CPC H04L 63/164 (2013.01) [H04L 9/3242 (2013.01); H04L 9/3247 (2013.01); H04L 9/3268 (2013.01); H04L 63/0869 (2013.01); H04L 2209/84 (2013.01)] | 10 Claims |
1. A method for transmitting data or messages on a communications network on board a vehicle between a requesting entity requesting a service instance and an offering entity offering a service instance using a Service Oriented Middleware over Internet Protocol (SOME/IP) communication protocol, in which said offering entity provides a response as a result of a request by said requesting entity, or in which said offering entity provides periodic notifications or notifications triggered by events as a result of a subscription to a service by said requesting entity,
wherein an authorization to said requesting entity and to said offering entity to access the service instance is predefined by a certification body external to the vehicle, which issues a pre-assigned certificate of said requesting entity and said offering entity, wherein the pre-assigned certificate of said offering entity further assigns a minimum security level to said service for the offering entity among a plurality of predetermined security levels and the pre-assigned certificate of said requesting entity assigns a minimum security level to said service for the requesting entity among said plurality of predetermined security levels, wherein said plurality of predetermined security levels comprises an authentication security level, in which a message authentication code encrypted with a predetermined encryption function is associated with each communication message of the service instance, and a confidentiality security level, in which each communication message includes a message authentication code encrypted with a predetermined encryption function and payload encrypted with said predetermined encryption function,
and wherein said method comprises a preliminary mutual authentication step between said requesting entity and said offering entity in view of a subsequent communication associated with the service instance, comprising:
verifying existence and mutual validity of said pre-assigned certificate of said requesting entity and of said offering entity,
verifying that security level of the service offered by the offering entity is not less than the minimum security level pre-assigned to said service at the requesting entity and at the offering entity, and
transmitting at least one communication message associated with the service instance from the offering entity to the requesting entity and vice versa based on successful security level verification and successful pre-assigned certificate verification.
|