodiments that may be practiced. It is to be understood that other embodiments may be utilized and structural or logical changes may be made without departing from the scope of the present disclosure. Therefore, the following detailed description is not to be taken in a limiting sense, and the scope of embodiments is defined by the appended claims and their equivalents. Alternate embodiments of the present disclosure and their equivalents may be devised without parting from the spirit or scope of the present disclosure. It should be noted that like elements disclosed below are indicated by like reference numbers in the drawings.
Various operations may be described as multiple discrete actions or operations in turn, in a manner that is most helpful in understanding the claimed subject matter. However, the order of description should not be construed as to imply that these operations are necessarily order dependent. In particular, these operations do not have to be performed in the order of presentation. Operations described may be performed in a different order than the described embodiment. Various additional operations may be performed and/or described operations may be omitted in additional embodiments. For the purposes of the present disclosure, the phrase “A and/or B” means (A), (B), or (A and B). For the purposes of the present disclosure, the phrase “A, B, and/or C” means (A), (B), (C), (A and B), (A and C), (B and C), or (A, B and C). The description may use the phrases “in an embodiment,” or “in embodiments,” which may each refer to one or more of the same or different embodiments. Furthermore, the terms “comprising,” “including,” “having,” and the like, as used with respect to embodiments of the present disclosure, are considered synonymous.
Illustrated embodiments disclose various techniques for dynamically distributing certificates while being resistant to attacks. Disclosed embodiments and discussed certificate sharing solutions may be applied in both “infrastructured” (communication in conjunction with a Road Side (or RoadSide) Unit (RSU) type of device), as well as “infrastructureless” mode, e.g., vehicle to vehicle communication. In various embodiments, a RSU is used, when available, to handle certificate provisioning within a neighborhood or other specific location; and when a RSU is not available, then certificate provisioning may be performed at the Vehicle-to-Vehicle (V2V) level, e.g., out of wireless range, not configured for communication with a vehicle, or otherwise unavailable. It will be appreciated while this document may refer to a RSU, the RSU is used for exemplary purposes as it aligns with disclosed exemplary vehicle provisioning environments. It will be understood by one skilled in the art that other machines, devices, systems, etc. may provide some or all of the services discussed herein for a RSU and that this disclosure is intended to include these other machines, devices, etc. and they may provision and/or communicate with any other device, including the vehicles discussed herein, but may also be used to communicate with other mobile devices and/or technology. The RSUs and vehicles are therefore understood to be presented as exemplary embodiments. In various embodiments, Internet of Things (IoT) are used. IoT a concept in which a large number of computing devices are interconnected to each other and to the Internet to provide functionality and data acquisition at very low levels. Thus, as used herein, an IoT device may include a semiautonomous device performing a function, such as sensing or control, among others, in communication with other IoT devices and a wider network, such as the Interne
For retrieving missing certificates, the P2PCD allows the receiver of a signed message to reactively request and fetch the missing certificate from its local neighboring vehicles. As illustrated, a sender may send a message 112 that is missing one or more certificate, and the receiver may in turn, as allowed by IEEE 1609.2 P2PCD procedure, send a Certificate Learning Request (CLR) request 114 to nearby vehicles 116, 118 to see if they have the missing certificate(s). Receivers that have the missing certificate, e.g., vehicle 116, may send 120 the requested certificate back responsive to the CLR.
As will be discussed in further detail below, in infrastructured mode, an RSU may proactively provision a vehicle or other mobile device with “potentially missing” CA certificates associated with a neighborhood, including intermediate CA certificates, root CA certificates as well as elector certificates and endorsements. The term “neighborhood” is intended to generally represent both a geographic region, e.g., vehicles or other machines in a particular area, as well as vehicles or machines that are in and/or expected to be in the neighborhood. Thus vehicles in a neighborhood would be provisioned, as well as delivery and/or other vehicles that are known to pass through the neighborhood. In addition, certain conditions, such as an active map route of a navigation function, e.g., such as a vehicle's navigation system, may be used to identify neighborhoods the vehicle is likely to contact and hence when in communication range of a RSU the vehicle may be provisioned with certificates for its current neighborhood as well as for the neighborhoods associated with the vehicle's navigation route. In some embodiments, certificate distribution frequency may be adjusted based on contextual parameters to reduce the communication overhead associated with certificate provisioning.
As will be discussed in further detail below, in infrastructureless mode, a reactive process will be discussed to exchange full certificate chains among authenticated neighboring vehicles. This will limit ability of illegitimate vehicles triggering the P2PCD process. In combination the infrastructured and infrastructureless modes to efficiently and robustly support environments such as WAVE/DSRC with dynamic certificate distribution.
It will be appreciated the RSU will have a wired and/or wireless communication pathway to one or more Public Key Infrastructure (PKI) 224 server, which serves certificates for vehicle communications. In one embodiment the PKI operates in a manner similar to the deployment and design assumption with DSRC/WAVE. It will be appreciated security for DSRC-based vehicular communications is defined by IEEE 1609.2, and is based on digital signatures on messages, and certificates. Signed messages in IEEE 1609.2 include four parts: header, payload, signature, and signing certificate. For more information, see, e.g., Li, Yunxin (Jeff). (2012). “An overview of the DSRC/WAVE technology” at Internet Uniform Resource Locator (URL) v2x.ir/Admin/Files/eventAttachments/An%20Overview%20of%20the%20DSRCWAVE%20Technology -Yunxin%20Li_172.pdf. In one embodiment the PKI exposes a set of APIs that may be queried by an entity to fetch certificates, through communication pathway 228 or other pathway (not illustrated), which may represent communication occurring over the Internet or other network. Each RSU may maintain a local database (DB) 222 of certificates and associated certificate chains.
As used herein the term “infrastructured” refers to the vehicles 206, 208 that are within the wireless coverage area 224 of the RSU 220, and are thus able to receive messages from the RSU. As used herein the term “infrastructureless” refers to vehicles 202, 204 that are currently outside of any RSU coverage (or the RSU is operating as a passive device, such as simply monitoring its environment instead of actively communicating with vehicles and/or other devices in its coverage area). If not in communication with the RSU or equivalent/other device providing RSU-type services, vehicles 202, 204 may communicate at the Vehicle-to-Vehicle (V2V) level. It will be appreciated that communication does not need to be either communicate with the RSU or communicate with other vehicles. Rather, a vehicle 206 may be both in range of the RSU, while also in range of another vehicle 204 that is outside the RSU coverage area. In one embodiment, the in-range vehicle may operate as a conduit to proxy a connection between the out of range vehicle 204 and the RSU. In another embodiment, the in-range vehicle 206 may instead receive a Certificate Learning Request from an out of range vehicle 204, and in turn make an equivalent request of the RSU. The RSU will provide the certificate to the in-range vehicle 206 which may then respond to the CLR with the information obtained from the RSU. This allows a vehicle ordinarily unable to respond to a CLR to be able to respond by way of information requested from the RSU.
In one embodiment, a RSU 220 may contain all known certificates and associated certificate chains, e.g. all that are known to the PKI 226. In another embodiment, the RSU has a partial certificate store and may only contain certificates and associated certificate chains for vehicles known to its neighborhood, as well as for vehicles expected to be entering the neighborhood based on various information such as trajectory analysis, active in-vehicle navigation, etc. In one embodiment, the PKI is communicatively coupled with the RSU over a communication pathway 228, such as a secure out-of-band channel between the RSU and PKI. It will be appreciated that the pathway 228 may be any combination of private network and/or public network, e.g., communication may be by way of a secure tunnel through the Internet. When the RSU sees certificate needs from vehicles 206, 208, the RSU may provide data if currently stored by the RSU, e.g., in its database 222, or it may request needed data from the PKI and then respond to the vehicles.
As discussed above, certificates may be linked in a chain, e.g.,
As discussed above, it is assumed impractical to preload a vehicle with all possible CA certificates with which the vehicle may come into contact. Therefore, in one embodiment, a proactive approach is taken for certificate distribution. For example, certificates may be distributed only when their use is anticipated within a neighborhood of communicating vehicles or other defined collection of communicatively coupled devices and/or vehicles. In the context of being in range of a RSU (infrastructured), as discussed in more detail with respect to
In the illustrated embodiment, Module 1404 monitors and processes incoming messages from vehicles/devices, and adds new certificates (if any) that might be needed for communications among local vehicles/devices into its database (DB) 408 storage. It will be appreciated the DB may be local for speed of accessing data, but it may also be implemented wholly or partially as remote storage accessible over a communication pathway such as the Internet or other network. It will be appreciated policies may be employed to control data retention in local storage and/or data relocation to remote (e.g., cold) storage (not illustrated), or data deletion (e.g., for certificates deemed unnecessary to a particular neighborhood). Module 1 is discussed in more detail below with respect to
In the illustrated embodiment, Module 2406 manages the dissemination frequency of certificates, and updates the list of certificates to be disseminated. Module 2 is discussed in more detail below with respect to
If 508 the certificate chain is already inside the DB then the message may be discarded 510. Note that determining if 508 the chain is already known conflates several operations required to make that determination. As discussed above, a certificate chain represents a linked list. By looking at an issuer's identifier for a certificate, and iteratively checking on each issuer, a complete certificate chain can be reconstructed. This may be performed to determine if 508 the chain is already known. In this way, the RSU checks if it has all the certificates on the certificate chain starting with the signing certificate carried in the signed message. If any certificate is not in the RSU's database, the RSU will fetch 512 the rest certificates on the chain (starting from the missing one) from a PKI (e.g.,
If the fetch 512 of all missing CA certificates fails, e.g., they cannot all be retrieved from a PKI, which may be due to an attempt by a bad actor to interfere with messaging, or if 514 any certificate in the chain cannot be validated (or have been withdrawn or otherwise marked ineligible for use), in one embodiment, the RSU reports 516 problematic certificate(s) to the PKI (or other backend administration entity). However, if all missing certificates could be fetched 512, and if 514 all certificates in the chain are valid, then the RSU adds 518 the newly acquired certificate(s) to its database. In one embodiment, the first time a certificate is added 518 to the DB, the RSU will assign a default frequency f_D for each of them. Distribution and distribution frequency will be discussed further below. It will be appreciated there is no restriction on the types of certificates and/or other data a RSU can retrieve from or send to the PKI or other backend server, remote system, vehicle, other device or even another RSU (one RSU may hand off certificates/other data to another RSU based on predicted movement or metadata or other context associated with a vehicle and/or other device), etc. Therefore, if new types of trust-related credentials or messaging are introduced, such as elector certificates and endorsements such as those proposed in a new version of IEEE 1609.2, the RSU may retrieve and distribute all necessary credentials, e.g., intermediate and root CA certificates, elector certificates and endorsements, as discussed herein.
In one embodiment, assume L represents a distribution list, that as discussed above, represents a list of certificates to be periodically broadcasted to vehicles and/or other devices in the RSU neighborhood. L may be distributed periodically at a frequency f=1/T, where T is a system parameter. T determines the periodicity for RSU's certificate distribution and may be adjusted by the RSU based on contextual information, such as the congestion status of the communication channel (i.e., T is set to a large value if the channel is busy). At each scheduled distribution time, L contains only certificates the RSU deems necessary to distribute according to the RSU's observation/predicted distribution needs. In one embodiment L(t) may indicate the list of certificates distributed at distribution time t, where for convenience t is assumed a multiple of T. It will be appreciated L(t) may be different from L(t+T), and if no certificate is necessary at time t, L(t) may be empty and not transmitted. The presence of each certificate (and associated chain) in L(t) depends on a frequency tracked per-certificate, and continuously updated based on RSU observations of neighborhood activity.
In one embodiment f_C may be used to indicate a certificate's distribution frequency where f_C is a fraction off and f is the maximum value for every f_C. In one embodiment, L(t) may be provided through the control channel (CCH), either standalone, or it may be piggybacked into other application/management-specific messages. In another embodiment, to reduce a burden introduced to the CCH, providing L(t) may be treated as a service such that the RSU broadcasts this service with periodic Wave Service Advertisement (WSA) on the CCH. In this embodiment, the RSU distributes L(t) on the target service channel (SCH). Thus, vehicles and/or other devices in the RSU's coverage are notified of the certificate distribution service provided by the RSU, and may switch to the corresponding SCH to fetch the certificates when needed. In one embodiment, vehicles drop a signed message if they are unable to verify it.
In one embodiment, the list L(t) is populated and maintained by updating the per-certificate frequency f_C from a current frequency 604 to the new broadcast frequency 610, and compiling/updating the list L(t) is based on frequencies calculated during the updating. In one embodiment the RSU (or a process within the RSU) monitors its DB. The RSU updates the DB every f_C 604 using the illustrated update function 602. It will be appreciated the per-certificate broadcast frequency f_C for every certificate C varies over time based on RSU's observations of messages and/or other data coming from or associated with vehicles and/or other devices in its neighborhood. Thus, intuitively, when the RSU sees and fetches a new CA certificate while monitoring communications, it should broadcast this certificate (and its associated chain) “more often” as other vehicles and/or other devices in the neighborhood are more likely to need the new CA certificate. If no new CA certificate appears, this implies neighboring vehicles already have all the CA certificates they need for signature verification, and thus, the RSU should broadcast certificates “less frequently”. It will be appreciated trigger events 608 may include a variety of events that impact a broadcast decision. Choice of relevant trigger events may be left to specific application/deployment. In one embodiment, time and accumulation speed of new CA certificates may be triggering events.
To address corner cases, a vehicle may be allowed to send a certificate learning request (with its identity proof, e.g., its long term certificate) directly to a RSU in case it needs to validate a signature immediately, or in case the RSU does not broadcast certificates it needs. Recall the RSU determines what to broadcast based on perceived needs for its neighborhood. If a new vehicle and/or other device enters a RSU's coverage, and certificates on its chain are popular, vehicles and/or other devices in the RSU's neighborhood already know them. According to the tree structure of the public key infrastructure, topmost certificates on certificate chains are “popular” as they are the root CA's certificate or certificates close to the root. As a result, vehicles will likely share the same CAs at the top of their certificate chain and/or know those top/popular certificates. Leveraging this, vehicle may skip sending those popular CA certificates that others already have.
The new vehicle and/or other device does not necessarily know some of the CA certificates that are already known by this neighborhood. As discussed above, the f_C for known certificates is lower and they are broadcast less frequently, if at all. A new vehicle and/or other device may then directly send a certificate learning request to the RSU, asking for certificates it does not have. In one embodiment, the RSU may respond directly to the requestor with the requested information. In another embodiment, the request may be or may additionally be a trigger event 608 for the RSU to increase the current frequency 604 of the certificates in requestor's request.
If 702 a RSU is available, then as discussed above, a vehicle may receive 708, from a new device, a message (e.g., a BSM) with an incomplete certificate chain. See, e.g.,
If 702 a RSU is not available, e.g., all vehicles are out of range of a RSU, or all in-range RSUs are in a passive mode, then vehicles may employ a reactive approach to certificate distribution. Without an active/available RSU, if 718 vehicle A receives a message from vehicle B with an unknown valid certificate chain associated with the message, then vehicle A adds 720 its own complete certificate chain, as well as setting a flag=1 in the message, and sends 722 the message. In one embodiment, the message to send may be any scheduled application or management message. In one embodiment, when a vehicle and/or other device enters a new area or comes into contact with new vehicles and/or other devices, the flag set =1 indicates to message receivers that the message was sent by a “newcomer” to a neighborhood/area that is expecting to exchange certificate chains with neighboring vehicles. That is, vehicle A needs to identify the unknown certificate chain. In this example, vehicle A may have recently driven into an area and vehicle B, already present in the area, had sent out a message containing local certificates currently unknown to newcomer vehicle A.
Assuming vehicles B and C are local to the area to which vehicle A has traveled, and vehicles B and C are in range of vehicle A, then they will receive vehicle A's message. As already being local, while what prompted vehicle A to send its message was unknown local certificates, when vehicles B and C test to determine if 718 a message was received with unknown certificates, they will be known. Therefore vehicles B and C (independently and symmetrically) test to see if 724 if the message was received with the flag set=1. If yes, then vehicles B and C know some device, e.g., vehicle A, is in a discovery/certificate learning mode, and therefore vehicles B and C add 726 their full certificate chains to a message and set the flag=0. One exception is that after execution of 724, if the vehicle sees a same complete certificate chain as its own has been sent by another vehicle, it will not execute 726 so as to avoid sending duplicate certificate chains. In one embodiment, vehicles B and C are adding their certificates to their respective next scheduled message to be sent 722. Since vehicles B and C will receive each other's messages, when these messages are receive and tested if 718 any certificates are unknown, they will be known, and when then tested if 724 the flag is set=1, that test will fail and no certificates will be added 726 as discussed above. Vehicle A will also receive the sent 722 messages from vehicles B and C and will store the new certificates, thus adding to its database of certificates in use in the new area.
Thus, in the
Depending on its applications, computer device 800 may include other components that may or may not be physically and electrically coupled to the PCB 806. These other components include, but are not limited to, memory controller 808, volatile memory (e.g., dynamic random access memory (DRAM) 810), non-volatile memory such as read only memory (ROM) 812, flash memory 814, storage device 816 (e.g., a hard-disk drive (HDD)), an I/O controller 818, a digital signal processor 820, a crypto processor 822, a graphics processor 824 (e.g., a graphics processing unit (GPU) or other circuitry for performing graphics), one or more antenna 826, a display which may be or work in conjunction with a touch screen display 828, a touch screen controller 830, a battery 832, an audio codec (not shown), a video codec (not shown), a positioning system such as a global positioning system (GPS) device 834 (it will be appreciated other location technology may be used), a compass 836, an accelerometer (not shown), a gyroscope (not shown), a speaker 838, a camera 840, and other mass storage devices (such as hard disk drive, a solid state drive, compact disk (CD), digital versatile disk (DVD)) (not shown), and so forth.
In some embodiments, the one or more processor(s) 802, flash memory 814, and/or storage device 816 may include associated firmware (not shown) storing programming instructions configured to enable computer device 800, in response to execution of the programming instructions by one or more processor(s) 802, to practice all or selected aspects of the methods described herein. In various embodiments, these aspects may additionally or alternatively be implemented using hardware separate from the one or more processor(s) 802, flash memory 814, or storage device 816. In one embodiment, memory, such as flash memory 814 or other memory in the computer device, is or may include a memory device that is a block addressable memory device, such as those based on NAND or NOR technologies. A memory device may also include future generation nonvolatile devices, such as a three dimensional crosspoint memory device, or other byte addressable write-in-place nonvolatile memory devices. In one embodiment, the memory device may be or may include memory devices that use chalcogenide glass, multi-threshold level NAND flash memory, NOR flash memory, single or multi-level Phase Change Memory (PCM), a resistive memory, nanowire memory, ferroelectric transistor random access memory (FeTRAM), anti-ferroelectric memory, magnetoresistive random access memory (MRAM) memory that incorporates memristor technology, resistive memory including the metal oxide base, the oxygen vacancy base and the conductive bridge Random Access Memory (CB-RAM), or spin transfer torque (STT)-MRAM, a spintronic magnetic junction memory based device, a magnetic tunneling junction (MTJ) based device, a DW (Domain Wall) and SOT (Spin Orbit Transfer) based device, a thyristor based memory device, or a combination of any of the above, or other memory. The memory device may refer to the die itself and/or to a packaged memory product.
In various embodiments, one or more components of the computer device 800 may implement an embodiment of the
The communication chip(s) 804 may enable wired and/or wireless communications for the transfer of data to and from the computer device 800. The term “wireless” and its derivatives may be used to describe circuits, devices, systems, methods, techniques, communications channels, etc., that may communicate data through the use of modulated electromagnetic radiation through a non-solid medium. The term does not imply that the associated devices do not contain any wires, although in some embodiments they might not. The communication chip(s) may implement any of a number of wireless standards or protocols, including but not limited to IEEE 802.20, Long Term Evolution (LTE), LTE Advanced (LTE-A), General Packet Radio Service (GPRS), Evolution Data Optimized (Ev-DO), Evolved High Speed Packet Access (HSPA+), Evolved High Speed Downlink Packet Access (HSDPA+), Evolved High Speed Uplink Packet Access (HSUPA+), Global System for Mobile Communications (GSM), Enhanced Data rates for GSM Evolution (EDGE), Code Division Multiple Access (CDMA), Time Division Multiple Access (TDMA), Digital Enhanced Cordless Telecommunications (DECT), Worldwide Interoperability for Microwave Access (WiMAX), Bluetooth, derivatives thereof, as well as any other wireless protocols that are designated as 3G, 4G, 5G, and beyond. The computer device may include a plurality of communication chips 804. For instance, a first communication chip(s) may be dedicated to shorter range wireless communications such as Wi-Fi and Bluetooth, and a second communication chip 804 may be dedicated to longer range wireless communications such as GPS, EDGE, GPRS, CDMA, WiMAX, LTE, Ev-DO, and others.
The communication chip(s) may implement any number of standards, protocols, and/or technologies datacenters typically use, such as networking technology providing high-speed low latency communication. For example the communication chip(s) may support RoCE (Remote Direct Memory Access (RDMA) over Converged Ethernet), e.g., version 1 or 2, which is a routable protocol having efficient data transfers across a network, and is discussed for example at Internet URL RDMAconsortium.com. The chip(s) may support Fibre Channel over Ethernet (FCoE), iWARP, or other high-speed communication technology, see for example the OpenFabrics Enterprise Distribution (OFED™) documentation available at Internet URL OpenFabrics.org. It will be appreciated datacenter environments benefit from highly efficient networks, storage connectivity and scalability, e.g., Storage Area Networks (SANS), parallel computing using RDMA, Internet Wide Area Remote Protocol (iWARP), InfiniBand Architecture (IBA), and other such technology. Computer device 800 may support any of the infrastructures, protocols and technology identified here, and since new high-speed technology is always being implemented, it will be appreciated by one skilled in the art that the computer device is expected to support equivalents currently known or technology implemented in future.
In various implementations, the computer device 800 may be a laptop, a netbook, a notebook, an ultrabook, a smartphone, a computer tablet, a personal digital assistant (PDA), an ultra-mobile PC, a mobile phone, a desktop computer, a server, a printer, a scanner, a monitor, a set-top box, an entertainment control unit (e.g., a gaming console or automotive entertainment unit), a digital camera, an appliance, a portable music player, or a digital video recorder, or a transportation device (e.g., any motorized or manual device such as a bicycle, motorcycle, automobile, taxi, train, plane, etc.). In further implementations, the computer device 800 may be any other electronic device that processes data.
Any combination of one or more storage medium may be utilized. The storage medium may be, for example but not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, device, or propagation medium. More specific examples (a non-exhaustive list) of the storage medium would include the following: an electrical connection having one or more wires, a portable computer diskette, a hard disk, a random access memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or Flash memory), an optical fiber, a portable compact disc read-only memory (CD-ROM), an optical storage device, a transmission media such as those supporting the Internet or an intranet, or a magnetic storage device. Note that the storage medium could even be paper or another suitable medium upon which the program is printed, as the program can be electronically captured, via, for instance, optical scanning of the paper or other medium, then compiled, interpreted, or otherwise processed in a suitable manner, if necessary, and then stored in a computer memory. In the context of this document, a storage medium may be any medium that can contain, store, communicate, propagate, or transport the program for use by or in connection with the instruction execution system, apparatus, or device. The computer-accessible storage medium may include a propagated data signal with the computer-usable program code embodied therewith, either in baseband or as part of a carrier wave. The program code may be transmitted using any appropriate medium, including but not limited to wireless, wireline, optical fiber cable, RF, etc.
Computer-usable program code for carrying out operations of the present disclosure may be written in any combination of one or more programming languages, including an object oriented programming language such as Java, Smalltalk, C++ or the like and conventional procedural programming languages, such as the “C” programming language or similar programming languages. The program code may execute entirely on the user's computer, partly on the user's computer, as a stand-alone software package, partly on the user's computer and partly on a remote computer or entirely on the remote computer or server. It will be appreciated program code may operate as a distributed task operating on multiple machines cooperatively working to perform program code. In various embodiments, a remote computer may be connected to the user's computer through any type of network, including a local area network (LAN) or a wide area network (WAN), or the connection may be made to an external computer (for example, through the Internet using an Internet Service Provider). Cooperative program execution may be for a fee based on a commercial transaction, such as a negotiated rate (offer/accept) arrangement, established and/or customary rates, and may include micropayments between device(s) cooperatively executing the program or storing and/or managing associated data.
These computer program instructions may be stored in a storage medium that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the storage medium produce an article of manufacture including instruction means which implement the function/act specified in the flowchart and/or block diagram block or blocks. The computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide processes for implementing the functions/acts specified in the flowchart and/or block diagram block or blocks.
Often, IoT devices are limited in memory, size, or functionality, allowing larger numbers to be deployed for a similar cost to smaller numbers of larger devices. However, an IoT device may be a smart phone, laptop, tablet, or PC, or other larger device. Further, an IoT device may be a virtual device, such as an application on a smart phone or other computing device. IoT devices may include IoT gateways, used to couple IoT devices to other IoT devices and to cloud applications, for data storage, process control, and the like.
Networks of IoT devices may include commercial and home automation devices, such as water distribution systems, electric power distribution systems, pipeline control systems, plant control systems, light switches, thermostats, locks, cameras, alarms, motion sensors, and the like. The IoT devices may be accessible through remote computers, servers, and other systems, for example, to control systems or access data.
The future growth of the Internet and like networks may involve very large numbers of IoT devices. Accordingly, in the context of the techniques discussed herein, a number of innovations for such future networking will address the need for all these layers to grow unhindered, to discover and make accessible connected resources, and to support the ability to hide and compartmentalize connected resources. Any number of network protocols and communications standards may be used, wherein each protocol and standard is designed to address specific objectives. Further, the protocols are part of the fabric supporting human accessible services that operate regardless of location, time or space. The innovations include service delivery and associated infrastructure, such as hardware and software; security enhancements; and the provision of services based on Quality of Service (QoS) terms specified in service level and service delivery agreements. As will be understood, the use of IoT devices and networks, such as those introduced in
The network topology may include any number of types of IoT networks, such as a mesh network provided with the network 1056 using Bluetooth low energy (BLE) links 1022. Other types of IoT networks that may be present include a wireless local area network (WLAN) network 1058 used to communicate with IoT devices 1004 through IEEE 802.8 (Wi-Fi®) links 1028, a cellular network 1060 used to communicate with IoT devices 1004 through an LTE/LTE-A 4G) or 5G cellular network, and a low-power wide area (LPWA) network 1062, for example, a LPWA network compatible with the LoRaWan specification promulgated by the LoRa alliance, or a IPv6 over Low Power Wide-Area Networks (LPWAN) network compatible with a specification promulgated by the Internet Engineering Task Force (IETF). Further, the respective IoT networks may communicate with an outside network provider (e.g., a tier 2 or tier 3 provider) using any number of communications links, such as an LTE cellular link, an LPWA link, or a link based on the IEEE 802.15.4 standard, such as Zigbee®. The respective IoT networks may also operate with use of a variety of network and internet application protocols such as Constrained Application Protocol (CoAP). The respective IoT networks may also be integrated with coordinator devices that provide a chain of links that forms cluster tree of linked devices and networks.
Each of these IoT networks may provide opportunities for new technical features, such as those as described herein. The improved technologies and networks may enable the exponential growth of devices and networks, including the use of IoT networks into as fog devices or systems. As the use of such improved technologies grows, the IoT networks may be developed for self-management, functional evolution, and collaboration, without needing direct human intervention. The improved technologies may even enable IoT networks to function without centralized controlled systems. Accordingly, the improved technologies described herein may be used to automate and enhance network management and operation functions far beyond current implementations.
In an example, communications between IoT devices 1004, such as over the backbone links 1002, may be protected by a decentralized system for authentication, authorization, and accounting (AAA). In a decentralized AAA system, distributed payment, credit, audit, authorization, and authentication systems may be implemented across interconnected heterogeneous network infrastructure. This allows systems and networks to move towards autonomous operations. In these types of autonomous operations, machines may even contract for human resources and negotiate partnerships with other machine networks. This may allow the achievement of mutual objectives and balanced service delivery against outlined, planned service level agreements as well as achieve solutions that provide metering, measurements, traceability and trackability. The creation of new supply chain structures and methods may enable a multitude of services to be created, mined for value, and collapsed without any human involvement.
Such IoT networks may be further enhanced by the integration of sensing technologies, such as sound, light, electronic traffic, facial and pattern recognition, smell, vibration, into the autonomous organizations among the IoT devices. The integration of sensory systems may allow systematic and autonomous communication and coordination of service delivery against contractual service objectives, orchestration and quality of service (QoS) based swarming and fusion of resources. Some of the individual examples of network-based resource processing include the following.
The mesh network 1056, for instance, may be enhanced by systems that perform inline data-to-information transforms. For example, self-forming chains of processing resources comprising a multi-link network may distribute the transformation of raw data to information in an efficient manner, and the ability to differentiate between assets and resources and the associated management of each. Furthermore, the proper components of infrastructure and resource based trust and service indices may be inserted to improve the data integrity, quality, assurance and deliver a metric of data confidence.
The WLAN network 1058, for instance, may use systems that perform standards conversion to provide multi-standard connectivity, enabling IoT devices 1004 using different protocols to communicate. Further systems may provide seamless interconnectivity across a multi-standard infrastructure comprising visible Internet resources and hidden Internet resources.
Communications in the cellular network 1060, for instance, may be enhanced by systems that offload data, extend communications to more remote devices, or both. The LPWA network 1062 may include systems that perform non-Internet protocol (IP) to IP interconnections, addressing, and routing. Further, each of the IoT devices 1004 may include the appropriate transceiver for wide area communications with that device. Further, each IoT device 1004 may include other transceivers for communications using additional protocols and frequencies. This is discussed further with respect to the communication environment and hardware of an IoT processing device depicted in other illustrated embodiments.
Finally, clusters of IoT devices may be equipped to communicate with other IoT devices as well as with a cloud network. This may allow the IoT devices to form an ad-hoc network between the devices, allowing them to function as a single device, which may be termed a fog device. This configuration is discussed further with respect to
The fog 1120 may be considered to be a massively interconnected network wherein a number of IoT devices 1102 are in communications with each other, for example, by radio links 1122. As an example, this interconnected network may be facilitated using an interconnect specification released by the Open Connectivity Foundation™ (OCF). This standard allows devices to discover each other and establish communications for interconnects. Other interconnection protocols may also be used, including, for example, the optimized link state routing (OLSR) Protocol, the better approach to mobile ad-hoc networking (B.A.T.M.A.N.) routing protocol, or the OMA Lightweight M2M (LWM2M) protocol, among others.
Three types of IoT devices 1102 are shown in this example, gateways 1104, data aggregators 1126, and sensors 1128, although any combinations of IoT devices 1102 and functionality may be used. The gateways 1104 may be edge devices that provide communications between the cloud 1100 and the fog 1120, and may also provide the backend process function for data obtained from sensors 1128, such as motion data, flow data, temperature data, and the like. The data aggregators 1126 may collect data from any number of the sensors 1128, and perform the back end processing function for the analysis. The results, raw data, or both may be passed along to the cloud 1100 through the gateways 1104. The sensors 1128 may be full IoT devices 1102, for example, capable of both collecting data and processing the data. In some cases, the sensors 1128 may be more limited in functionality, for example, collecting the data and allowing the data aggregators 1126 or gateways 1104 to process the data.
Communications from any IoT device 1102 may be passed along a convenient path (e.g., a most convenient path) between any of the IoT devices 1102 to reach the gateways 1104. In these networks, the number of interconnections provide substantial redundancy, allowing communications to be maintained, even with the loss of a number of IoT devices 1102. Further, the use of a mesh network may allow IoT devices 1102 that are very low power or located at a distance from infrastructure to be used, as the range to connect to another IoT device 1102 may be much less than the range to connect to the gateways 1104.
The fog 1120 provided from these IoT devices 1102 may be presented to devices in the cloud 1100, such as a server 1106, as a single device located at the edge of the cloud 1100, e.g., a fog device. In this example, the alerts coming from the fog device may be sent without being identified as coming from a specific IoT device 1102 within the fog 1120. In this fashion, the fog 1120 may be considered a distributed platform that provides computing and storage resources to perform processing or data-intensive tasks such as data analytics, data aggregation, and machine-learning, among others.
In some examples, the IoT devices 1102 may be configured using an imperative programming style, e.g., with each IoT device 1102 having a specific function and communication partners. However, the IoT devices 1102 forming the fog device may be configured in a declarative programming style, allowing the IoT devices 1102 to reconfigure their operations and communications, such as to determine needed resources in response to conditions, queries, and device failures. As an example, a query from a user located at a server 1106 about the operations of a subset of equipment monitored by the IoT devices 1102 may result in the fog 1120 device selecting the IoT devices 1102, such as particular sensors 1128, needed to answer the query. The data from these sensors 1128 may then be aggregated and analyzed by any combination of the sensors 1128, data aggregators 1126, or gateways 1104, before being sent on by the fog 1120 device to the server 1106 to answer the query. In this example, IoT devices 1102 in the fog 1120 may select the sensors 1128 used based on the query, such as adding data from flow sensors or temperature sensors. Further, if some of the IoT devices 1102 are not operational, other IoT devices 1102 in the fog 1120 device may provide analogous data, if available.
In other examples, the operations and functionality described above may be embodied by a IoT device machine in the example form of an electronic processing system, within which a set or sequence of instructions may be executed to cause the electronic processing system to perform any one of the methodologies discussed herein, according to an example embodiment. The machine may be an IoT device or an IoT gateway, including a machine embodied by aspects of a personal computer (PC), a tablet PC, a personal digital assistant (PDA), a mobile telephone or smartphone, or any machine capable of executing instructions (sequential or otherwise) that specify actions to be taken by that machine. Further, while only a single machine may be depicted and referenced in the example above, such machine shall also be taken to include any collection of machines that individually or jointly execute a set (or multiple sets) of instructions to perform any one or more of the methodologies discussed herein. Further, these and like examples to a processor-based system shall be taken to include any set of one or more machines that are controlled by or operated by a processor (e.g., a computer) to individually or jointly execute instructions to perform any one or more of the methodologies discussed herein.
Other example groups of IoT devices may include remote weather stations 1214, local information terminals 1216, alarm systems 1218, automated teller machines 1220, alarm panels 1222, or moving vehicles, such as emergency vehicles 1224 or other vehicles 1226, among many others. Each of these IoT devices may be in communication with other IoT devices, with servers 1204, with another IoT fog device or system (not shown, but depicted in
As can be seen from
Clusters of IoT devices, such as the remote weather stations 1214 or the traffic control group 1206, may be equipped to communicate with other IoT devices as well as with the cloud 1200. This may allow the IoT devices to form an ad-hoc network between the devices, allowing them to function as a single device, which may be termed a fog device or system (e.g., as described above with reference to
The IoT device 1350 may include a processor 1352, which may be a microprocessor, a multi-core processor, a multithreaded processor, an ultra-low voltage processor, an embedded processor, or other known processing element. The processor 1352 may be a part of a system on a chip (SoC) in which the processor 1352 and other components are formed into a single integrated circuit, or a single package, such as the Edison™ or Galileo™ SoC boards from Intel. As an example, the processor 1352 may include an Intel® Architecture Core™ based processor, such as a Quark™, an Atom™, an i3, an i5, an i7, or an MCU-class processor, or another such processor available from Intel® Corporation, Santa Clara, Calif. However, any number other processors may be used, such as available from Advanced Micro Devices, Inc. (AMD) of Sunnyvale, Calif., a MIPS-based design from MIPS Technologies, Inc. of Sunnyvale, Calif., an ARM-based design licensed from ARM Holdings, Ltd. or customer thereof, or their licensees or adopters. The processors may include units such as an A5-A10 processor from Apple® Inc., a Snapdragon™ processor from Qualcomm® Technologies, Inc., or an OMAP™ processor from Texas Instruments, Inc.
The processor 1352 may communicate with a system memory 1354 over an interconnect 1356 (e.g., a bus). Any number of memory devices may be used to provide for a given amount of system memory. As examples, the memory may be random access memory (RAM) in accordance with a Joint Electron Devices Engineering Council (JEDEC) design such as the DDR or mobile DDR standards (e.g., LPDDR, LPDDR2, LPDDR3, or LPDDR4). In various implementations the individual memory devices may be of any number of different package types such as single die package (SDP), dual die package (DDP) or quad die package (Q17P). These devices, in some examples, may be directly soldered onto a motherboard to provide a lower profile solution, while in other examples the devices are configured as one or more memory modules that in turn couple to the motherboard by a given connector. Any number of other memory implementations may be used, such as other types of memory modules, e.g., dual inline memory modules (DIMMs) of different varieties including but not limited to microDIMMs or MiniDIMMs.
To provide for persistent storage of information such as data, applications, operating systems and so forth, a storage 1358 may also couple to the processor 1352 via the interconnect 1356. In an example the storage 1358 may be implemented via a solid state disk drive (SSDD). Other devices that may be used for the storage 1358 include flash memory cards, such as SD cards, microSD cards, xD picture cards, and the like, and USB flash drives. In low power implementations, the storage 1358 may be on-die memory or registers associated with the processor 1352. However, in some examples, the storage 1358 may be implemented using a micro hard disk drive (HDD). Further, any number of new technologies may be used for the storage 1358 in addition to, or instead of, the technologies described, such resistance change memories, phase change memories, holographic memories, or chemical memories, among others.
The components may communicate over the interconnect 1356. The interconnect 1356 may include any number of technologies, including industry standard architecture (ISA), extended ISA (EISA), peripheral component interconnect (PCI), peripheral component interconnect extended (PCIx), PCI express (PCIe), or any number of other technologies. The interconnect 1356 may be a proprietary bus, for example, used in a SoC based system. Other bus systems may be included, such as an I2C interface, an SPI interface, point to point interfaces, and a power bus, among others.
The interconnect 1356 may couple the processor 1352 to a mesh transceiver 1362, for communications with other mesh devices 1364. The mesh transceiver 1362 may use any number of frequencies and protocols, such as 2.4 Gigahertz (GHz) transmissions under the IEEE 802.15.4 standard, using the Bluetooth° low energy (BLE) standard, as defined by the Bluetooth® Special Interest Group, or the ZigBee® standard, among others. Any number of radios, configured for a particular wireless communication protocol, may be used for the connections to the mesh devices 1364. For example, a WLAN unit may be used to implement Wi-FiTM communications in accordance with the Institute of Electrical and Electronics Engineers (IEEE) 802.11 standard. In addition, wireless wide area communications, e.g., according to a cellular or other wireless wide area protocol, may occur via a WWAN unit.
The mesh transceiver 1362 may communicate using multiple standards or radios for communications at different range. For example, the IoT device 1350 may communicate with close devices, e.g., within about 10 meters, using a local transceiver based on BLE, or another low power radio, to save power. More distant mesh devices 1364, e.g., within about 50 meters, may be reached over ZigBee or other intermediate power radios. Both communications techniques may take place over a single radio at different power levels, or may take place over separate transceivers, for example, a local transceiver using BLE and a separate mesh transceiver using ZigBee.
A wireless network transceiver 1366 may be included to communicate with devices or services in the cloud 1300 via local or wide area network protocols. The wireless network transceiver 1366 may be a LPWA transceiver that follows the IEEE 802.15.4, or IEEE 802.15.4g standards, among others. The IoT device 1350 may communicate over a wide area using LoRaWAN™ (Long Range Wide Area Network) developed by Semtech and the LoRa Alliance. The techniques described herein are not limited to these technologies, but may be used with any number of other cloud transceivers that implement long range, low bandwidth communications, such as Sigfox, and other technologies. Further, other communications techniques, such as time-slotted channel hopping, described in the IEEE 802.15.4e specification may be used.
Any number of other radio communications and protocols may be used in addition to the systems mentioned for the mesh transceiver 1362 and wireless network transceiver 1366, as described herein. For example, the radio transceivers 1362 and 1366 may include an LTE or other cellular transceiver that uses spread spectrum (SPA/SAS) communications for implementing high speed communications. Further, any number of other protocols may be used, such as Wi-Fi® networks for medium speed communications and provision of network communications.
The radio transceivers 1362 and 1366 may include radios that are compatible with any number of 3GPP (Third Generation Partnership Project) specifications, notably Long Term Evolution (LTE), Long Term Evolution-Advanced (LTE-A), and Long Term Evolution-Advanced Pro (LTE-A Pro). It can be noted that radios compatible with any number of other fixed, mobile, or satellite communication technologies and standards may be selected. These may include, for example, any Cellular Wide Area radio communication technology, which may include e.g. a 5th Generation (5G) communication systems, a Global System for Mobile Communications (GSM) radio communication technology, a General Packet Radio Service (GPRS) radio communication technology, or an Enhanced Data Rates for GSM Evolution (EDGE) radio communication technology, a UMTS (Universal Mobile Telecommunications System) communication technology, In addition to the standards listed above, any number of satellite uplink technologies may be used for the wireless network transceiver 1366, including, for example, radios compliant with standards issued by the ITU (International Telecommunication Union), or the ETSI (European Telecommunications Standards Institute), among others. The examples provided herein are thus understood as being applicable to various other communication technologies, both existing and not yet formulated.
A network interface controller (NIC) 1368 may be included to provide a wired communication to the cloud 1300 or to other devices, such as the mesh devices 1364. The wired communication may provide an Ethernet connection, or may be based on other types of networks, such as Controller Area Network (CAN), Local Interconnect Network (LIN), DeviceNet, ControlNet, Data Highway+, PROFIBUS, or PROFINET, among many others. An additional NIC 1368 may be included to allow connect to a second network, for example, a NIC 1368 providing communications to the cloud over Ethernet, and a second NIC 1368 providing communications to other devices over another type of network.
The interconnect 1356 may couple the processor 1352 to an external interface 1370 that is used to connect external devices or subsystems. The external devices may include sensors 1372, such as accelerometers, level sensors, flow sensors, optical light sensors, camera sensors, temperature sensors, a global positioning system (GPS) sensors, pressure sensors, barometric pressure sensors, and the like. The external interface 1370 further may be used to connect the IoT device 1350 to actuators 1374, such as power switches, valve actuators, an audible sound generator, a visual warning device, and the like.
In some optional examples, various input/output (I/O) devices may be present within, or connected to, the IoT device 1350. For example, a display or other output device 1384 may be included to show information, such as sensor readings or actuator position. An input device 1386, such as a touch screen or keypad may be included to accept input. An output device 1384 may include any number of forms of audio or visual display, including simple visual outputs such as binary status indicators (e.g., LEDs) and multi-character visual outputs, or more complex outputs such as display screens (e.g., LCD screens), with the output of characters, graphics, multimedia objects, and the like being generated or produced from the operation of the IoT device 1350.
A battery 1376 may power the IoT device 1350, although in examples in which the IoT device 1350 is mounted in a fixed location, it may have a power supply coupled to an electrical grid. The battery 1376 may be a lithium ion battery, or a metal-air battery, such as a zinc-air battery, an aluminum-air battery, a lithium-air battery, and the like.
A battery monitor/charger 1378 may be included in the IoT device 1350 to track the state of charge (SoCh) of the battery 1376. The battery monitor/charger 1378 may be used to monitor other parameters of the battery 1376 to provide failure predictions, such as the state of health (SoH) and the state of function (SoF) of the battery 1376. The battery monitor/charger 1378 may include a battery monitoring integrated circuit, such as an LTC4020 or an LTC2990 from Linear Technologies, an ADT7488A from ON Semiconductor of Phoenix Arizona, or an IC from the UCD90xxx family from Texas Instruments of Dallas, Tex. The battery monitor/charger 1378 may communicate the information on the battery 1376 to the processor 1352 over the interconnect 1356. The battery monitor/charger 1378 may also include an analog-to-digital (ADC) convertor that allows the processor 1352 to monitor directly the voltage of the battery 1376 or the current flow from the battery 1376. The battery parameters may be used to determine actions that the IoT device 1350 may perform, such as transmission frequency, mesh network operation, sensing frequency, and the like.
A power block 1380, or other power supply coupled to a grid, may be coupled with the battery monitor/charger 1378 to charge the battery 1376. In some examples, the power block 1380 may be replaced with a wireless power receiver to obtain the power wirelessly, for example, through a loop antenna in the IoT device 1350. A wireless battery charging circuit, such as an LTC4020 chip from Linear Technologies of Milpitas, Calif., among others, may be included in the battery monitor/charger 1378. The specific charging circuits chosen depend on the size of the battery 1376, and thus, the current required. The charging may be performed using the Airfuel standard promulgated by the Airfuel Alliance, the Qi wireless charging standard promulgated by the Wireless Power Consortium, or the Rezence charging standard, promulgated by the Alliance for Wireless Power, among others.
The storage 1358 may include instructions 1382 in the form of software, firmware, or hardware commands to implement the techniques described herein. Although such instructions 1382 are shown as code blocks included in the memory 1354 and the storage 1358, it may be understood that any of the code blocks may be replaced with hardwired circuits, for example, built into an application specific integrated circuit (ASIC).
In an example, the instructions 1382 provided via the memory 1354, the storage 1358, or the processor 1352 may be embodied as a non-transitory, machine readable medium 1360 including code to direct the processor 1352 to perform electronic operations in the IoT device 1350. The processor 1352 may access the non-transitory, machine readable medium 1360 over the interconnect 1356. For instance, the non-transitory, machine readable medium 1360 may be embodied by devices described for the storage 1358 of
In further examples, a machine-readable medium also includes any tangible medium that is capable of storing, encoding or carrying instructions for execution by a machine and that cause the machine to perform any one or more of the methodologies of the present disclosure or that is capable of storing, encoding or carrying data structures utilized by or associated with such instructions. A “machine-readable medium” thus may include, but is not limited to, solid-state memories, and optical and magnetic media. Specific examples of machine-readable media include non-volatile memory, including but not limited to, by way of example, semiconductor memory devices (e.g., electrically programmable read-only memory (EPROM), electrically erasable programmable read-only memory (EEPROM)) and flash memory devices; magnetic disks such as internal hard disks and removable disks; magneto-optical disks; and CD-ROM and DVD-ROM disks. The instructions embodied by a machine-readable medium may further be transmitted or received over a communications network using a transmission medium via a network interface device utilizing any one of a number of transfer protocols (e.g., HTTP).
It should be understood that the functional units or capabilities described in this specification may have been referred to or labeled as components or modules, in order to more particularly emphasize their implementation independence. Such components may be embodied by any number of software or hardware forms. For example, a component or module may be implemented as a hardware circuit comprising custom very-large-scale integration (VLSI) circuits or gate arrays, off-the-shelf semiconductors such as logic chips, transistors, or other discrete components. A component or module may also be implemented in programmable hardware devices such as field programmable gate arrays, programmable array logic, programmable logic devices, or the like. Components or modules may also be implemented in software for execution by various types of processors. An identified component or module of executable code may, for instance, comprise one or more physical or logical blocks of computer instructions, which may, for instance, be organized as an object, procedure, or function. Nevertheless, the executables of an identified component or module need not be physically located together, but may comprise disparate instructions stored in different locations which, when joined logically together, comprise the component or module and achieve the stated purpose for the component or module.
Indeed, a component or module of executable code may be a single instruction, or many instructions, and may even be distributed over several different code segments, among different programs, and across several memory devices or processing systems. In particular, some aspects of the described process (such as code rewriting and code analysis) may take place on a different processing system (e.g., in a computer in a data center), than that in which the code is deployed (e.g., in a computer embedded in a sensor or robot). Similarly, operational data may be identified and illustrated herein within components or modules, and may be embodied in any suitable form and organized within any suitable type of data structure. The operational data may be collected as a single data set, or may be distributed over different locations including over different storage devices, and may exist, at least partially, merely as electronic signals on a system or network. The components or modules may be passive or active, including agents operable to perform desired functions. Additional examples of the presently described method, system, and device embodiments include the following, non-limiting configurations. Each of the following non-limiting examples may stand on its own, or may be combined in any permutation or combination with any one or more of the other examples provided below or throughout the present disclosure.
Example 1 may be a system for managing cryptographic exchanges between devices capable of operating in accord with the Wireless Access Vehicular Environment (WAVE) functionality, comprising a device operable in at least a first environment in which the device is configured to: receive a first message with an associated first certificate chain; add a second certificate chain associated with the device to a second message; determine if the first certificate chain includes an unknown certificate, and if so, set a flag associated with the second message; determine if all certificates in the first certificate chain are known, and if so, check if message has the set flag, and if the flag is set, then unset the flag; and send the second message.
Example 2 may be example 1 in which a RSU is available to the device, but unavailable to a second device, the device further configured to facilitate communication between the second device and the RSU.
Example 3 may be any of examples 1-2 in which there may be a roadside unit (RSU) available to the device, further comprising the device configured to: determine if the RSU is available; if the RSU is unavailable, the device to operate in the first environment; and if the RSU is available, the device to operate in a second environment.
Example 4 may be example 3 further comprising the device operable in the second environment in which the device is configured to: receive the first message; determine if a signature verification for the first message requires an unknown certificate; if the unknown certificate is required, then listen to the RSU for a third message with a list including one or more certificates associated with the third message; and determine if the list provides the unknown certificate , and if so, update the certificate chain associated with the device.
Example 5 may be example 4 wherein the unknown certificate completes the certificate chain starting from the unknown certificate.
Example 6 may be example 4 further comprising the device configured to: determine the certificate list in the third message fails to provide and validate the unknown certificate, and request the unknown certificate from the RSU.
Example 7 may be example 6, further comprising the device configured to: attempt to verify the message with its updated certificate chain; and if unable to verify the message, report the message.
Example 8 may be any of examples 3-7 wherein the RSU is configured to: monitor devices in a neighborhood associated with the RSU; identify certificates used by devices in the neighborhood; and share certificates with the devices in the neighborhood with a frequency that is dynamically updateable based at least in part on a current distribution frequency and the monitor devices in the neighborhood.
Example 9 may be example 8, wherein the RSU is further configured to provide a wireless communication environment compliant with at least a portion of an IEEE 1609 specification.
Example 10 may be example 8, further comprising the RSU configured to exchange certificates with a PKI over a secure communication pathway.
Example 11 may be any of examples 8-10 wherein the frequency is also determined based at least in part on a trigger event.
Example 12 may be example 6, wherein the RSU is configured to: Identify the device as a new entering the neighborhood; and send the third message, which includes certificates in use in the neighborhood.
Example 13 mat be a method for managing cryptographic exchanges between devices capable of operating in accord with the Wireless Access Vehicular Environment (WAVE) functionality, including a device operable in at least a first environment in which the device is configured to: receive a first message with an associated first certificate chain; add a second certificate chain associated with the device to a second message; determine if the first certificate chain includes an unknown certificate, and if so, set a flag associated with the second message; determine if all certificates in the first certificate chain are known, and if so, check if message has the set flag, and if the flag is set, then unset the flag; and send the second message.
Example 14 may be example 13, in which there may be a roadside unit (RSU) available to the device, further comprising the device configured to: determine if the RSU is available; if the RSU is unavailable, the device to operate in the first environment; and if the RSU is available, the device to operate in a second environment.
Example 15 may be example 14, further comprising the device operable in the second environment in which the device is configured to: receive the first message; determine if a signature verification for the first message requires an unknown certificate; if the unknown certificate is required, then listen to the RSU for a third message with a list of one or more certificates associated with the third message; and determine if the list provides the unknown certificate, and if so, update the certificate chain associated with the device.
Example 16 may be example 15, further comprising the device configured to: determine the certificate list in the third message fails to provide and validate the unknown certificate, and request the unknown certificate from the RSU.
Example 17 may be example 16, further comprising the device configured to: attempt to verify the message with its updated certificate chain; and if unable to verify the message, report the message.
Example 18 may be any of examples 14-17 wherein the RSU is configured to: monitor devices in a neighborhood associated with the RSU; identify certificates used by devices in the neighborhood; and share certificates with the devices in the neighborhood with a frequency that is dynamically updateable based at least in part on a current distribution frequency and the monitor devices in the neighborhood.
Example 19 may be example 18 further comprising the RSU configured to exchange certificates with a PKI over a secure communication pathway.
Example 20 may be example 18 wherein the frequency is also determined based at least in part on a trigger event.
Example 21 may be example 17, wherein the RSU is configured to: Identify the device as a new entering the neighborhood; and send the third message, which includes certificates in use in the neighborhood.
Example 22 may be one or more non-transitory computer-readable media having instructions to provide for managing cryptographic exchanges with a device operable in at least a first and a second environment, and configure the device to: determine if a roadside unit (RSU) is available to the device, and if so, the device to operate in the first environment, and if not, to operate in a second environment; in the first environment, the device further to: receive a first message with an associated first certificate chain; add a second certificate chain associated with the device to a second message; determine if the first certificate chain includes an unknown certificate, and if so, set a flag associated with the second message; determine if all certificates in the first certificate chain are known, and if so, check if message has the set flag, and if the flag is set, then unset the flag; and send the second message.
Example 23 may be example 22, further having instructions for the device to operate in the second environment, and the device to be configured to: receive the first message; determine if a signature verification in the first message requires an unknown certificate; if the unknown certificate is required, then listen to the RSU for a third message with a list including one or more certificates associated with the third message; and determine if the list provides the unknown certificate and completes the certificate chain starting from the unknown certificate, and if so, update the certificate chain associated with the device.
Example 24 may be example 23, further having instructions for the device to be configured to: determine the certificate list in the third message fails to provide and validate the unknown certificate, and request the unknown certificate from the RSU; attempt to verify the message with its updated certificate chain; and if unable to verify the message, report the message.
Example 25 may be example 23, further having instructions for the device to be configured to communicate with a RSU configured to: monitor devices in a neighborhood associated with the RSU; identify certificates used by devices in the neighborhood; share certificates with the devices in the neighborhood with a frequency that is dynamically updateable based at least in part on a selected one or more of a current distribution frequency, the monitor devices in the neighborhood, or a trigger event; wherein the RSU is further configured to: exchange certificates with a PKI over a secure communication pathway; Identify the device as a new entering the neighborhood; and send the third message, which includes certificates in use in the neighborhood.
It will be apparent to those skilled in the art that various modifications and variations can be made in the disclosed embodiments of the disclosed device and associated methods without departing from the spirit or scope of the disclosure. Thus, it is intended that the present disclosure covers the modifications and variations of the embodiments disclosed above provided that the modifications and variations come within the scope of any claims and their equivalents.
