Method and apparatus for evaluating application installation suitability based on vehicle security profiles

The method evaluates application software compatibility with a vehicle's security profile before installation, addressing security threats by ensuring the vehicle's specifications meet the application's requirements, thereby enhancing network security.

JP2026116675APending Publication Date: 2026-07-10AUTOCRYPT CO LTD

Patent Information

Authority / Receiving Office
JP · JP
Patent Type
Applications
Current Assignee / Owner
AUTOCRYPT CO LTD
Filing Date
2025-10-27
Publication Date
2026-07-10

AI Technical Summary

Technical Problem

The installation of application software in vehicles poses potential security threats due to the lack of verification of compatibility between the security requirements of the software and the vehicle's security specifications, leading to vulnerabilities that can compromise the vehicle's network security.

Method used

A method and device for evaluating application installation suitability based on a vehicle's security profile, which includes downloading the application, comparing its minimum security requirements with the vehicle's security specification profile, and installing it only if compatibility is confirmed.

Benefits of technology

This approach mitigates potential security threats by ensuring that the vehicle's security specifications support the application's requirements, preventing unauthorized access and data breaches.

✦ Generated by Eureka AI based on patent content.

Smart Images

  • Figure 2026116675000001_ABST
    Figure 2026116675000001_ABST
Patent Text Reader

Abstract

The present invention provides an application installation suitability evaluation method and application installation suitability evaluation apparatus that mitigate potential security threats that may arise from the installation and operation of application software before the application software is installed in a vehicle. [Solution] The application installation suitability evaluation method based on the vehicle's security profile includes the steps of: downloading application software to be installed on the vehicle; comparing the minimum security requirements of the application software with the vehicle's security specification profile to evaluate the installation suitability of the application software; and, if the installation suitability of the application software is determined, installing the application software on the vehicle.
Need to check novelty before this filing date? Find Prior Art

Description

Technical Field

[0001] The present invention relates to security technologies for software and devices inside a vehicle. Specifically, it relates to a method for evaluating application software before installation and providing security for software and devices in a vehicle.

Background Art

[0002] The content described in this section merely provides background information for this embodiment and does not constitute the prior art.

[0003] Automobiles are evolving into connected cars, smart cars, etc., providing various convenient functions for drivers. Not only are automobiles evolving into intelligent types, but ultimately they are evolving into intelligent transportation systems that reduce traffic accidents and increase traffic efficiency through linkage with traffic control systems such as driving roads and traffic lights.

[0004] In particular, among the information and communication technologies provided for the convenience of drivers in the current vehicle environment, the rapid increase in in-vehicle electronic control devices and connectivity have greatly contributed to improving the convenience of drivers and users. However, along with safety issues, the possibility of being exposed to external hacking has also increased accordingly.

[0005] The vehicle network environment is different from existing network environments such as the Internet. Ensuring security is directly related to the lives of drivers and passengers. In the case where security is not ensured, the cost that must be paid when a dangerous situation is induced is high. Therefore, the demand for technological development for the security of vehicle networks is increasing more and more.

[0006] Since hardware devices inside vehicles are now operated in conjunction with software, managing the security of both the software and hardware devices inside vehicles requires efforts to ensure security through evaluation and verification of the various software installed in the vehicles. [Overview of the project] [Problems that the invention aims to solve]

[0007] This invention was derived to solve the problems of the prior art, and aims to mitigate potential security threats that may arise from the installation and operation of application software before the application software is installed on the vehicle.

[0008] The present invention aims to mitigate potential security threats by verifying the compatibility between the security requirements of application software installed in a vehicle and the security specifications that the vehicle can support.

[0009] The present invention aims to mitigate potential security threats by verifying whether the security functions of application software installed in a vehicle are adequately supported by the vehicle's security specification profile. [Means for solving the problem]

[0010] An application installation suitability evaluation method based on a vehicle's security profile according to one embodiment of the present invention for achieving the above objective may include the steps of: downloading application software to be installed in the vehicle; evaluating the installation suitability of the application software by comparing the minimum security requirements of the application software with the vehicle's security specification profile; and, if the installation suitability of the application software is determined, installing the application software in the vehicle.

[0011] During the evaluation of the installation suitability of the application software, the installation suitability of the application software can be assessed based on whether the vehicle's security specification profile satisfies the minimum security requirements of the application software.

[0012] In one embodiment of the present invention, an application installation suitability evaluation method based on a vehicle's security profile can determine if the vehicle's security specification profile satisfies the minimum security requirements of the application software, thereby determining the suitability of the application software for installation.

[0013] In one embodiment of the present invention, a method for evaluating the suitability of application installation based on a vehicle's security profile, the steps for evaluating the suitability of application software installation may include: extracting security functions that the vehicle can support based on the vehicle's security specification profile; extracting security functions required by the application software based on the application software's minimum security requirements; and evaluating the suitability of application software installation based on whether the security functions that the vehicle can support satisfy the security functions required by the application software.

[0014] During the evaluation of the installation suitability of application software, if the application software supports a primary security function that responds to a specific security attack or threat, the installation suitability of the application software can be evaluated based on whether the vehicle can support the primary security function based on the vehicle's security specification profile.

[0015] In one embodiment of the present invention, a method for evaluating application installation suitability based on a vehicle security profile, the vehicle security specification profile may include at least one of the following: software specifications, hardware specifications, and / or availability specifications.

[0016] An application installation suitability evaluation method based on a vehicle security profile according to one embodiment of the present invention, wherein the software specification may include at least one of the following: software security enhancement level information, encryption library installed in the vehicle, version information of the encryption library, and / or support for security functions that respond to a specific security attack or threat.

[0017] An application installation suitability evaluation method based on the security profile of a vehicle according to one embodiment of the present invention, wherein the hardware specifications may include at least one of the following: a Hardware Security Module (HSM), a Hardware Key Storage, a Trusted Execution Environment (TEE), a Trusted Platform Module (TPM), a Secure Storage, and / or a Security Application Execution Support Module.

[0018] In one embodiment of the present invention, a method for evaluating the suitability of an application installation based on a vehicle's security profile, the availability specification may include at least one of the following: the number of V2X (Vehicle-to-Everything) messages processed per standard time, the number of internal communication messages processed per standard time, hardware specifications for communication message processing, security computation algorithms supported by the hardware specifications, and / or security computation algorithms for autonomous driving supported by the hardware specifications.

[0019] An application installation suitability evaluation method based on a vehicle security profile according to one embodiment of the present invention may further include the step of storing a security specification profile generated during the vehicle production process in a storage facility inside the vehicle.

[0020] An application installation suitability evaluation device based on a vehicle's security profile according to one embodiment of the present invention includes a memory for storing at least one computer-readable instruction; and a processor for executing at least one instruction. The processor can download application software for installation in a vehicle by at least one instruction, evaluate the installation suitability of the application software by comparing the application software's minimum security requirements with the vehicle's security specification profile, and if the application software is deemed suitable for installation, the application software can be installed in the vehicle.

[0021] When the processor evaluates the installation suitability of application software, it can assess the installation suitability of the application software based on whether the vehicle's security specification profile satisfies the minimum security requirements of the application software.

[0022] In one embodiment of the present invention, an application installation suitability evaluation device based on the vehicle's security profile can determine the suitability of the application software for installation if the vehicle's security specification profile satisfies the minimum security requirements of the application software.

[0023] When evaluating the installation compatibility of application software, the processor can extract the security functions that the vehicle can support based on the vehicle's security specification profile, extract the security functions required by the application software based on the minimum security requirements of the application software, and evaluate the installation compatibility of the application software based on whether the security functions that the vehicle can support meet the security functions required by the application software.

[0024] When evaluating the installation compatibility of application software, the processor can evaluate the installation compatibility of the application software based on whether the vehicle can support the first security function based on the vehicle's security specification profile when the application software supports the first security function for specific security attacks or threats.

[0025] An application installation compatibility evaluation device based on the security profile of a vehicle according to an embodiment of the present invention, wherein the security specification profile of the vehicle can include at least one or more of software specifications, hardware specifications, and / or availability specifications.

[0026] An application installation compatibility evaluation device based on the security profile of a vehicle according to an embodiment of the present invention, wherein the software specification can include at least one or more of software security enhancement level information, an encryption library installed in the vehicle, version information of the encryption library, and / or the presence or absence of support for security functions corresponding to specific security attacks or threats.

[0027] An application installation compatibility evaluation device based on the security profile of a vehicle according to an embodiment of the present invention. The hardware specifications may include at least one or more of a hardware-based security computing module (HSM, Hardware Security Module), a hardware-based key repository, a trusted execution environment (TEE, Trusted Execution Environment), a trusted platform module (TPM, Trusted Platform Module), a secured repository, and / or a security application execution support module.

[0028] An application installation compatibility evaluation device based on the security profile of a vehicle according to an embodiment of the present invention. The usability specifications may include at least one or more of the number of V2X (Vehicle-to-Everything) message processing per reference time, the number of internal communication message processing per reference time, the hardware specifications for communication message processing, the security computing algorithms supported by the hardware specifications, and / or the security computing algorithms for autonomous driving supported by the hardware specifications.

[0029] An application installation compatibility evaluation device based on the security profile of a vehicle according to an embodiment of the present invention. The security specification profile generated during the vehicle production process can be stored in a repository inside the vehicle.

Advantages of the Invention

[0030] According to an embodiment of the present invention, before installing application software in a vehicle, potential security threats that may occur when the application software is installed and operated can be mitigated.

[0031] According to an embodiment of the present invention, potential security threats can be mitigated by verifying the compatibility between the security requirement conditions of the application software installed in the vehicle and the security specifications supported by the vehicle.

[0032] According to embodiments of the present invention, potential security threats can be mitigated by verifying whether the security functions of application software installed in a vehicle are effectively supported by the vehicle's security specification profile. [Brief explanation of the drawing]

[0033] [Figure 1] This diagram conceptually illustrates the process by which application software installed in a vehicle operates in conjunction with the vehicle's internal software, hardware, and platform. [Figure 2] This is a diagram conceptually illustrating a method for evaluating the suitability of application installation based on a vehicle's security profile according to one embodiment of the present invention, and a system / device in which this method operates. [Figure 3] This is an operation flowchart illustrating a method for evaluating application installation suitability based on a vehicle's security profile according to one embodiment of the present invention. [Figure 4] This is a conceptual diagram illustrating an example of a generalized computing system in which an application installation suitability evaluation device based on a vehicle security profile according to one embodiment of the present invention, which can perform at least a part of the process shown in Figures 1 to 3, is embodied. [Modes for carrying out the invention]

[0034] Since the present invention can be modified in various ways and has many different embodiments, we will attempt to illustrate and describe in detail specific embodiments with reference to the drawings. However, this should not be understood as limiting the present invention to specific embodiments, but rather as including all modifications, equivalents, or substitutes that fall within the spirit and technical scope of the present invention.

[0035] The terms "first," "second," etc., may be used to describe a variety of components, but the components should not be limited by such terms. The terms are used solely for the purpose of distinguishing one component from another. For example, without departing from the scope of the present invention, the first component may be named the second component, and similarly, the second component may be named the first component. The term "and / or" includes a combination of multiple related described items or any of the multiple related described items.

[0036] In the embodiments of this application, "at least one of A and B" may mean "at least one of A or B" or "at least one of one or more combinations of A and B". Also, in the embodiments of this application, "one or more of A and B" may mean "one or more of A or B" or "one or more of one or more combinations of A and B".

[0037] When it is mentioned that one component is "linked" or "connected" to another component, it should be understood that it may be directly linked or connected to the other component, but there may also be other components in between. Conversely, when it is mentioned that one component is "directly linked" or "directly connected" to another component, it should be understood that there are no other components in between.

[0038] The terminology used in this application is used solely to describe specific embodiments and is not intended to limit the invention. Singular expressions include plural expressions unless the context clearly indicates otherwise. In this application, terms such as “includes” or “having” are intended to specify the existence of features, figures, stages, operations, components, parts, or combinations thereof described in the specification, and should be understood not to preemptively exclude the possibility of the existence or addition of one or more other features, figures, stages, operations, components, parts, or combinations thereof.

[0039] Unless otherwise defined, all terms used herein, including technical or scientific terms, have the same meaning as those generally understood by a person of ordinary skill in the art to which this invention pertains. Terms as defined in commonly used dictionaries should be interpreted as having the meaning consistent with their meaning in the context of the relevant art, and not as ideal or overly formal unless expressly defined herein.

[0040] On the other hand, technologies that were publicly known before the filing date may be included as part of the structure of the present invention as necessary, and such will be described herein to the extent that it does not obscure the spirit of the present invention. However, in describing the structure of the present invention, detailed explanations of publicly known technologies that were publicly known before the filing date and that would be obvious to a person skilled in the art may obscure the spirit of the present invention, so overly detailed explanations of publicly known technologies will be omitted.

[0041] However, the purpose of this invention is not to assert rights over these prior arts, and the content of these prior arts may be included as part of this invention without departing from the spirit of this invention.

[0042] The following describes preferred embodiments of the present invention in more detail with reference to the attached drawings. To facilitate overall understanding in describing the present invention, the same reference numerals are used for the same components in the drawings, and redundant descriptions of the same components are omitted.

[0043] Figure 1 is a conceptual diagram illustrating the process by which application software installed in a vehicle operates in conjunction with the in-vehicle software, hardware, and platform.

[0044] Referring to Figure 1, application software supplied to the application store by a software provider can be downloaded to the vehicle based on the user's choice or system instructions.

[0045] Application software downloaded to and installed in a vehicle can work in conjunction with existing software, platforms, and / or hardware pre-installed in the vehicle to perform specific functions and provide services within the vehicle's software / hardware system.

[0046] As illustrated in Figure 1, with recent technological advancements, the number of software programs within vehicles is tending to increase rapidly as the in-vehicle architecture shifts to an SDV (Software-Defined Vehicle) architecture.

[0047] The rapid increase in the number of software programs within vehicles necessitates security features related to that software.

[0048] In the SDV architecture shown in Figure 1, the software inside the vehicle can be easily installed or updated wirelessly even after the vehicle has left the depot via OTA (Over-The-Air) updates.

[0049] Just like smartphone app stores, vehicles can also download and install applications from a vehicle application store. In other words, based on the SDV architecture and OTA technology, drivers and passengers can easily download and install vehicle applications from the application store.

[0050] On the other hand, while applications may be provided on a customized basis for specific vehicle models, applications that target various vehicle models rather than being customized for a specific vehicle tend to require the same security requirements regardless of the vehicle model.

[0051] In reality, each vehicle model supports different security features (capabilities) and / or security specifications (specs), so there is a potential for security breaches to occur if application software installed and running in a way that ignores the vehicle's functions or specifications.

[0052] For example, forcing certain vehicle models to excessively satisfy security requirements may prevent application software from fully performing its intended functions, potentially leading to performance degradation or malfunctions.

[0053] If an application is designed to work on all vehicle types, data on vehicles with higher security levels could be indirectly compromised through attacks on vehicles with lower security levels.

[0054] Specifically, if a vehicle has a low encryption level, it's possible to assume a type of attack that exploits this to attack the network and eavesdrop on or modulate data communications from vehicles with higher security levels.

[0055] Therefore, if the same application is installed in all vehicle models, updates and patch management tailored to the security specifications of each vehicle model will be required, and such updates and management can require significant resources.

[0056] For example, consider a car payment application software where the application requires 512-bit symmetric key encryption, while the vehicle only supports 256-bit symmetric key encryption. If this security feature difference is not recognized during installation or operation, the application software may authorize a car payment without realizing that the encryption provided by the vehicle may not be completely secure.

[0057] Thus, car payments or similar transactions that do not have sufficient security can lead to fraudulent payments. Furthermore, if subsequent actions are carried out based on the approval of such a transaction, security threats such as the leakage of personal information may occur.

[0058] Given the potential security threats that may arise in the environment shown in Figure 1, the present invention aims to propose a method to mitigate potential security threats by inspecting whether a vehicle satisfies the minimum security requirements demanded by the application before installation, as described in the embodiments shown in Figures 2 to 4 below.

[0059] In the embodiments shown in Figures 2 to 4, a vehicle security specification profile and minimum security requirements for the application to operate can be defined.

[0060] It is possible to determine whether a vehicle can be installed or is suitable for installation based on the vehicle's security specification profile and the minimum security requirements of the application.

[0061] Figure 2 is a conceptual diagram illustrating a vehicle security profile-based application installation suitability evaluation method according to one embodiment of the present invention, and a system / device in which the method operates.

[0062] Software providers can provide applications to the application store with the minimum security requirements included.

[0063] The vehicle can download applications from the application store (S200).

[0064] Before the application is installed, the vehicle can compare the minimum security requirements included in the application with the stored security specification profile (S300). If, based on the comparison results, it is determined that the application can be installed, the application can be installed in the vehicle (S400).

[0065] The vehicle's security specification profile can typically be generated by the manufacturer and stored inside the vehicle (S100).

[0066] The items included in the vehicle security specification profile and the minimum security requirements can be designed to be equivalent so that they are comparable. The items included in the vehicle security specification profile and the application security requirements can be proposed to be standardized or specified.

[0067] For example, as illustrated in Figure 2, the items included in the vehicle security specification profile and the application security requirements can be standardized or specified to include a) Configuration, b) Parameter, c) Cyber ​​Security Policy, etc.

[0068] In this case, a) Configuration may include, for example, whether or not the Hardware Security Module (HSM) is activated, whether or not the Intrusion Detection System (IDS) is activated, and / or whether or not application-specific container isolation is enabled.

[0069] Additionally, b)Parameter may include, for example, the cryptographic algorithm and key length, the type of hash function / message authentication code (MAC), and / or a list of cipher suites.

[0070] Furthermore, c) Cyber ​​Security Policy may include, for example, log monitoring policies, vulnerability response and patch management policies.

[0071] Figure 3 is an operation flowchart illustrating a method for evaluating application installation suitability based on a vehicle security profile according to one embodiment of the present invention.

[0072] The stages before the application installation begins can include the following two steps:

[0073] During the vehicle production process, after the security specification profile is generated, the security specification profile may be stored inside the vehicle (S100).

[0074] After the minimum security requirements are defined by the software supplier during application development, these minimum security requirements may be included in the application.

[0075] The following steps may be required before the application installation can begin:

[0076] Software providers can register their applications with application stores. When this happens, the software provider may register the application with the minimum security requirements already included.

[0077] The application store distributes applications, and vehicles can download applications at the user's request or by system command (S200).

[0078] The in-vehicle computer can compare the in-vehicle security specification profile with the minimum security requirements of the application to be installed (S300).

[0079] The comparison results showed that if the in-vehicle security specification profile satisfies the minimum security requirements, the vehicle can install the application (S400).

[0080] Referring to both Figures 2 and 3, the application installation suitability evaluation method based on the vehicle's security profile according to one embodiment of the present invention may include the steps of: downloading application software to be installed on the vehicle (S200); evaluating the installation suitability of the application software by comparing the minimum security requirements of the application software with the vehicle's security specification profile (S300); and, if the installation suitability of the application software is recognized, installing the application software on the vehicle (S400).

[0081] In the stage of evaluating the installation suitability of the application software (S300), the installation suitability of the application software can be evaluated based on whether the vehicle's security specification profile satisfies the minimum security requirements of the application software.

[0082] In one embodiment of the present invention, an application installation suitability evaluation method based on a vehicle's security profile can determine if the vehicle's security specification profile satisfies the minimum security requirements of the application software, thereby determining the suitability of the application software for installation.

[0083] In one embodiment of the present invention, the method for evaluating the suitability of application installation based on a vehicle's security profile includes the step of evaluating the suitability of application software installation (S300), which may include the step of extracting security functions that the vehicle can support based on the vehicle's security specification profile; the step of extracting security functions required by the application software based on the application software's minimum security requirements; and the step of evaluating the suitability of application software installation based on whether the security functions that the vehicle can support satisfy the security functions required by the application software.

[0084] In the stage of evaluating the installation suitability of the application software (S300), if the application software supports a first security function that responds to a specific security attack or threat, the installation suitability of the application software can be evaluated based on whether the vehicle can support the first security function based on the vehicle's security specification profile.

[0085] In one embodiment of the present invention, a method for evaluating application installation suitability based on a vehicle security profile, the vehicle security specification profile may include at least one of the following: software specifications, hardware specifications, and / or availability specifications.

[0086] The vehicle's security specification profile may be divided into software specifications, hardware specifications, and / or availability specifications as described above, and may also include additional specifications that can support hardware-software coordinated operation.

[0087] An application installation suitability evaluation method based on a vehicle security profile according to one embodiment of the present invention, wherein the software specification may include at least one of the following: software security enhancement level information, encryption library installed in the vehicle, version information of the encryption library, and / or support for security functions that respond to a specific security attack or threat.

[0088] For example, one might assume that an existing version of the software does not support how to respond to new attacks that exceed the security capabilities of the existing version. In this case, a new version of the application software will support security policies or security features that respond to the new attacks, but such security policies or security features may require a new version of the software specification or hardware-software linkage specification.

[0089] If a new version of the application software is implemented assuming that the vehicle provides sufficient software or software-hardware integration specifications, then it can be assumed that the new version of the application software will operate after it is installed in the vehicle.

[0090] In this situation, due to insufficient vehicle specifications, application software may fail to recognize the problem and mistakenly believe that security is adequately maintained, even though security policies or functions to counter new attacks are not actually functioning properly, potentially leading to the authorization of transactions resulting from new attacks.

[0091] Furthermore, if a transaction resulting from a new attack is mistakenly approved, the transactions preceding and following that transaction may also be approved, potentially increasing the risk of security incidents.

[0092] An application installation suitability evaluation method based on the security profile of a vehicle according to one embodiment of the present invention, wherein the hardware specifications may include at least one of the following: a Hardware Security Module (HSM), a Hardware Key Storage, a Trusted Execution Environment (TEE), a Trusted Platform Module (TPM), a Secure Storage, and / or a Security Application Execution Support Module.

[0093] In this case, the hardware specifications may include whether or not there is support for hardware-based security computing units, whether or not a secure storage space is provided in hardware, whether or not hardware-advanced encryption is supported, whether or not there are improvements in encryption / decryption performance, and / or whether or not there are defenses against known / new security attacks.

[0094] In one embodiment of the present invention, a method for evaluating the suitability of an application installation based on a vehicle's security profile, the availability specification may include at least one of the following: the number of V2X (Vehicle-to-Everything) messages processed per standard time, the number of internal communication messages processed per standard time, hardware specifications for communication message processing, security computation algorithms supported by the hardware specifications, and / or security computation algorithms for autonomous driving supported by the hardware specifications.

[0095] Availability specifications may include performance metrics based on hardware-software coordination.

[0096] Furthermore, availability specifications can be presented in a way that allows for the determination, through hardware-software coordination, whether the CPU specifications for communication / message processing support sufficiently fast computations for advanced security algorithms, and / or whether they support the fast computations and communication required by security algorithms for autonomous driving.

[0097] A vehicle security specification profile can refer to a set of information that embodies the ability to logically determine whether security requirements can be supported by hardware, software, availability, compatibility, and hardware-software interaction.

[0098] An application installation suitability evaluation method based on a vehicle security profile according to one embodiment of the present invention may further include the step of storing a security specification profile generated during the vehicle production process in a storage facility inside the vehicle (S100).

[0099] According to embodiments of the present invention, potential security threats that may arise from the installation and operation of application software can be mitigated before the application software is installed in the vehicle.

[0100] According to embodiments of the present invention, potential security threats can be mitigated by verifying the compatibility between the security requirements of application software installed in a vehicle and the security specifications that the vehicle can support.

[0101] According to embodiments of the present invention, potential security threats can be mitigated by verifying whether the security functions of application software installed in a vehicle are effectively supported by the vehicle's security specification profile.

[0102] Figure 4 is a conceptual diagram illustrating an example of a generalized computing system in which an application installation suitability evaluation device based on a vehicle security profile according to one embodiment of the present invention, which can perform at least part of the processes shown in Figures 1 to 3, is implemented.

[0103] At least a portion of the process of the application installation suitability evaluation method based on the security profile of a vehicle according to one embodiment of the present invention, as illustrated in Figures 2 and 3, can be performed by the computing system 1000 shown in Figure 4.

[0104] Referring to Figure 4, a computing system 1000 according to one embodiment of the present invention may be configured to include a processor 1100, memory 1200, communication interface 1300, storage device 1400, input interface 1500, output interface 1600, and bus 1700.

[0105] A computing system 1000 according to one embodiment of the present invention may include at least one processor 1100 and a memory 1200 that stores instructions that the at least one processor 1100 perform at least one step. At least some steps of the method according to one embodiment of the present invention may be performed by the at least one processor 1100 loading and executing instructions from the memory 1200.

[0106] The processor 1100 may mean a central processing unit (CPU), a graphics processing unit (GPU), or a dedicated processor on which the method according to an embodiment of the present invention is performed.

[0107] The memory 1200 and the storage device 1400 may each consist of at least one of a volatile storage medium and a non-volatile storage medium. For example, the memory 1200 may consist of at least one of a read-only memory (ROM) and a random access memory (RAM).

[0108] Furthermore, the computing system 1000 may include a communication interface 1300 that performs communication over a wireless network.

[0109] Furthermore, the computing system 1000 may further include a storage device 1400, an input interface 1500, an output interface 1600, and the like.

[0110] Furthermore, each component included in the computing system 1000 can be connected by a bus 1700 to perform communication.

[0111] The computing system 1000 of the present invention may be, for example, a communicable desktop computer, laptop computer, notebook computer, smartphone, tablet PC, mobile phone, smart watch, smart glasses, e-book reader, PMP (portable multimedia player), portable game console, navigation device, digital camera, DMB (digital multimedia broadcasting) player, digital audio recorder, digital audio player, digital video recorder, digital video player, PDA (Personal Digital Assistant), etc.

[0112] An application installation suitability evaluation device based on a vehicle security profile according to one embodiment of the present invention may include a memory 1200 for storing at least one computer-readable instruction and a processor 1100 for executing at least one instruction.

[0113] In one embodiment of the present invention, an application installation suitability evaluation device based on the vehicle's security profile, the processor 1100 can download application software to be installed in the vehicle by at least one instruction (S200), evaluate the installation suitability of the application software by comparing the minimum security requirements of the application software with the vehicle's security specification profile (S300), and if the installation suitability of the application software is recognized, the application software can be installed in the vehicle (S400).

[0114] When the processor 1100 evaluates the installation suitability of the application software (S300), it can evaluate the installation suitability of the application software based on whether the vehicle's security specification profile satisfies the minimum security requirements of the application software.

[0115] In one embodiment of the present invention, an application installation suitability evaluation device based on the vehicle's security profile can determine the suitability of the application software for installation if the vehicle's security specification profile satisfies the minimum security requirements of the application software.

[0116] When the processor 1100 evaluates the installation suitability of application software (S300), it can extract security functions that the vehicle can support based on the vehicle's security specification profile, extract security functions required by the application software based on the application software's minimum security requirements, and evaluate the installation suitability of the application software based on whether the security functions that the vehicle can support satisfy the security functions required by the application software.

[0117] When the processor 1100 evaluates the installation suitability of the application software (S300), it can evaluate the installation suitability of the application software based on whether the vehicle can support a first security function that responds to a specific security attack or threat, based on the vehicle's security specification profile.

[0118] An application installation suitability evaluation device based on a vehicle security profile according to one embodiment of the present invention, wherein the vehicle security specification profile may include at least one of software specifications, hardware specifications, and / or availability specifications.

[0119] An application installation suitability evaluation device based on a vehicle security profile according to one embodiment of the present invention, wherein the software specification may include at least one of the following: software security enhancement level information, encryption library installed in the vehicle, version information of the encryption library, and / or support for security functions that respond to a specific security attack or threat.

[0120] An application installation suitability evaluation device based on the security profile of a vehicle according to one embodiment of the present invention, the hardware specifications may include at least one of the following: a Hardware Security Module (HSM), a Hardware Key Storage, a Trusted Execution Environment (TEE), a Trusted Platform Module (TPM), a Secure Storage, and / or a Security Application Execution Support Module.

[0121] An application installation suitability evaluation device based on a vehicle security profile according to one embodiment of the present invention, wherein the availability specification may include at least one of the following: the number of V2X (Vehicle-to-Everything) messages processed per standard time, the number of internal communication messages processed per standard time, the hardware specifications for communication message processing, the security calculation algorithm supported by the hardware specifications, and / or the security calculation algorithm for autonomous driving supported by the hardware specifications.

[0122] An application installation suitability evaluation device based on a vehicle security profile according to one embodiment of the present invention, wherein the security specification profile generated during the vehicle production process can be stored in a storage facility inside the vehicle (S100).

[0123] The operation of the method according to the embodiment of the present invention can be embodied in a computer-readable program or code on a computer-readable recording medium. The computer-readable recording medium includes all types of recording devices on which information that can be read by a computer system is stored. Furthermore, the computer-readable recording medium can be distributed across a network of computer systems, and computer-readable programs or code can be stored and executed in a distributed manner.

[0124] Furthermore, computer-readable recording media can include hardware devices specially configured to store and execute program instructions, such as ROM, RAM, and flash memory. Program instructions can include not only machine code generated by a compiler, but also high-level language code that can be executed by a computer using an interpreter or the like.

[0125] Some aspects of the present invention have been described in the context of apparatus, but they can also be described by corresponding methods, where blocks or apparatus correspond to method steps or features of method steps. Similarly, aspects described in the context of methods can also be described by corresponding blocks or items or features of corresponding apparatus. Some or all of the method steps may be carried out by (or utilizing) hardware devices such as, for example, a microprocessor, a programmable computer, or an electronic circuit. In some embodiments, at least one or more of the most important method steps may be carried out by such devices.

[0126] In embodiments, a programmable logic device (e.g., a field-programmable gate array) may be used to perform some or all of the functions of the methods described herein. In embodiments, a field-programmable gate array may operate in conjunction with a microprocessor to perform one of the methods described herein. Generally, it is preferable that the methods be performed by some hardware device.

[0127] Although preferred embodiments of the present invention have been described above with reference to the present invention, those skilled in the art will understand that the present invention can be modified and altered in various ways without departing from the spirit and scope of the invention as described in the following claims.

Claims

1. The stage of downloading application software to be installed in the vehicle; A step of evaluating the suitability of the application software for installation by comparing the minimum security requirements of the application software with the vehicle's security specification profile; and A method for evaluating the suitability of application installation based on a vehicle's security profile, comprising the step of installing the application software in the vehicle if the suitability of the application software for installation is determined.

2. The step of evaluating the installation suitability of the aforementioned application software is: A method for evaluating the suitability of application software for installation based on a vehicle's security profile, according to claim 1, wherein the vehicle's security specification profile satisfies the minimum security requirements of the application software, and the suitability of the application software for installation is evaluated based on this.

3. The method for evaluating the suitability of an application to be installed based on a vehicle's security profile, according to claim 2, wherein the application software is deemed suitable for installation if the vehicle's security specification profile satisfies the minimum security requirements of the application software.

4. The step of evaluating the installation suitability of the aforementioned application software is: A step of extracting security functions that the vehicle can support based on the vehicle's security specification profile; A step of extracting security functions required by the application software based on the minimum security requirements of the application software; and A method for evaluating application installation suitability based on a vehicle's security profile, according to claim 1, comprising the step of evaluating the installation suitability of the application software based on whether the security functions that the vehicle can support satisfy the security functions required by the application software;

5. The step of evaluating the installation suitability of the aforementioned application software is: The method for evaluating the suitability of an application installation based on a vehicle's security profile, according to claim 1, wherein the application software supports a first security function that responds to a specific security attack or threat, and the suitability of the application software for installation is evaluated based on whether the vehicle can support the first security function based on the vehicle's security specification profile.

6. The method for evaluating application installation suitability based on a vehicle security profile according to claim 1, wherein the vehicle security specification profile includes at least one of software specifications, hardware specifications, and availability specifications.

7. The method for evaluating application installation suitability based on the security profile of a vehicle according to claim 6, wherein the software specifications include at least one of the following: software security enhancement level information, an encryption library installed in the vehicle, version information of the encryption library, and whether or not there is support for security functions that respond to a specific security attack or threat.

8. The aforementioned hardware specifications are: A method for evaluating the suitability of an application installation based on the security profile of a vehicle according to claim 6, comprising at least one of the following: a Hardware Security Module (HSM), a Hardware Key Storage, a Trusted Execution Environment (TEE), a Trusted Platform Module (TPM), a Secure Storage, and a Security Application Execution Support Module.

9. The application installation suitability evaluation method based on the security profile of a vehicle according to claim 6, wherein the availability specification includes at least one of the following: the number of V2X (Vehicle-to-Everything) messages processed per standard time, the number of internal communication messages processed per standard time, the hardware specifications for communication message processing, the security calculation algorithm supported by the hardware specifications, and the security calculation algorithm for autonomous driving supported by the hardware specifications.

10. A method for evaluating the suitability of an application installation based on a vehicle security profile according to claim 1, further comprising the step of storing the security specification profile generated during the vehicle production process in a storage facility inside the vehicle.

11. Memory for storing at least one program instruction; A processor that executes at least one of the aforementioned program instructions; Includes, The processor, by at least one instruction, Download the application software to be installed in the vehicle. The minimum security requirements of the application software are compared with the vehicle's security specification profile to evaluate the suitability of the application software for installation. An application installation suitability evaluation device based on the vehicle's security profile, which installs the application software in the vehicle if the suitability for installation of the application software is determined.

12. When the processor evaluates the installation suitability of the application software, An application installation suitability evaluation device based on a vehicle security profile according to claim 11, which evaluates the installation suitability of the application software based on whether the security specification profile of the vehicle satisfies the minimum security requirements of the application software.

13. An application installation suitability evaluation device based on a vehicle security profile according to claim 12, wherein the installation suitability of the application software is recognized when the security specification profile of the vehicle satisfies the minimum security requirements of the application software.

14. When the processor evaluates the installation suitability of the application software, Based on the security specification profile of the said vehicle, the security functions that the said vehicle can support are extracted, Based on the minimum security requirements of the application software, the security functions required by the application software are extracted. An application installation suitability evaluation device based on the security profile of a vehicle, according to claim 11, which evaluates the installation suitability of the application software based on whether the security functions that the vehicle can support satisfy the security functions required by the application software.

15. When the processor evaluates the installation suitability of the application software, The vehicle security profile-based application installation suitability evaluation device according to claim 11, which evaluates the installation suitability of the application software based on whether the vehicle can support the first security function based on the vehicle's security specification profile, when the application software supports a first security function that responds to a specific security attack or threat.

16. Application installation suitability evaluation device based on the vehicle security profile according to claim 11, wherein the vehicle security specification profile includes at least one of software specifications, hardware specifications, and availability specifications.

17. The application installation suitability evaluation device based on the security profile of a vehicle according to claim 16, wherein the software specifications include at least one of the following: software security enhancement level information, an encryption library installed in the vehicle, version information of the encryption library, and whether or not there is support for security functions that respond to a specific security attack or threat.

18. The aforementioned hardware specifications are: An application installation suitability evaluation device based on the security profile of a vehicle according to claim 16, comprising at least one of the following: a Hardware Security Module (HSM), a Hardware Key Storage, a Trusted Execution Environment (TEE), a Trusted Platform Module (TPM), a Secure Storage, and a Security Application Execution Support Module.

19. Application installation suitability evaluation device based on the vehicle security profile according to claim 16, wherein the availability specification includes at least one of the following: the number of V2X (Vehicle-to-Everything) messages processed per standard time, the number of internal communication messages processed per standard time, hardware specifications for communication message processing, security calculation algorithms supported by the hardware specifications, and security calculation algorithms for autonomous driving supported by the hardware specifications.

20. The application installation suitability evaluation device based on the security profile of a vehicle according to claim 11, wherein the security specification profile generated during the vehicle production process is stored in a storage facility inside the vehicle.