Systems, devices, and methods for controlling access to vehicles in rental, loaner, shared-use, and other vehicle fleets. Some of the present systems, devices, and methods use encrypted virtual keys that can be relayed to a vehicle computing device via a user's mobile device. Such virtual keys can be command-specific such that successful use of a virtual key results execution of a predetermined command or group of commands, and further commands require one or more additional virtual keys with the additional commands. Others of the present systems, devices, and methods provide tools: for provisioning or initial pairing of vehicle computing devices with corresponding vehicles, identifying and permitting a user to select locally available vehicles, prompting vehicle computing devices to retrieve pending commands from a server, and/or various other functions described in this disclosure.

A communication system includes a plurality of processors coupled with a network, each of the processors having a predefined encryption method for a communication with a server. Each of the processors configured to determine a primary processor of the processors based on at least one of a processability of the processor, network distance to the processor, or cipher strengths, when the processor is not determined as the primary processor, transfer unencrypted communication data through the network to the primary processor, and when the processor is determined as the primary processor, perform an encryption of unencrypted communication data received, and an encrypted communication with the server by the encryption method of the primary processor.

Systems, devices, and methods for controlling access to vehicles in rental, loaner, shared-use, and other vehicle fleets. Some of the present systems, devices, and methods use encrypted virtual keys that can be relayed to a vehicle computing device via a user's mobile device. Such virtual keys can be command-specific such that successful use of a virtual key results execution of a predetermined command or group of commands, and further commands require one or more additional virtual keys with the additional commands. Others of the present systems, devices, and methods provide tools: for provisioning or initial pairing of vehicle computing devices with corresponding vehicles, identifying and permitting a user to select locally available vehicles, prompting vehicle computing devices to retrieve pending commands from a server, and/or various other functions described in this disclosure.

When updating a key to guarantee security, updating the key during decryption of update data causes an ECU to stop functioning due to a decryption failure. Therefore, an in-vehicle gateway or a key management device of the present invention includes: an update data acquisition unit that receives, from outside a vehicle, update data encrypted with a predetermined key; a key acquisition unit that receives a key from outside the vehicle; a key storage unit in which the key received by the key acquisition unit is stored; and a decryption unit that decrypts the update data acquired by the update data acquisition unit based on the key stored in the storage unit, in which the update data acquisition unit transmits a key acquisition request signal after completion of decryption of the update data by the decryption unit.

Blockchain-based systems and methods are used to control access to property. One system includes a mobile device, a key fob, and a server. The mobile device generates an encrypted code and transmits it to the key fob. The key fob transmits the encrypted code to the property and the server updates a log of the key fob in a hyper ledger. The property includes a computing device that validates the encrypted code and grants a key fob user access to the property. Another system includes a server that validates an access key and a first station that transmits an access key to a second station via the server and a satellite. The second station transmits data to the first station via the server and the satellite. The server saves a transmission log in a hyper ledger and transmits the access key in response to a request by the first station.

A method is provided for distributed symmetric key generation by a plurality of entities in a network comprising, for each entity, creating a part of the symmetric key, broadcasting the part of the symmetric key to each other entity of the plurality of entities, receiving parts of the symmetric key from each other entity of the plurality of entities, generating the symmetric key from the part of the symmetric key of the entity and at least some of the parts of the symmetric key of each other entity of the plurality of entities. An authentication method is also provided for authenticating a plurality of entities in a network

A method for installing a computing component in an electronic device fitted in a vehicle, comprising the steps consisting of: receiving a device packet comprising a manifest including a hash value of the computing component; checking the integrity of the manifest; receiving the computing component; checking the correlation between the hash value of the computing component and the computing component received; installing the computing component only in the case of a positive check of the integrity of the manifest and a positive check of the correlation. An associated electronic device is also described.

A method for transmitting information between a data processing system external to the vehicle and systems using the information in a vehicle employs integrity protection and/or encryption mechanisms. The integrity and/or encryption mechanisms are used with different levels of protection, wherein the level of protection is selected and/or adjusted based on the information or a classification of the information, the provided use of the information, the state of the vehicle, the surroundings of the vehicle, the origin of the information, the protection goal, and/or the resource consumption.

In one aspect, a computer system for vehicle configuration verification, and/or detecting unauthorized vehicle modification may be provided. In some exemplary embodiments, the computer system may include a processor and a non-transitory, tangible, computer-readable storage medium having instructions stored thereon that, in response to execution by the processor, cause the processor to perform operations including: (1) receiving a vehicle image, including a vehicle identifier and at least one software module; (2) calculating a configuration hash value of the at least one software module; generating a first data block including the configuration hash value, a first index value, the vehicle identifier, and a digital signature; (3) storing the first data block in a memory; and/or (4) transmitting the first data block to any number of network participants using a distributed network to facilitate vehicle software configuration verification.

Systems, methods, computer-readable storage media, and apparatuses to provide active attack detection in autonomous vehicle networks. An apparatus may comprise a network interface and processing circuitry arranged to receive a first data frame from a first electronic control unit (ECU) via the network interface, determine a voltage fingerprint of the first data frame, compare the voltage fingerprint to a voltage feature of the first ECU, determine that the first data frame is an authentic message when the voltage fingerprint does match the voltage feature of the first ECU, and determine that the first data frame is a malicious message when the voltage fingerprint does not match the voltage feature of the first ECU. Other embodiments are described and claimed.