	US 12,143,363 B2
	CANBUS cybersecurity firewall
Steven Adams, Union Beach, NJ (US); Maureen Langevin, Laurence Harbor, NJ (US); Christine Murphy, Belmar, NJ (US); Toby Avino, Fair Haven, NJ (US); John Liefert, Matawan, NJ (US); William O′Hern, Wall, NJ (US); Daniel Sheleheda, Florham Park, NJ (US); and Jayaraman Ramachandran, Plainsboro, NJ (US)
Assigned to AT&T INTELLECTUAL PROPERTY I, L.P., Atlanta, GA (US); and AT&T MOBILITY II LLC, Atlanta, GA (US)
Filed by AT&T Intellectual Property I, L.P., Atlanta, GA (US); and AT&T Mobility II LLC, Atlanta, GA (US)
Filed on Dec. 6, 2021, as Appl. No. 17/542,700.
Prior Publication US 2023/0179570 A1, Jun. 8, 2023
Int. Cl. H04L 9/40 (2022.01); H04L 12/40 (2006.01)

CPC H04L 63/0263 (2013.01) [H04L 12/40019 (2013.01); H04L 63/0245 (2013.01); H04L 2012/40215 (2013.01)]

20 Claims

1. An apparatus comprising:

a processor; and

memory coupled with the processor, the memory storing executable instructions that when executed by the processor cause the processor to effectuate operations comprising:

monitoring a signal on a serial bus of a Controller Area Network (CAN) bus system of a vehicle, wherein the signal is associated with an application;

converting the signal into a CAN bus frame;

comparing the CAN bus frame to a policy rule;

matching the policy rule with the CAN bus frame; and

based on the matching of the policy rule with the CAN bus frame, sending an indication of a drop action to be implemented by one or more apparatuses of the CAN bus system, wherein the policy rule specifies that a drop action is to be performed after a threshold number of alert actions have been indicated for CAN bus frames associated with the application within a period of time without any allow actions having been indicated for CAN bus frames associated with the application within that period of time, such that a drop action is not performed if an allow action is indicated for CAN bus frames associated with the application within that period of time.