	US 12,278,811 B2
	Securing in-vehicle service oriented architecture with mac generate allow list
Brian Farrell, Troy, MI (US); Sherif Aly, West Bloomfield, MI (US); Mohamed A. Layouni, Fraser, MI (US); and Manohar Reddy Nanjundappa, Cedar Park, TX (US)
Assigned to GM Global Technology Operations LLC, Detroit, MI (US)
Filed by GM GLOBAL TECHNOLOGY OPERATIONS LLC, Detroit, MI (US)
Filed on Dec. 1, 2022, as Appl. No. 18/073,540.
Prior Publication US 2024/0187401 A1, Jun. 6, 2024
Int. Cl. G06F 21/00 (2013.01); H04L 9/40 (2022.01)

CPC H04L 63/083 (2013.01) [H04L 63/20 (2013.01)]

20 Claims

1. A system comprising:

a host;

a security peripheral, wherein:

the security peripheral includes a generation module, a verification module, a generation allow list, a transceiver, and a processor coupled to a memory;

the memory is operational to store a plurality of verification keys and a plurality of generation keys;

the plurality of generation keys includes a dedicated key used by the host to request generation of a first message authentication code;

the security peripheral is operational to determine if the host is permitted to transmit a first message in response to a transmit request and a first key serial number;

the first key serial number identifies the dedicated key of the plurality of generation keys;

the generation module is operational to generate the first message authentication code based on (i) the dedicated key and (ii) a policy in the generation allow list, and not generate the first message authentication code if a message identifier of the host is not in the generation allow list;

the transceiver is operational to transmit to a particular receiver the first message authentication code and the first key serial number in the first message;

the transceiver is further operational to receive from a distinct host a second message that includes a second message authentication code and a second key serial number;

the security peripheral is further operational to determine if the host is permitted to accept the second message;

the second key serial number identifies a second particular one of the plurality of verification keys; and

the verification module is operational to verify that the second message is acceptable based on the second message authentication code and the second particular verification key; and

a plurality of receivers, wherein:

each receiver is operational to receive a plurality of messages from the host;

the particular receiver of the plurality of receivers is operational to receive the first message from the host;

the particular receiver is further operational to obtain knowledge regarding a relative trustworthiness of the host based at least in part on a type of service to be sent for authentication; and

relocation or movement of one or more among the host and the plurality of receivers to a geographically different location relies on a relative trustworthiness of the host without making substantive changes to the plurality of receivers.