One embodiment provides an electronic control unit (ECU) for a vehicle. The ECU includes transceiver circuitry, voltage measurement circuitry and feature set circuitry. The transceiver circuitry is to at least one of send and/or receive a message. The voltage measurement circuitry is to determine at least one of a high bus line voltage (VCANH) value and/or a low bus line voltage (VCANL) value, for each zero bit of at least one zero bit of a received message. The received the message includes a plurality of bits. The feature set circuitry is to determine a value of at least one feature of a feature set based, at least in part, on at least one of a high acknowledge (ACK) threshold voltage (VthH) and/or a low ACK threshold voltage (VthL). The feature set includes at least one of an operating most frequently measured VCANH value (VfreqH2) of a number of VCANH values and/or an operating most frequently measured VCANL value (VfreqL2) of a number of VCANL values.

A service cooperation system enables a use of a function provided by an in-vehicle apparatus or an external apparatus as a service. The service cooperation system for the vehicle includes a service interface, a local service bus, a service bus, and an integrated application. The service interface of a subject apparatus provides the service generated in the subject apparatus to a different apparatus. The local service bus transmits and receives a message between the service interface of the subject apparatus and the service interface of the different apparatus. The service bus is virtually configured by a connection of the local service bus of the subject apparatus and the local service bus of the different apparatus. The integrated application functions as the application and enables a cooperated use of an in-vehicle service and an external service through the service bus.

A fraud detection method includes: determining whether a period of a message repeatedly transmitted in an in-vehicle network is anomalous; detecting whether arbitration occurs when the message is transmitted in the in-vehicle network; and determining that the message is an anomalous message, in the case where the period of the message is anomalous and no arbitration occurs when the message is transmitted in the in-vehicle network.

A module for a vehicle includes: a first communication module that transmits and receives first data to and from a first in-vehicle module; a second communication module that transmits and receives second data to and from a second in-vehicle module; and a control module that controls relay of third data among the first communication module and the second communication module. In a case where reception data received by the control module from the first or second communication module is unauthorized, the control module stops relaying the third data in accordance with a traveling state of the vehicle satisfying a predetermined condition, The traveling state includes: the vehicle being stopped; a vehicle speed being at or below a predetermined speed; brakes being applied; a hazard indicator being on; a driver being in a state capable of driving; and/or self-driving functions being in an off state.

A data guard circuit can be used to verify encryption of the data traffic on a bus between two integrated circuit (IC) devices. The data guard circuit can monitor the data traffic on the bus to analyze the data traffic based on a configuration. The analysis can be performed by sampling the data traffic, and a statistical data pattern can be identified in the sampled data traffic. The statistical data pattern can be compared with a threshold to determine whether the data traffic is encrypted. The data guard circuit can generate a notification if the data traffic is not encrypted as expected so that an appropriate action can be taken to protect the data.

Provided are a communication system and a communication device that allow a reception node to estimate delay time, a generation time point or the like of a message. A delay time estimation part in an ECU determines whether a message received by itself is transmitted in sequence with another message without being provided with time information by a transmission node. If the received message is transmitted in sequence with another message, the received message may be delayed due to arbitrary processing. Thus, the delay time estimation part checks the priority of one or more sequential messages preceding the received message, and estimates delay time of the received message occurring due to the arbitrary processing in accordance with the priority of each message. A generation time point estimation part estimates the time point when the received message is generated by an ECU, based on the delay time estimated.

A system and method for monitoring data traffic on a MIL-STD-1553 data bus system with a data guard. The monitoring system includes a data guard, which may be toggled between a passive mode and an active mode using two switches. In the active mode, using a first switch, data traffic from remote terminals on the MIL-STD-1553 data bus system are placed on a guarded bus of the data guard system and sent to the data guard by way of a coupler for filtering data messages through a plurality of pre-generated data set rules. If the data traffic is validated, it is returned to the MIL-STD-1553 data bus system through a second coupler. In the passive mode, the data traffic is directed to a transparent bus by way of a third coupler using a second switch, thus allowing the MIL-STD-1553 data bus system to operate without latency concerns.

A device access apparatus for a client-server system is described, wherein the device access apparatus is used to access components of a field bus network. The device access apparatus includes a general application that is installable on a server and configured to interchange data with the components of the field bus network. The device access apparatus also includes a device driver that is installable on a client and a communication proxy that is installable on the server that are configured to set up a data connection between the server and the client. The data connection is used to transmit data between the device driver and one of the components of the field bus network that is associated with the device driver. The communication proxy is configured to monitor data traffic on the data connection between the client and the server and detect errors in the data transmission.

In one embodiment, a computing system of an autonomous vehicle may receive a first set of data packets on one or more networks. The computing system may analyze the data packets to determine, for each packet, one or more of an authenticity, a validity, or a correctness of the data packet. The computing system may perform a first action for the first set of data packets based on the analysis. The first action may include signaling a safety driver of the autonomous vehicle to take over manual control of the vehicle in response to the data packets failing to satisfy the one or more of the authenticity, the validity, or the correctness criteria.

A frame transmission prevention apparatus connected to a network of a network system including a plurality of electronic control units communicating with one another via the network is provided. The apparatus includes a processor and a memory. The memory includes at least one set of instructions that causes the processor to perform processes when executed by the processor. The processes include receiving a first frame from the network and switching whether to perform a first process for preventing transmission of the first frame on the basis of management information indicating whether prevention of transmission of a frame is permitted if the first frame satisfies a first condition.