Various approaches are disclosed to virtualizing intrusion detection and prevention. Disclosed approaches provide for an embedded system having a hypervisor that provides a virtualized environment supporting any number of guest OSes. The virtualized environment may include a security engine on an internal communication channel between the guest OS and a virtualized hardware interface (e.g., an Ethernet or CAN interface) to analyze network traffic to protect the guest OS from other guest OSes or other network components, and to protect those network components from the guest OS. The security engine may be on a different partition than the guest OS and the virtualized hardware interface providing the components with isolated execution environments that protect against malicious code execution. Each guest OS may have its own security engine customized for the guest OS to account for what is typical or expected traffic for the guest OS.

The present disclosure includes apparatuses, methods, and systems for secure communication in a traffic control network. An embodiment includes a memory, and circuitry configured to receive a traffic control public key from a traffic control device, wherein the traffic control public key is received in response to providing, to the traffic control device, a request to modify content of the traffic control device, encrypt data corresponding to vehicle information using the traffic control public key, provide, to the traffic control device, the encrypted data to store the data in the traffic control device, and access a network of traffic control devices, including the traffic control device, via the data stored in the traffic control device.

The present embodiments relate to systems and methods for using a blockchain or shared ledger to handle a total loss of a vehicle associated with a Vehicle Identification Number (VIN). A vehicle lifecycle may be tracked on a blockchain according to VIN. If the vehicle suffers a total loss, a transaction is broadcast to the blockchain to update the shared ledger to record the loss status of the vehicle. The blockchain may also include other information, such as mileage, regarding the vehicle and searchable by VIN. The other information and the loss status may be used to determine whether the vehicle likely represents a total loss.

An apparatus for a vehicle-to-everything (V2X) service establishes a secure session with a V2X server by using a transport layer security (TLS) handshake on the basis of an X.509 certificate of the V2X server. The apparatus generates a signed V2X message having a digital signature generated on the basis of a pseudonym certificate. The apparatus encodes the signed V2X message on the basis of the X.509 certificate.

An identity authority computing device having a processor in communication with a database is described herein. The database stores a plurality of persistent user identifiers associated with a plurality of users. The processor is programmed to receive a service request over a public network, the service request including a service provider identifier and a single-use token value associated with one of the users. The processor is also programmed to determine at least one persistent user identifier associated in the database with the token value, and generate an updated service request including the at least one persistent user identifier. The processor further is programmed to generate an encrypted service request using a public encryption key associated with the service provider identifier, and transmit the encrypted service request to a service provider computing device associated with the service provider identifier.

Disclosed herein are techniques for analyzing software delta changes based on functional line-of-code behavior and relation models. Techniques include identifying a prompt to change a first version of code on a controller to a second version of code; constructing, based on the identified prompt, a line-of-code behavior and relation model representing execution of functions of the controller based on the second version of code; performing a signature operation on the generated line-of-code behavior and relation model to produce a signature value; and sending the signature value to the controller; wherein the controller is configured to compare the signature value to a computed signature value that the controller is configured to compute based on the second version of code and determine, based on the comparison, whether to validate the second version of code.

A contract management system including a plurality of computers that operate such that each computer holds the same distributed ledger and a plurality of terminal apparatuses includes: a ledger management unit that records a block including received transaction data in the distributed ledger; and an association-information management unit that, when the ledger management unit records in the distributed ledger a block including transaction data including a smart contract for execution of a contract, generates association information that associates a contract address where the smart contract is stored with contract identification information.

A gateway of a vehicle is connected to a telematics control unit (TCU) and a plurality of electronic control units (ECUs). The gateway is programmed to receive a command from the TCU, the command specifying an electronic serial number (ESN) of a target ECU of the ECUs, and forward the command to the target ECU responsive to confirmation that the ESN of the target ECU is included in the web of trust.

A key and an advertisement identifier are received from a share server responsive to a request for a ride. The advertisement identifier is utilized to execute a share application installed to the memory. A local connection is established to a vehicle sending an advertisement that matches the advertisement identifier. Access is gained to the vehicle for the ride using the local connection.

An autonomous driving controller includes a plurality of parallel processors operating on common input data received from the plurality of autonomous driving sensors. Each of the plurality of parallel processors includes communication circuitry, a general processor, a security processor subsystem (SCS), and a safety subsystem (SMS). The communication circuitry supports communications between the plurality of parallel processors, including inter-processor communications between the general processors of the plurality of parallel processors, communications between the SCSs of the plurality of parallel processors using SCS cryptography, and communications between the SMSs of the plurality of parallel processors using SMS cryptography, the SMS cryptography differing from the SCS cryptography. The SCS and/or the SMS may each include dedicated hardware and/or memory to support the communications.