Embodiments described herein provide systems and methods to prevent, or provide a countermeasure, to a co-existence attack, for example, that may occur in a Security Credential Management System (SCMS) where both regular butterfly key (RBK) protocol and unified butterfly key (UBK) protocol are supported. Embodiments described herein provide, support, employ, or implement hardware acceleration for a Hardware Security Module (HSM), for example, for cryptographic operations (e.g., block ciphers, digital signature schemes, and key exchange protocols).

Securing data using random bits uses a TRNG disk with a plurality of random bits and a universally unique identifier (UUID). At least one TRNG disk copy is created, which is identical to the TRNG disk. The TRNG disk copy is stored in a separate physical location than the TRNG disk. Source data is received and encrypted with a block of random bits of the TRNG disk to produce encrypted data. The block of random bits of the TRNG disk has a bit offset which is a positional address of the block of random bits within the TRNG disk. The encrypted source data, the UUID, and the bit offset of the TRNG disk are communicated from a first location to at least a second location. The encrypted source data is decrypted at the second location using the UUID, the offset of the TRNG disk, and the TRNG disk copy.

To revoke a digital certificate (160p), activation of the digital certificate is blocked by withholding an activation code from the certificate user (110). The certificates are generated by a plurality of entities (210, 220, 838) in a robust process that preserves user privacy (e.g. anonymity) even in case of collusion of some of the entities. The process is suitable for connected vehicles, e.g. as an improvement for Security Credential Management System (SCMS).

A system for a vehicle includes a computer, a first electronic control module, and a wired vehicle communications network coupling the computer and the first electronic control module. The computer is programmed to transmit authentication keys to the first electronic control module and a plurality of second electronic control modules via the wired vehicle communications network, encrypt a table of the authentication keys using a first key, store the encrypted table, transmit the encrypted table to the first electronic control module via the wired vehicle communications network, and transmit the encrypted table and the first key to a remote server spaced from the wired vehicle communications network.

Method for authenticating a first and a second electronic devices associated through a communication line includes: creating a unique ID, by a third electronic device; transmitting the unique ID to the first electronic device; signing the transmitted unique ID by the first electronic device; transmitting the signed unique ID to the second electronic device, by the first electronic device; signing the transmitted signed unique ID by the second electronic device; transmitting the unique ID signed by the first and second electronic devices to the third electronic device; verifying and accepting the unique ID signed by the first device and the second device, by the third device; issuing a certificate for a secure communication line between the first electronic device and the second electronic device; and transmitting the certificate to the first electronic device and the second electronic device.

A cross-certificate method is performed by an electric vehicle (EV) for being supplied with power from electric vehicle supply equipment (EVSE) associated with a charging point operator (CPO) having established a trust relationship with a first vehicle to grid (V2G) root certificate authority (rootCA) and a second V2G root certificate authority. The cross-certificate method may include steps of: requesting charging from the electric vehicle supply equipment; receiving, from the electric vehicle supply equipment, a certificate chain held by the electric vehicle supply equipment; and verifying whether or not a last certificate of the certificate chain has been signed by the second V2G root certificate authority, wherein the last certificate of the certificate chain can be a cross-certificate issued by the second V2G root certificate authority.

Among other things, techniques are described for provisioning and authentication of devices in vehicles. In one aspect, a device in a vehicle establishes a communication session with a network server that manages provisioning of devices corresponding to an enterprise associated with the vehicle. The device receives instructions from the network server to generate cryptographic keys, and in response, generates a public and private key pair. The device sends, to the network server, a certificate signing request that includes the public key and an identifier of the device. In response, the device receives a digital security certificate for the device, and a security certificate of a signing certificate authority. The device authenticates the security certificate of the certificate authority using a known enterprise root certificate, and upon successful authentication, stores the device security certificate and the security certificate of the signing certificate authority.

An example operation includes one or more of receiving a software update at a first component in a target transport, parsing the software update by a second component in the target transport into a first portion of critical updates and a second portion of non-critical updates, verifying the first portion, by the second component, based on a source of the software update, running, by the second component, the verified first portion with a dedicated process on the target transport for a pre-set period of time, and responsive to positive results over the period of time, running the verified first portion with other processes on the target transport.

A system comprises a computer including a processor and a memory, the memory including instructions such that the processor is programmed to: receive a data frame including data representing a unified diagnostic services (UDS) request, wherein the data frame includes a hash value and a cipher-based message authentication code (CMAC); calculate an authentication CMAC based on the hash value; compare the CMAC with the authentication CMAC; and transmit control data to a communication module when the CMAC matches the authentication CMAC.

A method is provided for communicating a non-speech message as audio from a first device to a second device such that information can be passed between the first and second device. The method includes: encoding the non-speech message as a dissimilar speech message having a plurality of phonemes; transmitting the speech message over one or more audio communications channels from the first device; receiving the speech message at the second device; recognizing the speech message; and decoding the dissimilar speech message to the non-speech message. By using existing audio functionality, and the increasingly more reliable voice recognition applications, an improved method is provided for sharing complex data messages using commonly available communication channels.