Using virtualization to isolate applications while providing API access
Virtualization and network partitioning isolate third-party applications in automotive computing environments, ensuring secure and efficient access to vehicle APIs by using a dedicated private virtual network and orchestrator service, addressing the challenge of maintaining isolation and access in automotive computing systems.
Patent Information
- Authority / Receiving Office
- JP · JP
- Patent Type
- Applications
- Current Assignee / Owner
- TOYOTA JIDOSHA KK
- Filing Date
- 2025-08-01
- Publication Date
- 2026-07-01
AI Technical Summary
The challenge in automotive computing environments is to maintain isolation of third-party applications while providing granular access to vehicle APIs, ensuring security and preventing potential malfunctions from affecting other systems.
Implementing virtualization and network partitioning to manage API access, where third-party applications are isolated in a virtualized environment with a dedicated private virtual network, authenticated by an orchestrator service, and managed via a network middleware solution.
This approach enhances security by preventing root access and reduces performance impact, allowing secure and isolated access to vehicle services without encryption or rights management, while updates to the native environment do not affect third-party applications.
Smart Images

Figure 2026109520000001_ABST
Abstract
Description
Technical Field
[0001] The present disclosure relates to using virtualization to separate applications while providing API access.
Background Art
[0002] Automotive computing environments have evolved significantly from simple on-vehicle diagnostic devices (OBDs) to complex systems that manage driving, safety, entertainment, and communication. Initially, these systems were separate and had limited functionality, but technological advancements have integrated them into a unified computing environment. This integration has enabled more sophisticated functions and the installation of third-party applications that support a wide range of services. As a result, third-party applications frequently interact with native APIs to access various vehicle functions.
Summary of the Invention
[0003] Using virtualization to separate applications while providing API access is implemented by authenticating an application package for execution of an application in a vehicle computing environment, generating a virtualization environment specialized for execution of the application in the vehicle computing environment, connecting the virtualization environment and at least one vehicle service API executed in the native environment of the vehicle computing environment to a private virtual network specific to the application, and deploying the application package to the virtualization environment.
Brief Description of the Drawings
[0004] [Figure 1] FIG. 1 is a schematic diagram of a vehicle computing environment according to at least some embodiments of the present disclosure. [Figure 2]Figure 2 is a schematic diagram illustrating the interaction between a private virtual network in a native environment and a virtualized environment, according to at least some embodiments of this disclosure. [Figure 3] Figure 3 is a schematic diagram illustrating the interaction between an orchestrator in a native environment and a virtualized environment, according to at least some embodiments of this disclosure. [Figure 4] Figure 4 shows an operational flow for utilizing virtualization to isolate an application while providing API access, according to at least some embodiments of this disclosure. [Figure 5] Figure 5 shows an operation flow for connecting a private virtual network according to at least some embodiments of this disclosure. [Figure 6] Figure 6 is a block diagram of a hardware configuration for utilizing virtualization to isolate applications while providing API access, according to at least some embodiments of this disclosure. [Modes for carrying out the invention]
[0005] The aspects of this disclosure will be best understood from the following detailed description, when read in conjunction with the attached drawings. Please note that various features are not depicted to scale in accordance with standard practice in this industry. In fact, the dimensions of various features may be arbitrarily increased or decreased for the sake of clarity in the discussion.
[0006] The following disclosure provides many different embodiments or examples for implementing various features of the subject matter provided. Specific examples of components, values, operations, materials, arrangements, or equivalents thereof are described below for the sake of simplicity of this disclosure. Naturally, these are merely examples and are not intended to be limiting. Other components, values, operations, materials, arrangements, or equivalents thereof are contemplated. In addition, this disclosure may repeat reference numbers and / or letters in various examples. This repetition is for the purpose of simplification and clarity and does not in itself define relationships between the various embodiments and / or configurations discussed.
[0007] Providing an execution environment for third-party applications in the vehicle domain presents challenges. One technique known to the inventor is to isolate these applications to minimize the attack surface. Isolation helps prevent problems that could affect other systems if a third-party application malfunctions. The challenge the inventor considers is to maintain isolation while providing granular access to the vehicle's APIs, including necessary authentication and authorization.
[0008] In at least some embodiments of this disclosure, virtualization and network partitioning are used to manage API access to third-party applications that are otherwise isolated from the rest of the computing environment. In at least some embodiments, the third-party package is a digitally signed image deployed to a virtualized environment, authenticated and managed via an orchestrator service that runs natively in the computing environment. In at least some embodiments, the vehicle service runs natively and provides APIs via a network middleware solution for a distributed environment. In at least some embodiments, the orchestrator service is configured to authenticate third-party application packages, generate virtual environments, and deploy application packages to the virtual environments. In at least some embodiments, the orchestrator service generates a private virtual network dedicated to a particular virtual environment or container. In at least some embodiments, the orchestrator service configures the vehicle service to expose vehicle service APIs on its private virtual network that third-party applications have access to, based on the package metadata. In at least some embodiments, the third-party application is isolated from other vehicle service APIs and other applications.
[0009] In at least some embodiments, using virtualization to isolate third-party applications while providing API access is more secure than running third-party applications in the native environment. In at least some embodiments, there is no possibility of a third-party application gaining root access. In at least some embodiments, once the orchestrator initially verifies a third-party application, no further verification is required while the third-party application remains deployed. In at least some embodiments, communication with the Vehicle Services API does not require encryption or rights management. In at least some embodiments, the lack of encryption and rights management for the Vehicle Services API fully compensates for the performance impact of virtualization and reduces the burden on third-party application developers. In at least some embodiments, updates to the native environment do not affect third-party applications as long as the input / output (I / O) of the Vehicle Services API and the virtual environment are identical. In at least some embodiments, virtualization is implemented using a technology stack known to the inventors.
[0010] In at least some embodiments, the binary package includes an image of the target virtualization environment containing the actual application developed by a third-party developer, and encrypted metadata about the application package. In at least some embodiments, this metadata includes information about which vehicle services the application can access and which API versions are compatible. In at least some embodiments, such an application runs in a virtualization environment developed by a third-party developer and managed by an orchestrator service native to the vehicle computing environment. In at least some embodiments, the third-party developer provides the application to the vehicle manufacturer for verification, and the vehicle manufacturer checks the package and, if the application is approved, digitally signs the package. In at least some embodiments, all virtualization environments on which the application runs will have a dedicated private virtual network managed by the orchestrator service. In at least some embodiments, each application then uses this dedicated private virtual network to access APIs provided by natively operating vehicle services via a network middleware solution such as DATA DISTRIBUTION SERVICE (RTM). In at least some embodiments, the vehicle services are generic services developed by the vehicle manufacturer and run natively on the vehicle computing environment. In at least some embodiments, the vehicle service would expose and provide its API only to a private virtual network reserved for third-party applications with authorized access rights to the vehicle service. In at least some embodiments, the orchestrator service manages which virtual networks each vehicle service exposes its API to. In at least some embodiments, the virtual networks are completely isolated from each other.In at least some embodiments, the orchestrator is configured to manage virtual networks, authenticate third-party application packages for runtime, deploy, and assign networks. In at least some embodiments, the orchestrator further configures which networks individual vehicle services expose and display their APIs on. In at least some embodiments, upon startup of the vehicle computing environment, the orchestrator service checks and authenticates all third-party application packages, which may be in any format depending on the available virtualization environment. In at least some embodiments, the orchestrator checks and authenticates multiple packages upon startup of the vehicle computing environment or individually while the vehicle computing environment is running. In at least some embodiments, upon successful authentication, the orchestrator generates a private virtual network dedicated to that third-party application package, and also generates a virtualization environment before or after the generation of the private virtual network. In at least some embodiments, in the metadata of the third-party application package, the orchestrator determines which services the third-party application is authorized to access. In at least some embodiments, the accessible services are determined before or after the virtualization environment and private virtual network are generated, depending on the implementation parameters. In at least some embodiments, the orchestrator generates a virtualization (computing environment and private network) before validating the third-party application, and then deploys the third-party application to the virtualized environment once the validation is complete. In at least some embodiments, the orchestrator then configures the vehicle services used by the third-party application to expose and provide APIs on a private virtual network dedicated to that third-party application after deployment.In at least some embodiments, vehicle services can be connected to or disconnected from a private virtual network during deployment. In at least some embodiments, the orchestrator first generates a virtualization environment, then allocates a private virtual network, and finally deploys an image containing third-party applications into the virtualization environment. In at least some embodiments, once the private virtual network is generated, the vehicle services are instructed to announce or expose their functions to third-party applications. In at least some embodiments, third-party applications are pre-programmed to use functions of the vehicle services, such as API calls. In at least some embodiments, all vehicle services are provided through APIs. In at least some embodiments, vehicle services are finely tuned so that access to one vehicle service does not cause access to other vehicle services.
[0011] Figure 1 is a schematic diagram of a vehicle computing environment 100 according to at least some embodiments of the present disclosure. The vehicle computing environment 100 includes a kernel 102, a native environment 104, virtualization environments 106A and 106B, private virtual networks 114A and 114B, and a virtualization module 108.
[0012] In at least some embodiments, the vehicle computing environment 100 includes an embedded system, an automotive-grade processor, a real-time operating system (RTOS), a controller area network (CAN), and the like. In at least some embodiments, the vehicle computing environment 100 is configured to manage the entire vehicle operation and integrate various subsystems. In at least some embodiments, the vehicle computing environment 100 is configured to interface with various hardware and software components.
[0013] The kernel 102 is a component of the vehicle computing environment 100. In at least some embodiments, the kernel 102 includes a microkernel, a monolithic kernel, a hybrid kernel, etc. In at least some embodiments, the kernel 102 is configured for process management and device control. In at least some embodiments, the kernel 102 is configured to interface with hardware and provide basic services to applications. In at least some embodiments, the kernel 102 is configured to manage the operation of the core system and resource allocation. In at least some embodiments, the kernel 102 is configured to directly interact with the native environment 104 and the virtualized environments 106A and 106B.
[0014] The native environment 104 is a component of the vehicle computing environment 100. In at least some embodiments, the native environment 104 is the vehicle operating system. In at least some embodiments, the native environment 104 is configured to perform core vehicle functions, provide security and stability, and manage updates and patches. In at least some embodiments, the native environment 104 is configured to interact with all vehicle components, interface with external networks, and manage user input and output. In at least some embodiments, the native environment 104 includes native applications, middleware, system libraries, etc. In at least some embodiments, the native environment 104 is configured to run native applications and manage native system services.
[0015] Virtualization environments 106A and 106B are components of the vehicle computing environment 100. In at least some embodiments, virtualization environments 106A and 106B each include virtual machines, containers, hypervisors, etc. In at least some embodiments, virtualization environments 106A and 106B are configured to isolate third-party applications and provide a dedicated execution environment. In at least some embodiments, virtualization environments 106A and 106B are managed by an orchestrator service. In at least some embodiments, virtualization environments 106A and 106B are configured to connect to private virtual networks such as private virtual networks 114A and 114B, respectively. In at least some embodiments, virtualization environments 106A and 106B, together with private virtual networks 114A and 114B, are configured to enable the isolation of third-party applications from native applications and the isolation of third-party applications from each other. In at least some embodiments, virtualization environments 106A and 106B, combined with private virtual networks 114A and 114B, enable the prevention of root access escalation and other potential crises.
[0016] The private virtual networks 114A and 114B are components of the native environment 104. In at least some embodiments, the private virtual networks 114A and 114B each include a virtual LAN (VLAN), software-defined network (SDN), network virtualization, etc. In at least some embodiments, the private virtual networks 114A and 114B are configured to interface with the vehicle service API and third-party applications. In at least some embodiments, the private virtual networks 114A and 114B are configured to isolate network traffic and provide a secure communication channel. In at least some embodiments, the private virtual networks 114A and 114B are configured to connect the virtualization environments 106A and 106B to the vehicle service API, respectively. In at least some embodiments, the private virtual networks 114A and 114B can prevent applications from accessing services without authorization. In at least some embodiments, each virtualization environment, such as virtualization environments 106A and 106B, has its own private virtual network, such as private virtual networks 114A and 114B, isolated from each other. In at least some embodiments, each private virtual network isolates the virtualized environment from applications and vehicle service APIs that are not connected to the private virtual network.
[0017] The virtualization module 108 is a component of the vehicle computing environment 100. In at least some embodiments, the virtualization module 108 includes a hypervisor, a virtual machine monitor (VMM), virtualization software, etc. In at least some embodiments, the virtualization module 108 is configured for resource allocation. In at least some embodiments, the virtualization module 108 is configured to manage the virtualization environment and provide virtualization services. In at least some embodiments, the virtualization module 108 is configured to communicate with the kernel 102 and an orchestrator service such as the orchestrator 310 in Figure 3, which is described below. In at least some embodiments, the virtualization module 108 is configured to run each third-party application in its own virtualization environment.
[0018] Figure 2 is a schematic diagram illustrating the interaction between a private virtual network in a native environment and a virtualized environment in at least some embodiments of the present disclosure. This schematic diagram includes a native environment 204, a virtualized environment 206, an application 212, a private virtual network 214, vehicle service APIs 216A and 216B, an application package 218, and an encrypted application configuration 219.
[0019] The description of the native environment 104 in Figure 1 is generally applicable to the native environment 204, provided that it does not contradict the following: In at least some embodiments, the native environment 204 is configured to host vehicle service APIs such as vehicle service APIs 216A and 216B and to manage native vehicle functions.
[0020] The description of virtualization environments 106A and 106B with respect to FIG. 1 is generally applicable to virtualization environment 206 as well, unless it conflicts with the following. In at least some embodiments, virtualization environment 206 is configured to host third-party applications such as application 212. In at least some embodiments, virtualization environment 206 is configured to provide a sandbox execution of application 212.
[0021] Application 212 is within virtualization environment 206. In at least some embodiments, application 212 is a third-party application such as custom vehicle control software. In at least some embodiments, application 212 is configured to supply user functions, process data and commands, and provide feedback and control. In at least some embodiments, application 212 is configured to interact with virtualization environment 206, interface with vehicle service APIs 216A and 216B, and manage user interactions. In at least some embodiments, application 212 is configured to execute specific functions and provide user services. In at least some embodiments, application 212 is configured to communicate with vehicle sensors and access vehicle data through vehicle service APIs 216A and 216B.
[0022] The description of private virtual networks 114A and 114B with respect to FIG. 1 is generally applicable to private virtual network 214 as well, unless it conflicts with the following. In at least some embodiments, private virtual network 214 is configured to connect virtualization environment 206 and interface with vehicle service APIs 216A and 216B.
[0023] Vehicle service APIs 216A and 216B are components of the native environment 204. In at least some embodiments, vehicle service APIs 216A and 216B are RESTful APIs or proprietary vehicle control interfaces. In at least some embodiments, vehicle service APIs 216A and 216B are configured to provide standardized access to vehicle functions and manage data and control requests. In at least some embodiments, vehicle service APIs 216A and 216B are configured to interact with application 212 and interface with the native environment 204. In at least some embodiments, all interaction between the native system and third-party applications occurs through vehicle service APIs such as vehicle service APIs 216A and 216B. In at least some embodiments, at least one vehicle service API, such as vehicle service APIs 216A and 216B, is configured to provide information about at least one of vehicle speed, vehicle position, transmission status, and engine temperature in response to a request from application 212. In at least some embodiments, at least one vehicle service API, such as vehicle service APIs 216A and 216B, is configured to perform an action for at least one of music navigation, climate control, and media playback in response to a request from application 212. In at least some embodiments, vehicle service APIs 216A and 216B are exposed only to a specific private virtual network.
[0024] The application package 218 includes an application 212 and an encrypted application configuration 219. In at least some embodiments, the application package 218 is a container image, an application binary, an application bundle, or the like. In at least some embodiments, the application package 218 is configured to encapsulate an application for deployment, provide necessary resources, and enable secure execution. In at least some embodiments, the application package 218 is configured to interact with an orchestrator service, interface with a virtualization environment 206, and manage an application lifecycle. In at least some embodiments, the application package 218 includes application code, includes metadata for authentication, and is configured to provide deployment instructions. In at least some embodiments, the application package 218 is authenticated by an orchestrator service, deployed to a virtualization environment 206, and configured to access vehicle service APIs 216A and 216B.
[0025] The encrypted application configuration 219 is a component of the application package 218. In at least some embodiments, the encrypted application configuration 219 includes one or more encrypted configuration files, metadata files, and the like. In at least some embodiments, the encrypted application configuration 219 is configured to securely store configuration data and provide encrypted confidential information. In at least some embodiments, the encrypted application configuration 219 is accessible by an orchestrator service. In at least some embodiments, the encrypted application configuration 219 includes a digital signature for verification of the application 212. In at least some embodiments, the encrypted application configuration 219 identifies middleware and libraries utilized by the application 212.
[0026] Figure 3 is a schematic diagram illustrating the interaction between an orchestrator in a native environment and a virtualized environment in at least some embodiments of the present disclosure. This schematic diagram includes a native environment 304, a virtualized environment 306, an orchestrator 310, private virtual networks 314A, 314B and 314C, vehicle service APIs 316A, 316B and 316C, and an application package 318.
[0027] The descriptions of the native environment 104 in Figure 1 and the native environment 204 in Figure 2 are generally applicable to the native environment 304, provided that they do not contradict the following. In at least some embodiments, the native environment 304 is configured to host the orchestrator 310 and the vehicle service APIs 316A, 316B, and 316C.
[0028] The descriptions of virtualization environments 106A and 106B in Figure 1 and the description of virtualization environment 206 in Figure 2 are generally applicable to virtualization environment 306, provided that they do not contradict the following: In at least some embodiments, virtualization environment 306 is configured to run third-party applications. In at least some embodiments, virtualization environment 306 is configured to interface with orchestrator 310 for deployment and management. In at least some embodiments, virtualization environment 306 is configured to receive application packages from orchestrator 310.
[0029] The orchestrator 310 resides within the native environment 304. In at least some embodiments, the orchestrator 310 is an orchestration platform such as Kubernetes or other management software. In at least some embodiments, the orchestrator 310 is configured to oversee the application lifecycle management. In at least some embodiments, the orchestrator 310 decrypts and verifies application packages using a public key. In at least some embodiments, the orchestrator 310 is configured to authenticate and deploy application packages. In at least some embodiments, the orchestrator 310 authenticates application packages by verifying their digital signatures, and deploys the application packages once verification is confirmed. In at least some embodiments, the orchestrator 310 authenticates third-party application packages, generates virtualization, and deploys third-party application packages. In at least some embodiments, the orchestrator 310 constructs a private virtual network, connects the virtualization environment, and instructs the vehicle service API to expose through the correct private virtual network.
[0030] The descriptions of private virtual networks 114A and 114B in Figure 1 and the description of private virtual network 214 in Figure 2 are generally applicable to private virtual networks 314A, 314B, and 314C, insofar as they do not contradict the following: In at least some embodiments, private virtual networks 314A, 314B, and 314C are configured to interface with a virtualization environment 306 and vehicle service APIs 316A, 316B, and 316C. In at least some embodiments, private virtual networks 314A, 314B, and 314C are configured to connect a virtualization environment, such as virtualization environment 306, to a specific vehicle service API, such as one or more of the vehicle service APIs 316A, 316B, and 316C. As shown in the embodiment of Figure 3, private virtual network 314A connects only vehicle service API 316A to the application, private virtual network 314C connects only vehicle service API 316C to the application, while private virtual network 314B connects both vehicle service API 316A and vehicle service API 316B to the application.
[0031] The descriptions of vehicle service APIs 216A and 216B in relation to Figure 2 are generally applicable to vehicle service APIs 316A, 316B, and 316C, insofar as they do not contradict the following: In at least some embodiments, vehicle service APIs 316A, 316B, and 316C are configured to communicate with a virtualization environment such as virtualization environment 306 through one or more private virtual networks such as private virtual networks 314A, 314B, and 314C. As shown in the embodiment of Figure 3, vehicle service API 316A communicates with the virtualization environment through private virtual networks 314A and 314B, while vehicle service API 316B communicates with only one virtualization environment through private virtual network 314B, and vehicle service API 316C communicates with only one virtualization environment through private virtual network 314C.
[0032] The description of application package 218 in Figure 2 is generally applicable to application package 318, provided that it does not contradict the following: In at least some embodiments, application package 318 is configured to be deployable to the virtualization environment 306 by the orchestrator 310.
[0033] Figure 4 shows an operational flow for utilizing virtualization to isolate applications while providing API access, according to at least some embodiments of this disclosure. In at least some embodiments, this operational flow provides a method for utilizing virtualization to isolate applications while providing API access. In at least some embodiments, this method is performed by a vehicle controller, such as the controller 642 of the vehicle 640 in Figure 6, which is described below. In at least some embodiments, the controller causes an orchestrator, such as the orchestrator 310 in Figure 3, to perform this method.
[0034] In S420, the controller authenticates the application package. In at least some embodiments, the controller authenticates the application package for execution in the vehicle computing environment. In at least some embodiments, the controller reads metadata from the application package. In at least some embodiments, the controller reads metadata from the application package for authentication information and identification of at least one vehicle service API. In at least some embodiments, the controller verifies the digital signature. In at least some embodiments, the controller checks compatibility with the vehicle environment. In at least some embodiments, the controller reads metadata files and digital signatures from an encrypted application configuration, such as the encrypted application configuration 219 in Figure 2. In at least some embodiments, as the iteration of S420 progresses, the controller authenticates multiple application packages in response to the invocation of the vehicle computing environment.
[0035] In S421, the controller determines whether the application package is valid. If the controller determines that the application package is valid, the operation flow proceeds to S423, the creation of the virtualized environment. If the controller determines that the application package is not valid, the operation flow proceeds to S428. In at least some embodiments, the controller checks the necessary permissions. In at least some embodiments, the controller authenticates against known vulnerabilities. In at least some embodiments, the controller utilizes an allowlist and a vulnerability database. In at least some embodiments, the controller verifies the integrity of the package. In at least some embodiments, the controller authenticates according to predetermined permission levels and vulnerability criteria. In at least some embodiments, the controller determines whether deploying the application package will cause a version mismatch.
[0036] In S423, the controller generates a virtualized environment. In at least some embodiments, the controller generates a virtualized environment in the vehicle computing environment that is specialized for running applications. In at least some embodiments, the controller causes a virtualization module, such as the virtualization module 108 in Figure 1, to generate the virtualized environment. In at least some embodiments, the controller allocates resources for the virtualized environment. In at least some embodiments, the controller initializes the virtualization software. In at least some embodiments, the controller generates the virtualized environment within the limits of predetermined resource and environmental constraints.
[0037] In S424, the controller connects a private virtual network. In at least some embodiments, the controller connects the virtualization environment and at least one vehicle service API running in the native environment of the vehicle computing environment to an application-specific private virtual network. In at least some embodiments, the controller creates a private virtual network instance. In at least some embodiments, the controller assigns one or more network addresses. In at least some embodiments, the controller configures the private virtual network for isolation from other networks. In at least some embodiments, the controller utilizes network instance data and an address pool. In at least some embodiments, the controller connects the virtualization environment and the vehicle service API according to predetermined network topology parameters, an address pool, etc. In at least some embodiments, the controller executes the operation flow shown in Figure 5 below.
[0038] In S426, the controller deploys the application package. In at least some embodiments, the controller deploys the application package to a virtualized environment. In at least some embodiments, the controller transfers the application package to the virtualized environment for deployment. In at least some embodiments, the controller decompresses the application files. In at least some embodiments, the controller sets up the execution context. In at least some embodiments, the controller deploys the application package according to parameters contained in the metadata from the application package. In at least some embodiments, the controller deploys the application package according to a predetermined transfer protocol and decompression method. In at least some embodiments, the controller deploys the application package as a container image.
[0039] In S428, the controller determines whether all packages have been processed. If the controller determines that not all packages have been processed, the operation flow returns to the authentication of the application package in S420 to proceed to the next package (S429). If the controller determines that all packages have been processed, the operation flow terminates. In at least some embodiments, the controller checks the package queue to select the next package to be processed.
[0040] In at least some embodiments, authentication is performed after the creation of the virtualization environment and the connection of the virtual network, but before the deployment of the application package. In at least some embodiments, authentication is performed between the creation of the virtualization environment and the creation of the private virtual network, but before the deployment of the application package.
[0041] Figure 5 shows an operational flow for connecting private virtual networks according to at least some embodiments of the present disclosure. In at least some embodiments, this operational flow provides a method for connecting private virtual networks. In at least some embodiments, this method is performed by a vehicle controller, such as the controller 642 of the vehicle 640 in Figure 6, which is described below. In at least some embodiments, the controller causes an orchestrator, such as the orchestrator 310 in Figure 3, to perform this method.
[0042] In S530, the controller generates a private virtual network. In at least some embodiments, the controller initializes the network configuration. In at least some embodiments, the controller allocates network resources. In at least some embodiments, the controller establishes the network topology. In at least some embodiments, the controller generates a private virtual network according to predetermined parameters for the network configuration and network bandwidth. In at least some embodiments, the controller generates the private virtual network using middleware such as DATA DISTRIBUTION SERVICE (RTM).
[0043] In S532, the controller connects the virtualized environment. In at least some embodiments, the controller connects the virtualized environment to a private virtual network. In at least some embodiments, the controller assigns network addresses to the virtualized environment or applications running within the virtualized environment. In at least some embodiments, the controller connects the virtualized environment to a private virtual network according to a predetermined resource allocation table, address pool, etc.
[0044] In S534, the controller connects the vehicle service API. In at least some embodiments, the controller connects the vehicle service API to a private virtual network. In at least some embodiments, the controller assigns a network address to the vehicle service API. In at least some embodiments, the controller connects the vehicle service API to the private virtual network according to a predetermined resource allocation table, address pool, etc. In at least some embodiments, the controller connects additional vehicle service APIs that run in the native environment to the private virtual network.
[0045] In S536, the controller determines whether all APIs are connected. If the controller determines that not all APIs are connected, the operation flow returns to connecting the vehicle service APIs in S534. If the controller determines that all APIs are connected, the operation flow proceeds to configuring the APIs for the private virtual network in S538. In at least some embodiments, the controller checks the APIs identified in the metadata from the application package of the applications connected to the private virtual network.
[0046] In S538, the controller configures APIs for a private virtual network. In at least some embodiments, the controller configures at least one vehicle service API to expose applications through the private virtual network. In at least some embodiments, the controller causes the vehicle service API to expose capabilities and functions through the private virtual network. In at least some embodiments, the controller exposes each vehicle service API to only specific private virtual networks.
[0047] In at least some embodiments, the controller connects to additional vehicle service APIs that run in the native environment after the application package has been deployed.
[0048] Figure 6 is a block diagram of a hardware configuration for utilizing virtualization to isolate applications while providing API access, according to at least some embodiments of this disclosure. The hardware configuration includes a vehicle 640, which interacts with a user interface 648 directly or through a network 649. In at least some embodiments, the user interface 648 is a touchscreen, microphone, camera, or other device configured to detect tactile, auditory, visual, etc. In at least some embodiments, the network 649 is an Ethernet network, a controller area network (CAN), other wired or wireless network, or a combination thereof. In at least some embodiments, the vehicle 640 is a computer or other computing device that receives input or commands from the user interface 648. In at least some embodiments, the vehicle 640 is integrated with the user interface 648. In at least some embodiments, the vehicle 640 is a computer system that executes computer-readable instructions to perform operations for utilizing virtualization to isolate applications while providing API access.
[0049] The vehicle 640 includes a controller 642, storage 644, an input / output interface 646, and a communication interface 647. In at least some embodiments, the controller 642 includes a processor or programmable circuit that executes instructions, which cause the processor or programmable circuit to perform operations according to the instructions. In at least some embodiments, the controller 642 includes analog or digital programmable circuitry or any combination thereof. In at least some embodiments, the controller 642 includes physically separated storage or circuitry that interacts through communication. In at least some embodiments, the storage 644 includes a non-volatile computer-readable medium capable of storing executable and non-executable data accessed by the controller 642 during instruction execution. In at least some embodiments, the communication interface 647 transmits data to and receives data from the network 649. In at least some embodiments, the input / output interface 646 connects to various input and output units via parallel ports, serial ports, keyboard ports, mouse ports, monitor ports, and equivalents thereof to accept commands and present information. In at least some embodiments, the storage 644 is located outside the vehicle 640.
[0050] The controller 642 includes an authentication unit 650, a generation unit 652, a connection unit 654, and a deployment unit 656. The storage 644 includes implementation parameters 660, authentication data 662, virtualization parameters 664, and vehicle service data 666.
[0051] The authentication unit 650 is a circuit or instruction of the controller 642 configured to authenticate the application package. In at least some embodiments, the authentication unit 650 is configured to authenticate the application package for execution of the application in a vehicle computing environment. In at least some embodiments, the authentication unit 650 utilizes the storage 644 to read or record information such as authentication data 662. In at least some embodiments, the authentication unit 650 includes subsections for performing additional functions as described in the flowchart above. In at least some embodiments, such subsections are named according to the name associated with the corresponding function.
[0052] The generation unit 652 is a circuit or instruction of the controller 642 configured to generate a virtualized environment and a private virtual network. In at least some embodiments, the generation unit 652 is configured to generate a virtualized environment specifically for running applications in a vehicle computing environment. In at least some embodiments, the generation unit 652 utilizes storage 644 to read or record information such as virtualization parameters 664. In at least some embodiments, the generation unit 652 includes subsections for performing additional functions as described in the flowchart above. In at least some embodiments, such subsections are named according to the name associated with the corresponding function.
[0053] The connection unit 654 is a circuit or instruction of the controller 642 configured to connect a private virtual network to the virtualization environment and the vehicle service API. In at least some embodiments, the connection unit 654 is configured to connect the virtualization environment and at least one vehicle service API that runs in the native environment of the vehicle computing environment to an application-specific private virtual network. In at least some embodiments, the connection unit 654 utilizes storage 644 to read or record information such as vehicle service data 666. In at least some embodiments, the connection unit 654 includes subsections for performing additional functions as described in the flowchart above. In at least some embodiments, such subsections are named according to the name associated with the corresponding function.
[0054] The deployment unit 656 is a circuit or instruction of the controller 642 configured to deploy the application package. In at least some embodiments, the deployment unit 656 is configured to deploy the application package to a virtualized environment. In at least some embodiments, the deployment unit 656 utilizes storage 644 to read or record information such as implementation parameters 660. In at least some embodiments, the deployment unit 656 includes subsections for performing additional functions as described in the flowchart above. In at least some embodiments, such subsections are named according to the name associated with the corresponding function.
[0055] In at least some embodiments, the vehicle is another device capable of processing logical functions to perform the operations described herein. In at least some embodiments, the controller and storage do not need to be entirely separate devices, but share circuitry or one or more computer-readable media. In at least some embodiments, the storage includes a hard drive that stores both computer-executable instructions and data accessed by the controller, and the controller includes a combination of a central processing unit (CPU) and RAM, in which the computer-executable instructions may be copied whole or in part for execution by the CPU during the performance of the operations described herein.
[0056] In at least some embodiments where the vehicle is a computer, a program installed on the computer may cause the computer to function as the equipment of the embodiments described herein, or to perform operations associated with the equipment of the embodiments described herein. In at least some embodiments, such a program may be run by a processor to cause the computer to perform specific operations associated with some or all of the blocks of the flowcharts and block diagrams described herein.
[0057] At least some embodiments are described with reference to flowcharts and block diagrams in which a block represents a step (1) of a process in which an operation is performed, or a section (2) of hardware responsible for performing the operation. In at least some embodiments, specific steps and sections are implemented by a dedicated circuit, a programmable circuit supplied with computer-readable instructions stored on a computer-readable medium, and / or a processor supplied with computer-readable instructions stored on a computer-readable medium. In at least some embodiments, the dedicated circuit includes digital and / or analog hardware circuits, including integrated circuits (ICs) and / or discrete circuits. In at least some embodiments, the programmable circuit includes reconfigurable hardware circuits consisting of logical AND, OR, XOR, NAND, NOR and other logic operations, flip-flops, registers, memory elements, etc., such as field-programmable gate arrays (FPGAs), programmable logic arrays (PLAs), etc.
[0058] In at least some embodiments, the computer-readable medium includes a tangible device capable of holding and storing instructions used by an instruction execution device. In at least some embodiments, the computer-readable medium includes, but is not limited to, electronic storage devices, magnetic storage devices, optical storage devices, electromagnetic storage devices, semiconductor storage devices, or any suitable combination thereof. A non-exhaustive list of more specific examples of computer-readable mediums includes portable computer diskettes, hard disks, random access memory (RAM), read-only memory (ROM), erasable programmable read-only memory (EPROM or flash memory), static random access memory (SRAM), portable compact disk read-only memory (CD-ROM), digital multipurpose disks (DVDs), memory sticks, floppy disks, mechanically encoded devices such as punch cards or grooved raised structures having instructions recorded thereon, and any suitable combination thereof. When used herein, computer-readable media should not be construed as radio waves or other freely propagating electromagnetic waves, electromagnetic waves propagating through waveguides or other transmission media (e.g., light pulses passing through fiber optic cables), or transient signals themselves, such as electrical signals transmitted through wires.
[0059] While embodiments of the present invention have been described, the technical scope of any subject matter of the claims is not limited to the embodiments described above. Those skilled in the art will understand that various modifications and improvements are possible to the embodiments described above. Furthermore, those skilled in the art will understand that such modified or improved embodiments also fall within the technical scope of the present invention.
[0060] The operations, procedures, steps, and stages of each process performed by the apparatus, systems, programs, and methods shown in the claims, embodiments, or drawings can be performed in any order, unless the order is indicated by “before,” “before,” or equivalent, and unless the output from a previous process is used in a later process. Even if the flow of a process is described in the claims, embodiments, or drawings using phrases such as “first” or “next,” such description does not necessarily mean that the processes must be performed in the order described.
[0061] In at least some embodiments, using virtualization to isolate applications while providing API access is implemented by authenticating an application package for execution of the application in a vehicle computing environment, creating a virtualized environment in the vehicle computing environment specifically for application execution, connecting the virtualized environment and at least one vehicle service API that runs in the native environment of the vehicle computing environment to a private virtual network specific to the application, and deploying the application package to the virtualized environment.
[0062] In at least some embodiments, leveraging virtualization to isolate applications while providing API access is further implemented by configuring at least one vehicle service API to be exposed to applications through a private virtual network. In at least some embodiments, leveraging virtualization to isolate applications while providing API access is further implemented by reading metadata from the application package for authentication information and identification of at least one vehicle service API. In at least some embodiments, at least one vehicle service API is configured to provide information about at least one of vehicle speed, vehicle position, transmission status, and engine temperature in response to a request from the application. In at least some embodiments, at least one vehicle service API is configured to perform an action for at least one of music navigation, climate control, and media playback in response to a request from the application. In at least some embodiments, the private virtual network isolates the virtualized environment from applications and vehicle service APIs not connected to the private virtual network. In at least some embodiments, authenticating an application package includes authenticating multiple application packages, including an application package, in response to the invocation of the vehicle computing environment. In at least some embodiments, authentication is performed after the creation of the virtualized environment and the connection of the virtual network, but before the deployment of the application package. In at least some embodiments, authentication is performed between the creation of the virtualized environment and the creation of the private virtual network, and before the deployment of the application package. In at least some embodiments, leveraging virtualization to isolate the application while providing API access is further implemented by connecting additional vehicle service APIs running in the native environment to the private virtual network.
[0063] In at least some embodiments, using virtualization to isolate applications while providing API access is implemented by authenticating an application package for execution of the application in a vehicle computing environment, creating a virtualized environment in the vehicle computing environment specifically for application execution, connecting the virtualized environment and at least one vehicle service API that runs in the native environment of the vehicle computing environment to a private virtual network specific to the application, and deploying the application package to the virtualized environment.
[0064] In at least some embodiments, utilizing virtualization to isolate applications while providing API access further includes configuring at least one vehicle service API to expose to applications through a private virtual network. In at least some embodiments, utilizing virtualization to isolate applications while providing API access further includes reading metadata from an application package for authentication information and identification of at least one vehicle service API. In at least some embodiments, at least one vehicle service API is configured to provide information about at least one of vehicle speed, vehicle position, transmission status, and engine temperature in response to a request from an application. In at least some embodiments, at least one vehicle service API is configured to perform an action for at least one of music navigation, climate control, and media playback in response to a request from an application.
[0065] In at least some embodiments, the use of virtualization to isolate applications while providing API access is implemented by a controller including circuitry configured to perform operations including authenticating an application package for execution of the application in a vehicle computing environment; creating a virtualized environment in the vehicle computing environment specifically for execution of the application; connecting the virtualized environment and at least one vehicle service API that runs in the native environment of the vehicle computing environment to a private virtual network specific to the application; and deploying the application package to the virtualized environment.
[0066] In at least some embodiments, utilizing virtualization to isolate applications while providing API access further includes configuring at least one vehicle service API to expose to applications through a private virtual network. In at least some embodiments, utilizing virtualization to isolate applications while providing API access further includes reading metadata from an application package for authentication information and identification of at least one vehicle service API. In at least some embodiments, at least one vehicle service API is configured to provide information about at least one of vehicle speed, vehicle position, transmission status, and engine temperature in response to a request from an application. In at least some embodiments, at least one vehicle service API is configured to perform an action for at least one of music navigation, climate control, and media playback in response to a request from an application.
[0067] The features of several embodiments have been outlined above so that those skilled in the art may better understand the aspects of this disclosure. Those skilled in the art should understand that this disclosure can be readily used as a basis for designing or modifying other processes and structures to perform the same purposes and / or achieve the same advantages as the embodiments introduced herein. Those skilled in the art should also understand that such equivalent structures will not depart from the spirit and scope of this disclosure, and that various changes, substitutions and modifications described herein are possible without departing from the spirit and scope of this disclosure.
Claims
1. Authenticating application packages for running applications in a vehicle computing environment, In the aforementioned vehicle computing environment, a virtualization environment specifically for the execution of the aforementioned application is created, Connecting the virtualization environment and at least one vehicle service API that runs in the native environment of the vehicle computing environment to a private virtual network specific to the application, Deploying the aforementioned application package to the aforementioned virtualization environment A computer program that causes one or more processors to perform an operation that includes [a specific operation].
2. The computer program according to claim 1, further comprising configuring the operation to expose the at least one vehicle service API to the application through the private virtual network.
3. The computer program according to claim 1 or 2, wherein the operation further includes reading metadata of the application package for the identification of authentication information and the at least one vehicle service API.
4. The computer program according to claim 1 or 2, wherein the at least one vehicle service API is configured to provide information about at least one of vehicle speed, vehicle position, transmission status, and engine temperature in response to a request from the application.
5. The computer program according to claim 1 or 2, wherein the at least one vehicle service API is configured to perform an action for at least one of music navigation, climate control, and media playback in response to a request from the application.
6. The computer program according to claim 1 or 2, wherein the private virtual network isolates the virtualization environment from applications and vehicle service APIs that are not connected to the private virtual network.
7. The computer program according to claim 1 or 2, wherein authenticating the application package includes authenticating a plurality of application packages, including the application package, in response to the activation of the vehicle computing environment.
8. The computer program according to claim 1 or 2, wherein the authentication is performed after the creation of the virtualization environment and the connection of the private virtual network, and before the deployment of the application package.
9. The computer program according to claim 1 or 2, wherein the authentication is performed between the creation of the virtualization environment and the creation of the private virtual network, and before the deployment of the application package.
10. The computer program according to claim 1 or 2, wherein the operation further comprises connecting additional vehicle service APIs, which are executed in the native environment, to the private virtual network.
11. A method that is executed by one or more processors, Authenticating application packages for running applications in a vehicle computing environment, In the aforementioned vehicle computing environment, a virtualization environment specifically for the execution of the aforementioned application is created, Connecting the virtualization environment and at least one vehicle service API that runs in the native environment of the vehicle computing environment to a private virtual network specific to the application, Deploying the aforementioned application package to the aforementioned virtualization environment Methods that include...
12. The method according to claim 11, further comprising configuring the at least one vehicle service API to expose the application through the private virtual network.
13. The method according to claim 11 or 12, further comprising reading metadata of the application package for authentication information and identification of the at least one vehicle service API.
14. The method according to claim 11 or 12, wherein the at least one vehicle service API is configured to provide information about at least one of vehicle speed, vehicle position, transmission status, and engine temperature in response to a request from the application.
15. The method according to claim 11 or 12, wherein the at least one vehicle service API is configured to perform an action for at least one of music navigation, climate control, and media playback in response to a request from the application.
16. Authenticating application packages for running applications in a vehicle computing environment, In the aforementioned vehicle computing environment, a virtualization environment specifically for the execution of the aforementioned application is created, Connecting the virtualization environment and at least one vehicle service API that runs in the native environment of the vehicle computing environment to a private virtual network specific to the application, Deploying the aforementioned application package to the aforementioned virtualization environment A device comprising a controller including a circuit configured to perform operations including the following.
17. The apparatus according to claim 16, wherein the operation further comprises configuring the at least one vehicle service API to expose the application through the private virtual network.
18. The apparatus according to claim 16 or 17, wherein the operation further includes reading metadata of the application package for the identification of authentication information and the at least one vehicle service API.
19. The apparatus according to claim 16 or 17, wherein the at least one vehicle service API is configured to provide information about at least one of vehicle speed, vehicle position, transmission status, and engine temperature in response to a request from the application.
20. The apparatus according to claim 16 or 17, wherein the at least one vehicle service API is configured to perform an action for at least one of music navigation, climate control, and media playback in response to a request from the application.