Systems and methods are described that enable trusted communications between two entities. In one implementation, a controller of a vehicle may include one or more processors configured to receive data and a controller signature from a second controller of the vehicle. The controller signature may be generated based on at least a first portion of the data. The one or more processors may be further configured to transmit the data and the controller signature to a gateway of the vehicle and receive a gateway signature from the gateway. The gateway signature may be generated based on at least a second portion of the data and transmitted to the controller after the gateway verified the controller signature. In addition, the one or more processors may be configured to verify the gateway signature and process the data.

A system for securely provisioning a plurality of computerized devices of a tenant, is provided. The system includes a processor, and a computer storage medium including instructions that when executed by the processor cause the processor to perform operations. The operations include receiving provisioning requests from the plurality of computerized devices needing certificates, each provisioning request indicating a tenant identifier identifying the tenant, and transmitting the provisioning requests to a set of security credential management system backend components based on the tenant identifier. The set of SCMS backend components includes enrollment certificate authorities operable to generate enrollment certificates, each provisioning request being transmitted to one of the one or more enrollment certificate authorities based on the tenant identifier of each provisioning request, and a pseudonym certificate authority operable to generate digital assets in response to receiving a provisioning request.

Systems, methods, and apparatus for inband telemetry for a virtual transponder are disclosed. A disclosed method for inband telemetry for a virtual transponder comprises transmitting, by a payload antenna on a vehicle, a payload signal to a hosted receiving antenna. The method further comprises transmitting, by the payload antenna, a hosted telemetry signal to the hosted receiving antenna. In one or more embodiments, the hosted telemetry signal and the payload signal are transmitted on the same frequency band.

A system and method are disclosed for authenticating and authorizing access to and accounting for consumption of bandwidth for IPv6 connectivity to the Internet over Wireless Access Vehicular Environment (WAVE) service channels by client devices using an Authentication, Authorization and Accounting (AAA) server. The AAA server authenticates and authorizes client devices to access WAVE service channels, and accounts for bandwidth consumption by the client devices using WAVE service channels to access the Internet. The AAA server enables an RSU infrastructure operator to quantify wireless bandwidth consumption by in-vehicle devices using the WAVE Service Channels, on a per-device basis.

Disclosed herein is a technique for the generating and provision of digital map data that is safe and reliable. The technique enables the verification of the digital map data in a map-client using a simple and efficient data structure to check the correctness of the map data before in-vehicle delivery to components that rely on this map data.

A key generation device for a vehicle-internal communication system and a method for the vehicle-internal management of cryptographic keys comprises providing at least one secret for a vehicle-internal key generation device and generation of at least one new cryptographic key by the vehicle-internal key generation device on the basis of the at least one secret. The generation and providing of the at least one new cryptographic key takes place autonomously and is triggered by a key-exchange event, or a combination of key-exchange events. The key-exchange event may be one of a vehicle-internal change, an environmental change and a security key.

A method includes receiving a first data block including an identifier for a component, receiving a second data block including usage data for the component and a link to the first data block, storing the first and second data blocks in a blockchain, and allocating respective usage tokens to each of a plurality of entities based on the usage data.

A vehicle relay device includes a plurality of communication ports. Each of the plurality of communication ports communicate with a communication device as a node in accordance with an Ethernet standard. A connection permission node that is a node to be connected is predefined for each of the plurality of communication ports. The vehicle relay device does not communicate with an unregistered node that is a node not registered as the connection permission node.

An authentication system is provided with: a first input unit and a second input unit into which authentication information can be input; a first computing unit which performs computation on the basis of the authentication information input into the first input unit and a communication counterpart-side authentication parameter registered in a communication counterpart; a second computing unit which performs computation on the basis of the authentication information input into the second input unit and a portable terminal-side authentication parameter registered in a portable terminal; and authentication units which, if the authentication information has been input into the first or the second input unit, perform authentication on the basis of the result of computation by corresponding computing unit and the portable terminal-side authentication parameter.

In one aspect, a computer system for vehicle configuration verification, and/or detecting unauthorized vehicle modification may be provided. In some exemplary embodiments, the computer system may include a processor and a non-transitory, tangible, computer-readable storage medium having instructions stored thereon that, in response to execution by the processor, cause the processor to perform operations including: (1) receiving a vehicle image, including a vehicle identifier and at least one software module; (2) calculating a configuration hash value of the at least one software module; generating a first data block including the configuration hash value, a first index value, the vehicle identifier, and a digital signature; (3) storing the first data block in a memory; and/or (4) transmitting the first data block to any number of network participants using a distributed network to facilitate vehicle software configuration verification.