Patent Application
20240381087
The present disclosure generally relates to security for wireless device. For example, aspects of the present disclosure relate to physical authentication for certificate theft detection.
Wireless communication systems are widely deployed to provide various telecommunication services such as telephony, video, data, messaging, and broadcasts. Typical wireless communication systems may employ multiple-access technologies capable of supporting communication with multiple users by sharing available system resources. Examples of such multiple-access technologies include code division multiple access (CDMA) systems, time division multiple access (TDMA) systems, frequency division multiple access (FDMA) systems, orthogonal frequency division multiple access (OFDMA) systems, single-carrier frequency division multiple access (SC-FDMA) systems, and time division synchronous code division multiple access (TD-SCDMA) systems.
These multiple access technologies have been adopted in various telecommunication standards to provide a common protocol that enables different wireless devices to communicate on a municipal, national, regional, and even global level. An example telecommunication standard is 5G New Radio (NR). 5G NR is part of a continuous mobile broadband evolution promulgated by Third Generation Partnership Project (3GPP) to meet new requirements associated with latency, reliability, security, scalability (e.g., with Internet of Things (IoT)), and other requirements. 5G NR includes services associated with enhanced mobile broadband (cMBB), massive machine type communications (mMTC), and ultra-reliable low latency communications (URLLC). Some aspects of 5G NR may be based on the 4G Long Term Evolution (LTE) standard. Aspects of wireless communication may comprise direct communication between devices, such as in V2X, vehicle-to-vehicle (V2V), and/or device-to-device (D2D) communication. A V2X communications system allows communications between vehicles and other devices, such as infrastructure, other vehicles, pedestrians, user devices, and the like. In some cases, V2X system may be based on a range of wireless communication technologies, including cellular based V2X systems, such as cellular V2X (C-V2X) systems. While current V2X systems may use certificate-based authentication and/or credentials, current V2X systems may not include robust protections against stolen or forged certificates. Thus, there exists a need for further improvements in V2X, V2V, and/or D2D technology. These improvements may also be applicable to other multi-access technologies and the telecommunication standards that employ these technologies.
The following presents a simplified summary relating to one or more aspects disclosed herein. Thus, the following summary should not be considered an extensive overview relating to all contemplated aspects, nor should the following summary be considered to identify key or critical elements relating to all contemplated aspects or to delineate the scope associated with any particular aspect. Accordingly, the following summary has the sole purpose to present certain concepts relating to one or more aspects relating to the mechanisms disclosed herein in a simplified form to precede the detailed description presented below.
Disclosed are systems, apparatuses, methods and computer-readable media for providing physical authentication for certificate theft detection. In one illustrative example, an apparatus is provided. The apparatus includes a memory and a processor coupled to the memory. The processor is configured to: obtain a certificate from a user device; obtain an expected physical attribute of the user device; obtain an indication of a current physical characteristic of the user device; verify that the current physical characteristic of the user device matches the expected physical attribute of the user device; verify the certificate from the user device based on verifying the current physical characteristic of the user device matches the expected physical attribute of the user device; and based on verifying the certificate, output an indication that the user device is verified.
In another example, a method for device verification is provided the method includes: obtaining a certificate from a user device; obtaining an expected physical attribute of the user device; obtaining an indication of a current physical characteristic of the user device; verifying that the current physical characteristic of the user device matches the expected physical attribute of the user device; verifying the certificate from the user device based on verifying the current physical characteristic of the user device matches the expected physical attribute of the user device; and based on verifying the certificate, outputting an indication that the user device is verified.
As another example, a non-transitory computer-readable medium is provided. The non-transitory computer-readable medium includes stored instructions that, when executed by a processor, causes the processor to: obtain a certificate from a user device; obtain an expected physical attribute of the user device; obtain an indication of a current physical characteristic of the user device; verify that the current physical characteristic of the user device matches the expected physical attribute of the user device; verify the certificate from the user device based on verifying the current physical characteristic of the user device matches the expected physical attribute of the user device; and based on verifying the certificate, output an indication that the user device is verified.
In another example, an apparatus for device verification is provided. The device includes: means for obtaining a certificate from a user device; means for obtaining an expected physical attribute of the user device; means for obtaining an indication of a current physical characteristic of the user device; means for verifying that the current physical characteristic of the user device matches the expected physical attribute of the user device; means for verifying the certificate from the user device based on verifying the current physical characteristic of the user device matches the expected physical attribute of the user device; and based on verifying the certificate, means for outputting an indication that the user device is verified.
In some aspects, one or more of the apparatus described herein is, includes, or is part of, a vehicle (e.g., an automobile, truck, etc., or a component or system of an automobile, truck, etc.), a mobile device (e.g., a mobile telephone or so-called “smart phone” or other mobile device), a wearable device, an extended reality device (e.g., a virtual reality (VR) device, an augmented reality (AR) device, or a mixed reality (MR) device), a personal computer, a laptop computer, a server computer, a robotics device, or other device. In some aspects, the apparatus includes radio detection and ranging (radar) for capturing radio frequency (RF) signals. In some aspects, the apparatus includes one or more light detection and ranging (LIDAR) sensors, radar sensors, or other light-based sensors for capturing light-based (e.g., optical frequency) signals. In some aspects, the apparatus includes a camera or multiple cameras for capturing one or more images. In some aspects, the apparatus further includes a display for displaying one or more images, notifications, and/or other displayable data. In some aspects, the apparatuses described above can include one or more sensors, which can be used for determining a location of the apparatuses, a state of the apparatuses (e.g., a temperature, a humidity level, and/or other state), and/or for other purposes.
This summary is not intended to identify key or essential features of the claimed subject matter, nor is it intended for use in isolation to determine the scope of the claimed subject matter. The subject matter should be understood by reference to appropriate portions of the entire specification of this patent, any or all drawings, and each claim.
Other objects and advantages associated with the aspects disclosed herein will be apparent to those skilled in the art based on the accompanying drawings and detailed description.
Illustrative aspects of the present application are described in detail below with reference to the following figures:
Certain aspects of this disclosure are provided below for illustration purposes. Alternate aspects may be devised without departing from the scope of the disclosure. Additionally, well-known elements of the disclosure will not be described in detail or will be omitted so as not to obscure the relevant details of the disclosure. Some of the aspects described herein can be applied independently and some of them may be applied in combination as would be apparent to those of skill in the art. In the following description, for the purposes of explanation, specific details are set forth in order to provide a thorough understanding of aspects of the application. However, it will be apparent that various aspects may be practiced without these specific details. The figures and description are not intended to be restrictive.
The ensuing description provides example aspects only, and is not intended to limit the scope, applicability, or configuration of the disclosure. Rather, the ensuing description of the example aspects will provide those skilled in the art with an enabling description for implementing an example aspect. It should be understood that various changes may be made in the function and arrangement of elements without departing from the spirit and scope of the application as set forth in the appended claims.
The terms “exemplary” and/or “example” are used herein to mean “serving as an example, instance, or illustration.” Any aspect described herein as “exemplary” and/or “example” is not necessarily to be construed as preferred or advantageous over other aspects. Likewise, the term “aspects of the disclosure” does not require that all aspects of the disclosure include the discussed feature, advantage or mode of operation.
Wireless communications systems are deployed to provide various telecommunication services, including telephony, video, data, messaging, broadcasts, among others. Wireless communications systems have developed through various generations. A fifth generation (5G) mobile standard calls for higher data transfer speeds, greater numbers of connections, and better coverage, among other improvements. The 5G standard (also referred to as “New Radio” or “NR”), according to the Next Generation Mobile Networks Alliance, is designed to provide data rates of several tens of megabits per second to each of tens of thousands of users.
Vehicles are an example of systems that can include wireless communications capabilities. For example, vehicles (e.g., automotive vehicles, autonomous vehicles, aircraft, maritime vessels, among others) can communicate with other vehicles and/or with other devices that have wireless communications capabilities. Wireless vehicle communication systems encompass vehicle-to-vehicle (V2V), vehicle-to-infrastructure (V2I), vehicle-to-network (V2N), and vehicle-to-pedestrian (V2P) communications, which are all collectively referred to as vehicle-to-everything (V2X) communications. V2X communications is a vehicular communication system that supports the wireless transfer of information from a vehicle to other entities (e.g., other vehicles, pedestrians with smart phones, equipped vulnerable road users (VRUs), such as bicyclists, and/or other traffic infrastructure) located within the traffic system that may affect the vehicle. The main purpose of the V2X technology is to improve road safety, fuel savings, and traffic efficiency.
In a V2X communication system, information is transmitted from vehicle sensors (and other sources) through wireless links to allow the information to be communicated to other vehicles, pedestrians, VRUs, and/or traffic infrastructure. The information may be transmitted using one or more vehicle-based messages, such as cellular-vehicle-to-everything (C-V2X) messages, which can include Sensor Data Sharing Messages (SDSMs), Basic Safety Messages (BSMs), Cooperative Awareness Messages (CAMs), Collective Perception Messages (CPMs), Decentralized Environmental Messages (DENMs), Signal Request Messages (SRMs), Signal Status Messages (SSMs) and/or other types of vehicle-based messages. By sharing this information with other vehicles, the V2X technology improves vehicle (and driver) awareness of potential dangers to help reduce collisions with other vehicles and entities. In addition, the V2X technology enhances traffic efficiency by providing traffic warnings to vehicles of potential upcoming road dangers and obstacles such that vehicles may choose alternative traffic routes.
As noted above, V2X systems may be used for communications between vehicles and other devices, such as other vehicles, infrastructure, other user equipment, and so forth. As an example, a vehicle may form an ad-hoc network with another vehicle and an infrastructure device, such as a traffic signal and may exchange location information, or timing information for the signal. In some cases, some V2X communications may include certificates. In some cases, a V2X system may use public key-based certificates for authenticating a vehicle. In some cases, an authenticated vehicle may have access to certain privileged operations. For example, a vehicle, such as an ambulance, may include its certificate in a message requesting a traffic light to turn green to allow the ambulance through an intersection faster. While V2X systems may provide certificates for authenticating certain devices, such as certain vehicles, current systems do not provide robust protections against stolen or forged certificates.
Systems, apparatuses, electronic devices, methods (also referred to as processes), and computer-readable media (collectively referred to herein as “systems and techniques”) are described herein for providing a physical authentication to help detect possible certificate theft (e.g., with respect to V2X communications). For example, after receiving a certificate from a user device, such as a vehicle (e.g., via a V2X communication), a verifying device, such as a traffic light, may verify the received certificate, for example using any certificate verification technique. The verifying device may also obtain a current physical characteristic of the user device. In some cases, the current physical characteristic may be any characteristic of a wireless device, detectible by a sensor, that may vary as between wireless devices. For example, the verifying device may obtain an image of the user device. From the image, the verifying device may extract an indication of the current physical characteristic. For instance, the current physical characteristic may be a color or shape of the user device, a type (e.g., a police vehicle, ambulance, fire truck, etc.) of the user device, a pose of the user device, a particular feature of the user device (e.g., a quick response (QR) or other machine-readable code on the user device), any combination thereof, and/or other physical characteristic. In some cases, the verifying device may obtain an indication of the current physical characteristic based on a radio frequency (RF) transmission from the user device, such as from physical layer attributes for how a request was sent to the verifying device.
The verifying device may also obtain an expected physical attribute of the user device. The expected physical attributes may be stored information describing physical characteristics of a wireless device that may be verified. In some cases, the expected physical attributes may be obtained, for example, from a central authority (e.g., a server of the central authority). Validating using information from a central authority may also allow for verification against, for example, concurrent use of a certificate, use of the certificate by a different wireless device, discrepancies in a pattern of usage, and the like. In other cases, the expected physical attribute may be obtained from a local storage/memory (e.g., a database) of a verifying device, or the expected physical attribute may be obtained from the certificate itself. The verifying device may then compare the current physical attribute of the user device to the expected physical attribute of the user device to determine if there is a match.
The above-described matching of physical attributes may be performed in addition to verifying the certificate and may help detect certificate misuse by providing a separate, physical layer of security against certificate theft or misuse.
Additional aspects of the present disclosure are described in more detail below.
As used herein, the terms “user equipment” (UE) and “network entity” are not intended to be specific or otherwise limited to any particular radio access technology (RAT), unless otherwise noted. In general, a UE may be any wireless communication device (e.g., a mobile phone, router, tablet computer, laptop computer, and/or tracking device, etc.), wearable (e.g., smartwatch, smart-glasses, wearable ring, and/or an extended reality (XR) device such as a virtual reality (VR) headset, an augmented reality (AR) headset or glasses, or a mixed reality (MR) headset), vehicle (e.g., automobile, motorcycle, bicycle, etc.), and/or Internet of Things (IoT) device, etc., used by a user to communicate over a wireless communications network. A UE may be mobile or may (e.g., at certain times) be stationary, and may communicate with a radio access network (RAN). As used herein, the term “UE” may be referred to interchangeably as an “access terminal” or “AT,” a “client device,” a “wireless device,” a “subscriber device,” a “subscriber terminal,” a “subscriber station,” a “user terminal” or “UT,” a “mobile device,” a “mobile terminal,” a “mobile station,” or variations thereof. Generally, UEs can communicate with a core network via a RAN, and through the core network the UEs can be connected with external networks such as the Internet and with other UEs. Of course, other mechanisms of connecting to the core network and/or the Internet are also possible for the UEs, such as over wired access networks, wireless local area network (WLAN) networks (e.g., based on IEEE 802.11 communication standards, etc.) and so on.
In some cases, a network entity can be implemented in an aggregated or monolithic base station or server architecture, or alternatively, in a disaggregated base station or server architecture, and may include one or more of a central unit (CU), a distributed unit (DU), a radio unit (RU), a Near-Real Time (Near-RT) RAN Intelligent Controller (RIC), or a Non-Real Time (Non-RT) RIC. In some cases, a network entity can include a server device, such as a Multi-access Edge Compute (MEC) device. A base station or server (e.g., with an aggregated/monolithic base station architecture or disaggregated base station architecture) may operate according to one of several RATs in communication with UEs, road side units (RSUs), and/or other devices depending on the network in which it is deployed, and may be alternatively referred to as an access point (AP), a network node, a NodeB (NB), an evolved NodeB (eNB), a next generation eNB (ng-eNB), a New Radio (NR) Node B (also referred to as a gNB or gNodeB), etc. A base station may be used primarily to support wireless access by UEs, including supporting data, voice, and/or signaling connections for the supported UEs. In some systems, a base station may provide edge node signaling functions while in other systems it may provide additional control and/or network management functions. A communication link through which UEs can send signals to a base station is called an uplink (UL) channel (e.g., a reverse traffic channel, a reverse control channel, an access channel, etc.). A communication link through which the base station can send signals to UEs is called a downlink (DL) or forward link channel (e.g., a paging channel, a control channel, a broadcast channel, or a forward traffic channel, etc.). The term traffic channel (TCH), as used herein, can refer to either an uplink, reverse or downlink, and/or a forward traffic channel.
The term “network entity” or “base station” (e.g., with an aggregated/monolithic base station architecture or disaggregated base station architecture) may refer to a single physical TRP or to multiple physical TRPs that may or may not be co-located. For example, where the term “network entity” or “base station” refers to a single physical TRP, the physical TRP may be an antenna of the base station corresponding to a cell (or several cell sectors) of the base station. Where the term “network entity” or “base station” refers to multiple co-located physical TRPs, the physical TRPs may be an array of antennas (e.g., as in a multiple-input multiple-output (MIMO) system or where the base station employs beamforming) of the base station. Where the term “base station” refers to multiple non-co-located physical TRPs, the physical TRPs may be a distributed antenna system (DAS) (a network of spatially separated antennas connected to a common source via a transport medium) or a remote radio head (RRH) (a remote base station connected to a serving base station). Alternatively, the non-co-located physical TRPs may be the serving base station receiving the measurement report from the UE and a neighbor base station whose reference radio frequency (RF) signals (or simply “reference signals”) the UE is measuring. Because a TRP is the point from which a base station transmits and receives wireless signals, as used herein, references to transmission from or reception at a base station are to be understood as referring to a particular TRP of the base station.
In some implementations that support positioning of UEs, a network entity or base station may not support wireless access by UEs (e.g., may not support data, voice, and/or signaling connections for UEs), but may instead transmit reference signals to UEs to be measured by the UEs, and/or may receive and measure signals transmitted by the UEs. Such a base station may be referred to as a positioning beacon (e.g., when transmitting signals to UEs) and/or as a location measurement unit (e.g., when receiving and measuring signals from UEs).
A roadside unit (RSU) is a device that can transmit and receive messages over a communications link or interface (e.g., a cellular-based sidelink or PC5 interface, an 802.11 or WiFi™ based Dedicated Short Range Communication (DSRC) interface, and/or other interface) to and from one or more UEs, other RSUs, and/or base stations. An example of messages that can be transmitted and received by an RSU includes vehicle-to-everything (V2X) messages, which are described in more detail below. RSUs can be located on various transportation infrastructure systems, including roads, bridges, parking lots, toll booths, and/or other infrastructure systems. In some examples, an RSU can facilitate communication between UEs (e.g., vehicles, pedestrian user devices, and/or other UEs) and the transportation infrastructure systems. In some implementations, a RSU can be in communication with a server, base station, and/or other system that can perform centralized management functions.
An RSU can communicate with a communications system of a UE. For example, an intelligent transport system (ITS) of a UE (e.g., a vehicle and/or other UE) can be used to generate and sign messages for transmission to an RSU and to validate messages received from an RSU. An RSU can communicate (e.g., over a PC5 interface, DSRC interface, etc.) with vehicles traveling along a road, bridge, or other infrastructure system in order to obtain traffic-related data (e.g., time, speed, location, etc. of the vehicle). In some cases, in response to obtaining the traffic-related data, the RSU can determine or estimate traffic congestion information (e.g., a start of traffic congestion, an end of traffic congestion, etc.), a travel time, and/or other information for a particular location. In some examples, the RSU can communicate with other RSUs (e.g., over a PC5 interface, DSRC interface, etc.) in order to determine the traffic-related data. The RSU can transmit the information (e.g., traffic congestion information, travel time information, and/or other information) to other vehicles, pedestrian UEs, and/or other UEs. For example, the RSU can broadcast or otherwise transmit the information to any UE (e.g., vehicle, pedestrian UE, etc.) that is in a coverage range of the RSU.
A radio frequency signal or “RF signal” comprises an electromagnetic wave of a given frequency that transports information through the space between a transmitter and a receiver. As used herein, a transmitter may transmit a single “RF signal” or multiple “RF signals” to a receiver. However, the receiver may receive multiple “RF signals” corresponding to each transmitted RF signal due to the propagation characteristics of RF signals through multipath channels. The same transmitted RF signal on different paths between the transmitter and receiver may be referred to as a “multipath” RF signal. As used herein, an RF signal may also be referred to as a “wireless signal” or simply a “signal” where it is clear from the context that the term “signal” refers to a wireless signal or an RF signal.
According to various aspects,
The base stations 102 may collectively form a RAN and interface with a core network 170 (e.g., an evolved packet core (EPC) or a 5G core (5GC)) through backhaul links 122, and through the core network 170 to one or more location servers 172 (which may be part of core network 170 or may be external to core network 170). In addition to other functions, the base stations 102 may perform functions that relate to one or more of transferring user data, radio channel ciphering and deciphering, integrity protection, header compression, mobility control functions (e.g., handover, dual connectivity), inter-cell interference coordination, connection setup and release, load balancing, distribution for non-access stratum (NAS) messages, NAS node selection, synchronization, RAN sharing, multimedia broadcast multicast service (MBMS), subscriber and equipment trace, RAN information management (RIM), paging, positioning, and delivery of warning messages. The base stations 102 may communicate with each other directly or indirectly (e.g., through the EPC or 5GC) over backhaul links 134, which may be wired and/or wireless.
The base stations 102 may wirelessly communicate with the UEs 104. Each of the base stations 102 may provide communication coverage for a respective geographic coverage area 110. In an aspect, one or more cells may be supported by a base station 102 in each coverage area 110. A “cell” is a logical communication entity used for communication with a base station (e.g., over some frequency resource, referred to as a carrier frequency, component carrier, carrier, band, or the like), and may be associated with an identifier (e.g., a physical cell identifier (PCI), a virtual cell identifier (VCI), a cell global identifier (CGI)) for distinguishing cells operating via the same or a different carrier frequency. In some cases, different cells may be configured according to different protocol types (e.g., machine-type communication (MTC), narrowband IoT (NB-IoT), enhanced mobile broadband (cMBB), or others) that may provide access for different types of UEs. Because a cell is supported by a specific base station, the term “cell” may refer to either or both of the logical communication entity and the base station that supports it, depending on the context. In addition, because a TRP is typically the physical transmission point of a cell, the terms “cell” and “TRP” may be used interchangeably. In some cases, the term “cell” may also refer to a geographic coverage area of a base station (e.g., a sector), insofar as a carrier frequency can be detected and used for communication within some portion of geographic coverage areas 110.
While neighboring macro cell base station 102 geographic coverage areas 110 may partially overlap (e.g., in a handover region), some of the geographic coverage areas 110 may be substantially overlapped by a larger geographic coverage area 110. For example, a small cell base station 102′ may have a coverage area 110′ that substantially overlaps with the coverage area 110 of one or more macro cell base stations 102. A network that includes both small cell and macro cell base stations may be known as a heterogeneous network. A heterogeneous network may also include home eNBs (HeNBs), which may provide service to a restricted group known as a closed subscriber group (CSG).
The communication links 120 between the base stations 102 and the UEs 104 may include uplink (also referred to as reverse link) transmissions from a UE 104 to a base station 102 and/or downlink (also referred to as forward link) transmissions from a base station 102 to a UE 104. The communication links 120 may use MIMO antenna technology, including spatial multiplexing, beamforming, and/or transmit diversity. The communication links 120 may be through one or more carrier frequencies. Allocation of carriers may be asymmetric with respect to downlink and uplink (e.g., more or less carriers may be allocated for downlink than for uplink).
The wireless communications system 100 may further include a WLAN AP 150 in communication with WLAN stations (STAs) 152 via communication links 154 in an unlicensed frequency spectrum (e.g., 5 Gigahertz (GHz)). When communicating in an unlicensed frequency spectrum, the WLAN STAs 152 and/or the WLAN AP 150 may perform a clear channel assessment (CCA) or listen before talk (LBT) procedure prior to communicating in order to determine whether the channel is available. In some examples, the wireless communications system 100 can include devices (e.g., UEs, etc.) that communicate with one or more UEs 104, base stations 102, APs 150, etc. utilizing the ultra-wideband (UWB) spectrum. The UWB spectrum can range from 3.1 to 10.5 GHZ.
The small cell base station 102′ may operate in a licensed and/or an unlicensed frequency spectrum. When operating in an unlicensed frequency spectrum, the small cell base station 102′ may employ LTE or NR technology and use the same 5 GHz unlicensed frequency spectrum as used by the WLAN AP 150. The small cell base station 102′, employing LTE and/or 5G in an unlicensed frequency spectrum, may boost coverage to and/or increase capacity of the access network. NR in unlicensed spectrum may be referred to as NR-U. LTE in an unlicensed spectrum may be referred to as LTE-U, licensed assisted access (LAA), or MulteFire.
The wireless communications system 100 may further include a millimeter wave (mmW) base station 180 that may operate in mmW frequencies and/or near mmW frequencies in communication with a UE 182. The mmW base station 180 may be implemented in an aggregated or monolithic base station architecture, or alternatively, in a disaggregated base station architecture (e.g., including one or more of a CU, a DU, a RU, a Near-RT RIC, or a Non-RT RIC). Extremely high frequency (EHF) is part of the RF in the electromagnetic spectrum. EHF has a range of 30 GHz to 300 GHz and a wavelength between 1 millimeter and 10 millimeters. Radio waves in this band may be referred to as a millimeter wave. Near mmW may extend down to a frequency of 3 GHZ with a wavelength of 100 millimeters. The super high frequency (SHF) band extends between 3 GHZ and 30 GHZ, also referred to as centimeter wave. Communications using the mmW and/or near mmW radio frequency band have high path loss and a relatively short range. The mmW base station 180 and the UE 182 may utilize beamforming (transmit and/or receive) over an mmW communication link 184 to compensate for the extremely high path loss and short range. Further, it will be appreciated that in alternative configurations, one or more base stations 102 may also transmit using mmW or near mmW and beamforming. Accordingly, it will be appreciated that the foregoing illustrations are merely examples and should not be construed to limit the various aspects disclosed herein.
Transmit beamforming is a technique for focusing an RF signal in a specific direction. Traditionally, when a network node or entity (e.g., a base station) broadcasts an RF signal, it broadcasts the signal in all directions (omni-directionally). With transmit beamforming, the network node determines where a given target device (e.g., a UE) is located (relative to the transmitting network node) and projects a stronger downlink RF signal in that specific direction, thereby providing a faster (in terms of data rate) and stronger RF signal for the receiving device(s). To change the directionality of the RF signal when transmitting, a network node can control the phase and relative amplitude of the RF signal at each of the one or more transmitters that are broadcasting the RF signal. For example, a network node may use an array of antennas (referred to as a “phased array” or an “antenna array”) that creates a beam of RF waves that can be “steered” to point in different directions, without actually moving the antennas. Specifically, the RF current from the transmitter is fed to the individual antennas with the correct phase relationship so that the radio waves from the separate antennas add together to increase the radiation in a desired direction, while canceling to suppress radiation in undesired directions.
Transmit beams may be quasi-collocated, meaning that they appear to the receiver (e.g., a UE) as having the same parameters, regardless of whether or not the transmitting antennas of the network node themselves are physically collocated. In NR, there are four types of quasi-collocation (QCL) relations. Specifically, a QCL relation of a given type means that certain parameters about a second reference RF signal on a second beam can be derived from information about a source reference RF signal on a source beam. Thus, if the source reference RF signal is QCL Type A, the receiver can use the source reference RF signal to estimate the Doppler shift, Doppler spread, average delay, and delay spread of a second reference RF signal transmitted on the same channel. If the source reference RF signal is QCL Type B, the receiver can use the source reference RF signal to estimate the Doppler shift and Doppler spread of a second reference RF signal transmitted on the same channel. If the source reference RF signal is QCL Type C, the receiver can use the source reference RF signal to estimate the Doppler shift and average delay of a second reference RF signal transmitted on the same channel. If the source reference RF signal is QCL Type D, the receiver can use the source reference RF signal to estimate the spatial receive parameter of a second reference RF signal transmitted on the same channel.
In receiving beamforming, the receiver uses a receive beam to amplify RF signals detected on a given channel. For example, the receiver can increase the gain setting and/or adjust the phase setting of an array of antennas in a particular direction to amplify (e.g., to increase the gain level of) the RF signals received from that direction. Thus, when a receiver is said to beamform in a certain direction, it means the beam gain in that direction is high relative to the beam gain along other directions, or the beam gain in that direction is the highest compared to the beam gain of other beams available to the receiver. This results in a stronger received signal strength, (e.g., reference signal received power (RSRP), reference signal received quality (RSRQ), signal-to-interference-plus-noise ratio (SINR), etc.) of the RF signals received from that direction.
Receive beams may be spatially related. A spatial relation means that parameters for a transmit beam for a second reference signal can be derived from information about a receive beam for a first reference signal. For example, a UE may use a particular receive beam to receive one or more reference downlink reference signals (e.g., positioning reference signals (PRS), tracking reference signals (TRS), phase tracking reference signal (PTRS), cell-specific reference signals (CRS), channel state information reference signals (CSI-RS), primary synchronization signals (PSS), secondary synchronization signals (SSS), synchronization signal blocks (SSBs), etc.) from a network node or entity (e.g., a base station). The UE can then form a transmit beam for sending one or more uplink reference signals (e.g., uplink positioning reference signals (UL-PRS), sounding reference signal (SRS), demodulation reference signals (DMRS), PTRS, etc.) to that network node or entity (e.g., a base station) based on the parameters of the receive beam.
Note that a “downlink” beam may be either a transmit beam or a receive beam, depending on the entity forming it. For example, if a network node or entity (e.g., a base station) is forming the downlink beam to transmit a reference signal to a UE, the downlink beam is a transmit beam. If the UE is forming the downlink beam, however, it is a receive beam to receive the downlink reference signal. Similarly, an “uplink” beam may be either a transmit beam or a receive beam, depending on the entity forming it. For example, if a network node or entity (e.g., a base station) is forming the uplink beam, it is an uplink receive beam, and if a UE is forming the uplink beam, it is an uplink transmit beam.
In 5G, the frequency spectrum in which wireless network nodes or entities (e.g., base stations 102/180, UEs 104/182) operate is divided into multiple frequency ranges, FR1 (from 450 to 6000 Megahertz (MHz)), FR2 (from 24250 to 52600 MHZ), FR3 (above 52600 MHz), and FR4 (between FR1 and FR2). In a multi-carrier system, such as 5G, one of the carrier frequencies is referred to as the “primary carrier” or “anchor carrier” or “primary serving cell” or “PCell,” and the remaining carrier frequencies are referred to as “secondary carriers” or “secondary serving cells” or “SCells.” In carrier aggregation, the anchor carrier is the carrier operating on the primary frequency (e.g., FR1) utilized by a UE 104/182 and the cell in which the UE 104/182 either performs the initial radio resource control (RRC) connection establishment procedure or initiates the RRC connection re-establishment procedure. The primary carrier carries all common and UE-specific control channels, and may be a carrier in a licensed frequency (however, this is not always the case). A secondary carrier is a carrier operating on a second frequency (e.g., FR2) that may be configured once the RRC connection is established between the UE 104 and the anchor carrier and that may be used to provide additional radio resources. In some cases, the secondary carrier may be a carrier in an unlicensed frequency. The secondary carrier may contain only necessary signaling information and signals, for example, those that are UE-specific may not be present in the secondary carrier, since both primary uplink and downlink carriers are typically UE-specific. This means that different UEs 104/182 in a cell may have different downlink primary carriers. The same is true for the uplink primary carriers. The network is able to change the primary carrier of any UE 104/182 at any time. This is done, for example, to balance the load on different carriers. Because a “serving cell” (whether a PCell or an SCell) corresponds to a carrier frequency and/or component carrier over which some base station is communicating, the term “cell,” “serving cell,” “component carrier,” “carrier frequency,” and the like can be used interchangeably.
For example, still referring to
In order to operate on multiple carrier frequencies, a base station 102 and/or a UE 104 is equipped with multiple receivers and/or transmitters. For example, a UE 104 may have two receivers, “Receiver 1” and “Receiver 2,” where “Receiver 1” is a multi-band receiver that can be tuned to band (i.e., carrier frequency) ‘X’ or band ‘Y,’ and “Receiver 2” is a one-band receiver tuneable to band ‘Z’ only. In this example, if the UE 104 is being served in band ‘X,’ band ‘X’ would be referred to as the PCell or the active carrier frequency, and “Receiver 1” would need to tune from band ‘X’ to band ‘Y’ (an SCell) in order to measure band ‘Y’ (and vice versa). In contrast, whether the UE 104 is being served in band ‘X’ or band ‘Y,’ because of the separate “Receiver 2,” the UE 104 can measure band ‘Z’ without interrupting the service on band ‘X’ or band ‘Y.’
The wireless communications system 100 may further include a UE 164 that may communicate with a macro cell base station 102 over a communication link 120 and/or the mmW base station 180 over an mmW communication link 184. For example, the macro cell base station 102 may support a PCell and one or more SCells for the UE 164 and the mmW base station 180 may support one or more SCells for the UE 164.
The wireless communications system 100 may further include one or more UEs, such as UE 190, that connects indirectly to one or more communication networks via one or more device-to-device (D2D) peer-to-peer (P2P) links (referred to as “sidelinks”). In the example of
An aggregated base station may be configured to utilize a radio protocol stack that is physically or logically integrated within a single RAN node. A disaggregated base station may be configured to utilize a protocol stack that is physically or logically distributed among two or more units (such as one or more central or centralized units (CUs), one or more distributed units (DUs), or one or more radio units (RUS)). In some aspects, a CU may be implemented within a RAN node, and one or more DUs may be co-located with the CU, or alternatively, may be geographically or virtually distributed throughout one or multiple other RAN nodes. The DUs may be implemented to communicate with one or more RUs. Each of the CU, DU and RU also can be implemented as virtual units, i.e., a virtual central unit (VCU), a virtual distributed unit (VDU), or a virtual radio unit (VRU).
Base station-type operation or network design may consider aggregation characteristics of base station functionality. For example, disaggregated base stations may be utilized in an integrated access backhaul (IAB) network, an open radio access network (O-RAN (such as the network configuration sponsored by the O-RAN Alliance)), or a virtualized radio access network (vRAN, also known as a cloud radio access network (C-RAN)). Disaggregation may include distributing functionality across two or more units at various physical locations, as well as distributing functionality for at least one unit virtually, which can enable flexibility in network design. The various units of the disaggregated base station, or disaggregated RAN architecture, can be configured for wired or wireless communication with at least one other unit.
An aggregated base station may be configured to utilize a radio protocol stack that is physically or logically integrated within a single RAN node. A disaggregated base station may be configured to utilize a protocol stack that is physically or logically distributed among two or more units (such as one or more central or centralized units (CUs), one or more distributed units (DUs), or one or more radio units (RUS)). In some aspects, a CU may be implemented within a RAN node, and one or more DUs may be co-located with the CU, or alternatively, may be geographically or virtually distributed throughout one or multiple other RAN nodes. The DUs may be implemented to communicate with one or more RUs. Each of the CU. DU and RU also can be implemented as virtual units, i.e., a virtual central unit (VCU), a virtual distributed unit (VDU), or a virtual radio unit (VRU).
Base station-type operation or network design may consider aggregation characteristics of base station functionality. For example, disaggregated base stations may be utilized in an integrated access backhaul (IAB) network, an open radio access network (O-RAN (such as the network configuration sponsored by the O-RAN Alliance)), or a virtualized radio access network (vRAN, also known as a cloud radio access network (C-RAN)). Disaggregation may include distributing functionality across two or more units at various physical locations, as well as distributing functionality for at least one unit virtually, which can enable flexibility in network design. The various units of the disaggregated base station, or disaggregated RAN architecture, can be configured for wired or wireless communication with at least one other unit.
As previously mentioned,
Each of the units, i.e., the CUS 211, the DUs 231, the RUs 241, as well as the Near-RT RICs 227, the Non-RT RICs 217 and the SMO Framework 207, may include one or more interfaces or be coupled to one or more interfaces configured to receive or transmit signals, data, or information (collectively, signals) via a wired or wireless transmission medium. Each of the units, or an associated processor or controller providing instructions to the communication interfaces of the units, can be configured to communicate with one or more of the other units via the transmission medium. For example, the units can include a wired interface configured to receive or transmit signals over a wired transmission medium to one or more of the other units. Additionally, the units can include a wireless interface, which may include a receiver, a transmitter or transceiver (such as an RF transceiver), configured to receive or transmit signals, or both, over a wireless transmission medium to one or more of the other units.
In some aspects, the CU 211 may host one or more higher layer control functions. Such control functions can include radio resource control (RRC), packet data convergence protocol (PDCP), service data adaptation protocol (SDAP), or the like. Each control function can be implemented with an interface configured to communicate signals with other control functions hosted by the CU 211. The CU 211 may be configured to handle user plane functionality (i.e., Central Unit-User Plane (CU-UP)), control plane functionality (i.e., Central Unit-Control Plane (CU-CP)), or a combination thereof. In some implementations, the CU 211 can be logically split into one or more CU-UP units and one or more CU-CP units. The CU-UP unit can communicate bidirectionally with the CU-CP unit via an interface, such as the E1 interface when implemented in an O-RAN configuration. The CU 211 can be implemented to communicate with the DU 131, as necessary, for network control and signaling.
The DU 231 may correspond to a logical unit that includes one or more base station functions to control the operation of one or more RUs 241. In some aspects, the DU 231 may host one or more of a radio link control (RLC) layer, a medium access control (MAC) layer, and one or more high physical (PHY) layers (such as modules for forward error correction (FEC) encoding and decoding, scrambling, modulation and demodulation, or the like) depending, at least in part, on a functional split, such as those defined by the 3rd Generation Partnership Project (3GPP). In some aspects, the DU 231 may further host one or more low PHY layers. Each layer (or module) can be implemented with an interface configured to communicate signals with other layers (and modules) hosted by the DU 231, or with the control functions hosted by the CU 211.
Lower-layer functionality can be implemented by one or more RUs 241. In some deployments, an RU 241, controlled by a DU 231, may correspond to a logical node that hosts RF processing functions, or low-PHY layer functions (such as performing fast Fourier transform (FFT), inverse FFT (iFFT), digital beamforming, physical random access channel (PRACH) extraction and filtering, or the like), or both, based at least in part on the functional split, such as a lower layer functional split. In such an architecture, the RU(s) 241 can be implemented to handle over the air (OTA) communication with one or more UEs 221. In some implementations, real-time and non-real-time aspects of control and user plane communication with the RU(s) 241 can be controlled by the corresponding DU 231. In some scenarios, this configuration can enable the DU(s) 231 and the CU 211 to be implemented in a cloud-based RAN architecture, such as a vRAN architecture.
The SMO Framework 207 may be configured to support RAN deployment and provisioning of non-virtualized and virtualized network elements. For non-virtualized network elements, the SMO Framework 207 may be configured to support the deployment of dedicated physical resources for RAN coverage requirements which may be managed via an operations and maintenance interface (such as an O1 interface). For virtualized network elements, the SMO Framework 207 may be configured to interact with a cloud computing platform (such as an open cloud (O-Cloud) 291) to perform network element life cycle management (such as to instantiate virtualized network elements) via a cloud computing platform interface (such as an O2 interface). Such virtualized network elements can include, but are not limited to, CUs 211, DUs 231, RUs 241 and Near-RT RICs 227. In some implementations, the SMO Framework 207 can communicate with a hardware aspect of a 4G RAN, such as an open eNB (O-eNB) 213, via an O1 interface. Additionally, in some implementations, the SMO Framework 207 can communicate directly with one or more RUs 241 via an O1 interface. The SMO Framework 207 also may include a Non-RT RIC 217 configured to support functionality of the SMO Framework 207.
The Non-RT RIC 217 may be configured to include a logical function that enables non-real-time control and optimization of RAN elements and resources, Artificial Intelligence/Machine Learning (AI/ML) workflows including model training and updates, or policy-based guidance of applications/features in the Near-RT RIC 227. The Non-RT RIC 217 may be coupled to or communicate with (such as via an A1 interface) the Near-RT RIC 227. The Near-RT RIC 227 may be configured to include a logical function that enables near-real-time control and optimization of RAN elements and resources via data collection and actions over an interface (such as via an E2 interface) connecting one or more CUs 211, one or more DUs 231, or both, as well as an O-eNB 213, with the Near-RT RIC 227.
In some implementations, to generate AI/ML models to be deployed in the Near-RT RIC 227, the Non-RT RIC 217 may receive parameters or external enrichment information from external servers. Such information may be utilized by the Near-RT RIC 227 and may be received at the SMO Framework 207 or the Non-RT RIC 217 from non-network data sources or from network functions. In some examples, the Non-RT RIC 217 or the Near-RT RIC 227 may be configured to tune RAN behavior or performance. For example, the Non-RT RIC 217 may monitor long-term trends and patterns for performance and employ AI/ML models to perform corrective actions through the SMO Framework 207 (such as reconfiguration via 01) or via creation of RAN management policies (such as A1 policies).
While
While PC5 interfaces are shown in
The control system 452 can be configured to control one or more operations of the vehicle 404, the power management system 451, the computing system 450, the infotainment system 454, the ITS 455, and/or one or more other systems of the vehicle 404 (e.g., a braking system, a steering system, a safety system other than the ITS 455, a cabin system, and/or other system). In some examples, the control system 452 can include one or more electronic control units (ECUs). An ECU can control one or more of the electrical systems or subsystems in a vehicle. Examples of specific ECUs that can be included as part of the control system 452 include an engine control module (ECM), a powertrain control module (PCM), a transmission control module (TCM), a brake control module (BCM), a central control module (CCM), a central timing module (CTM), among others. In some cases, the control system 452 can receive sensor signals from the one or more sensor systems 456 and can communicate with other systems of the vehicle computing system 450 to operate the vehicle 404.
The vehicle computing system 450 also includes a power management system 451. In some implementations, the power management system 451 can include a power management integrated circuit (PMIC), a standby battery, and/or other components. In some cases, other systems of the vehicle computing system 450 can include one or more PMICs, batteries, and/or other components. The power management system 451 can perform power management functions for the vehicle 404, such as managing a power supply for the computing system 450 and/or other parts of the vehicle. For example, the power management system 451 can provide a stable power supply in view of power fluctuations, such as based on starting an engine of the vehicle. In another example, the power management system 451 can perform thermal monitoring operations, such as by checking ambient and/or transistor junction temperatures. In another example, the power management system 451 can perform certain functions based on detecting a certain temperature level, such as causing a cooling system (e.g., one or more fans, an air conditioning system, etc.) to cool certain components of the vehicle computing system 450 (e.g., the control system 452, such as one or more ECUs), shutting down certain functionalities of the vehicle computing system 450 (e.g., limiting the infotainment system 454, such as by shutting off one or more displays, disconnecting from a wireless network, etc.), among other functions.
The vehicle computing system 450 further includes a communications system 458. The communications system 458 can include both software and hardware components for transmitting signals to and receiving signals from a network (e.g., a gNB or other network entity over a Uu interface) and/or from other UEs (e.g., to another vehicle or UE over a PC5 interface, WiFi interface (e.g., DSRC), Bluetooth™ interface, and/or other wireless and/or wired interface). For example, the communications system 458 is configured to transmit and receive information wirelessly over any suitable wireless network (e.g., a 3G network, 4G network, 5G network, WiFi network, Bluetooth™ network, and/or other network). The communications system 458 includes various components or devices used to perform the wireless communication functionalities, including an original equipment manufacturer (OEM) subscriber identity module (referred to as a SIM or SIM card) 460, a user SIM 462, and a modem 464. While the vehicle computing system 450 is shown as having two SIMs and one modem, the computing system 450 can have any number of SIMs (e.g., one SIM or more than two SIMs) and any number of modems (e.g., one modem, two modems, or more than two modems) in some implementations.
A SIM is a device (e.g., an integrated circuit) that can securely store an international mobile subscriber identity (IMSI) number and a related key (e.g., an encryption-decryption key) of a particular subscriber or user. The IMSI and key can be used to identify and authenticate the subscriber on a particular UE. The OEM SIM 460 can be used by the communications system 458 for establishing a wireless connection for vehicle-based operations, such as for conducting emergency-calling (eCall) functions, communicating with a communications system of the vehicle manufacturer (e.g., for software updates, etc.), among other operations. The OEM SIM 460 can be important for the OEM SIM to support critical services, such as eCall for making emergency calls in the event of a car accident or other emergency. For instance, eCall can include a service that automatically dials an emergency number (e.g., “9-1-1” in the United States, “1-1-2” in Europe, etc.) in the event of a vehicle accident and communicates a location of the vehicle to the emergency services, such as a police department, fire department, etc.
The user SIM 462 can be used by the communications system 458 for performing wireless network access functions in order to support a user data connection (e.g., for conducting phone calls, messaging. Infotainment related services, among others). In some cases, a user device of a user can connect with the vehicle computing system 450 over an interface (e.g., over PC5, Bluetooth™, WiFI™ (e.g., DSRC), a universal serial bus (USB) port, and/or other wireless or wired interface). Once connected, the user device can transfer wireless network access functionality from the user device to communications system 458 the vehicle, in which case the user device can cease performance of the wireless network access functionality (e.g., during the period in which the communications system 458 is performing the wireless access functionality). The communications system 458 can begin interacting with a base station to perform one or more wireless communication operations, such as facilitating a phone call, transmitting and/or receiving data (e.g., messaging, video, audio, etc.), among other operations. In such cases, other components of the vehicle computing system 450 can be used to output data received by the communications system 458. For example, the infotainment system 454 (described below) can display video received by the communications system 458 on one or more displays and/or can output audio received by the communications system 458 using one or more speakers.
A modem is a device that modulates one or more carrier wave signals to encode digital information for transmission, and demodulates signals to decode the transmitted information. The modem 464 (and/or one or more other modems of the communications system 458) can be used for communication of data for the OEM SIM 460 and/or the user SIM 462. In some examples, the modem 464 can include a 4G (or LTE) modem and another modem (not shown) of the communications system 458 can include a 5G (or NR) modem. In some examples, the communications system 458 can include one or more Bluetooth™ modems (e.g., for Bluetooth™ Low Energy (BLE) or other type of Bluetooth communications), one or more WiFi™ modems (e.g., for DSRC communications and/or other WiFi communications), wideband modems (e.g., an ultra-wideband (UWB) modem), any combination thereof, and/or other types of modems.
In some cases, the modem 464 (and/or one or more other modems of the communications system 458) can be used for performing V2X communications (e.g., with other vehicles for V2V communications, with other devices for D2D communications, with infrastructure systems for V2I communications, with pedestrian UEs for V2P communications, etc.). In some examples, the communications system 458 can include a V2X modem used for performing V2X communications (e.g., sidelink communications over a PC5 interface or DSRC interface), in which case the V2X modem can be separate from one or more modems used for wireless network access functions (e.g., for network communications over a network/Uu interface and/or sidelink communications other than V2X communications).
In some examples, the communications system 458 can be or can include a telematics control unit (TCU). In some implementations, the TCU can include a network access device (NAD) (also referred to in some cases as a network control unit or NCU). The NAD can include the modem 464, any other modem not shown in
In some cases, the communications system 458 can further include one or more wireless interfaces (e.g., including one or more transceivers and one or more baseband processors for each wireless interface) for transmitting and receiving wireless communications, one or more wired interfaces (e.g., a serial interface such as a universal serial bus (USB) input, a lightening connector, and/or other wired interface) for performing communications over one or more hardwired connections, and/or other components that can allow the vehicle 404 to communicate with a network and/or other UEs.
The vehicle computing system 450 can also include an infotainment system 454 that can control content and one or more output devices of the vehicle 404 that can be used to output the content. The infotainment system 454 can also be referred to as an in-vehicle infotainment (IVI) system or an In-car entertainment (ICE) system. The content can include navigation content, media content (e.g., video content, music or other audio content, and/or other media content), among other content. The one or more output devices can include one or more graphical user interfaces, one or more displays, one or more speakers, one or more extended reality devices (e.g., a VR, AR, and/or MR headset), one or more haptic feedback devices (e.g., one or more devices configured to vibrate a seat, steering wheel, and/or other part of the vehicle 404), and/or other output device.
In some examples, the computing system 450 can include the intelligent transport system (ITS) 455. In some examples, the ITS 455 can be used for implementing V2X communications. For example, an ITS stack of the ITS 455 can generate V2X messages based on information from an application layer of the ITS. In some cases, the application layer can determine whether certain conditions have been met for generating messages for use by the ITS 455 and/or for generating messages that are to be sent to other vehicles (for V2V communications), to pedestrian UEs (for V2P communications), and/or to infrastructure systems (for V2I communications). In some cases, the communications system 458 and/or the ITS 455 can obtain car access network (CAN) information (e.g., from other components of the vehicle via a CAN bus). In some examples, the communications system 458 (e.g., a TCU NAD) can obtain the CAN information via the CAN bus and can send the CAN information to a PHY/MAC layer of the ITS 455. The ITS 455 can provide the CAN information to the ITS stack of the ITS 455. The CAN information can include vehicle related information, such as a heading of the vehicle, speed of the vehicle, breaking information, among other information. The CAN information can be continuously or periodically (e.g., every 1 millisecond (ms), every 10 ms, or the like) provided to the ITS 455.
The conditions used to determine whether to generate messages can be determined using the CAN information based on safety-related applications and/or other applications, including applications related to road safety, traffic efficiency, infotainment, business, and/or other applications. In one illustrative example, the ITS 455 can perform lane change assistance or negotiation. For instance, using the CAN information, the ITS 455 can determine that a driver of the vehicle 404 is attempting to change lanes from a current lane to an adjacent lane (e.g., based on a blinker being activated, based on the user veering or steering into an adjacent lane, etc.). Based on determining the vehicle 404 is attempting to change lanes, the ITS 455 can determine a lane-change condition has been met that is associated with a message to be sent to other vehicles that are nearby the vehicle in the adjacent lane. The ITS 455 can trigger the ITS stack to generate one or more messages for transmission to the other vehicles, which can be used to negotiate a lane change with the other vehicles. Other examples of applications include forward collision warning, automatic emergency breaking, lane departure warning, pedestrian avoidance or protection (e.g., when a pedestrian is detected near the vehicle 404, such as based on V2P communications with a UE of the user), traffic sign recognition, among others.
The ITS 455 can use any suitable protocol to generate messages (e.g., V2X messages). Examples of protocols that can be used by the ITS 455 include one or more Society of Automotive Engineering (SAE) standards, such as SAE J2735, SAE J2945, SAE J3161, and/or other standards, which are hereby incorporated by reference in their entirety and for all purposes.
A security layer of the ITS 455 can be used to securely sign messages from the ITS stack that are sent to and verified by other UEs configured for V2X communications, such as other vehicles, pedestrian UEs, and/or infrastructure systems. The security layer can also verify messages received from such other UEs. In some implementations, the signing and verification processes can be based on a security context of the vehicle. In some examples, the security context may include one or more encryption-decryption algorithms, a public and/or private key used to generate a signature using an encryption-decryption algorithm, and/or other information. For example, each ITS message generated by the ITS 455 can be signed by the security layer of the ITS 455. The signature can be derived using a public key and an encryption-decryption algorithm. A vehicle, pedestrian UE, and/or infrastructure system receiving a signed message can verify the signature to make sure the message is from an authorized vehicle. In some examples, the one or more encryption-decryption algorithms can include one or more symmetric encryption algorithms (e.g., advanced encryption standard (AES), data encryption standard (DES), and/or other symmetric encryption algorithm), one or more asymmetric encryption algorithms using public and private keys (e.g., Rivest-Shamir-Adleman (RSA) and/or other asymmetric encryption algorithm), and/or other encryption-decryption algorithm.
In some examples, the ITS 455 can determine certain operations (e.g., V2X-based operations) to perform based on messages received from other UEs. The operations can include safety-related and/or other operations, such as operations for road safety, traffic efficiency, infotainment, business, and/or other applications. In some examples, the operations can include causing the vehicle (e.g., the control system 452) to perform automatic functions, such as automatic breaking, automatic steering (e.g., to maintain a heading in a particular lane), automatic lane change negotiation with other vehicles, among other automatic functions. In one illustrative example, a message can be received by the communications system 458 from another vehicle (e.g., over a PC5 interface, a DSRC interface, or other device to device direct interface) indicating that the other vehicle is coming to a sudden stop. In response to receiving the message, the ITS stack can generate a message or instruction and can send the message or instruction to the control system 452, which can cause the control system 452 to automatically break the vehicle 404 so that it comes to a stop before making impact with the other vehicle. In other illustrative examples, the operations can include triggering display of a message alerting a driver that another vehicle is in the lane next to the vehicle, a message alerting the driver to stop the vehicle, a message alerting the driver that a pedestrian is in an upcoming cross-walk, a message alerting the driver that a toll booth is within a certain distance (e.g., within 1 mile) of the vehicle, among others.
In some examples, the ITS 455 can receive a large number of messages from the other UEs (e.g., vehicles, RSUs, etc.), in which case the ITS 455 will authenticate (e.g., decode and decrypt) each of the messages and/or determine which operations to perform. Such a large number of messages can lead to a large computational load for the vehicle computing system 450. In some cases, the large computational load can cause a temperature of the computing system 450 to increase. Rising temperatures of the components of the computing system 450 can adversely affect the ability of the computing system 450 to process the large number of incoming messages. One or more functionalities can be transitioned from the vehicle 404 to another device (e.g., a user device, a RSU, etc.) based on a temperature of the vehicle computing system 450 (or component thereof) exceeding or approaching one or more thermal levels. Transitioning the one or more functionalities can reduce the computational load on the vehicle 404, helping to reduce the temperature of the components. A thermal load balancer can be provided that enable the vehicle computing system 450 to perform thermal based load balancing to control a processing load depending on the temperature of the computing system 450 and processing capacity of the vehicle computing system 450.
The computing system 450 further includes one or more sensor systems 456 (e.g., a first sensor system through an Nth sensor system, where N is a value equal to or greater than 0). When including multiple sensor systems, the sensor system(s) 456 can include different types of sensor systems that can be arranged on or in different parts the vehicle 404. The sensor system(s) 456 can include one or more camera sensor systems, LIDAR sensor systems, radio detection and ranging (RADAR) sensor systems, Electromagnetic Detection and Ranging (EmDAR) sensor systems, Sound Navigation and Ranging (SONAR) sensor systems, Sound Detection and Ranging (SODAR) sensor systems, Global Navigation Satellite System (GNSS) receiver systems (e.g., one or more Global Positioning System (GPS) receiver systems), accelerometers, gyroscopes, inertial measurement units (IMUs), infrared sensor systems, laser rangefinder systems, ultrasonic sensor systems, infrasonic sensor systems, microphones, any combination thereof, and/or other sensor systems. It should be understood that any number of sensors or sensor systems can be included as part of the computing system 450 of the vehicle 404.
While the vehicle computing system 450 is shown to include certain components and/or systems, one of ordinary skill will appreciate that the vehicle computing system 450 can include more or fewer components than those shown in
The computing system 570 may also include one or more memory devices 586, one or more digital signal processors (DSPs) 582, one or more SIMs 574, one or more modems 576, one or more wireless transceivers 578, an antenna 587, one or more input devices 572 (e.g., a camera, a mouse, a keyboard, a touch sensitive screen, a touch pad, a keypad, a microphone, and/or the like), and one or more output devices 580 (e.g., a display, a speaker, a printer, and/or the like).
The one or more wireless transceivers 578 can receive wireless signals (e.g., signal 588) via antenna 587 from one or more other devices, such as other user devices, vehicles (e.g., vehicle 404 of
In some cases, the computing system 570 can include a coding-decoding device (or CODEC) configured to encode and/or decode data transmitted and/or received using the one or more wireless transceivers 578. In some cases, the computing system 570 can include an encryption-decryption device or component configured to encrypt and/or decrypt data (e.g., according to the AES and/or DES standard) transmitted and/or received by the one or more wireless transceivers 578.
The one or more SIMs 574 can each securely store an IMSI number and related key assigned to the user of the user device 507. As noted above, the IMSI and key can be used to identify and authenticate the subscriber when accessing a network provided by a network service provider or operator associated with the one or more SIMs 574. The one or more modems 576 can modulate one or more signals to encode information for transmission using the one or more wireless transceivers 578. The one or more modems 576 can also demodulate signals received by the one or more wireless transceivers 578 in order to decode the transmitted information. In some examples, the one or more modems 576 can include a 4G (or LTE) modem, a 5G (or NR) modem, a modem configured for V2X communications, and/or other types of modems. The one or more modems 576 and the one or more wireless transceivers 578 can be used for communicating data for the one or more SIMs 574.
The computing system 570 can also include (and/or be in communication with) one or more non-transitory machine-readable storage media or storage devices (e.g., one or more memory devices 586), which can include, without limitation, local and/or network accessible storage, a disk drive, a drive array, an optical storage device, a solid-state storage device such as a RAM and/or a ROM, which can be programmable, flash-updateable and/or the like. Such storage devices may be configured to implement any appropriate data storage, including without limitation, various file systems, database structures, and/or the like.
In various aspects, functions may be stored as one or more computer-program products (e.g., instructions or code) in memory device(s) 586 and executed by the one or more processor(s) 584 and/or the one or more DSPs 582. The computing system 570 can also include software elements (e.g., located within the one or more memory devices 586), including, for example, an operating system, device drivers, executable libraries, and/or other code, such as one or more application programs, such as a V2X application, which may comprise computer programs implementing the functions provided by various aspects, and/or may be designed to implement methods and/or configure systems, as described herein.
In some cases, V2X systems may allow wireless devices, such as vehicles, to communicate with roadside systems. This networking may help provide increased safety and efficiency by prioritizing services for certain wireless devices. For example, certain vehicles, such as emergency responder vehicles, may be given priority access to roadways. For example, an intelligent traffic system may attempt to clear other traffic out of the path of the emergency responder vehicle, may change traffic signals to permit the emergency responder vehicle to traverse intersections, and the like. The ability to request such priority access, sometimes referred to as “privileged operation,” may be restricted to authorized vehicles (e.g., emergency vehicles, police, etc.) that are typically issued a cryptographic certificate, such as an Institute of Electrical and Electronics Engineers (IEEE) 1609.2 certificate, that may be unique to each vehicle. However, as such digital certificates may be broadcast, there may be concerns about stealing, cloning, and/or otherwise misappropriating such digital certificates. In some cases, robust protections against such threats may be provided by physical authentication for certificate theft protection.
In some cases, the digital certificate may be used to verify that the first vehicle 602 is eligible for privileged operations. For example, the digital certificate may include a field that indicates that an owner of the digital certificate may send certain messages and/or fields, such as for privileged operations. One illustrative example of such a digital certificate and field is a special service permissions field in a 1609.2 certificate. In some cases, each vehicle that may request privileged operation, such as the first vehicle 602 may have a unique digital certificate. In some cases, the digital certificate may also include (e.g., in one or more fields of the digital certificate) one or more physical attributes of the associated vehicle. The one or more physical attributes may describe one or more physical characteristics of the associated vehicle that may be verified. Examples of these physical characteristics may include a color of the vehicle, a description of the vehicle (e.g., make/model, license plate number, presence of a light bar, size), presence of a holographic sticker, presence of a non-visual spectrum (e.g., infrared, ultraviolet, etc.) reflective pattern, etc.), a shape of the vehicle (e.g., edges of the vehicle as described by points for pose estimation), a quick response (QR) code (or other visual code) on the vehicle, a radio frequency (RF) fingerprint (e.g., a characteristic of the RF emitter), any combination thereof, or the like. As an example, the first vehicle 602 may have physical characteristics such as being pale blue, a sedan, and having a certain license plate number.
In some cases, a specific RF emitter, or class of RF emitters (e.g., on a per-chipset and/or per wireless transmitter basis), may be identified based on, for example, a physical intrinsic property of signals transmitted by the RF emitter, such as an emitted signal pattern, doppler characteristics, signal strength variations, absorption characteristic of the signal, an estimated location of the transmitter in the wireless device, etc. Thus, the received request for privileged operations may be analyzed at a physical layer level, by the RSU 606 to obtain the RF fingerprint. In some cases, one or more physical characteristics of the vehicle may be changeable. For example, the QR code may be displayed on a changeable plate that may be updated regularly. Where one or more physical characteristics of the vehicle are changed, expected physical attributes in the digital certificate or database may also be updated. In some cases, the physical characteristics may be obtained from multiple sensors, such as an imaging sensor, as well as a radar or lidar sensor.
To help verify the one or more physical attributes of the first vehicle 602, the first RSU 606 may obtain an indication of a current physical characteristics of the first vehicle 602. The current physical characteristic may be any characteristic of a wireless device that may vary as between wireless devices, as detected by a sensor at a current time, as opposed to physical characteristics of the wireless device when those physical characteristics were stored as expected physical attributes. For example, the first RSU 606 may include, or may be coupled to, one or more cameras and the first RSU 602 may capture (e.g., obtain) one or more images of the first vehicle 602. As another example, the first RSU 606 may capture RF or other non-visual information about the first vehicle 602. In some cases, the first RSU 606 may transmit 608 the received digital certificate and obtained current physical characteristics to a central authority 610. In some cases, the central authority 610 may be an application/server executing on a network device coupled to one or more RSUs, such as the first RSU 606 and a second RSU 612. As an example, the central authority 610 may be executing on a traffic management center (TMC), a core network of a wireless provider, an internet based service, or other hosted on another device connected to the RSUs.
In some cases, the central authority 610 may verify that the first vehicle 602 may access privileged operations based on the digital certificate and the current physical characteristics. For example, the central authority 610 may verify a digital signature of the digital certificate. In some cases, the RSU, such as the first RSU 606, may verify the digital signature of the digital certificate and, if verified, the RSU may contact the central authority 610 to perform physical authentication. The central authority 610 may also verify the current physical characteristics, as captured by the first RSU 606, against one or more expected physical attributes (e.g., pale blue, a sedan, and having a certain license plate number for the first vehicle 602). As indicated above, in some cases, these expected physical attributes may be obtained from the digital certificate. In some cases, the expected physical attributes may be obtained from a database 614 coupled to the central authority 610. The expected physical attributes may be stored on a per-vehicle (e.g., wireless device) basis and the expected physical attributes for the first vehicle 602 may be retrieved from the database 614 based on identity information in the digital certificate. In some cases, the expected physical attributes may, or may not, be included in the digital certificate. For example, the expected physical attributes may be included in the digital certificate and these expected physical attributes may be used to provide physical authentication of the first vehicle 602. As another example, the expected physical attributes may not be included in the digital certificate. Instead, expected physical attributes may be obtained from the database 614 and these expected physical attributes may be used to provide physical authentication of the first vehicle 602. In yet another example, a first set of expected physical attributes may be included in the digital certificate and a second set of expected physical attributes may be included in the database 614. The first set of expected physical attributes may be checked against the second set of expected physical attributes. If the sets of expected physical attributes do not match, then the digital certificate may not be validated. If the sets of expected physical attributes match, then the expected physical attributes may be used to provide physical authentication of the first vehicle 602.
In some cases, expected physical attributes for vehicles (e.g., wireless devices) may be provided and added to the database 614 as a part of a registration (e.g., subscription initiation, activation, enrollment, etc.) procedure. In other cases, the expected physical attributes may be added to the database 614 based on an initial use of a digital certificate to request privileged operation. For example, an initial instance a digital certificate is used (and validated based on the digital signature) the current physical characteristics, as obtained by the RSU, may be stored as expected physical attributes associated with the vehicle in the database 614. In some cases, the digital certificate may also be stored in the database 614. In some cases, the digital certificate may be stored in the database 614 during a registration/enrollment process, and the expected physical attributes may be obtained and stored in the database 614 on initial use of the digital certificate.
After the expected physical attributes are obtained, the expected physical attributes may be matched against the current physical characteristics received from the RSUs. In some cases, the RSUs, such as the first RSU 606, may provide the current physical characteristics to the central authority 610 as data that has not been processed to identify/extract information, such as through image processing like object detection/identification, key point extraction, image segmentation, and the like. In such cases, the central authority 610 may process the data to extract information that may be compared to the expected physical attributes, such as a color, particular feature, pose, key points, RF signature, etc. of the first vehicle. In other cases, the RSUs, such as the first RSU 606, may preprocess the data and transit the preprocessed current physical characteristics to the central authority 610. In some cases, information about the current physical characteristics may be stored, for example, for auditing purposes. Where the expected physical attributes match the current physical characteristics (e.g., the first vehicle is pale blue, a sedan, and has a certain license plate number), and the digital signature of the digital certificate is valid, the digital certificate may be verified.
As another example, a second vehicle 616 may transmit a request for privileged operation along with a digital certificate to the second RSU 612. In some cases, the second RSU 612 may be any RSU that is connected to the central authority 610. In some cases, the second RSU 610 may be the same RSU as the first RSU 606. The actions performed by the second RSU 612 and second vehicle 616 may occur concurrently, or at a different time, as compared to the actions of the first vehicle 602 and the first RSU 606. The second RSU 612 may obtain an indication of a current physical characteristics of the second vehicle 616. These current physical characteristics may indicate that the second vehicle 616 is a red SUV with a certain RF signature. The second RSU 612 may send the digital certificate and the current physical characteristics of the second vehicle to the central authority 610. The central authority 610 may verify a digital signature of the digital certificate and obtain the expected physical attributes (e.g., from the digital certificate and/or the database 614). The expected physical attributes may indicate that a vehicle associated with the digital certificate is a dark blue sedan with a different RF signature. As the expected physical attributes and current physical characteristics do not match, the request for privileged operations may be denied and/or other actions may be taken, such as invalidating the digital certificate, notifying law enforcement, etc. In some cases, at least a threshold number of matching expected physical attributes and current physical characteristics may be matched before a digital certificate may be validated based on physical authentication.
The central authority 706 may obtain expected physical attributes for the UE 702 and match the obtained expected physical attributes to the current physical characteristics. If the expected physical attributes sufficiently match (e.g., above a threshold number of matching attributes/characteristics) the expected physical attributes, then the central authority 706 may transmit 712 an indication that the certificated has been validated (e.g., an OK response message) to the RSU 704. If the expected physical attributes do not sufficiently match the expected physical attributes, then the central authority 706 may transmit 712 an indication that the certificated has not been validated (e.g., a NOK response message) to the RUS 704. Optionally, the central authority 706 may report the UE 702 to law enforcement, a wireless network provider, etc.
If the RSU 704 receives an indication that the certificated has been validated, then the RSU 704 may perform an action associated with the requested privileged operation. In some cases, the RSU 704 may store (e.g., cache) the expected physical attributes and/or digital certificate for future physical authentication requests (e.g., requests for privileged operations). The RSU 704 may transmit 714 an acknowledgement response to the UE 702. If the RSU 704 receives an indication that the certificated has not been validated, then the RSU 704 may decline the requested privileged operation and transmit 714 a response indicating that the request has been denied.
In some cases, there may be a desire to avoid use of a central authority to perform physical authentication.
The RSU 602 may verify that the vehicle 802 may access privileged operations based on the digital certificate and the current physical characteristics. In some cases, the RSU, such as the first RSU 806, may verify the digital signature of the digital certificate and, if verified, the RSU 806 may perform physical authentication. In some cases, the RSU 806 may verify the current physical characteristics, as captured by the RSU 806, against one or more expected physical attributes (e.g., pale blue, a sedan, and having a certain license plate number for the first vehicle 602). As indicated above, in some cases, these expected physical attributes may be obtained from the digital certificate. In some cases, the expected physical attributes may be obtained from a database 814 coupled to the RSU 806. In some cases, database 814 may be substantially similar to database 614 of
After the expected physical attributes are obtained, the expected physical attributes may be matched against the current physical characteristics, by the RSU 806, in a substantially similar way to that described above with respect to
As another example, a second vehicle 816 may transmit a request for privileged operation along with a digital certificate to the RSU 806. The RSU 806 may obtain an indication of a current physical characteristics of the second vehicle 816. These current physical characteristics may indicate that the second vehicle 816 is a red SUV with a certain license plate. The RSU 806 may verify a digital signature of the digital certificate and obtain the expected physical attributes (e.g., from the digital certificate and/or the database 814). The expected physical attributes may indicate that a vehicle associated with the digital certificate is a dark blue sedan with a different license plate. As the expected physical attributes and current physical characteristics do not match, the request for privileged operations may be denied and/or other actions may be taken, such as invalidating the digital certificate, notifying law enforcement, etc. In some cases, at least a threshold number of matching expected physical attributes and current physical characteristics may be matched before a digital certificate may be validated based on physical authentication. In some cases, the RSU 806 may synchronize its database 814 of expected physical attributes with databases of other RSUs in a V2X network.
If the expected physical attributes do not sufficiently match the expected physical attributes, then the RSU 904 may decline the requested privileged operation and transmit 908 a response indicating that the request has been denied. Optionally, the RSU 904 may report the UE 902 to law enforcement, a wireless network provider, etc.
At block 1002, the computing device (or component thereof) may obtain a certificate from a user device (e.g., vehicle 304, 305 of
At block 1004, the computing device (or component thereof) may obtain an expected physical attribute of the user device. In some cases, the computing device (or component thereof) may obtain the indication of the current physical characteristic of the user device by obtaining an image (e.g., photo, video, etc.) of the user device. The computing device (or component thereof) may determine the current physical characteristic of the user device based on the image. In some aspects, the expected physical attribute is obtained from the certificate. In some cases, the expected physical attribute is obtained from the memory (e.g., either stored in the memory during a registration procedure or determined based on previous images of the user device).
At block 1006, the computing device (or component thereof) may obtain an indication of a current physical characteristic of the user device. In some cases, the current physical characteristic of the user device includes a color of the user device, a type of the user device; a pose of the user device, a size of the user device, a shape of the user device, any combination thereof, and/or other characteristic.
At block 1008, the computing device (or component thereof) may verify that the current physical characteristic of the user device matches the expected physical attribute of the user device. For example, the current physical characteristics may be recognized in received images and matched against the expected physical attributes.
At block 1010, the computing device (or component thereof) may verify the certificate from the user device based on verifying the current physical characteristic of the user device matches the expected physical attribute of the user device. In some cases, verifying the certificate from the user device may also include verifying a signature (e.g., digital signature) of the certificate.
At block 1012, the computing device (or component thereof) may, based on verifying the certificate, output an indication that the user device is verified.
In some aspects, computing system 1100 is a distributed system in which the functions described in this disclosure can be distributed within a datacenter, multiple data centers, a peer network, etc. In some aspects, one or more of the described system components represents many such components each performing some or all of the function for which the component is described. In some aspects, the components can be physical or virtual devices.
Example system 1100 includes at least one processing unit (CPU or processor) 1110 and connection 1105 that communicatively couples various system components including system memory 1115, such as read-only memory (ROM) 1120 and random access memory (RAM) 1125 to processor 1110. Computing system 1100 can include a cache 1112 of high-speed memory connected directly with, in close proximity to, or integrated as part of processor 1110.
Processor 1110 can include any general purpose processor and a hardware service or software service, such as services 1132, 1134, and 1136 stored in storage device 1130, configured to control processor 1110 as well as a special-purpose processor where software instructions are incorporated into the actual processor design. Processor 1110 may essentially be a completely self-contained computing system, containing multiple cores or processors, a bus, memory controller, cache, etc. A multi-core processor may be symmetric or asymmetric.
To enable user interaction, computing system 1100 includes an input device 1145, which can represent any number of input mechanisms, such as a microphone for speech, a touch-sensitive screen for gesture or graphical input, keyboard, mouse, motion input, speech, etc. Computing system 1100 can also include output device 1135, which can be one or more of a number of output mechanisms. In some instances, multimodal systems can enable a user to provide multiple types of input/output to communicate with computing system 1100.
Computing system 1100 can include communications interface 1140, which can generally govern and manage the user input and system output. The communication interface may perform or facilitate receipt and/or transmission wired or wireless communications using wired and/or wireless transceivers, including those making use of an audio jack/plug, a microphone jack/plug, a universal serial bus (USB) port/plug, an Apple™ Lightning™ port/plug, an Ethernet port/plug, a fiber optic port/plug, a proprietary wired port/plug, 3G, 4G, 5G and/or other cellular data network wireless signal transfer, a Bluetooth™ wireless signal transfer, a Bluetooth™ low energy (BLE) wireless signal transfer, an IBEACON™ wireless signal transfer, a radio-frequency identification (RFID) wireless signal transfer, near-field communications (NFC) wireless signal transfer, dedicated short range communication (DSRC) wireless signal transfer, 802.11 Wi-Fi wireless signal transfer, wireless local area network (WLAN) signal transfer, Visible Light Communication (VLC), Worldwide Interoperability for Microwave Access (WiMAX), Infrared (IR) communication wireless signal transfer, Public Switched Telephone Network (PSTN) signal transfer, Integrated Services Digital Network (ISDN) signal transfer, ad-hoc network signal transfer, radio wave signal transfer, microwave signal transfer, infrared signal transfer, visible light signal transfer, ultraviolet light signal transfer, wireless signal transfer along the electromagnetic spectrum, or some combination thereof.
The communications interface 1140 may also include one or more range sensors (e.g., LIDAR sensors, laser range finders, RF radars, ultrasonic sensors, and infrared (IR) sensors) configured to collect data and provide measurements to processor 1110, whereby processor 1110 can be configured to perform determinations and calculations needed to obtain various measurements for the one or more range sensors. In some examples, the measurements can include time of flight, wavelengths, azimuth angle, elevation angle, range, linear velocity and/or angular velocity, or any combination thereof. The communications interface 1140 may also include one or more Global Navigation Satellite System (GNSS) receivers or transceivers that are used to determine a location of the computing system 1100 based on receipt of one or more signals from one or more satellites associated with one or more GNSS systems. GNSS systems include, but are not limited to, the US-based GPS, the Russia-based Global Navigation Satellite System (GLONASS), the China-based BeiDou Navigation Satellite System (BDS), and the Europe-based Galileo GNSS. There is no restriction on operating on any particular hardware arrangement, and therefore the basic features here may easily be substituted for improved hardware or firmware arrangements as they are developed.
Storage device 1130 can be a non-volatile and/or non-transitory and/or computer-readable memory device and can be a hard disk or other types of computer readable media which can store data that are accessible by a computer, such as magnetic cassettes, flash memory cards, solid state memory devices, digital versatile disks, cartridges, a floppy disk, a flexible disk, a hard disk, magnetic tape, a magnetic strip/stripe, any other magnetic storage medium, flash memory, memristor memory, any other solid-state memory, a compact disc read only memory (CD-ROM) optical disc, a rewritable compact disc (CD) optical disc, digital video disk (DVD) optical disc, a blu-ray disc (BDD) optical disc, a holographic optical disk, another optical medium, a secure digital (SD) card, a micro secure digital (microSD) card, a Memory Stick® card, a smartcard chip, a EMV chip, a subscriber identity module (SIM) card, a mini/micro/nano/pico SIM card, another integrated circuit (IC) chip/card, random access memory (RAM), static RAM (SRAM), dynamic RAM (DRAM), read-only memory (ROM), programmable read-only memory (PROM), erasable programmable read-only memory (EPROM), electrically erasable programmable read-only memory (EEPROM), flash EPROM (FLASHEPROM), cache memory (e.g., Level 1 (L1) cache, Level 2 (L2) cache, Level 3 (L3) cache, Level 4 (L4) cache, Level 5 (L5) cache, or other (L #) cache), resistive random-access memory (RRAM/ReRAM), phase change memory (PCM), spin transfer torque RAM (STT-RAM), another memory chip or cartridge, and/or a combination thereof.
The storage device 1130 can include software services, servers, services, etc., that when the code that defines such software is executed by the processor 1110, it causes the system to perform a function. In some aspects, a hardware service that performs a particular function can include the software component stored in a computer-readable medium in connection with the necessary hardware components, such as processor 1110, connection 1105, output device 1135, etc., to carry out the function. The term “computer-readable medium” includes, but is not limited to, portable or non-portable storage devices, optical storage devices, and various other mediums capable of storing, containing, or carrying instruction(s) and/or data. A computer-readable medium may include a non-transitory medium in which data can be stored and that does not include carrier waves and/or transitory electronic signals propagating wirelessly or over wired connections. Examples of a non-transitory medium may include, but are not limited to, a magnetic disk or tape, optical storage media such as compact disk (CD) or digital versatile disk (DVD), flash memory, memory or memory devices. A computer-readable medium may have stored thereon code and/or machine-executable instructions that may represent a procedure, a function, a subprogram, a program, a routine, a subroutine, a module, a software package, a class, or any combination of instructions, data structures, or program statements. A code segment may be coupled to another code segment or a hardware circuit by passing and/or receiving information, data, arguments, parameters, or memory contents. Information, arguments, parameters, data, etc. may be passed, forwarded, or transmitted via any suitable means including memory sharing, message passing, token passing, network transmission, or the like.
Specific details are provided in the description above to provide a thorough understanding of the aspects and examples provided herein, but those skilled in the art will recognize that the application is not limited thereto. Thus, while illustrative aspects of the application have been described in detail herein, it is to be understood that the inventive concepts may be otherwise variously embodied and employed, and that the appended claims are intended to be construed to include such variations, except as limited by the prior art. Various features and aspects of the above-described application may be used individually or jointly. Further, aspects can be utilized in any number of environments and applications beyond those described herein without departing from the broader scope of the specification. The specification and drawings are, accordingly, to be regarded as illustrative rather than restrictive. For the purposes of illustration, methods were described in a particular order. It should be appreciated that in alternate aspects, the methods may be performed in a different order than that described.
For clarity of explanation, in some instances the present technology may be presented as including individual functional blocks comprising devices, device components, steps or routines in a method embodied in software, or combinations of hardware and software. Additional components may be used other than those shown in the figures and/or described herein. For example, circuits, systems, networks, processes, and other components may be shown as components in block diagram form in order not to obscure the aspects in unnecessary detail. In other instances, well-known circuits, processes, algorithms, structures, and techniques may be shown without unnecessary detail in order to avoid obscuring the aspects.
Further, those of skill in the art will appreciate that the various illustrative logical blocks, modules, circuits, and algorithm steps described in connection with the aspects disclosed herein may be implemented as electronic hardware, computer software, or combinations of both. To clearly illustrate this interchangeability of hardware and software, various illustrative components, blocks, modules, circuits, and steps have been described above generally in terms of their functionality. Whether such functionality is implemented as hardware or software depends upon the particular application and design constraints imposed on the overall system. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the present disclosure.
Individual aspects may be described above as a process or method which is depicted as a flowchart, a flow diagram, a data flow diagram, a structure diagram, or a block diagram. Although a flowchart may describe the operations as a sequential process, many of the operations can be performed in parallel or concurrently. In addition, the order of the operations may be re-arranged. A process is terminated when its operations are completed, but could have additional steps not included in a figure. A process may correspond to a method, a function, a procedure, a subroutine, a subprogram, etc. When a process corresponds to a function, its termination can correspond to a return of the function to the calling function or the main function.
Processes and methods according to the above-described examples can be implemented using computer-executable instructions that are stored or otherwise available from computer-readable media. Such instructions can include, for example, instructions and data which cause or otherwise configure a general purpose computer, special purpose computer, or a processing device to perform a certain function or group of functions. Portions of computer resources used can be accessible over a network. The computer executable instructions may be, for example, binaries, intermediate format instructions such as assembly language, firmware, source code. Examples of computer-readable media that may be used to store instructions, information used, and/or information created during methods according to described examples include magnetic or optical disks, flash memory, USB devices provided with non-volatile memory, networked storage devices, and so on.
In some aspects the computer-readable storage devices, mediums, and memories can include a cable or wireless signal containing a bitstream and the like. However, when mentioned, non-transitory computer-readable storage media expressly exclude media such as energy, carrier signals, electromagnetic waves, and signals per sc.
Those of skill in the art will appreciate that information and signals may be represented using any of a variety of different technologies and techniques. For example, data, instructions, commands, information, signals, bits, symbols, and chips that may be referenced throughout the above description may be represented by voltages, currents, electromagnetic waves, magnetic fields or particles, optical fields or particles, or any combination thereof, in some cases depending in part on the particular application, in part on the desired design, in part on the corresponding technology, etc.
The various illustrative logical blocks, modules, and circuits described in connection with the aspects disclosed herein may be implemented or performed using hardware, software, firmware, middleware, microcode, hardware description languages, or any combination thereof, and can take any of a variety of form factors. When implemented in software, firmware, middleware, or microcode, the program code or code segments to perform the necessary tasks (e.g., a computer-program product) may be stored in a computer-readable or machine-readable medium. A processor(s) may perform the necessary tasks. Examples of form factors include laptops, smart phones, mobile phones, tablet devices or other small form factor personal computers, personal digital assistants, rackmount devices, standalone devices, and so on. Functionality described herein also can be embodied in peripherals or add-in cards. Such functionality can also be implemented on a circuit board among different chips or different processes executing in a single device, by way of further example.
The instructions, media for conveying such instructions, computing resources for executing them, and other structures for supporting such computing resources are example means for providing the functions described in the disclosure.
The techniques described herein may also be implemented in electronic hardware, computer software, firmware, or any combination thereof. Such techniques may be implemented in any of a variety of devices such as general purposes computers, wireless communication device handsets, or integrated circuit devices having multiple uses including application in wireless communication device handsets and other devices. Any features described as modules or components may be implemented together in an integrated logic device or separately as discrete but interoperable logic devices. If implemented in software, the techniques may be realized at least in part by a computer-readable data storage medium comprising program code including instructions that, when executed, performs one or more of the methods, algorithms, and/or operations described above. The computer-readable data storage medium may form part of a computer program product, which may include packaging materials. The computer-readable medium may comprise memory or data storage media, such as random access memory (RAM) such as synchronous dynamic random access memory (SDRAM), read-only memory (ROM), non-volatile random access memory (NVRAM), electrically erasable programmable read-only memory (EEPROM), FLASH memory, magnetic or optical data storage media, and the like. The techniques additionally, or alternatively, may be realized at least in part by a computer-readable communication medium that carries or communicates program code in the form of instructions or data structures and that can be accessed, read, and/or executed by a computer, such as propagated signals or waves.
The program code may be executed by a processor, which may include one or more processors, such as one or more digital signal processors (DSPs), general purpose microprocessors, an application specific integrated circuits (ASICs), field programmable logic arrays (FPGAs), or other equivalent integrated or discrete logic circuitry. Such a processor may be configured to perform any of the techniques described in this disclosure. A general-purpose processor may be a microprocessor; but in the alternative, the processor may be any conventional processor, controller, microcontroller, or state machine. A processor may also be implemented as a combination of computing devices, e.g., a combination of a DSP and a microprocessor, a plurality of microprocessors, one or more microprocessors in conjunction with a DSP core, or any other such configuration. Accordingly, the term “processor,” as used herein may refer to any of the foregoing structure, any combination of the foregoing structure, or any other structure or apparatus suitable for implementation of the techniques described herein.
One of ordinary skill will appreciate that the less than (“<”) and greater than (“>”) symbols or terminology used herein can be replaced with less than or equal to (“≤”) and greater than or equal to (“≥”) symbols, respectively, without departing from the scope of this description.
Where components are described as being “configured to” perform certain operations, such configuration can be accomplished, for example, by designing electronic circuits or other hardware to perform the operation, by programming programmable electronic circuits (e.g., microprocessors, or other suitable electronic circuits) to perform the operation, or any combination thereof.
The phrase “coupled to” or “communicatively coupled to” refers to any component that is physically connected to another component either directly or indirectly, and/or any component that is in communication with another component (e.g., connected to the other component over a wired or wireless connection, and/or other suitable communication interface) either directly or indirectly.
Claim language or other language reciting “at least one of” a set and/or “one or more” of a set indicates that one member of the set or multiple members of the set (in any combination) satisfy the claim. For example, claim language reciting “at least one of A and B” or “at least one of A or B” means A, B, or A and B. In another example, claim language reciting “at least one of A, B, and C” or “at least one of A, B, or C” means A, B, C, or A and B, or A and C, or B and C, or A and B and C. The language “at least one of” a set and/or “one or more” of a set does not limit the set to the items listed in the set. For example, claim language reciting “at least one of A and B” or “at least one of A or B” can mean A, B, or A and B, and can additionally include items not listed in the set of A and B.
Illustrative aspects of the disclosure include:
Aspect 1. An apparatus, comprising: a memory; and a processor coupled to the memory, wherein the processor is configured to: obtain a certificate from a user device; obtain an expected physical attribute of the user device; obtain an indication of a current physical characteristic of the user device; verify that the current physical characteristic of the user device matches the expected physical attribute of the user device; verify the certificate from the user device based on verifying the current physical characteristic of the user device matches the expected physical attribute of the user device; and based on verifying the certificate, output an indication that the user device is verified.
Aspect 2. The apparatus of Aspect 1, wherein the user device comprises a vehicle, and wherein the certificate is obtained from the user device via a vehicle-to-everything (V2X) communication.
Aspect 3. The apparatus of any of Aspects 1-2, wherein, to obtain the indication of the current physical characteristic of the user device, the processor is further configured to: obtain an image of the user device; and determine the current physical characteristic of the user device based on the image.
Aspect 4. The apparatus of Aspect 3, wherein the current physical characteristic of the user device comprises at least one of: a color of the user device; a type of the user device; a pose of the user device; a size of the user device; or a shape of the user device.
Aspect 5. The apparatus of any of Aspects 1-4, wherein, to obtain the certificate from the user device, the processor is configured to receive a radio frequency (RF) signal from the user device including the certificate, and wherein the current physical characteristic of the user device comprises a fingerprint of the RF signal from the user device.
Aspect 6. The apparatus of any of Aspects 1-5, wherein, to obtain the certificate from the user device, the processor is configured to receive the certificate from a network device.
Aspect 7. The apparatus of Aspect 6, wherein the network device comprises a road side unit.
Aspect 8. The apparatus of any of Aspects 1-7, wherein the expected physical attribute is obtained from the certificate.
Aspect 9. The apparatus of any of Aspects 1-8, wherein the expected physical attribute is obtained from the memory.
Aspect 10. The apparatus of any of Aspects 1-9, wherein, to verify the certificate from the user device, the processor is configured to verify a signature of the certificate.
Aspect 11. A method for device verification, comprising: obtaining a certificate from a user device; obtaining an expected physical attribute of the user device; obtaining an indication of a current physical characteristic of the user device; verifying that the current physical characteristic of the user device matches the expected physical attribute of the user device; verifying the certificate from the user device based on verifying the current physical characteristic of the user device matches the expected physical attribute of the user device; and based on verifying the certificate, outputting an indication that the user device is verified.
Aspect 12. The method of Aspect 11, wherein the user device comprises a vehicle, and wherein the certificate is obtained from the user device via a vehicle-to-everything (V2X) communication.
Aspect 13. The method of any of Aspects 11-12, wherein obtaining the indication of the current physical characteristic of the user device comprises: obtaining an image of the user device; and determining the current physical characteristic of the user device based on the image.
Aspect 14. The method of Aspect 13, wherein the current physical characteristic of the user device comprises at least one of: a color of the user device; a type of the user device; a pose of the user device; a size of the user device; or a shape of the user device.
Aspect 15. The method of any of Aspects 11-14, wherein obtaining the certificate from the user device comprises receiving a radio frequency (RF) signal from the user device including the certificate, and wherein the current physical characteristic of the user device comprises a fingerprint of the RF signal from the user device.
Aspect 16. The method of any of Aspects 11-15, wherein obtaining the certificate from the user device comprises receiving the certificate from a network device.
Aspect 17. The method of Aspect 16, wherein the network device comprises a road side unit.
Aspect 18. The method of any of Aspects 11-17, wherein the expected physical attribute is obtained from the certificate.
Aspect 19. The method of any of Aspects 11-18, wherein the expected physical attribute is obtained from a memory.
Aspect 20. The method of any of Aspects 11-19, wherein verifying the certificate from the user device comprises verifying a signature of the certificate.
Aspect 21. A non-transitory computer-readable medium having stored thereon instructions that, when executed by a processor, causes the processor to: obtain a certificate from a user device; obtain an expected physical attribute of the user device; obtain an indication of a current physical characteristic of the user device; verify that the current physical characteristic of the user device matches the expected physical attribute of the user device; verify the certificate from the user device based on verifying the current physical characteristic of the user device matches the expected physical attribute of the user device; and based on verifying the certificate, output an indication that the user device is verified.
Aspect 22. The non-transitory computer-readable medium of Aspect 21, wherein the user device comprises a vehicle, and wherein the certificate is obtained from the user device via a vehicle-to-everything (V2X) communication.
Aspect 23. The non-transitory computer-readable medium of any of Aspects 21-22, wherein, to obtain the indication of the current physical characteristic of the user device, the instructions cause the processor to: obtain an image of the user device; and determine the current physical characteristic of the user device based on the image.
Aspect 24. The non-transitory computer-readable medium of Aspect 23, wherein the current physical characteristic of the user device comprises at least one of: a color of the user device; a type of the user device; a pose of the user device; a size of the user device; or a shape of the user device.
Aspect 25. The non-transitory computer-readable medium of any of Aspects 21-24, wherein, to obtain the certificate from the user device, the instructions cause the processor to receive a radio frequency (RF) signal from the user device including the certificate, and wherein the current physical characteristic of the user device comprises a fingerprint of the RF signal from the user device.
Aspect 26. The non-transitory computer-readable medium of any of Aspects 21-25, wherein, to obtain the certificate from the user device, the instructions cause the processor to receive the certificate from a network device.
Aspect 27. The non-transitory computer-readable medium of Aspect 26, wherein the network device comprises a road side unit.
Aspect 28. The non-transitory computer-readable medium of any of Aspects 21-27, wherein the expected physical attribute is obtained from the certificate.
Aspect 29. The non-transitory computer-readable medium of any of Aspects 21-28, wherein the expected physical attribute is obtained from a memory.
Aspect 30. The non-transitory computer-readable medium of any of Aspects 21-29, wherein, to verify the certificate from the user device, the instructions cause the processor to verify a signature of the certificate.
Aspect 31: An apparatus for wireless communications, comprising one or more means for performing operations according to any of aspects 11 to 20.
The previous description is provided to enable any person skilled in the art to practice the various aspects described herein. Various modifications to these aspects will be readily apparent to those skilled in the art, and the generic principles defined herein may be applied to other aspects. Thus, the claims are not intended to be limited to the aspects shown herein, but is to be accorded the full scope consistent with the language claims, wherein reference to an element in the singular is not intended to mean “one and only one” unless specifically so stated, but rather “one or more.”
