An identity authority computing device having a processor in communication with a database is described herein. The database stores a plurality of persistent user identifiers associated with a plurality of users. The processor is programmed to receive a service request over a public network, the service request including a service provider identifier and a single-use token value associated with one of the users. The processor is also programmed to determine at least one persistent user identifier associated in the database with the token value, and generate an updated service request including the at least one persistent user identifier. The processor further is programmed to generate an encrypted service request using a public encryption key associated with the service provider identifier, and transmit the encrypted service request to a service provider computing device associated with the service provider identifier.

The invention relates to a method for generating cryptographic keys according to a key derivation function model. An embodiment includes the following steps: defining a master key for different models of a product type from a manufacturer; defining a set of key derivation parameters for the key derivation function model; determining the key derivation parameters for the model for which a cryptographic key is to be derived; deriving a single cryptographic key or a set of cryptographic keys from the master key according to the key derivation function model taking into account the key derivation parameters, wherein the step of defining a set of key derivation parameters comprises at least the following parameters: key type identification and key type learning counter.

A multifactor authentication system onboard a vehicle including at least one processor, a first database, a second database, and one or more protected computer systems is provided. The at least one processor is programmed to receive, from a user, a request for access to the one or more protected computer systems, wherein the request contains authentication information including a first authentication factor and a second authentication factor, retrieve first factor authentication data associated with the user from the first database, compare the first factor authentication data with the received first authentication factor to determine if there is a match, retrieve the second factor authentication data associated with the user from the second database, compare the second factor authentication data with the received second authentication factor to determine if there is a match, and grant access to the one or more protected computer systems if all of the comparisons match.

A vehicle-mounted device upgrade method and a related apparatus, where the method includes an on-board unit (Tbox) of a vehicle that processes a first data segment according to a first algorithm to obtain a first check value, where the first data segment is any data segment in a plurality of data segments included in an upgrade file of a control unit, and the first check value is sent to the control unit, and the Tbox encrypts the first data segment by using a first key to obtain a first encrypted segment, and sends the first encrypted segment to the control unit, so that the control unit stores, in the control unit, the first data segment obtained by decrypting the first encrypted segment by using the first key, where the first data segment is used by the control unit to form the upgrade file for upgrade.

A computer-implemented method, which comprises: receiving an input message comprising N-bit input segments, N being an integer greater than one; converting the N-bit input segments into corresponding N-bit output segments using a 2N-by-2N one-to-one mapping stored in a non-transitory storage medium; and generating an output message comprising the N-bit output segments. Also, a computer-implemented method for a recipient to validate a message received from a sender, the message including a first part and a second part. This method comprises receiving a token from a witnessing entity; obtaining a first data element by joint processing of the first part of the message and the token; obtaining a second data element by joint processing of the second part of the message using a key associated with the sender; and validating the message by comparing the first and second data elements.

In an example embodiment, a system includes a first controller configured to generate a network key and transform the network key and a second controller configured to obtain the transformed network key and form a network with the first controller, each of the first controller and the second controller being configured to generate a same symmetric key using the network key and values from the other of the first controller and second controller.

The disclosure relates to a method of updating an immobilizer token. A target device according to various embodiments of the disclosure may generate a first temporary encryption key pair for encryption and decryption of an immobilizer token, may transmit, to an immobilizer token issuance device, an immobilizer token issuance request including a first temporary public encryption key of the generated first temporary encryption key pair, may receive, from the immobilizer token issuance device, an encrypted immobilizer token and a second temporary public encryption key generated by the immobilizer token issuance device, may decrypt the encrypted immobilizer token by using the second temporary public encryption key and a first temporary private encryption key of the first temporary encryption key pair, and may store the decrypted immobilizer token in a confidential mailbox of the digital key in a secure element.

A system for secure sensor operation is provided. A sensor circuit includes a smart controller configured to provide trusted data. An operational circuit includes an operational controller configured to, responsive to receipt of a request from the sensor circuit, perform an identity verification using a cryptographic challenge to authenticate the sensor circuit before utilizing the trusted data.

A method at a computing device within an Intelligent Transportation System, the method comprising: determining, at the computing device, whether a short-term certificate is available to sign a message; if the short-term certificate is available, signing the message with a private key associated with the short-term certificate; if the short-term certificate is not available, signing the message with a private key associated with a long-term certificate; and sending the message to a recipient.

A system to remotely flash an external module, the system comprising an external module installable in a secured location having at least one securing device with a transponder, at least one server, wherein the at least one server and a communication hub that communicates said at least one server, said communication hub further comprising a communication device that extracts key data from the securing device's transponder. Additional embodiments of the system include an external module and a learning module that extract partial key data. A method to flash the external module by extracting at least one set of partial key data from the securing device's transponder and/or securing device using an external module, communication device, and/or learning module, wherein the server analyzes and processes the set(s) of partial key data to generate a securing device bypass for the external module that installed to the secured location.