Vehicle security module system

Description

BACKGROUND

The present disclosure pertains to vehicle electronics and particularly to on board diagnostics systems.

SUMMARY

The disclosure reveals a vehicle security system having controller area network buses, electronic control units connected to the controller area network buses, a vehicle security module connected to the controller area network buses, and an on board diagnostics connector connected to the vehicle security module. The vehicle security module may according to a policy discriminate between authorized and unauthorized signals that are input to the on board diagnostics connector. Authorized signals may be forwarded by the vehicle security module to the controller area network busses. Authorized signals may affect operation of one or more of the components of the vehicle via the electronic control units. Authorized signals may change the policy used by the vehicle security module. Unauthorized signals may be refused entry to the controller area network busses. The on board diagnostics connector may receive the signals from diagnostic instrumentation, control instrumentation, tracking instrumentation, a dongle, and so forth.

BRIEF DESCRIPTION OF THE DRAWING

FIG. 1 is a diagram of an on board diagnostics computer arrangement for a vehicle;

FIG. 2 is a diagram of an interaction of a vehicle original equipment manufacturer, policy change requestor, vehicle security module and instrumentation such as a dongle;

FIG. 3 is a diagram of tables illustrating a default vehicle security module and authorization token change of the policy;

FIG. 4 is a diagram of a table illustrating a policy selection, an authorization token selection and a resulting policy of various selections;

FIG. 5 is a diagram showing an example implementation of an authorization token;

FIG. 6 is a diagram of a vehicle security module circuit board;

FIG. 7 is a diagram of interfaces to the vehicle security module;

FIG. 8 is a diagram of an example architecture modified for a vehicle security module;

FIG. 9 as a diagram of an example of circuitry for a vehicle security module; and

FIGS. 10a through 10j are diagrams of enlarged portions of the circuitry in FIG. 9.

DESCRIPTION

The present system and approach may incorporate one or more processors, computers, controllers, user interfaces, wireless and/or wire connections, and/or the like, in an implementation described and/or shown herein.

This description may provide one or more illustrative and specific examples or ways of implementing the present system and approach. There may be numerous other examples or ways of implementing the system and approach.

Reference may be made to symbols in the drawing. Symbols may have virtually any shape (e.g., a block) and may designate hardware, objects, activities, steps, procedures, and other items.

The idea pertains to vehicle security modules, and how to keep unauthorized intruders out of them while letting in legitimate individuals (e.g., authorized mechanics). At a high level, the present system and approach may propose an electronic key system that gives a vehicle manufacturer an ability to dictate who can get into a vehicle security module (VSM), and once in, which portions or bits of it they can change. The vehicle manufacture may be regarded as an original equipment manufacturer (OEM). The terms may be used herein interchangeably.

The system and approach use unique authorization “tokens” that dictate exactly what level of access is granted to the VSM and/or what changes can be made to the VSM policy, and may have, for example, a public/private key pairing that is used to ensure only an authorized entity is using the token. There may be several ways to ensure that the authorization token is securely passed to and accepted by the VSM.

On-board diagnostics (OBD) is an automotive term referring to a vehicle's self-diagnostic and reporting capability. OBD systems may appear in many cars and light trucks on the road today. Present OBD's may provide almost complete engine control and also monitor parts of the chassis, body and accessory devices, as well as a diagnostic control network of the car. Modern OBD implementations may use a standardized digital communications port or connector to provide real-time data in addition to a standardized series of diagnostic trouble codes (DTCs), which may allow one to rapidly identify and remedy malfunctions within the vehicle.

The present system may use an authorization token in its device. The system does not necessarily need an internet connection. The internet connection may be appropriate for a vehicle in a repair shop but it may not necessarily be appropriate for a vehicle operating on the open road with an insurance or tuning dongle.

The system does not necessarily only allow the diagnostic tool to select from pre-existing roles which have been programmed into an electronic control unit (ECU) or vehicle security module. The system may allow a flexible modification of a base security policy such that new features or access profiles not anticipated at the time of ECU manufacture can be supported by the present approach. In addition, if a security flaw is discovered in the base security policy, the present approach may be used to modify the policy to reduce the risk of compromise.

The present approach does not necessarily require a set of role-based policies in each ECU. The present approach may enforce a policy at the VSM. Thus, the present approach may prevent a device at the OBD II port from injecting traffic on the controller area network CAN bus. Thus, non-diagnostic commands, like turning the steering wheel, unlocking doors, and so forth, may not necessarily be sent to a vehicle via the OBD II within the present scheme. The present system may filter messages which may be destined to be injected into a CAN bus.

FIG. 1 is a diagram of an on board diagnostics (OBD) computer arrangement for a vehicle. An interface or connector 11 may provide an input for diagnostic or control instrumentation, such as a dongle. Instrumentation 12 may be provide an input for control or programming of electronic control units (ECUs) 13, 14 and 15 on a high speed CAN bus 21, and ECUs 16, 17 and 18 on a medium speed CAN bus 22. Between the ECUs and interface 11 may be a VSM 19 that can restrict access to the ECUs' inputs and outputs. VSM 19 may incorporate a gateway that is integrated in the VSM electronics. What is permitted in terms of inputs and outputs to buses 21 and 22, and the respective ECUs 13-18, may be based on policy.

Vehicle manufacturers may need the ability to manage issues such as liability by limiting how a device or software application can modify the operation of a vehicle while at the same time meeting laws and owner expectations related to the right to repair and modify of the vehicle. The present system and approach may allow the vehicle manufacturer to manage vehicle safety/security policy and associated liability by controlling when and which portions of the policy are enforced. Thus, the vehicle manufacturer may be allowed to selectively modify the policy in the vehicle.

There may be many variations for securely distributing a policy change authorization token to the vehicle security module. One approach may incorporate a dongle pair. An example is given in the following. Key creation and loading of authorization token into dongle may occur. Public key material and a corresponding public key infrastructure may be created as shown in view of a diagram 60 in FIG. 2, the following items: 1) An original equipment manufacturer (OEM) 61 may create a public/private key pair at corner 62 of diagram 60; 2) A vehicle security module 63 may also create its own public/private key pair; OEM 61 may embed along line 64 the OEM public key into vehicle security module 63; 3) A policy change requestor (PCR) 65 may create a public/private key pair at a corner 66 at an end of a line 69 from corner 62 of diagram 60; 4) OEM 61 may use the OEM private key to digitally sign a certificate (e.g., X.509v3) containing a PCR 65 identity and a PCR public key; 5) Vehicle OEM 61 may create a policy change authorization token which includes the changes to the policy and a dongle ID of a set of dongles associated with this authorization token; the authorization token may be signed using the OEM private key; 6) A public/private key pair may be created for a dongle 67 at corner 68 of a line 70 from corner 66 of diagram 60; and 7) PCR 65 may use the PCR private key to sign a certificate for dongle 67 containing the dongle ID, and PCR 65 may also load a copy of the PCR certificate into dongle 67.

An authorization token use may be noted. When dongle 67 is plugged into a vehicle, there may be a protocol exchange along a line 71 between corners 68 and 72, which allows the vehicle security module 63 to confirm the identity of dongle 67, allows the vehicle security module 63 to confirm that the authorization token is bound to dongle 67, and allows the vehicle security module 63 to confirm that the authorization token was authorized by vehicle OEM 61.

There may be multiple ways that the above-noted three confirmations may be achieved. One approach may be primarily described in the following paragraphs.

1) A dongle and a vehicle may perform a Diffie Hellman key exchange using the dongle certificate to establish a shared secret between the dongle and a vehicle security module. This may be a cryptographic handshake protocol. Other variations of the key exchange, besides the Diffie Hellman exchange noted herein, may be used.

2) The dongle may send the vehicle security module an authorization token and an integrity check value. Both of these items may be cryptographically protected using a key derived from the Diffie Hellman exchange.

3) The vehicle security module may use the key derived from, for instance, the Diffie Hellman exchange to validate an integrity check value. If the check is valid, then the vehicle security module may know that the dongle has the same key derived from the Diffie Hellman exchange.

4) The vehicle security module may then “walk the chain” of public key certificates from the dongle to a common root of trust (i.e., an OEM private key in this example). Assuming that the checks produce an expected result, the vehicle security module may know that this dongle is the dongle it claims to be.

5) The vehicle security module may the use an OEM public key to validate a digital signature on an authorization token. Assuming the digital signature to be valid, the vehicle security module may know that the authorization token is authorized by the vehicle OEM.

6) At this point, the vehicle security module may know that the dongle ID from the dongle certificate, it may know the dongle is authentic because of a successful Diffie Hellman key exchange and it may know that the policy changes contained in the authorization token are valid and apply to the specified dongle ID. Thus, the vehicle security module may make changes in its policy.

Variations in the above-described process, which produce a similar, result may incorporate:

1) A cryptographic algorithm—the public key algorithm may be an RSA (a Rivest Shamir Adelman public key cryptography algorithm) or an elliptic curve.

2) A cryptographic key length—various public key pairs (OEM, dongle vendor, dongle, and so forth) may use different key lengths.

3) A certificate structure—the certificates may be X.509 v3 certificates or a proprietary format.

4) A PKI—the PKI (private key infrastructure) may be a simple structure in which the OEM serves as its own root of trust (also known as a root certificate authority). The system may use a larger and more complete PKI in which the root of trust is above the OEM. This type of structure may allow one dongle to be recognized by vehicle security modules associated with multiple OEMs.

5) A key establishment protocol—many different protocols may exist to establish secure communications between the dongle and the VSM.

6) An authorization token distribution—the authorization token may be distributed via the dongle such that the dongle is the transport mechanism. The authorization token may be embedded in the VSM firmware and activated when an authorized dongle authenticates itself to the VSM. The authorization token may be fetched in real time by either the VSM or the dongle.

7) An authorization token structure—the structure of the policy override may be virtually a complete replacement of the default VSM policy. Alternatively, the structure may simply identify changes to a default policy. A set of changes may be bundled as a single package containing one or more changes. Alternatively, the changes may be packaged as one change per token such that a dongle could have multiple tokens associated with it.

A feature of the present system and approach may be that the security and/or safety policy in the vehicle security module could be changed in the field using a cryptographically protected authorization token which is directly or indirectly associated with a dongle.

The vehicle security module may be shipped with a default security policy. The policy may specify the types of messages allowed to flow to and/or from the vehicle to a device plugged into an on board diagnostics II (OBD) port. An authorization token may specify changes to be applied to the policy when the device associated with the authorization token is plugged in.

There may be many ways of specifying a policy. One example of a policy, along with an authorization token changing the policy, may be provided in the following:

1) A default vehicle security module policy—block messages with a CAN bus ID=1, 2, 3, 4, 5;

2) An authorization token—allow messages with a CAN bus ID=3; and

3) A resulting policy—block messages with the CAN bus ID=1, 2, 4, 5.

Another example may be given where the incoming message ID should match allowed rules in order to pass. A set mask may be used to determine which bits of the message ID are compared to the filter. A “0” in the mask may mean that the corresponding bits of the message ID are not tested. The filter value may be matched against the incoming message ID and if the non-masked bits match, the message is allowed to pass.

Default vehicle security module policy may be schematically shown in table 81 in FIG. 3. An authorization token may be a rule 3, with a new mask 1FFFFF00. A resulting policy may be shown in table 82.

There may be many types of policies. Many vehicle manufacturers may use proprietary messages on the CAN bus so the policy is likely to be different for each vehicle manufacturer. Examples may incorporate safety and security.

For safety, one may assume that a message ID 5 with content 0000 0000 0000 1111 tells the brake system to vent pressure from the wheel cylinders. This may be done to bleed air out of the hydraulic brake system. A safety policy may block message ID=5, content 0000 0000 0000 1111 from being injected via the OBD port. This may prevent a compromised dongle from disabling the brakes on a vehicle. A tool certified by the OEM to be used by a service technician to bleed the brakes may have an authorization token which turns off this policy, thus allowing the service technician to bleed the brakes. If another device (e.g., a compromised insurance dongle) is plugged into the OBD port after the technician has serviced the vehicle, the safety policy may prevent the compromised dongle from issuing the bleed brakes command to the vehicle. The authorization token should be only in effect while the device linked to the authorization token is plugged into the OBD port.

For security, a keyless entry system on a vehicle may be able to send a CAN bus message to unlock the doors. However, a compromised dongle may also send an unlock command, allowing a thief into the vehicle. Therefore, a security policy in the vehicle security module may be to block “unlock door” messages sent into the vehicle via the OBD port.

The CAN bus does not necessarily perform source authentication of messages placed on the CAN bus. Thus, an attacker who is able to inject messages into the OBD port could send messages which appear to come from one of the electronic control units (ECUs) on the bus. Referring to the FIG. 1, if the vehicle security module is not present, the dongle may be able to place messages on the CAN bus which could be sent by ECU 13-15 or ECU 16-18. Thus, anything that the ECUs may do could be done by an attacker via the OBD. A few of the many things the attacker could do via the OBD port may be to flash headlights, unlock doors, turn air conditioning on/off, activate anti-lock brake functions, turn the front wheels (on a vehicle with automatic parking capability), change the speed shown on the speedometer, and so on.

Some types of policy changes that could be requested for a dongle or other OBD device may incorporate allowing a dongle to limit the speed of a vehicle, which might be used in fleet management applications, allowing the device to load new firmware on an ECU, allowing the dongle to read GPS coordinates of a vehicle so that the dongle can provide vehicle tracking, allowing a dongle to remotely start the engine of a vehicle, and allowing the device to send a command to change the emissions control setting on a vehicle.

An authorization token may take many forms depending upon the structure used for specifying policy within the vehicle security module. Data fields that may be typical in the authorization token could incorporate the following items.

1) Applicable vehicles—a device/dongle may be allowed to change the policy on vehicles produced, for example, since 2015. The device/dongle should only be licensed with the OEM to be used on certain models and therefore the authorization token may identify a set of licensed vehicles.

2) A policy/rule identifier—depending upon how the OEM manages policy/rules in the vehicle security module, the token may specify a number identifying the rule which is to be modified or turned off (e.g., turn off rule 3).

3) An allowable message ID list—many firewalls and vehicle security modules may operate using a “deny unless explicitly allowed” model. Thus, if the policy does not explicitly allow a message ID, then that message ID may be blocked. The allowable message ID field may specify additional IDs which are allowed to pass.

4) Specific message ID/value pairs—frequently there may be multiple parameters within a message. For example, one byte may control the throttle position while another byte in the same message may control the amount of fuel delivered. The default policy may allow a message “ID x” but only allow a specific set of parameters. For instance, it may only allow a byte specifying the amount of fuel to be between, for example, 10 and 100. However, the policy may allow an authorized device to change these parameter limits.

The present system and approach may allow the vehicle manufacturer to manage vehicle safety/security policy by controlling when and which portions of the policy are enforced. The system may consist of the following entities. The vehicle manufacturer may set the default safety and security policies for the vehicle. The vehicle manufacturer may also be able to selectively authorize “policy change requestors” (PRCs) to override a policy under specific circumstances. A vehicle may be any motorized cyber-physical system used for transportation. The term “vehicle” may incorporate automobiles, military vehicles, autonomous (self-driving) vehicles, water craft, and aircraft having manned and unmanned (e.g., drones) capabilities. A policy change requestor may be an entity requesting a change to the vehicle safety and/or security policy. The requestor could be the owner of a vehicle or a service technician requesting a change to one vehicle. For instance, the owner may be a “tuner” who wants to modify how the vehicle performs. The tuner may be a manufacturer of diagnostic equipment, a dongle provider, or a developer of a software application. An authorization token may directly or indirectly identify the changes which the policy change requestor is authorized to make to a specific vehicle or a class of vehicles. For example, a dongle provider may receive a token to make changes to particular model pick-up trucks model produced during certain years. A structure of the authorization token may depend on how the vehicle manufacturer has implemented the authorization and the structure of associated policies.

The present system and approach may allow a vehicle manufacturer to grant a policy change requestor an ability to make selective changes to the safety/security policy of one or more vehicles.

A diagram of FIG. 4 may illustrate selections of the system. The system may include a policy selection function 35 on the vehicle which incorporates a drive function or mode 38 and diagnostic function or mode 39. An authorization token 36 may be selected as with a token or without a token for drive function 38 and for diagnostic function 39 of the vehicle. Resulting policies 31, 32, 33 and 34 may be from selections of a drive or diagnostic mode and an authorization token. Policy 31 may involve a drive mode with changes contained in the authorization token. Policy 32 may involve the drive mode with no changes in view of being without the authorization token. Policy 33 may involve a diagnostic mode with changes contained in the authorization token. Policy 34 may involve the diagnostic mode with no changes in view of being without the authorization token.

The policy select function 35 on a vehicle may be implemented via a physical switch or another mechanism which is resistant to hacking or jamming. In one implementation, the vehicle may contain a physical vehicle security module (VSM) which enforces the security policy. The VSM may contain a physical switch which the driver or technician can place in either drive mode 38 or diagnostics mode 39. When in diagnostics mode 39, the VSM may emit a signal (e.g., beeping or flashing light) to warn a vehicle operator that the safety and/or security policy normally enforced when the vehicle is in drive mode has been bypassed.

The authorization token may be implemented in multiple ways. One implementation may make use of public key cryptography to create an authorization token which could be bound to a device or application (e.g., an insurance dongle) and which may be cryptographically verified by the vehicle. One such implementation may be illustrated in a diagram of FIG. 5. A vehicle manufacturer 41 may create a public/private key pair 45 using the techniques of asymmetric cryptography. Vehicle manufacturer 41 may place a public key 42 in each vehicle as indicated by an arrow 44. Vehicle manufacturer 41 may maintain control of the private key and protect it from compromise.

A developer of the policy change requestor 46 (could be hardware or software) and vehicle manufacturer 41 may agree on a set of authorized policy changes to be granted to policy change requestor 46 for specified vehicles as indicated by an arrow 47. An agreement may involve testing, legal agreements or other activities outside the scope of the present system. Vehicle manufacturer 41 may then use its private key to cryptographically sign an authorization token 51 bound along arrow 47 to policy change requestor 46. When policy change requestor 46 wants to modify the default policy on the vehicle, policy change requestor 46 and vehicle 43 may perform a cryptographic handshake to pass the authorization token 48 to vehicle 43 along arrow 49. Vehicle 43 may use public key 42 provided by vehicle manufacturer 41 to validate the authorization token. Once validated, the changes contained in the authorization token may be applied to the default policy to produce the resulting policy 52 to be enforced by vehicle 43.

There may be multiple ways to securely pass an authorization token to the vehicle. Some of the ways may be noted herein. One way is that the vehicle manufacturer may act as a certificate authority and sign a certificate (e.g., X.509 v3) for a developer of the policy change requester. This approach may allow the policy change requester to use a local private key to generate and sign authorization tokens. The vehicle may then use the vehicle manufacturer public key to “walk the certificate chain” to validate the authorization token.

Another way is that the vehicle manufacturer may create authorization tokens which combine an identity of the policy change requestor with the authorization token as an approach of binding the token to the requestor.

Still another way is that the vehicle manufacturer may distribute a new policy directly to the vehicle with a mechanism to identify policy change requestors which are authorized to invoke the policy.

Yet another way is that the automotive industry may adopt a full public key infrastructure (PKI) which would allow vehicles from many manufacturers to validate policy change requestor entities from multiple developers.

There may be additional ways in which a policy associated with a specific policy change requestor could be loaded into a vehicle security module. A feature of the present system is that the vehicle manufacturer may have a way to alter the vehicle safety/security policy based upon the knowledge of a policy change requestor being associated with the vehicle.

A vehicle manufacturer may require a manufacturer of a policy change requestor (e.g., a dongle or diagnostic test tool) to use a key storage mechanism to protect the integrity and/or confidentiality of the cryptographic material used within the system.

A policy change requester (e.g., a dongle device plugged into a vehicle's OBD port) should perform a cryptographic handshake with the vehicle to ensure that it is a genuine (authorized) requester and not an imposter. An example of an imposter may be a look alike dongle from an unauthorized source. This look alike device may not necessarily meet the safety or security requirements set by the vehicle manufacturer.

This would allow OEMs to control what devices get added to their vehicles in order to preserve safety and security. This is a feature of the present system that would differentiate the present system from the competition.

FIG. 6 is a diagram of a vehicle security module circuit board 85. The present vehicle security module hardware may be based upon a MicroZed™ Zynq module. A security policy may run on an ARM Cortex™ A9 MPCore. This chip may have two CPU cores so that security can run on either of these two CPU cores. A security policy file, which can be updated via the authorization token, may be stored in, for example, a 256 Kbyte on-chip memory. The present system and approach may use other CPUs or microcontrollers. In general, the security policy may be stored in a memory on or connected to a microcontroller. The policy may be enforced by software or firmware on the CPU which can read the policy from the memory and apply the policy.

As to some details, board 85 may contain a dual core Cortex-A9 800 MHZ processing system (PS) 86 and a programmable logic card (PL) 87. PS 86 may incorporate a double data rate (DDR) controller 91 connected to a 1 GB DDR RAM 92, a quad serial peripheral interface (QSPI) 93 connected to a 128 MB QSPI flash 94, a processing system (PS) controller area network (CAN) controller (#1) 95 connected to a CAN #1 physical (PHY) 96. A 10/100 Ethernet controller 97 connected to a 10/100 Ethernet PHY 98, a PS CAN controller, (#2) 99 connected to a CAN #2 PHY 100, and a secured digital (SD) 101 connected to a micro SD card 102.

PL card 87 may incorporate a PL CAN controller (#1) 103 connected to a CAN (#3) 104, a PL CAN controller (#4) 105 connected to a CAN #6 PHY 106, a PL CAN controller (#2) 107 connected to a CAN #4 PHY 108, a PL CAN controller (#5) connected to a CAN #7 PHY 110, a PL CAN controller (#3) connected to a CAN #5 PHY, and PL CAN controller (#6) 113 connected to a CAN #8 PHY 114.

FIG. 7 is a diagram of the interfaces to the vehicle security module. The diagram may reveal an interface to a VSM 115 having an enclosure 116 with a printed circuit board (PCB) stack 117. PCB stack 117 may incorporate an Ethernet (ETH) transceiver (Xcvr) 121 connected to an ETH RJ45 connector 122, a CAN Xcvr 123 connected to a high speed 1 (HS1) CAN 124, a CAN Xcvr 125 connected to an HS2 CAN 126, a CAN Xcvr 127 connected to an HS3 CAN 128, and a CAN Xcvr 129 connected to a medium speed 1 (MS1) CAN 130, a CAN Xcvr 131 connected to a diagnostic link connector (DLC) (aka OBD II), 132, a CAN Xcvr 133 connected to DLC 132 and to a high speed 1 auxiliary (HS1A) CAN 134, a CAN Xcvr 134 connected to a HS2A CAN 135, and a CAN Xcvr 136 connected to a medium speed 1 auxiliary (MS1A) CAN 137. HS1A CAN 134, HS2A CAN 135, and MS1A CAN 137 may be connected to an accessory protocol interface module (APIM) 138. A 12 VDC power source 139 may be connected and used to power components of the PCB stack 117.

FIG. 8 is a diagram of an example an OBD architecture 145 such as for a Lincoln MKZ vehicle by Ford Motor Co., modified to incorporate a vehicle security module. The following description is an example of CAN busses and ECUs. There may be various other architecture designs. An HS2A 147, HS1A 148, MS1A 150 and HS3A 151 may be connected to a VSM and a gateway module (GWM) 146. A DLC 152 may be connected to HS2A 147 and HS1A 148. An APIM 153 may be connected to HS1A 148, MS1A 150 and HS3A 151. VSM and GWM 146 may be connected to HS1155, MS1156, HS3157, and HS2158. HS1, HS2, HS3, MS1, HS1A, HS2A, HS3A and MS1A refer to CAN busses.

Various modules may be connected to the busses. Some of the modules connected to HS1155 may be a PCM (powertrain control module) 161, BCM (battery control module-accessories) 162, PAM (parking aid module) 163 and HCM (headlamp control module) 164.

Some of the modules connected to MS1 may be a TRM (transmission range module) 165, RTM 166, SOD-L (side object detection-left module) 167, SOD-R (side object detection-right module) 168, DDM (driver's door module) 169, DSM (driver's seat module) 170, GPSM (global positioning system module) 171, FCIM (front controls interface module) 172, PDM 173, RGTM 174, HSWM (heated steering wheel module) 175 and SCME 176.

Some of the modules connected to HS3 may be TCU (transmission control unit) 177, ACM (audio control module) 178, ANC (auxiliary heater control) 179, DSP (digital signal processing module) 180, and IPC (instruments panel control) 181.

Some of the modules connected to HS2 may be RCM (restraint control module) 182, ABS (anti-lock brake system) 183, VDM (vehicle dynamics module) 184, HUD (heads up display) 185, PSCM (power steering control module) 186, GSM 187, IPM-A (instrument panel module-accessories) 188, TRCM 189, and SCCM (steering column control module) 190.

The ECUs of architecture 145 may be other than indicated. Some of the acronyms may designate other items than those mentioned, depending on, for instance, the model and year of the vehicle.

FIG. 9 is a diagram of an example of VSM circuitry 200 that may be incorporated in the present system. The diagram is divided into portions 201-209 that are enlarged in FIGS. 10a-10i, respectively. FIG. 10a is a diagram of portion 201 that has an MCU board 211 which may be, for example, a MicroZed™ SCM. An SCM of another source may utilized as the MCU board 211. Connections of portion 201 with portion 202 in FIG. 10b may be indicated by lines 215, 216, 217, 218, 219 and 220. Portions 203-205 may incorporate CAN transceivers connected to MCU board 211 and to output circuitry, respectively. Connections of portion 201 with portion 203 in FIG. 10c may be indicated by lines 221, 222, 223, 224, 225, 226, 227, 228, 229, 230, 231, 232, 233, 234, 235, 236 and 237. Connections of portion 203 of FIG. 10c with portion 204 in FIG. 10d may be indicated by lines 228, 229, 230, 231, 232, 233, 234, 235, 236, 237, 238, 239 and 240. Connections of portion 204 of FIG. 10d with portion 205 in FIG. 10e may be indicated by lines 234, 235, 236, 237, 238, 239 and 240.

Connections of portion 203 in FIG. 10c with portion 206 in FIG. 10f may be indicated by lines 241, 242, 243, 244, 245 and 246. Connections of portion 204 in FIG. 10d with portion 207 in FIG. 10g may be indicated by lines 247, 248, 249250, 251 and 252. Connections of portion 205 in FIG. 10e with portion 208 in FIG. 10h may be indicated by lines 253, 254, 255 and 256.

FIG. 10i is a diagram of a filter circuit 209 for power to VSM circuitry 200. FIG. 10j is a diagram of an example of a cable for each of the outputs of the circuits in portions 205-208.

To recap, a vehicle security system may incorporate one or more controller area network (CAN) buses, one or more electronic control units (ECUs) connected to the one or more CAN buses, a vehicle security module (VSM) connected to the one or more CAN buses, and an on board diagnostics (OBD) connector connected to the vehicle security module. The vehicle security module may discriminate between authorized and unauthorized signals that are input to the on board diagnostics connector. Authorized signals may be forwarded by the vehicle security module to the one or more CAN busses. The unauthorized signals may be refused entry to the one or more CAN busses.

The on board diagnostics connector may be connected to one or more devices selected from a group comprising diagnostic instrumentation, control instrumentation, and tracking instrumentation.

An OEM of the vehicle security module may create a public and private key pair. The vehicle security module may create a public and private key pair. The OEM may embed the OEM public key into the vehicle security module. A policy change requestor (PRC) may create a public and private key pair. The OEM may uses its private key to digitally sign a certificate containing an identity of the policy change requestor and the public key of the policy change requestor. The OEM may create a policy change authorization token to include changes to a security policy and an identification (ID) of one or more dongles associated with the authorization token. The authorization may be signed with the private key of the OEM. A public key and a private key may be created for the one or more dongles having the ID. The policy change requestor may use its private key to sign a certificate for the one or more dongles having the ID. The policy change requestor may load a copy of the certificate into the one or more dongles.

When a dongle of the one or more dongles is connected to the on board diagnostics connector, the vehicle security module may achieve a confirmation of the ID of the dongle, a confirmation that the authorization token is bound to the dongle, and a confirmation that the authorization token was authorized by the OEM.

A security or safety policy in the vehicle security module may be changed in a field using a cryptographically protected authorization token that is directly or indirectly associated with the dongle.

The vehicle security module may have a security policy. The security policy may specify the messages allowed to flow to or from the vehicle security module to a device connected to the on board diagnostics connector.

The authorization token may specify one or more changes to be applied to the security policy when the one or more dongles associated with the authorization token are connected to the on board diagnostics connector.

A security policy may block or allow one or more messages based upon virtually any characteristic of a message. A change of security policy may change any characteristic of a message used to block or allow the message.

An approach for authorizing a policy change in a vehicle security module, may incorporate plugging a device selected from a group comprising diagnostic instrumentation, control instrumentation, tracking instrumentation, and dongles, into an on board diagnostics connector connected to a vehicle security module that is in turn connected to one or more controller area network (CAN) buses. The one or more CAN buses may be connected to one or more electronic control units (ECUs). The vehicle security module may block unauthorized signals and allow authorized signals to the CAN buses. Allowing authorized signals to the CAN buses may result in a policy change in the vehicle security module.

The vehicle security module may have a policy for determining which signals are authorized and which signals are unauthorized. The one or more ECUs may be connected to components of a vehicle. Authorized signals may affect operation of one or more of the components of the vehicle. Authorized signals may change the policy of the vehicle security module. A manufacturer of the vehicle may be permitted to manage the policy of the vehicle security module.

The manufacturer may set a default version of the policy of the vehicle security module. The manufacturer may selectively authorize policy change requestors to override one or more aspects of the policy of the vehicle security module.

The manufacturer may provide an authorization token that identifies changes that a policy change requestor is permitted to make to a vehicle having the vehicle security module.

A policy select function may be implemented by a switch to select a drive mode or a diagnostics mode for the vehicle security module. A resulting policy of a drive mode with the authorization token may be the drive mode with changes of the policy contained in the authorization token. The resulting policy of a drive mode without the authorization token may be the drive mode absent changes. The resulting policy of a diagnostic mode with the authorization token may be the diagnostic mode with changes of the policy contained in the authorization token. The resulting policy of a diagnostic mode without the authorization token may be the diagnostic mode absent changes.

The authorization token may be implemented in a cryptographic manner.

When the vehicle security module is in the diagnostics mode, the vehicle security module may emit a signal of an audible or visible nature to inform anyone in a vicinity of the vehicle that the policy of the vehicle security module, which is enforced while the vehicle is in the drive mode, is bypassed.

A policy change requestor may perform a cryptographic handshake with the vehicle to ensure that the policy change request is authorized.

A mechanism for providing authorized changes of policy to the vehicle security module, may incorporate a vehicle security module, an on board diagnostics port connected to the vehicle security module, one or more controller area network (CAN) buses connected to the vehicle security module, and one or more electronic control units (ECUs) connected to the one or more CAN buses. The one or more ECUs may be associated with one or more components, respectively, of a vehicle.

An association with the one or more components may incorporate one or more items of a group consisting of functions, settings, control and diagnostics of the one or more components.

The mechanism may further incorporate a dongle plugged into the on board diagnostics port. The dongle may incorporate a loaded authorization token. The authorization token may authorize a change of policy of the vehicle security module.

The authorization token may allow the vehicle security module to confirm one or more items of a group incorporating an identity of the dongle, the authorization token being bound to the dongle, and the authorization token being validated by a manufacturer of the vehicle. The policy in the vehicle security module may be changed in the field by using the authorization token that is cryptographically protected.

Any publication or patent document noted herein is hereby incorporated by reference to the same extent as if each publication or patent document was specifically and individually indicated to be incorporated by reference.

In the present specification, some of the matter may be of a hypothetical or prophetic nature although stated in another manner or tense.

Although the present system and/or approach has been described with respect to at least one illustrative example, many variations and modifications will become apparent to those skilled in the art upon reading the specification. It is therefore the intention that the appended claims be interpreted as broadly as possible in view of the related art to include all such variations and modifications.

Claims

1. A vehicle security system for a vehicle, the system comprising: one or more controller area network (CAN) buses;one or more electronic control units (ECUs) connected to the one or more CAN buses;a vehicle security module (VSM) connected to the one or more CAN buses; andan on board diagnostics (OBD) connector connected to the vehicle security module; andwherein:the vehicle security module discriminates between authorized and unauthorized signals that are input to the on board diagnostics connector; andthe VSM has a security policy;the security policy specifies the types of messages that are allowed to flow to and/or from the vehicle to a device plugged into the OBD connector;the VSM is configured to verify a token in the device plugged into the OBD connector and modify the security policy according to a change specified in the verified token to allow the VSM to classify a signal as an authorized signal when the VSM would otherwise classify the signal as an unauthorized signal and facilitate performing a service on the vehicle that would not otherwise be permitted by the security policy;authorized signals are forwarded by the vehicle security module to the one or more CAN busses; andthe unauthorized signals are refused entry to the one or more CAN busses.
2. The system of claim 1, wherein the device to which the on board diagnostics connector is configured to receive is one or more devices selected from a group comprising diagnostic instrumentation, control instrumentation, and tracking instrumentation.
3. The system of claim 1, wherein: an original equipment manufacturer (OEM) of the vehicle security module creates a public and private key pair;the vehicle security module creates a public and private key pair;the OEM embeds the OEM public key into the vehicle security module;a policy change requestor (PRC) creates a public and private key pair;the OEM uses its private key to digitally sign a certificate containing an identity of the policy change requestor and the public key of the policy change requestor;the OEM creates a policy change authorization token to include changes to a security policy and an identification (ID) of one or more dongles associated with the authorization token;the authorization is signed with the private key of the OEM; anda public key and a private key are created for the one or more dongles having the ID;the policy change requestor uses its private key to sign a certificate for the one or more dongles having the ID; andthe policy change requestor loads a copy of the certificate into the one or more dongles.
4. The system of claim 3, wherein when a dongle of the one or more dongles is plugged into to the on board diagnostics connector, the vehicle security module can achieve a confirmation of the ID of the dongle, a confirmation that the authorization token is bound to the dongle, and a confirmation that the authorization token was authorized by the OEM.
5. The system of claim 4, wherein the security policy in the vehicle security module can be changed in a field using a cryptographically protected authorization token that is directly or indirectly associated with the dongle.
6. The system of claim 3, wherein the authorization token specifies one or more changes to be applied to the security policy when the one or more dongles associated with the authorization token are plugged into to the on board diagnostics connector.
7. The system of claim 6, wherein: the security policy can block or allow one or more messages based upon virtually any characteristic of a message; anda change of security policy can change any characteristic of a message used to block or allow the message.
8. A method for authorizing a policy change in a vehicle security module, comprising: plugging a device selected from a group comprising diagnostic instrumentation, control instrumentation, tracking instrumentation, and dongles, into an on board diagnostics connector connected to a vehicle security module that is in turn connected to one or more controller area network (CAN) buses, the vehicle security module having a default security policy that specifies the types of messages that are allowed to flow to and/or from the vehicle to the device plugged into the onboard diagnostics connector;verifying an authentication token in the device plugged into the on board diagnostics connector;modifying the default security policy of the vehicle security module according to a change specified in the verified authentication token; andclassifying a signal as authorized under the modified security policy that would otherwise be classified as unauthorized under the default security policy to facilitate performing a service on the vehicle that would not otherwise be permitted by the default security policy; andwherein:the one or more CAN buses are connected to one or more electronic control units (ECUs);the vehicle security module blocks unauthorized signals and allows authorized signals to the CAN buses.
9. The method of claim 8, wherein: the one or more ECUs are connected to components of a vehicle;authorized signals can affect operation of one or more of the components of the vehicle;authorized signals can change the policy of the vehicle security module; anda manufacturer of the vehicle is permitted to manage the policy of the vehicle security module.
10. The method of claim 9, wherein: the manufacturer sets a default version of the policy of the vehicle security module; andthe manufacturer can selectively authorize policy change requestors to override one or more aspects of the policy of the vehicle security module.
11. The method of claim 9, wherein the manufacturer provides the authorization token that identifies changes that a policy change requestor is permitted to make to a vehicle having the vehicle security module.
12. The method of claim 11, wherein: a policy select function is implemented by a switch to select a drive mode or a diagnostics mode for the vehicle security module;a resulting policy of a drive mode with the authorization token is the drive mode with changes of the policy contained in the authorization token;the resulting policy of a drive mode without the authorization token is the drive mode absent changes;the resulting policy of a diagnostic mode with the authorization token is the diagnostic mode with changes of the policy contained in the authorization token; andthe resulting policy of a diagnostic mode without the authorization token is the diagnostic mode absent changes.
13. The method of claim 12, wherein the authorization token is implemented in a cryptographic manner.
14. The method of claim 12, wherein when the vehicle security module is in the diagnostics mode, the vehicle security module emits a signal of an audible or visible nature to inform anyone in a vicinity of the vehicle that the policy of the vehicle security module, which is enforced while the vehicle is in the drive mode, is bypassed.
15. The method of claim 10, wherein a policy change requestor performs a cryptographic handshake with the vehicle to ensure that the policy change request is authorized.
16. A mechanism for providing authorized changes of policy to the vehicle security module, comprising: a vehicle security module having a security policy;an on board diagnostics port connected to the vehicle security module;one or more controller area network (CAN) buses connected to the vehicle security module; andone or more electronic control units (ECUs) connected to the one or more CAN buses; andwherein: the one or more ECUs are associated with one or more components, respectively, of a vehicle;the security policy specifies the types of messages that are allowed to flow to and/or from a vehicle to a device plugged into the on board diagnostics port;the vehicle security module verifies an authorization token in the device plugged into the on board diagnostics port and modifies the security policy according to a change specified in the verified authorization token to allow the vehicle security module to classify a signal as an authorized signal when the vehicle security module would otherwise classify the signal as an unauthorized signal and facilitate performing a service on the vehicle that would not otherwise be permitted by the security policy;the vehicle security module is configured to forward authorized signals to the one or more CAN buses and refuse entry to the one or more CAN buses to the unauthorized signals.
17. The mechanism of claim 16, wherein an association with the one or more components comprises one or more items of a group consisting of functions, settings, control and diagnostics of the one or more components.
18. The mechanism of claim 17, further comprising: a dongle plugged into the on board diagnostics port; andwherein:the dongle comprises a loaded authorization token; andthe authorization token authorizes a change of policy of the vehicle security module.
19. The mechanism of claim 18, wherein: the authorization token allows the vehicle security module to confirm one or more items of a group comprising an identity of the dongle, the authorization token being bound to the dongle, and the authorization token being validated by a manufacturer of the vehicle; andthe policy in the vehicle security module can be changed in the field by using the authorization token that is cryptographically protected.

US Referenced Citations (530)

Number	Name	Date	Kind
3744461	Davis	Jul 1973	A
4005578	McInerney	Feb 1977	A
4055158	Marsee	Oct 1977	A
4206606	Yamada	Jun 1980	A
4252098	Tomczak et al.	Feb 1981	A
4359991	Stumpp et al.	Nov 1982	A
4383441	Willis et al.	May 1983	A
4426982	Lehner et al.	Jan 1984	A
4438497	Willis et al.	Mar 1984	A
4440140	Kawagoe et al.	Apr 1984	A
4456883	Bullis et al.	Jun 1984	A
4485794	Kimberley et al.	Dec 1984	A
4601270	Kimberley et al.	Jul 1986	A
4616308	Morshedi et al.	Oct 1986	A
4653449	Kamel et al.	Mar 1987	A
4671235	Hosaka	Jun 1987	A
4735181	Kaneko et al.	Apr 1988	A
4947334	Massey et al.	Aug 1990	A
4962570	Hosaka et al.	Oct 1990	A
5044337	Williams	Sep 1991	A
5076237	Hartman et al.	Dec 1991	A
5089236	Clerc	Feb 1992	A
5094213	Dudek et al.	Mar 1992	A
5095874	Schnaibel et al.	Mar 1992	A
5108716	Nishizawa et al.	Apr 1992	A
5123397	Richeson	Jun 1992	A
5150289	Badavas	Sep 1992	A
5186081	Richardson et al.	Feb 1993	A
5233829	Komatsu	Aug 1993	A
5270935	Dudek et al.	Dec 1993	A
5273019	Matthews et al.	Dec 1993	A
5282449	Takahashi et al.	Feb 1994	A
5293553	Dudek et al.	Mar 1994	A
5349816	Sanbayashi et al.	Sep 1994	A
5365734	Takeshima	Nov 1994	A
5394322	Hansen	Feb 1995	A
5394331	Dudek et al.	Feb 1995	A
5398502	Watanabe	Mar 1995	A
5408406	Mathur et al.	Apr 1995	A
5431139	Grutter et al.	Jul 1995	A
5452576	Hamburg et al.	Sep 1995	A
5477840	Neumann	Dec 1995	A
5560208	Halimi et al.	Oct 1996	A
5570574	Yamashita et al.	Nov 1996	A
5598825	Neumann	Feb 1997	A
5609139	Ueda et al.	Mar 1997	A
5611198	Lane et al.	Mar 1997	A
5682317	Keeler et al.	Oct 1997	A
5690086	Kawano et al.	Nov 1997	A
5692478	Nogi et al.	Dec 1997	A
5697339	Esposito	Dec 1997	A
5704011	Hansen et al.	Dec 1997	A
5740033	Wassick et al.	Apr 1998	A
5746183	Parke et al.	May 1998	A
5765533	Nakajima	Jun 1998	A
5771867	Amstutz et al.	Jun 1998	A
5785030	Paas	Jul 1998	A
5788004	Friedmann et al.	Aug 1998	A
5842340	Bush et al.	Dec 1998	A
5846157	Reinke et al.	Dec 1998	A
5893092	Driscoll	Apr 1999	A
5917405	Joao	Jun 1999	A
5924280	Tarabulski	Jul 1999	A
5942195	Lecea et al.	Aug 1999	A
5964199	Atago et al.	Oct 1999	A
5970075	Wasada	Oct 1999	A
5974788	Hepburn et al.	Nov 1999	A
5995895	Watt et al.	Nov 1999	A
6029626	Bruestle	Feb 2000	A
6035640	Kolmanovsky et al.	Mar 2000	A
6048620	Zhong	Apr 2000	A
6048628	Hilman et al.	Apr 2000	A
6055810	Borland et al.	May 2000	A
6056781	Wassick et al.	May 2000	A
6058700	Yamashita et al.	May 2000	A
6067800	Kolmanovsky et al.	May 2000	A
6076353	Freudenberg et al.	Jun 2000	A
6105365	Deeba et al.	Aug 2000	A
6122555	Lu	Sep 2000	A
6134883	Kato et al.	Oct 2000	A
6153159	Engeler et al.	Nov 2000	A
6161528	Akao et al.	Dec 2000	A
6170259	Boegner et al.	Jan 2001	B1
6171556	Burk et al.	Jan 2001	B1
6178743	Hirota et al.	Jan 2001	B1
6178749	Kolmanovsky et al.	Jan 2001	B1
6208914	Ward et al.	Mar 2001	B1
6216083	Ulyanov et al.	Apr 2001	B1
6233922	Maloney	May 2001	B1
6236956	Mantooth et al.	May 2001	B1
6237330	Takahashi et al.	May 2001	B1
6242873	Drozdz et al.	Jun 2001	B1
6263672	Roby et al.	Jul 2001	B1
6273060	Cullen	Aug 2001	B1
6279551	Iwano et al.	Aug 2001	B1
6312538	Latypov et al.	Nov 2001	B1
6314351	Chutorash	Nov 2001	B1
6314662	Ellis, III	Nov 2001	B1
6314724	Kakuyama et al.	Nov 2001	B1
6321538	Hasler et al.	Nov 2001	B2
6327361	Harshavardhana et al.	Dec 2001	B1
6338245	Shimoda et al.	Jan 2002	B1
6341487	Takahashi et al.	Jan 2002	B1
6347619	Whiting et al.	Feb 2002	B1
6360159	Miller et al.	Mar 2002	B1
6360541	Waszkiewicz et al.	Mar 2002	B2
6360732	Bailey et al.	Mar 2002	B1
6363715	Bidner et al.	Apr 2002	B1
6363907	Arai et al.	Apr 2002	B1
6379281	Collins et al.	Apr 2002	B1
6389203	Jordan et al.	May 2002	B1
6425371	Majima	Jul 2002	B2
6427436	Allansson et al.	Aug 2002	B1
6431160	Sugiyama et al.	Aug 2002	B1
6445963	Blevins et al.	Sep 2002	B1
6446430	Roth et al.	Sep 2002	B1
6453308	Zhao et al.	Sep 2002	B1
6463733	Asik et al.	Oct 2002	B1
6463734	Tamura et al.	Oct 2002	B1
6466893	Latwesen et al.	Oct 2002	B1
6470682	Gray, Jr.	Oct 2002	B2
6470862	Isobe et al.	Oct 2002	B2
6470886	Jestrabek-Hart	Oct 2002	B1
6481139	Weldle	Nov 2002	B2
6494038	Kobayashi et al.	Dec 2002	B2
6502391	Hirota et al.	Jan 2003	B1
6505465	Kanazawa et al.	Jan 2003	B2
6510351	Blevins et al.	Jan 2003	B1
6512974	Houston et al.	Jan 2003	B2
6513495	Franke et al.	Feb 2003	B1
6532433	Bharadwaj et al.	Mar 2003	B2
6542076	Joao	Apr 2003	B1
6546329	Bellinger	Apr 2003	B2
6549130	Joao	Apr 2003	B1
6550307	Zhang et al.	Apr 2003	B1
6553754	Meyer et al.	Apr 2003	B2
6560528	Gitlin et al.	May 2003	B1
6560960	Nishimura et al.	May 2003	B2
6571191	York et al.	May 2003	B1
6579206	Liu et al.	Jun 2003	B2
6591605	Lewis	Jul 2003	B2
6594990	Kuenstler et al.	Jul 2003	B2
6601387	Zurawski et al.	Aug 2003	B2
6612293	Schweinzer et al.	Sep 2003	B2
6615584	Ostertag	Sep 2003	B2
6625978	Eriksson et al.	Sep 2003	B1
6629408	Murakami et al.	Oct 2003	B1
6637382	Brehob et al.	Oct 2003	B1
6644017	Takahashi et al.	Nov 2003	B2
6647710	Nishiyama et al.	Nov 2003	B2
6647971	Vaughan et al.	Nov 2003	B2
6651614	Flamig-Vetter et al.	Nov 2003	B2
6662058	Sanchez	Dec 2003	B1
6666198	Mitsutani	Dec 2003	B2
6666410	Boelitz et al.	Dec 2003	B2
6671596	Kawashima et al.	Dec 2003	B2
6671603	Cari et al.	Dec 2003	B2
6672052	Taga et al.	Jan 2004	B2
6672060	Buckland et al.	Jan 2004	B1
6679050	Takahashi et al.	Jan 2004	B1
6687597	Sulatisky et al.	Feb 2004	B2
6688283	Jaye	Feb 2004	B2
6694244	Meyer et al.	Feb 2004	B2
6694724	Tanaka et al.	Feb 2004	B2
6705084	Allen et al.	Mar 2004	B2
6718254	Hashimoto et al.	Apr 2004	B2
6718753	Bromberg et al.	Apr 2004	B2
6725208	Hartman et al.	Apr 2004	B1
6736120	Surnilla	May 2004	B2
6738682	Pasadyn	May 2004	B1
6739122	Kitajima et al.	May 2004	B2
6742330	Genderen	Jun 2004	B2
6743352	Ando et al.	Jun 2004	B2
6748936	Kinomura et al.	Jun 2004	B2
6752131	Poola et al.	Jun 2004	B2
6752135	McLaughlin et al.	Jun 2004	B2
6757579	Pasadyn	Jun 2004	B1
6758037	Terada et al.	Jul 2004	B2
6760631	Berkowitz et al.	Jul 2004	B1
6760657	Katoh	Jul 2004	B2
6760658	Yasui et al.	Jul 2004	B2
6770009	Badillo et al.	Aug 2004	B2
6772585	Iihoshi et al.	Aug 2004	B2
6775623	Ali et al.	Aug 2004	B2
6779344	Hartman et al.	Aug 2004	B2
6779512	Mitsutani	Aug 2004	B2
6788072	Nagy et al.	Sep 2004	B2
6789533	Hashimoto et al.	Sep 2004	B1
6792927	Kobayashi	Sep 2004	B2
6804618	Junk	Oct 2004	B2
6814062	Esteghlal et al.	Nov 2004	B2
6817171	Zhu	Nov 2004	B2
6823667	Braun et al.	Nov 2004	B2
6826903	Yahata et al.	Dec 2004	B2
6827060	Huh	Dec 2004	B2
6827061	Nytomt et al.	Dec 2004	B2
6827070	Fehl et al.	Dec 2004	B2
6834497	Miyoshi et al.	Dec 2004	B2
6837042	Colignon et al.	Jan 2005	B2
6839637	Moteki et al.	Jan 2005	B2
6849030	Yamamoto et al.	Feb 2005	B2
6857264	Ament	Feb 2005	B2
6873675	Kurady et al.	Mar 2005	B2
6874467	Hunt et al.	Apr 2005	B2
6879906	Makki et al.	Apr 2005	B2
6882929	Liang et al.	Apr 2005	B2
6904751	Makki et al.	Jun 2005	B2
6911414	Kimura et al.	Jun 2005	B2
6915779	Sriprakash	Jul 2005	B2
6920865	Lyon	Jul 2005	B2
6923902	Ando et al.	Aug 2005	B2
6925372	Yasui	Aug 2005	B2
6925796	Nieuwstadt et al.	Aug 2005	B2
6928362	Meaney	Aug 2005	B2
6928817	Ahmad	Aug 2005	B2
6931840	Strayer et al.	Aug 2005	B2
6934931	Plumer et al.	Aug 2005	B2
6941744	Tanaka	Sep 2005	B2
6945033	Sealy et al.	Sep 2005	B2
6948310	Roberts, Jr. et al.	Sep 2005	B2
6953024	Linna et al.	Oct 2005	B2
6965826	Andres et al.	Nov 2005	B2
6968677	Tamura	Nov 2005	B2
6971258	Rhodes et al.	Dec 2005	B2
6973382	Rodriguez et al.	Dec 2005	B2
6978744	Yuasa et al.	Dec 2005	B2
6988017	Pasadyn et al.	Jan 2006	B2
6990401	Neiss et al.	Jan 2006	B2
6996975	Radhamohan et al.	Feb 2006	B2
7000379	Makki et al.	Feb 2006	B2
7013637	Yoshida	Mar 2006	B2
7016779	Bowyer	Mar 2006	B2
7028464	Rosel et al.	Apr 2006	B2
7039475	Sayyarrodsari et al.	May 2006	B2
7047938	Flynn et al.	May 2006	B2
7050863	Mehta et al.	May 2006	B2
7052434	Makino et al.	May 2006	B2
7055311	Beutel et al.	Jun 2006	B2
7059112	Bidner et al.	Jun 2006	B2
7063080	Kita et al.	Jun 2006	B2
7067319	Wills et al.	Jun 2006	B2
7069903	Surnilla et al.	Jul 2006	B2
7082753	Della Betta et al.	Aug 2006	B2
7085615	Persson et al.	Aug 2006	B2
7106866	Astorino et al.	Sep 2006	B2
7107978	Itoyama	Sep 2006	B2
7111450	Sumilla	Sep 2006	B2
7111455	Okugawa et al.	Sep 2006	B2
7113835	Boyen et al.	Sep 2006	B2
7117046	Boyden et al.	Oct 2006	B2
7124013	Yasui	Oct 2006	B2
7149590	Martin et al.	Dec 2006	B2
7151976	Lin	Dec 2006	B2
7152023	Das	Dec 2006	B2
7155334	Stewart et al.	Dec 2006	B1
7164800	Sun	Jan 2007	B2
7165393	Betta et al.	Jan 2007	B2
7165399	Stewart	Jan 2007	B2
7168239	Ingram et al.	Jan 2007	B2
7182075	Shahed et al.	Feb 2007	B2
7184845	Sayyarrodsari et al.	Feb 2007	B2
7184992	Polyak et al.	Feb 2007	B1
7188637	Dreyer et al.	Mar 2007	B2
7194987	Mogi	Mar 2007	B2
7197485	Fuller	Mar 2007	B2
7200988	Yamashita	Apr 2007	B2
7204079	Audoin	Apr 2007	B2
7212908	Li et al.	May 2007	B2
7275374	Stewart et al.	Oct 2007	B2
7275415	Rhodes et al.	Oct 2007	B2
7277010	Joao	Oct 2007	B2
7281368	Miyake et al.	Oct 2007	B2
7292926	Schmidt et al.	Nov 2007	B2
7302937	Ma et al.	Dec 2007	B2
7321834	Chu et al.	Jan 2008	B2
7323036	Boyden et al.	Jan 2008	B2
7328577	Stewart et al.	Feb 2008	B2
7337022	Wojsznis et al.	Feb 2008	B2
7349776	Spillane et al.	Mar 2008	B2
7383118	Imai et al.	Mar 2008	B2
7357125	Kolavennu	Apr 2008	B2
7375374	Chen et al.	May 2008	B2
7376471	Das et al.	May 2008	B2
7380547	Ruiz	Jun 2008	B1
7389773	Stewart et al.	Jun 2008	B2
7392129	Hill et al.	Jun 2008	B2
7397363	Joao	Jul 2008	B2
7398082	Schwinke et al.	Jul 2008	B2
7398149	Ueno et al.	Jul 2008	B2
7400933	Rawlings et al.	Jul 2008	B2
7400967	Ueno et al.	Jul 2008	B2
7413583	Langer et al.	Aug 2008	B2
7415389	Stewart et al.	Aug 2008	B2
7418372	Nishira et al.	Aug 2008	B2
7430854	Yasui et al.	Oct 2008	B2
7433743	Pistikopoulos et al.	Oct 2008	B2
7444191	Caldwell et al.	Oct 2008	B2
7444193	Cutler	Oct 2008	B2
7447554	Cutler	Nov 2008	B2
7467614	Stewart et al.	Dec 2008	B2
7469177	Samad et al.	Dec 2008	B2
7474953	Hulser et al.	Jan 2009	B2
7493236	Mock et al.	Feb 2009	B1
7505879	Tomoyasu et al.	Mar 2009	B2
7505882	Jenny et al.	Mar 2009	B2
7515975	Stewart	Apr 2009	B2
7522963	Boyden et al.	Apr 2009	B2
7536232	Boyden et al.	May 2009	B2
7577483	Fan et al.	Aug 2009	B2
7587253	Rawlings et al.	Sep 2009	B2
7591135	Stewart	Sep 2009	B2
7599749	Sayyarrodsari et al.	Oct 2009	B2
7599750	Piche	Oct 2009	B2
7603185	Stewart et al.	Oct 2009	B2
7603226	Henein	Oct 2009	B2
7627843	Dozorets et al.	Dec 2009	B2
7630868	Turner et al.	Dec 2009	B2
7634323	Vermillion et al.	Dec 2009	B2
7634417	Boyden et al.	Dec 2009	B2
7650780	Hall	Jan 2010	B2
7668704	Perchanok et al.	Feb 2010	B2
7676318	Allain	Mar 2010	B2
7698004	Boyden et al.	Apr 2010	B2
7702519	Boyden et al.	Apr 2010	B2
7712139	Westendorf et al.	May 2010	B2
7721030	Fuehrer et al.	May 2010	B2
7725199	Brackney et al.	May 2010	B2
7734291	Mazzara, Jr.	Jun 2010	B2
7738975	Denison et al.	Jun 2010	B2
7743606	Havelena et al.	Jun 2010	B2
7748217	Muller	Jul 2010	B2
7752840	Stewart	Jul 2010	B2
7765792	Rhodes et al.	Aug 2010	B2
7779680	Sasaki et al.	Aug 2010	B2
7793489	Wang et al.	Sep 2010	B2
7798938	Matsubara et al.	Sep 2010	B2
7808371	Blanchet et al.	Oct 2010	B2
7813884	Chu et al.	Oct 2010	B2
7826909	Attarwala	Nov 2010	B2
7831318	Bartee et al.	Nov 2010	B2
7840287	Wojsznis et al.	Nov 2010	B2
7844351	Piche	Nov 2010	B2
7844352	Vouzis et al.	Nov 2010	B2
7846299	Backstrom et al.	Dec 2010	B2
7850104	Havlena et al.	Dec 2010	B2
7856966	Saitoh	Dec 2010	B2
7860586	Boyden et al.	Dec 2010	B2
7861518	Federle	Jan 2011	B2
7862771	Boyden et al.	Jan 2011	B2
7877239	Grichnik et al.	Jan 2011	B2
7878178	Stewart et al.	Feb 2011	B2
7891669	Araujo et al.	Feb 2011	B2
7904280	Wood	Mar 2011	B2
7905103	Larsen et al.	Mar 2011	B2
7907769	Sammak et al.	Mar 2011	B2
7925399	Comeau	Apr 2011	B2
7930044	Attarwala	Apr 2011	B2
7933849	Bartee et al.	Apr 2011	B2
7958730	Stewart et al.	Jun 2011	B2
7970482	Srinivasan et al.	Jun 2011	B2
7987145	Baramov	Jul 2011	B2
7996140	Stewart et al.	Aug 2011	B2
8001767	Kakuya et al.	Aug 2011	B2
8019911	Dressler et al.	Sep 2011	B2
8025167	Schneider et al.	Sep 2011	B2
8032235	Sayyar-Rodsari	Oct 2011	B2
8046089	Renfro et al.	Oct 2011	B2
8046090	MacArthur et al.	Oct 2011	B2
8060290	Stewart et al.	Nov 2011	B2
8078291	Pekar et al.	Dec 2011	B2
8108790	Morrison, Jr. et al.	Jan 2012	B2
8109255	Stewart et al.	Feb 2012	B2
8121818	Gorinevsky	Feb 2012	B2
8145329	Pekar et al.	Mar 2012	B2
8146850	Havlena et al.	Apr 2012	B2
8157035	Whitney et al.	Apr 2012	B2
8185217	Thiele	May 2012	B2
8197753	Boyden et al.	Jun 2012	B2
8200346	Thiele	Jun 2012	B2
8209963	Kesse et al.	Jul 2012	B2
8229163	Coleman et al.	Jul 2012	B2
8245501	He et al.	Aug 2012	B2
8246508	Matsubara et al.	Aug 2012	B2
8265854	Stewart et al.	Sep 2012	B2
8281572	Chi et al.	Oct 2012	B2
8295951	Crisalle et al.	Oct 2012	B2
8311653	Zhan et al.	Nov 2012	B2
8312860	Yun et al.	Nov 2012	B2
8316235	Boehl et al.	Nov 2012	B2
8360040	Stewart et al.	Jan 2013	B2
8370052	Lin et al.	Feb 2013	B2
8379267	Mestha et al.	Feb 2013	B2
8396644	Kabashima et al.	Mar 2013	B2
8402268	Dierickx	Mar 2013	B2
8418441	He et al.	Apr 2013	B2
8453431	Wang et al.	Jun 2013	B2
8473079	Havlena	Jun 2013	B2
8478506	Grichnik et al.	Jul 2013	B2
RE44452	Stewart et al.	Aug 2013	E
8504175	Pekar et al.	Aug 2013	B2
8505278	Farrell et al.	Aug 2013	B2
8543170	Mazzara, Jr. et al.	Sep 2013	B2
8555613	Wang et al.	Oct 2013	B2
8571689	Macharia et al.	Oct 2013	B2
8596045	Tuomivaara et al.	Dec 2013	B2
8620461	Kihas	Dec 2013	B2
8634940	Macharia et al.	Jan 2014	B2
8639925	Schuetze	Jan 2014	B2
8649884	MacArthur et al.	Feb 2014	B2
8649961	Hawkins et al.	Feb 2014	B2
8667288	Yavuz	Mar 2014	B2
8694197	Rajagopalan et al.	Apr 2014	B2
8700291	Herrmann	Apr 2014	B2
8751241	Oesterling et al.	Jun 2014	B2
8762026	Wolfe et al.	Jun 2014	B2
8763377	Yacoub	Jul 2014	B2
8768996	Shokrollahi et al.	Jul 2014	B2
8813690	Kumar et al.	Aug 2014	B2
8825243	Yang et al.	Sep 2014	B2
8839967	Schneider et al.	Sep 2014	B2
8867746	Ceskutti et al.	Oct 2014	B2
8892221	Kram et al.	Nov 2014	B2
8899018	Frazier et al.	Dec 2014	B2
8904760	Mital	Dec 2014	B2
8983069	Merchan et al.	Mar 2015	B2
9100193	Newsome et al.	Aug 2015	B2
9141996	Christensen et al.	Sep 2015	B2
9170573	Kihas	Oct 2015	B2
9175595	Ceynow et al.	Nov 2015	B2
9223301	Stewart et al.	Dec 2015	B2
9243576	Yu et al.	Jan 2016	B2
9253200	Schwarz et al.	Feb 2016	B2
9325494	Boehl	Apr 2016	B2
9367701	Merchan et al.	Jun 2016	B2
9367968	Giraud et al.	Jun 2016	B2
9483881	Comeau et al.	Nov 2016	B2
9560071	Ruvio et al.	Jan 2017	B2
9779742	Newsome, Jr.	Oct 2017	B2
20020112469	Kanazawa et al.	Aug 2002	A1
20040006973	Makki et al.	Jan 2004	A1
20040086185	Sun	May 2004	A1
20040144082	Mianzo et al.	Jul 2004	A1
20040199481	Hartman et al.	Oct 2004	A1
20040226287	Edgar et al.	Nov 2004	A1
20050171667	Morita	Aug 2005	A1
20050187643	Sayyar-Rodsari et al.	Aug 2005	A1
20050193739	Brunell et al.	Sep 2005	A1
20050210868	Funabashi	Sep 2005	A1
20060047607	Boyden et al.	Mar 2006	A1
20060111881	Jackson	May 2006	A1
20060137347	Stewart et al.	Jun 2006	A1
20060168945	Samad et al.	Aug 2006	A1
20060185626	Allen et al.	Aug 2006	A1
20060212140	Brackney	Sep 2006	A1
20070144149	Kolavennu et al.	Jun 2007	A1
20070156259	Baramov et al.	Jul 2007	A1
20070240213	Karam et al.	Oct 2007	A1
20070261648	Reckels et al.	Nov 2007	A1
20070275471	Coward	Nov 2007	A1
20080010973	Gimbres	Jan 2008	A1
20080103747	Macharia et al.	May 2008	A1
20080132178	Chatterjee et al.	Jun 2008	A1
20080208778	Sayyar-Rodsari et al.	Aug 2008	A1
20080289605	Ito	Nov 2008	A1
20090172416	Bosch et al.	Jul 2009	A1
20090312998	Berckmans et al.	Dec 2009	A1
20100122523	Vosz	May 2010	A1
20100126481	Willi et al.	May 2010	A1
20100300069	Herrmann et al.	Dec 2010	A1
20110056265	Yacoub	Mar 2011	A1
20110060424	Havlena	Mar 2011	A1
20110125295	Bednasch et al.	May 2011	A1
20110131017	Cheng et al.	Jun 2011	A1
20110167025	Danai et al.	Jul 2011	A1
20110173315	Aguren	Jul 2011	A1
20110264353	Atkinson et al.	Oct 2011	A1
20110270505	Chaturvedi et al.	Nov 2011	A1
20120024089	Couey et al.	Feb 2012	A1
20120109620	Gaikwad et al.	May 2012	A1
20120174187	Argon et al.	Jul 2012	A1
20130024069	Wang et al.	Jan 2013	A1
20130067894	Stewart et al.	Mar 2013	A1
20130111878	Pachner et al.	May 2013	A1
20130111905	Pekar et al.	May 2013	A1
20130131954	Yu et al.	May 2013	A1
20130131956	Thibault et al.	May 2013	A1
20130158834	Wagner et al.	Jun 2013	A1
20130204403	Zheng et al.	Aug 2013	A1
20130242706	Newsome, Jr.	Sep 2013	A1
20130326232	Lewis et al.	Dec 2013	A1
20130326630	Argon	Dec 2013	A1
20130338900	Ardanese et al.	Dec 2013	A1
20140032189	Hehle et al.	Jan 2014	A1
20140032800	Peirce et al.	Jan 2014	A1
20140034460	Chou	Feb 2014	A1
20140171856	McLaughlin et al.	Jun 2014	A1
20140258736	Merchan et al.	Sep 2014	A1
20140270163	Merchan	Sep 2014	A1
20140316683	Whitney et al.	Oct 2014	A1
20140318216	Singh	Oct 2014	A1
20140343713	Ziegler et al.	Nov 2014	A1
20140358254	Chu et al.	Dec 2014	A1
20150020152	Litichever et al.	Jan 2015	A1
20150121071	Schwarz et al.	Apr 2015	A1
20150191135	Ben Noon	Jul 2015	A1
20150275783	Wong et al.	Oct 2015	A1
20150321642	Schwepp et al.	Nov 2015	A1
20150324576	Quirant et al.	Nov 2015	A1
20150334093	Mueller	Nov 2015	A1
20160003180	McNulty et al.	Jan 2016	A1
20160012653	Soroko	Jan 2016	A1
20160043832	Ahn et al.	Feb 2016	A1
20160082903	Haggerty	Mar 2016	A1
20160108732	Huang et al.	Apr 2016	A1
20160127357	Zibuschka et al.	May 2016	A1
20160216699	Pekar et al.	Jul 2016	A1
20160239593	Pekar et al.	Aug 2016	A1
20160259584	Schlottmann et al.	Sep 2016	A1
20160330204	Baur et al.	Nov 2016	A1
20160344705	Stumpf et al.	Nov 2016	A1
20160362838	Badwe et al.	Dec 2016	A1
20160365977	Boutros et al.	Dec 2016	A1
20170031332	Santin	Feb 2017	A1
20170048063	Mueller	Feb 2017	A1
20170109521	Ujiie	Apr 2017	A1
20170126701	Glas et al.	May 2017	A1
20170218860	Pachner et al.	Aug 2017	A1
20170259761	Ben Noon	Sep 2017	A1
20170300713	Fan et al.	Oct 2017	A1
20170306871	Fuxman et al.	Oct 2017	A1

Foreign Referenced Citations (55)

Number	Date	Country
102063561	May 2011	CN
102331350	Jan 2012	CN
19628796	Oct 1997	DE
10219382	Nov 2002	DE
102009016509	Oct 2010	DE
102011103346	Aug 2012	DE
0301527	Feb 1989	EP
0877309	Jun 2000	EP
1134368	Sep 2001	EP
1180583	Feb 2002	EP
1221544	Jul 2002	EP
1225490	Jul 2002	EP
1245811	Oct 2002	EP
1273337	Jan 2003	EP
0950803	Sep 2003	EP
1420153	May 2004	EP
1447727	Aug 2004	EP
1498791	Jan 2005	EP
1425642 61	Nov 2005	EP
1686251	Aug 2006	EP
1399784	Oct 2007	EP
2107439	Oct 2009	EP
2146258	Jan 2010	EP
1794339	Jul 2011	EP
1529941	Nov 2011	EP
2543845	Jan 2013	EP
2551480	Jan 2013	EP
2589779	May 2013	EP
2617975	Jul 2013	EP
2267559	Jan 2014	EP
2892201	Jul 2015	EP
2919079	Sep 2015	EP
59190433	Oct 1984	JP
2010282618	Dec 2010	JP
0144629	Jun 2001	WO
0169056	Sep 2001	WO
0232552	Apr 2002	WO
02097540	Dec 2002	WO
02101208	Dec 2002	WO
03023538	Mar 2003	WO
03048533	Jun 2003	WO
03065135	Aug 2003	WO
03078816	Sep 2003	WO
03102394	Dec 2003	WO
2004027230	Apr 2004	WO
2006021437	Mar 2006	WO
2007078907	Jul 2007	WO
2008033800	Mar 2008	WO
2008115911	Sep 2008	WO
2012076838	Jun 2012	WO
2013119665	Aug 2013	WO
2014165439	Oct 2014	WO
2015019104	Feb 2015	WO
2016053194	Apr 2016	WO
WO 2016091439	Jun 2016	WO

Non-Patent Literature Citations (183)

Entry
The Extended European Search Report for EP Application No. 17151521.6, dated Oct. 23, 2017.
The Extended European Search Report for EP Application No. 17163452.0, dated Sep. 26, 2017.
Greenberg, “Hackers Cut a Corvette's Brakes Via A Common Car Gadget,” downloaded from https://www.wired.com2015/08/hackers-cut-corvettes-brakes-v . . . , 14 pages, Aug. 11, 2015, printed Dec. 11, 2017.
http://www.blackpoolcommunications.com/products/alarm-immo . . . , “OBD Security OBD Port Protection—Alarms & Immobilizers . . . ,” 1 page, printed Jun. 5, 2017.
http://www.cnbc.com/2016/09/20/chinese-company-hacks-tesla-car-remotely.html, “Chinese Company Hacks Tesla Car Remotely,” 3 pages, Sep. 20, 2016.
ISO, “ISO Document No. 13185-2:2015(E),” 3 pages, 2015.
“J1979 E/E Diagnostic Test Modules,” Proposed Regulation, Vehicle E.E. System Diagnostic Standards Committee, 1 page, Sep. 28, 2010.
“MicroZed Zynq Evaluation and Development and System on Module, Hardware User Guide,” Avnet Electronics Marketing, Version 1.6, Jan. 22, 2015.
Actron, “Elite AutoScanner Kit—Enhanced OBD I & II Scan Tool, OBD 1300,” Downloaded from https://actron.com/content/elite-autoscanner-kit-enhanced-obd-i-and-obd-ii-scan-tool?utm_ . . . , 5 pages, printed Sep. 27, 2016.
Blue Streak Electronics Inc., “Ford Modules,” 1 page, May 12, 2010.
Goodwin, “Researchers Hack a Corvette's Brakes Via Insurance Black Box,” Downloaded from http://www.cnet.com/roadshow/news/researchers-hack-a-corvettes-brakes-via-insurance-black-box/, 2 pages, Aug. 2015.
Greenberg, “Hackers Remotely Kill a Jeep on the Highway—With Me in It,” Downloaded from http://www.wired.com/2015/07/hackers-remotely-kill-jeep-highway/, 24 pages, Jul. 21, 2015.
Hammacher Schlemmer, “The Windshield Heads Up Display,” Catalog, p. 47, prior to Apr. 26, 2016.
https://www.en.wikipedia.org/wiki/Public-key_cryptography, “Public-Key Cryptography,” 14 pages, printed Feb. 26, 2016.
Zaman, “Lincoln Motor Company: Case study 2015 Lincoln MKC,” Automotive Electronic Design Fundamentals, Chapter 6, 2015.
“Aftertreatment Modeling of RCCI Engine During Transient Operation,” University of Wisconsin—Engine Research Center, 1 page, May 31, 2014.
“Chapter 14: Pollutant Formation,” Fluent Manual, Release 15.0, Chapter 14, pp. 313-345, prior to Jan. 29, 2016.
“Chapter 21, Modeling Pollutant Formation,” Fluent Manual, Release 12.0, Chapter 21, pp. 21-1-21-54, Jan. 30, 2009.
“Model Predictive Control Toolbox Release Notes,” The Mathworks, 24 pages, Oct. 2008.
“Model Predictive Control,” Wikipedia, pp. 1-5, Jan. 22, 2009. http://en.wikipedia.org/w/index.php/title=Special:Book&bookcmd=download&collecton_id=641cd1b5da77cc22&writer=rl&return_to=Model predictive control, retrieved Nov. 20, 2012.
“MPC Implementation Methods for the Optimization of the Response of Control Valves to Reduce Variability,” Advanced Application Note 002, Rev. A, 10 pages, 2007.
“SCR, 400-csi Coated Catalyst,” Leading NOx Control Technologies Status Summary, 1 page prior to Feb. 2, 2005.
Allanson, et al., “Optimizing the Low Temperature Performance and Regeneration Efficiency of the Continuously Regenerating Diesel Particulate Filter System” SAE Paper No. 2002-01-0428, 8 pages, Mar. 2002.
Amstuz, et al., “EGO Sensor Based Robust Output Control of EGR in Diesel Engines,” IEEE TCST, vol. 3, No. 1, 12 pages, Mar. 1995.
Andersson et al., “A Predictive Real Time NOx Model for Conventional and Partially Premixed Diesel Combustion,” SAE International 2006-01-3329, 10 pages, 2006.
Andersson et al., “A Real Time NOx Model for Conventional and Partially Premixed Diesel Combustion,” SAE Technical Paper Series 2006-01-0195, 2006 SAE World Congress, 13 pages, Apr. 3-6, 2006.
Arregle et al., “On Board NOx Prediction in Diesel Engines: A Physical Approach,” Automotive Model Predictive Control, Models Methods and Applications, Chapter 2, 14 pages, 2010.
Asprion, “Optimal Control of Diesel Engines,” PHD Thesis, Diss ETH No. 21593, 436 pages, 2013.
Assanis et al., “A Predictive Ignition Delay Correlation Under Steady-State and Transient Operation of a Direct Injection Diesel Engine,” ASME, Journal of Engineering for Gas Turbines and Power, vol. 125, pp. 450-457, Apr. 2003.
Axehill et al., “A Dual Gradiant Projection Quadratic Programming Algorithm Tailored for Model Predictive Control,” Proceedings of the 47th IEEE Conference on Decision and Control, Cancun Mexico, pp. 3057-3064, Dec. 9-11, 2008.
Axehill et al., “A Dual Gradient Projection Quadratic Programming Algorithm Tailored for Mixed Integer Predictive Control,” Technical Report from Linkopings Universitet, Report No. Li-Th-ISY-R-2833, 58 pages, Jan. 31, 2008.
Baffi et al., “Non-Linear Model Based Predictive Control Through Dynamic Non-Linear Partial Least Squares,” Trans IChemE, vol. 80, Part A, pp. 75-86, Jan. 2002.
Bako et al., “A Recursive Identification Algorithm for Switched Linear/Affine Models,” Nonlinear Analysis: Hybrid Systems, vol. 5, pp. 242-253, 2011.
Barba et al., “A Phenomenological Combustion Model for Heat Release Rate Prediction in High-Speed DI Diesel Engines with Common Rail Injection,” SAE Technical Paper Series 2000-01-2933, International Fall Fuels and Lubricants Meeting Exposition, 15 pages, Oct. 16-19, 2000.
Bemporad et al., “Model Predictive Control Toolbox 3, User's Guide,” Matlab Mathworks, 282 pages, 2008.
Bemporad et al., “The Explicit Linear Quadratic Regulator for Constrained Systems,” Automatica, 38, pp. 3-20, 2002.
Bemporad, “Model Predictive Control Based on Linear Programming—The Explicit Solution,” IEEE Transactions on Automatic Control, vol. 47, No. 12, pp. 1974-1984, Dec. 2002.
Bemporad, “Model Predictive Control Design: New Trends and Tools,” Proceedings of the 45th IEEE Conference on Decision & Control, pp. 6678-6683, Dec. 13-15, 2006.
Bemporad, et al., “Explicit Model Predictive Control,” 1 page, prior to Feb. 2, 2005.
Bertsekas, “On the Goldstein-Levitin-Polyak Gradient Projection Method,” IEEE Transactions on Automatic Control, vol. AC-21, No. 2, pp. 174-184, Apr. 1976.
Bertsekas, “Projected Newton Methods for Optimization Problems with Simple Constraints,” SIAM J. Control and Optimization, vol. 20, No. 2, pp. 221-246, Mar. 1982.
Blanco-Rodriguez, “Modelling and Observation of Exhaust Gas Concentrations for Diesel Engine Control,” Phd Dissertation, 242 pages, Sep. 2013.
Borrelli et al., “An MPC/Hybrid System Approach to Traction Control,” IEEE Transactions on Control Systems Technology, vol. 14, No. 3, pp. 541-553, May 2006.
Borrelli, “Constrained Optimal Control of Linear and Hybrid Systems,” Lecture Notes in Control and Information Sciences, vol. 290, 2003.
Borrelli, “Discrete Time Constrained Optimal Control,” A Dissertation Submitted to the Swiss Federal Institute of Technology (ETH) Zurich, Diss. ETH No. 14666, 232 pages, Oct. 9, 2002.
Bourn et al., “Advanced Compressor Engine Controls to Enhance Operation, Reliability and Integrity,” Southwest Research Institute, DOE Award No. DE-FC26-03N141859, SwRI Project No. 03.10198, 60 pages, Mar. 2004.
Catalytica Energy Systems, “Innovative NOx Reduction Solutions for Diesel Engines,” 13 pages, 3rd Quarter, 2003.
Charalampidis et al., “Computationally Efficient Kalman Filtering for a Class of Nonlinear Systems,” IEEE Transactions on Automatic Control, vol. 56, No. 3, pp. 483-491, Mar. 2011.
Chatterjee, et al. “Catalytic Emission Control for Heavy Duty Diesel Engines,” JM, 46 pages, prior to Feb. 2, 2005.
Chew, “Sensor Validation Scheme with Virtual NOx Sensing for Heavy Duty Diesel Engines,” Master's Thesis, 144 pages, 2007.
European Search Report for EP Application No. 11167549.2 dated Nov. 27, 2012.
European Search Report for EP Application No. 12191156.4-1603 dated Feb. 9, 2015.
European Search Report for EP Application No. EP 10175270.7-2302419 dated Jan. 16, 2013.
European Search Report for EP Application No. EP 15152957.5-1807 dated Feb. 10, 2015.
The Extended European Search Report for EP Application No. 15155295.7-1606, dated Aug. 4, 2015.
The Extended European Search Report for EP Application No. 15179435.1, dated Apr. 1, 2016.
U.S. Appl. No. 15/005,406, filed Jan. 25, 2016.
U.S. Appl. No. 15/011,445, filed Jan. 29, 2016.
De Oliveira, “Constraint Handling and Stability Properties of Model Predictive Control,” Camegie Institute of Technology, Department of Chemical Engineering, Paper 197, 64 pages, Jan. 1, 1993.
De Schutter et al., “Model Predictive Control for Max-Min-Plus-Scaling Systems,” Proceedings of the 2001 American Control Conference, Arlington, VA, pp. 319-324, Jun. 2001.
Ding, “Characterising Combustion in Diesel Engines, Using Parameterised Finite Stage Cylinder Process Models,” 281 pages, Dec. 21, 2011.
Docquier et al., “Combustion Control and Sensors: a Review,” Progress in Energy and Combustion Science, vol. 28, pp. 107-150, 2002.
Dunbar, “Model Predictive Control: Extension to Coordinated Multi-Vehicle Formations and Real-Time Implementation,” CDS Technical Report 01-016, 64 pages, Dec. 7, 2001.
Egnell, “Combustion Diagnostics by Means of Multizone Heat Release Analysis and NO Calculation,” SAE Technical Paper Series 981424, International Spring Fuels and Lubricants Meeting and Exposition, 22 pages, May 4-6, 1998.
Ericson, “NOx Modelling of a Complete Diesel Engine/SCR System,” Licentiate Thesis, 57 pages, 2007.
Finesso et al., “Estimation of the Engine-Out NO2/NOx Ration in a Euro VI Diesel Engine,” SAE International 2013-01-0317, 15 pages, Apr. 8, 2013.
Fleming, “Overview of Automotive Sensors,” IEEE Sensors Journal, vol. 1, No. 4, pp. 296-308, Dec. 2001.
Ford Motor Company, “2012 My OBD System Operation Summary for 6.7L Diesel Engines,” 149 pages, Apr. 21, 2011.
Formentin et al., “NOx Estimation in Diesel Engines Via In-Cylinder Pressure Measurement,” IEEE Transactions on Control Systems Technology, vol. 22, No. 1, pp. 396-403, Jan. 2014.
Galindo, “An On-Engine Method for Dynamic Characterisation of NOx Concentration Sensors,” Experimental Thermal and Fluid Science, vol. 35, pp. 470-476, 2011.
Gamma Technologies, “Exhaust Aftertreatment with GT-Suite,” 2 pages, Jul. 17, 2014.
GM “Advanced Diesel Technology and Emissions,” powertrain technologies—engines, 2 pages, prior to Feb. 2, 2005.
Advanced Petroleum-Based Fuels-Diesel Emissions Control (APBF-DEC) Project, “Quarterly Update,” No. 7, 6 pages, Fall 2002.
Guardiola et al., “A Bias Correction Method for Fast Fuel-to-Air Ratio Estimation in Diesel Engines,” Proceedings of the Institution of Mechanical Engineers, Part D: Journal of Automobile Engineering, vol. 227, No. 8, pp. 1099-1111, 2013.
Guardiola et al., “A Computationally Efficient Kalman Filter Based Estimator for Updating Look-Up Tables Applied to NOx Estimation in Diesel Engines,” Control Engineering Practice, vol. 21, pp. 1455-1468.
Guerreiro et al., “Trajectory Tracking Nonlinear Model Predictive Control for Autonomous Surface Craft,” Proceedings of the European Control Conference, Budapest, Hungary, 6 pages, Aug. 2009.
Guzzella et al., “Introduction to Modeling and Control of Internal Combustion Engine Systems,” 303 pages, 2004.
Guzzella, et al., “Control of Diesel Engines,” IEEE Control Systems Magazine, pp. 53-71, Oct. 1998.
Hahlin, “Single Cylinder ICE Exhaust Optimization,” Master's Thesis, retrieved from https://pure.Itu.se/portal/files/44015424/LTU-EX-2013-43970821.pdf, 50 pages, Feb. 1, 2014.
Havelena, “Componentized Architecture for Advanced Process Management,” Honeywell International, 42 pages, 2004.
Heywood, “Pollutant Formation and Control,” Internal Combustion Engine Fundamentals, pp. 567-667, 1988.
Hiranuma, et al., “Development of DPF System for Commercial Vehicle—Basic Characteristic and Active Regeneration Performance,” SAE Paper No. 2003-1-3182, Mar. 2003.
Hirsch et al., “Dynamic Engine Emission Models,” Automotive Model Predictive Control, Chapter 5, 18 pages, LNCIS 402, 2012.
Hirsch et al., “Grey-Box Control Oriented Emissions Models,” The International Federation of Automatic Control (IFAC), Proceedings of the 17th World Congress, pp. 8514-8519, Jul. 6-11, 2008.
Hockerdal, “EKF-based Adaptation of Look-Up Tables with an Air Mass-Flow Sensor Application,” Control Engineering Practice, vol. 19, 12 pages, 2011.
Honeywell, “Profit Optimizer a Distributed Quadratic Program (DQP) Concepts Reference,” 48 pages, prior to Feb. 2, 2005.
http://nexceris.com/news/nextech-materials/, “NEXTECH Materials is Now NEXCERIS,” 7 pages, printed Oct. 4, 2016.
http://www.arb.ca.gov/msprog/obdprog/hdobdreg.htm, “Heavy-Duty OBD Regulations and Rulemaking,” 8 pages, printed Oct. 4, 2016.
http://www.not2fast.wryday.com/turbo/glossary/turbo_glossary.shtml, “Not2Fast: Turbo Glossary,” 22 pages, printed Oct. 1, 2004.
http://www.tai-cwv.com/sbl106.0.html, “Technical Overview-Advanced Control Solutions,” 6 pages, printed Sep. 9, 2004.
http://www.dieselnet.com/standards/us/obd.php, “Emission Standards: USA: On-Board Diagnostics,” 6 pages, printed Oct. 3, 2016.
Ishida et al., “An Analysis of the Added Water Effect on NO Formation in D.I. Diesel Engines,” SAE Technical Paper Series 941691, International Off-Highway and Power-Plant Congress and Exposition, 13 pages, Sep. 12-14, 1994.
Ishida et al., “Prediction of NOx Reduction Rate Due to Port Water Injection in a DI Diesel Engine,” SAE Technical Paper Series 972961, International Fall Fuels and Lubricants Meeting and Exposition, 13 pages, Oct. 13-16, 1997.
Jensen, “The 13 Monitors of an OBD System,” http://www.oemoffhighway.com/article/1 0855512/the-13-monito . . . , 3 pages, printed Oct. 3, 2016.
Johansen et al., “Hardware Architecture Design for Explicit Model Predictive Control,” Proceedings of ACC, 6 pages, 2006.
Johansen et al., “Hardware Synthesis of Explicit Model Predictive Controllers,” IEEE Transactions on Control Systems Technology, vol. 15, No. 1, Jan. 2007.
Jonsson, “Fuel Optimized Predictive Following in Low Speed Conditions,” Master's Thesis, 46 pages, Jun. 28, 2003.
Kelly, et al., “Reducing Soot Emissions from Diesel Engines Using One Atmosphere Uniform Glow Discharge Plasma,” SAE Paper No. 2003-1-1183, Mar. 2003.
Keulen et al., “Predictive Cruise Control in Hybrid Electric Vehicles,” World Electric Journal, vol. 3, ISSN 2032-6653, 11 pages, May 2009.
Khair et al., “Emission Formation in Diesel Engines,” Downloaded from https://www.dieselnet.com/tech/diesel_emiform.php, 33 pages, printed Oct. 14, 2016.
Kihas et al., “Chapter 14, Diesel Engine SCR Systems: Modeling Measurements and Control,” Catalytic Reduction Technology (book), Part 1, Chapter 14, prior to Jan. 29, 2016.
Kolmanovsky et al., “Issues in Modeling and Control of Intake Flow in Variable Geometry Turbocharged Engines”, 18th IFIP Conf. System Modeling and Optimization, pp. 436-145, Jul. 1997.
Krause et al., “Effect of Inlet Air Humidity and Temperature on Diesel Exhaust Emissions,” SAE International Automotive Engineering Congress, 8 pages, Jan. 8-12, 1973.
Kulhavy et al. “Emerging Technologies for Enterprise Optimization in the Process Industries,” Honeywell, 12 pages, Dec. 2000.
Lavoie et al., “Experimental and Theoretical Study of Nitric Oxide Formation in Internal Combustion Engines,” Combustion Science and Technology, vol. 1, pp. 313-326, 1970.
Locker, et al., “Diesel Particulate Filter Operational Characterization,” Coming Incorporated, 10 pages, prior to Feb. 2, 2005.
Lu, “Challenging Control Problems and Engineering Technologies in Enterprise Optimization,” Honeywell Hi-Spec Solutions, 30 pages, Jun. 4-6, 2001.
Van Keulen et al., “Predictive Cruise Control in Hybrid Electric Vehicles,” World Electric Vehicle Journal vol. 3, ISSN 2032-6653, pp. 1-11, 2009.
VDO, “UniNOx-Sensor Specification,” Continental Trading GmbH, 2 pages, Aug. 2007.
Vereschaga et al., “Piecewise Affine Modeling of NOx Emission Produced by a Diesel Engine,” 2013 European Control Conference (ECC), pp. 2000-2005, Jul. 17-19, 2013.
Wahlstrom et al., “Modelling Diesel Engines with a Variable-Geometry Turbocharger and Exhaust Gas Recirculation by Optimization of Model Parameters for Capturing Non-Linear System Dynamics,” (Original Publication) Proceedings of the Institution of Mechanical Engineers, Part D, Journal of Automobile Engineering, vol. 225, No. 7, 28 pages, 2011.
Wang et al., “Fast Model Predictive Control Using Online Optimization,” Proceedings of the 17th World Congress, the International Federation of Automatic Control, Seoul, Korea, pp. 6974-6979, Jul. 6-11, 2008.
Wang et al., “PSO-Based Model Predictive Control for Nonlinear Processes,” Advances in Natural Computation, Lecture Notes in Computer Science, vol. 3611/2005, 8 pages, 2005.
Wang et al., “Sensing Exhaust NO2 Emissions Using the Mixed Potential Principal,” SAE 2014-1-1487, 7 pages, Apr. 1, 2014.
Wilhelmsson et al., “A Fast Physical NOx Model Implemented on an Embedded System,” Proceedings of the IFAC Workshop on Engine and Powertrain Control, Simulation and Modeling, pp. 207-215, Nov. 30-Dec. 2, 2009.
Wilhemsson et al., “A Physical Two-Zone NOx Model Intended for Embedded Implementation,” SAE 2009-1-1509, 11 pages, 2009.
Winkler et al., “Incorporating Physical Knowledge About the Formation of Nitric Oxides into Evolutionary System Identification,” Proceedings of the 20th European Modeling and Simulation Symposium (EMSS), 6 pages, 2008.
Winkler et al., “On-Line Modeling Based on Genetic Programming,” 12 pages, International Journal on Intelligent Systems Technologies and Applications 2, 2007.
Winkler et al., “Using Genetic Programming in Nonlinear Model Identification,” 99 pages, prior to Jan. 29, 2016.
Winkler et al., “Virtual Sensors for Emissions of a Diesel Engine Produced by Evolutionary System Identification,” LNCS, vol. 5717, 8 pages, 2009.
Wong, “CARB Heavy-Duty OBD Update,” California Air Resources Board, SAE OBD TOPTEC, Downloaded from http://www.arb.ca.gov/msprog/obdprog/hdobdreg.htm, 72 pages, Sep. 15, 2005.
Wright, “Applying New Optimization Algorithms to Model Predictive Control,” 5th International Conference on Chemical Process Control, 10 pages, 1997.
Yao et al., “The Use of Tunnel Concentration Profile Data to Determine the Ratio of NO2/NOx Directly Emitted from Vehicles,” HAL Archives, 19 pages, 2005.
Zavala et al., “The Advance-Step NMPC Controller: Optimality, Stability, and Robustness,” Automatica, vol. 45, pp. 86-93, 2009.
Zeilinger et al., “Real-Time MPC—Stability Through Robust MPC Design,” Joint 48th IEEE Conference on Decision and Control and 28th Chinese Control Conference, Shanghai, P.R. China, pp. 3980-3986, Dec. 16-18, 2009.
Zeldovich, “The Oxidation of Nitrogen in Combustion and Explosions,” ACTA Physiochimica U.R.S.S., vol. XX1, No. 4, 53 pages, 1946.
Zelenka, et al., “An Active Regeneration as a Key Element for Safe Particulate Trap Use,” SAE Paper No. 2001-0103199, 13 pages, Feb. 2001.
Zhu, “Constrained Nonlinear Model Predictive Control for Vehicle Regulation,” Dissertation, Graduate School of the Ohio State University, 125 pages, 2008.
Zhuiykov et al., “Development of Zirconia-Based Potentiometric NOx Sensors for Automotive and Energy Industries in the Early 21st Century: What Are the Prospects for Sensors?”, Sensors and Actuators B, vol. 121, pp. 639-651, 2007.
Desantes et al., “Development of NOx Fast Estimate Using NOx Sensor,” EAEC 2011 Congress, 2011.
Andersson et al., “Fast Physical NOx Prediction in Diesel Engines, The Diesel Engine: The Low CO2 and Emissions Reduction Challenge,” Conference Proceedings, Lyon, 2006.
Winkler, “Evolutionary System Identification—Modem Approaches and Practical Applications,” Kepler Universitat Linz, Reihe C: Technik und Naturwissenschaften, Universitatsverlag Rudolf Trauner, 2009.
Smith, “Demonstration of a Fast Response On-Board NOx Sensor for Heavy-Duty Diesel Vehicles,” Technical report, Southwest Research Institute Engine and Vehicle Research Division SwRI Project No. 03-02256 Contract No. 98-302, 2000.
Maciejowski, “Predictive Control with Constraints,” Prentice Hall, Pearson Education Limited, 4 pages, 2002.
Manchur et al., “Time Resolution Effects on Accuracy of Real-Time NOx Emissions Measurements,” SAE Technical Paper Series 2005-1-0674, 2005 SAE World Congress, 19 pages, Apr. 11-14, 2005.
Mariethoz et al., “Sensorless Explicit Model Predictive Control of the DC-DC Buck Converter with Inductor Current Limitation,” IEEE Applied Power Electronics Conference and Exposition, pp. 1710-1715, 2008.
Marjanovic, “Towards a Simplified Infinite Horizon Model Predictive Controller,” 6 pages, Proceedings of the 5th Asian Control Conference, 6 pages, Jul. 20-23, 2004.
Mehta, “The Application of Model Predictive Control to Active Automotive Suspensions,” 56 pages, May 17, 1996.
Mohammadpour et al., “a Survey on Diagnostics Methods for Automotive Engines,” 2011 American Control Conference, pp. 985-990, Jun. 29-Jul. 1, 2011.
Moore, “Living with Cooled-EGR Engines,” Prevention Illustrated, 3 pages, Oct. 3, 2004.
Moos, “Catalysts as Sensors—A Promising Novel Approach in Automotive Exhaust Gas Aftertreatment,” http://www.mdpi.com/1424-8220/10/7/6773htm, 10 pages, Jul. 13, 2010.
Murayama et al., “Speed Control of Vehicles with Variable Valve Lift Engine by Nonlinear MPC,” ICROS-SICE International Joint Conference, pp. 4128-4133, 2009.
National Renewable Energy Laboratory (NREL), “Diesel Emissions Control-Sulfur Effects Project (DECSE) Summary of Reports,” U.S. Department of Energy, 19 pages, Feb. 2002.
Olsen, “Analysis and Simulation of the Rate of Heat Release (ROHR) in Diesel Engines,” MSc-Assignment, 105 pages, Jun. 2013.
Ortner et al., “MPC for a Diesel Engine Air Path Using an Explicit Approach for Constraint Systems,” Proceedings of the 2006 IEEE Conference on Control Applications, Munich Germany, pp. 2760-2765, Oct. 4-6, 2006.
Ortner et al., “Predictive Control of a Diesel Engine Air Path,” IEEE Transactions on Control Systems Technology, vol. 15, No. 3, pp. 449-456, May 2007.
Pannocchia et al., “Combined Design of Disturbance Model and Observer for Offset-Free Model Predictive Control,” IEEE Transactions on Automatic Control, vol. 52, No. 6, 6 pages, 2007.
Patrinos et al., “A Global Piecewise Smooth Newton Method for Fast Large-Scale Model Predictive Control,” Tech Report TR2010-02, National Technical University of Athens, 23 pages, 2010.
Payri et al., “Diesel NOx Modeling with a Reduction Mechanism for the Initial NOx Coming from EGR or Re-Entrained Burned Gases,” 2008 World Congress, SAE Technical Paper Series 2008-1-1188, 13 pages, Apr. 14-17, 2008.
Payri et al., “Methodology for Design and Calibration of a Drift Compensation Method for Fuel-to-Air Ratio,” SAE International 2012-1-0717, 13 pages, Apr. 16, 2012.
Pipho et al., “NO2 Formation in a Diesel Engine,” SAE Technical Paper Series 910231, International Congress and Exposition, 15 pages, Feb. 25-Mar. 1, 1991.
Qin et al., “A Survey of Industrial Model Predictive Control Technology,” Control Engineering Practice, 11, pp. 733-764, 2003.
Querel et al., “Control of an SCR System Using a Virtual NOx Sensor,” 7th IFAC Symposium on Advances in Automotive Control, The International Federation of Automotive Control, pp. 9-14, Sep. 4-7, 2013.
Rajamani, “Data-based Techniques to Improve State Estimation in Model Predictive Control,” Ph.D. Dissertation, 257 pages, 2007.
Rawlings, “Tutorial Overview of Model Predictive Control,” IEEE Control Systems Magazine, pp. 38-52, Jun. 2000.
Ricardo Software, “Powertrain Design at Your Fingertips,” retrieved from http://www.ricardo.com/PageFiles/864/WaveFlyerA4_4PP.pdf, 2 pages, downloaded Jul. 27, 2015.
Salval, et al., “Passenger Car Serial Application of a Particulate Filter System on a Common Rail Direct Injection Engine,” SAE Paper No. 2000-01-0473, 14 pages, Feb. 2000.
Santin et al., “Combined Gradient/Newton Projection Semi-Explicit QP Solver for Problems with Bound Constraints,” 2 pages, prior to Jan. 29, 2016.
Schauffele et al., “Automotive Software Engineering Principles, Processes, Methods, and Tools,” SAE International, 10 pages, 2005.
Schilling et al., “A Real-Time Model for the Prediction of the NOx Emissions in DI Diesel Engines,” Proceedings of the 2006 IEEE International Conference on Control Applications, pp. 2042-2047, Oct. 4-7, 2006.
Schilling “Model-Based Detection and Isolation of Faults in the Air and Fuel Paths of Common-Rail DI Diesel Engines Equipped with a Lambda and a Nitrogen Oxides Sensor,” Doctor of Sciences Dissertation, 210 pages, 2008.
Shahzad et al., “Preconditioners for Inexact Interior Point Methods for Predictive Control,” 2010 American Control Conference, pp. 5714-5719, Jun. 30-Jul. 2010.
Shamma, et al. “Approximate Set-Valued Observers for Nonlinear Systems,” IEEE Transactions on Automatic Control, vol. 42, No. 5, May 1997.
Signer et al., “European Programme on Emissions, Fuels and Engine Technologies (EPEFE)—Heavy Duty Diesel-Study,” International Spring Fuels and Lubricants Meeting, SAE 961074, May 6-8, 1996.
Soltis, “Current Status of NOx Sensor Development,” Workshop on Sensor Needs and Requirements for PEM Fuel Cell Systems and Direct-Injection Engines, 9 pages, Jan. 25-26, 2000.
Stefanopoulou, et al., “Control of Variable Geometry Turbocharged Diesel Engines for Reduced Emissions,” IEEE Transactions on Control Systems Technology, vol. 8, No. 4, pp. 733-745, Jul. 2000.
Stewart et al., “A Model Predictive Control Framework for Industrial Turbodiesel Engine Control,” Proceedings of the 47th IEEE Conference on Decision and Control, 8 pages, 2008.
Stewart et al., “A Modular Model Predictive Controller for Turbodiesel Problems,” First Workshop on Automotive Model Predictive Control, Schloss Muhldorf, Feldkirchen, Johannes Kepler University, Linz, 3 pages, 2009.
Storset et al., “Air Charge Estimation for Turbocharged Diesel Engines,” vol. 1 Proceedings of the American Control Conference, 8 pages, Jun. 28-30, 2000.
Stradling et al., “The Influene of Fuel Properties and Injection Timing on the Exhaust Emissions and Fuel Consumption of an Iveco Heavy-Duty Diesel Engine,” International Spring Fuels and Lubricants Meeting, SAE 971635, May 5-8, 1997.
Takacs et al., “Newton-Raphson Based Efficient Model Predictive Control Applied on Active Vibrating Structures,” Proceeding of the European Control Conference 2009, Budapest, Hungary, pp. 2845-2850, Aug. 23-26, 2009.
The MathWorks, “Model-Based Calibration Toolbox 2.1 Calibrate complex powertrain systems,” 4 pages, prior to Feb. 2, 2005.
The MathWorks, “Model-Based Calibration Toolbox 2.1.2,” 2 pages, prior to Feb. 2, 2005.
Theiss, “Advanced Reciprocating Engine System (ARES) Activities at the Oak Ridge National Lab (ORNL), Oak Ridge National Laboratory,” U.S. Department of Energy, 13 pages, Apr. 14, 2004.
Tondel et al., “An Algorithm for Multi-Parametric Quadratic Programming and Explicit MPC Solutions,” Automatica, 39, pp. 489-497, 2003.
Traver et al., “A Neural Network-Based Virtual NOx Sensor for Diesel Engines,” 7 pages, prior to Jan. 29, 2016.
Tschanz et al., “Cascaded Multivariable Control of the Combustion in Diesel Engines,” The International Federation of Automatic Control (IFAC), 2012 Workshop on Engine and Powertrain Control, Simulation and Modeling, pp. 25-32, Oct. 23-25, 2012.
Tschanz et al., “Control of Diesel Engines Using NOx-Emission Feedback,” International Journal of Engine Research, vol. 14, No. 1, pp. 45-56, 2013.
Tschanz et al., “Feedback Control of Particulate Matter and Nitrogen Oxide Emissions in Diesel Engines,” Control Engineenng Practice, vol. 21, pp. 1809-1820, 2013.
Turner, “Automotive Sensors, Sensor Technology Series,” Momentum Press, Unable to Obtain the Entire Book, a Copy of the Front and Back Covers and Table of Contents are Provided, 2009.
Van Basshuysen et al., “Lexikon Motorentectinit,” (Dictionary of Automotive Technology) published by Vieweg Verlag, Wiesbaden 039936, p. 518, 2004. (English Translation).
Van Den Boom et al., “MPC for Max-Plus-Linear Systems: Closed-Loop Behavior and Tuning,” Proceedings of the 2001 American Control Conference, Arlington, VA, pp. 325-330, Jun. 2001.
Van Heiden et al., “Optimization of Urea SCR deNOx Systems for HD Diesel Engines,” SAE International 2004-01-0154, 13 pages, 2004.

Related Publications (1)

	Number	Date	Country
	20170305368 A1	Oct 2017	US

Vehicle security module system

Information

Patent Number

Date Filed

Date Issued

Inventors

Original Assignees

Examiners

Agents

CPC

Field of Search

US

CPC

International Classifications