In one embodiment, a road side unit (RSU) establishes a data offload session with a vehicle in the vicinity of the RSU based on a session establishment request sent by the vehicle, and stores data received from the vehicle during the data offload session in its memory. The RSU generates storage record information (including identifying information for the RSU) for the stored data, and transmits the storage record information to the vehicle.

A system for securely provisioning a plurality of computerized devices of a tenant, is provided. The system includes a processor, and a computer storage medium including instructions that when executed by the processor cause the processor to perform operations. The operations include receiving provisioning requests from r the plurality of computerized devices needing certificates, each provisioning request indicating a tenant identifier identifying the tenant, and transmitting the provisioning requests to a set of security credential management system backend components based on the tenant identifier. The set of SCMS backend components includes enrollment certificate authorities operable to generate enrollment certificates, each provisioning request being transmitted to one of the one or more enrollment certificate authorities based on the tenant identifier of each provisioning request, and a pseudonym certificate authority operable to generate digital assets in response to receiving a provisioning request.

A device may determine a price of a product based on first information concerning attributes of the product, and provide the price for display by a user device. The device may generate first hash values based on the first information, where a particular first hash value is associated with a particular attribute, and generate a first bit-string that includes the plurality of first hash values. The device may generate second hash values based on second information concerning the attributes of the product, where a particular second hash value is associated with the particular attribute. The device may generate a second bit-string that includes the second hash values, and determine a change to the particular attribute based on the first bit-string and the second bit-string. The device may determine a new price of the product based on the change, and provide the new price for display by the user device.

Disclosed herein are techniques for analyzing hardware change impacts based on at least one functional line-of-code behavior and relation model. Techniques include identifying a new hardware component associated with a system; accessing a first line-of-code behavior and relation model representing execution of functions using the new hardware component; accessing a second line-of-code behavior and relation model representing execution of functions on a previous hardware component of the system; performing a functional differential comparison of the first line-of-code behavior and relation model to the second line-of-code behavior and relation model; determining, based on the functional differential comparison, a status of functional equivalence between the new hardware component and the previous hardware component; and generating, based on the determined difference, a report identifying the status of functional equivalence.

According to an aspect, a method is performed by a first controller for providing security for second controllers in an in-vehicle network. An inherent information request is transmitted to a suspicious controller of the plurality of second controllers for an inherent information of the suspicious controller. The inherent information request includes a certificate assigned to the first controller. An encrypted inherent information of the suspicious controller is received from the suspicious controller and a decrypted inherent information is compared with a pre-stored inherent information. The suspicious controller is determined to be an anomalous controller when the decrypted inherent information is different from the pre-stored inherent information. In response to receiving an update request from a backend server for a specified controller out of the plurality of second controllers, the inherent information request including the certificate assigned is transmitted to the specified controller.

This disclosure describes a cyber-security protocol for validating messages being exchanged between two devices of an autonomous vehicle. The protocol includes the independent generation of multiple encryption or session keys by both devices. The encryption keys are generated based on a random number provided by each device. In some embodiments, the random numbers can be accompanied by a shared secret key installed on both devices that can help prevent an unauthorized device from creating a shared set of encryption keys with one of the devices. Including a hash generated using one of the encryption keys and a message sequence counter value in each message can help prevent the injection of previously transmitted messages as a means of disturbing operation of the autonomous vehicle.

A method of partial sensor data sharing is described. The method includes detecting an occluded area relative to a receiver vehicle. The method also includes defining an area of interest (AoI) based on a traffic topology and state information of a selected sender vehicle. The method further includes transmitting the area of interest to the selected sender vehicle. The method also includes receiving a sensor data corresponding to the area of interest when the detected occluded area is within a sensor coverage area of the selected sender vehicle.

An example operation may include one or more of receiving a software update at a transport, performing a first validation of the software update in a first environment, wherein the first environment includes a least amount of potential interactions, and performing a further validation of the software update when the first validation is successful, in a further environment, wherein the further environment includes an amount of potential interactions greater than the first environment.

A system for transmitting and receiving data based on a vehicle network and a method therefor are provided. The method includes generating, by a first hardware security module (HSM), a first session key using a first random number and a first fixed key and, encrypting, by a first electric control unit (ECU), a message using the first session. The method also includes generating, by a second HSM, a second session key using a second random number and a second fixed key, and decrypting, by a second ECU, the message using the second session key.

A cryptographic communication system includes: a first cryptographic communication apparatus including a first tamper-resistant device configured to store a first key generation function and a first storage unit configured to store first individual information; and a second cryptographic communication apparatus including a second tamper-resistant device configured to store a second key generation function and a second storage unit configured to store second individual information. The first cryptographic communication apparatus generates a twelfth shared key using the first key generation function and the second individual information. The second cryptographic communication apparatus generates a twenty first shared key using the second key generation function and the first individual information.