Systems and methods are provided for implementing swarm learning while using blockchain technology and election/voting mechanisms to ensure data privacy. Nodes may train local instances of a machine learning model using local data, from which parameters are derived or extracted. Those parameters may be encrypted and persisted until a merge leader is elected that can merge the parameters using a public key generated by an external key manager. A decryptor that is not the merge leader can be elected to decrypt the merged parameter using a corresponding private key, and the decrypted merged parameter can then be shared amongst the nodes, and applied to their local models. This process can be repeated until a desired level of learning has been achieved. The public and private keys are never revealed to the same node, and may be permanently discarded after use to further ensure privacy.

A bootloader authentication system with a multimedia device to mount within a vehicle, a memory device, and a processor. The memory device stores data indicative of a public key associated with the vehicle and a signed hash bootloader image indicative of a signature of a private key. The processor is in communication with the memory device and is programmed to: generate a signature verification block based on a combination of a random number and the signed hash bootloader image; compare the signature verification block to the public key to verify the signature of the private key; authenticate a bootloader in response to verifying the signature of the private key; and activate the multimedia device in response to bootloader authentication

An automated vehicle parking system uses a driver's authentication device, such as a mobile phone or portable tag, to identify the driver. Vehicle sensing terminals detect when and where a vehicle has parked and send wireless notifications to the vehicle owner's authentication device. The authentication device, the vehicle sensing terminal and a cloud server interact using secure wireless communications to validate the driver's qualifications and record the parking event. Vehicle sensing terminals detect when the vehicle leaves its parking space and the parking system automatically terminates the parking session. The authentication device handles the bulk of the communication with the cloud server to reduce consumption of the vehicle sensing terminal's power supply. The sensing and portable tag devices communicate using secure tokens that are encrypted with unique individual or group keys.

In some examples, a vehicle receives authorization information that identifies an automotive service to be performed on the vehicle, the authorization information further indicating approval of performance of the automotive service on the vehicle by an operator of the vehicle and a vehicle manufacturer. Based on the authorization information, the vehicle enables access of an electronic component of the vehicle by an authorized repair entity to perform the automotive service.

Among other things, techniques are described for provisioning and authentication of devices in vehicles. In one aspect, a device in a vehicle establishes a communication session with a network server that manages provisioning of devices corresponding to an enterprise associated with the vehicle. The device receives instructions from the network server to generate cryptographic keys, and in response, generates a public and private key pair. The device sends, to the network server, a certificate signing request that includes the public key and an identifier of the device. In response, the device receives a digital security certificate for the device, and a security certificate of a signing certificate authority. The device authenticates the security certificate of the certificate authority using a known enterprise root certificate, and upon successful authentication, stores the device security certificate and the security certificate of the signing certificate authority.

An example operation includes one or more of receiving a software update at a first component in a target transport, parsing the software update by a second component in the target transport into a first portion of critical updates and a second portion of non-critical updates, verifying the first portion, by the second component, based on a source of the software update, running, by the second component, the verified first portion with a dedicated process on the target transport for a pre-set period of time, and responsive to positive results over the period of time, running the verified first portion with other processes on the target transport.

In one implementation, a method for providing security on an externally connected controller includes launching, by the controller, a security layer that includes a whitelist of permitted processes on the controller, the whitelist including (i) signatures for processes that are authorized to be executed and (ii) context information identifying permitted controller contexts within which the processes are authorized to be executed; determining, by the security layer, whether the particular process is permitted to be run on the controller based on a comparison of the determined signature with a verified signature for the particular process from the whitelist; identifying, by the security layer, a current context for the controller; determining by the security layer, whether the particular process is permitted to be run on the controller based on a comparison of the current context with one or more permitted controller contexts for the particular process from the whitelist.

Described herein are systems and methods for validating received encrypted first data including position data and time data for a transportation vehicle. The system receives or accesses second data including second position and second time data of the transportation vehicle. The system determines a validity of the first data by performing operations on the encrypted first data or the encrypted first data and the second data to compare the encrypted first data and the second data. The system assigns a consensus score to the mining device based part on the comparison, and applies a signature function to the encrypted first position and first time data. The system then publishes the encrypted signed valid first position and first time data to a public transportation vehicle ledger.

The present disclosure includes apparatuses, methods, and systems for using a local ledger block chain for secure updates. An embodiment includes a memory, and circuitry configured to receive a global block to be added to a local ledger block chain for validating an update for data stored in the memory, where the global block to be added to the local ledger block chain includes a cryptographic hash of a current local block in the local ledger block chain, a cryptographic hash of the data stored in the memory to be updated, where the current local block in the local ledger block chain has a digital signature associated therewith that indicates the global block is from an authorized entity.

During operation, an electronic device may provide, to a second electronic device, an invitation to share a digital car key associated with a user of the electronic device and a vehicle, where the invitation includes information for creating another instance of the digital car key on the second electronic device. Then, the electronic device may receive, from the second electronic device, a message accepting the invitation, where the message includes a certificate associated with the other instance of the digital car key on the second electronic device. Moreover, the electronic device may provide, to the second electronic device, an approved version of the certificate with a digital signature of the user. Next, the electronic device may provide, to the computer, an instruction to share the digital car key with a set of electronic devices, which is associated with a second user of the second electronic device.