Systems and techniques for securing vehicle privacy in a driving infrastructure are described herein. A vehicle may contact a group identification (ID) issuer to register itself. A group ID may be received from the group ID issuer to indicate acceptance as a member. The vehicle may then contact the driving infrastructure to attach to the driving infrastructure using the group ID to identify the vehicle. In response, the vehicle receives an attachment ID from the driving infrastructure. Here, the attachment ID is used to secure communications between the vehicle and the driving infrastructure.

An automated vehicle parking system uses a driver's authentication device, such as a mobile phone or portable tag, to identify the driver. Vehicle sensing terminals detect when and where a vehicle has parked and send wireless notifications to the vehicle owner's authentication device. The authentication device, the vehicle sensing terminal and a cloud server interact using secure wireless communications to validate the driver's qualifications and record the parking event. Vehicle sensing terminals detect when the vehicle leaves its parking space and the parking system automatically terminates the parking session. The authentication device handles the bulk of the communication with the cloud server to reduce consumption of the vehicle sensing terminal's power supply. The sensing and portable tag devices communicate using secure tokens that are encrypted with unique individual or group keys.

A device, method, or computer program product for conducting a cryptographic operation in a vehicle is disclosed herein. The device is arranged to receive key data and input data, and to conduct a cryptographic computation of the input data to output data using the key data. The cryptographic computation is conducted with or without side channel attack counter measures, which are toggled based on the key data or based on a control input.

A system includes a first computer including a processor programmed to receive, from a remote device, a first digital document including a digital signature from a server and specifying access to one or more vehicle systems for a user. The processor is further programmed to receive, from the server, a second digital document authorizing the specified access to the one or more vehicle systems; and provide, to the remote device, the specified access to the one or more vehicle systems based on the first digital document and second digital document.

A first ECU performs an operation using a first key and a first fresh value to generate a keystream; performs an exclusive OR operation using the keystream and a to-be-transmitted first plaintext packet to generate a first ciphertext packet; and sends the first ciphertext packet to a second ECU. The first fresh value is a value generated by a counter in the first ECU when the first ECU transmits a packet, and the counter is configured to record a quantity of packets transmitted by the first ECU. The first ECU transmits the first ciphertext packet to the second ECU. This can prevent the first packet transmitted by the first ECU from being eavesdropped on, and help improve confidentiality of the packet transmitted by the first ECU.

A vehicle digital certificate management method and a device thereof. The vehicle digital certificate management method comprises: after a vehicle-mounted network connection terminal is powered on, performing an initialization on a universal digital certificate, and if the universal digital certificate is abnormal, generating mandatory certificate maintenance request information; calculating the difference between a real time when the vehicle-mounted network connection terminal is powered on and the last maintenance time of the universal digital certificate, comparing the difference with a preset certificate maintenance period, and if the difference is greater than the preset maintenance period, generating period maintenance request information; and performing certificate maintenance according to the mandatory certificate maintenance request information or the periodic maintenance request information when a communication state of the vehicle network connection terminal satisfies a certificate maintenance condition.

A method of dynamically loading an encryption engine generates a relationship between encryption identifiers and information parameters. The information parameters includes information security levels, information sizes, and information access speeds. The encryption identifiers include a soft encryption identifier and a hard encryption identifier. A target encryption identifier of current to-be-encrypted information is obtained, and a target encryption mode of the current to-be-encrypted information is determined. An encryption engine corresponding to the current to-be-encrypted information is loaded according to the encryption mode. The method can reduce waste of resources, and improve an efficiency of encryption and decryption of information.

In response to a trigger event, a challenge message that includes a security code by inputting the security code to a cryptographic program that encrypts the security code based on an authentication key is generated by a first computer. Upon transmitting the challenge message to a second computer, the security code is updated by the first computer based on a random number output from a random number generator. A response is received by the first computer from the second computer in response to the challenge message. Upon verifying the second computer based on the response, a security message including the updated security code is transmitted from the first computer to the second computer.

An in-vehicle encryption system for use in a vehicle comprising a plurality of vehicle subsystems. The system comprises a security ECU module that communicates with a remote cryptographic module, the security ECU module comprising a processor and a per vehicle master secret (PVMS) value stored in the security ECU module. The security ECU module uses the PVMS value to authenticate with the remote cryptographic module and to establish an external encrypted communication link with the remote cryptographic module. The system further comprises a first subsystem ECU module that generates a first globally unique identifier (GUID) and a second subsystem ECU module that generates a second GUID. The security ECU module uses the first GUID value to establish a first encrypted communication link with the first subsystem ECU module.

A secure element (SE) for processing a digital key includes a communication interface for communicating with a host, a memory for storing programs and data for processing the digital key, and a processor for executing the programs stored in the memory to receive a digital key processing request from a target device, determine whether a service is providable to the target device, by using a service-provider-specific service performance manager, process the digital key by using a digital key manager based on digital key processing information stored in the memory, upon determining that a service is providable to the target device, issue a digital key processing certificate by using the service-provider-specific service performance manager based on authentication information stored in the memory, and transmit the digital key processing certificate to at least one of a service provider and the target device.