Abstract: Methods and systems are provided for bypassing an authenticity check for a secure control module. In one embodiment, a method includes: receiving authenticity data from a secure source, wherein the authenticity data includes a signature and an identifier that is unique to the control module; programming the control module with the authenticity data; and bypassing the authenticity check of a control program of the control module based on the authenticity data.

Abstract: Methods and apparatus are provided for performing an asymmetric key exchange between a vehicle and a first remote device. The method comprises storing predetermined cryptographic information on the vehicle, generating a first public key and a first private key that correspond to the vehicle, storing the first private key on the vehicle, and providing the first public key and descriptive data associated with the vehicle to a trusted entity, wherein the trusted entity is configured to store the first public key and the descriptive data in a location that is accessible to the first remote device.

Abstract: A method of re-programming flash memory of a computing device is presented here. Software content having a plurality of software modules can be re-programmed by identifying, from the software modules, a first set of software modules to be programmed by delta programming and a second set of software modules to be programmed by non-delta programming. A first set of sectors of the flash memory is assigned for programming the first set of software modules, and a second set of sectors is assigned for programming the second set of software modules. At least some of the second set of sectors are designated as temporary backup memory space. The first set of sectors is programmed with the first set of software modules, using delta programming and the designated temporary backup memory space. After programming the first set of sectors, the second set of sectors is programmed with the second set of software modules, using non-delta programming.

Abstract: A method for providing location based security for communication between a remote device and a mobile device having a global positioning system receiver for determining its current position. The method comprises receiving geographic data from the remote device, determining if the mobile device is within a predetermined geographic region based on the geographic data and the current position, and enabling subsequent communication with the remote device when the current position is within the predetermined geographic region.

Abstract: Methods are provided for securely loading software objects into an electronic control unit. The methods include receiving a first software object comprising a second level public key certificate, a first encryption signature and a first set of software. Once the first software object is received, validating the first second level public key is validated with the embedded root public key, the first encryption signature with the first second level public key certificate, and the first set of software with the first encryption signature. When the first set of software is valid, then the first second level public key certificate and the first set of software are stored to non-volatile memory. Once stored, a consecutive software object is received comprising only a consecutive encryption signature and a consecutive set of software from the programming source.

Abstract: Methods are provided for securely loading software objects into an electronic control unit. The methods include receiving a first software object comprising a second level public key certificate, a first encryption signature and a first set of software. Once the first software object is received, validating the first second level public key is validated with the embedded root public key, the first encryption signature with the first second level public key certificate, and the first set of software with the first encryption signature. When the first set of software is valid, then the first second level public key certificate and the first set of software are stored to non-volatile memory. Once stored, a consecutive software object is received comprising only a consecutive encryption signature and a consecutive set of software from the programming source.

Abstract: A method of re-programming flash memory of a computing device is presented here. Software content having a plurality of software modules can be re-programmed by identifying, from the software modules, a first set of software modules to be programmed by delta programming and a second set of software modules to be programmed by non-delta programming. A first set of sectors of the flash memory is assigned for programming the first set of software modules, and a second set of sectors is assigned for programming the second set of software modules. At least some of the second set of sectors are designated as temporary backup memory space. The first set of sectors is programmed with the first set of software modules, using delta programming and the designated temporary backup memory space. After programming the first set of sectors, the second set of sectors is programmed with the second set of software modules, using non-delta programming.

Abstract: A system and method for processing messages received at a vehicle. The method carried by the system involves wirelessly receiving at a vehicle a first communication message having secure credentials and a message signature for a second communication message. Then, the vehicle authenticates the first communication message via its secure credentials. Later, the vehicle wirelessly receives the second communication message and validates this second message using the message signature from the first message. In response to the validation, the second message is processed at the vehicle.

Abstract: A method for providing a secure communications link between a home PC and a vehicle through a wireless access point. The method includes providing a wireless connection between a vehicle communications system and the wireless access point and causing a user of the PC to initiate a communication with the vehicle communications system through the wireless access point so as to allow the user to send information to the vehicle from the home PC. The method also includes causing the vehicle communications system to send an authentication challenge to the PC, such as identifying a user name and password, to authorize the user to communicate with the vehicle communications system, and establishing a secure communications link between the vehicle communications system and the PC if the user responds to the challenge with a correct response.

Abstract: A method is provided for performing a map update for a navigation device. The method includes: receiving a manifest file corresponding to a map update package and receiving a digital signature corresponding to the manifest file, wherein the map update package comprises a plurality of pieces; verifying, by a processor, the digital signature; receiving, after successful verification of the digital signature, a piece of the map update package to be written to a storage of the navigation device; verifying, by the processor, the received piece using the received manifest file; and writing, in response to successful verification of the received piece, the received piece to the storage of the navigation device.

Abstract: Mobile device-activated vehicle functions are implemented by authenticating a vehicle with a device via wireless signals transmitted between a low frequency antenna of the device and a low frequency antenna of the vehicle when the vehicle is in communicative range of the device. The mobile device-activated vehicle functions are further implemented by receiving, via computer processor embedded in the device, a selection from one of a plurality of input components embedded in the device, the selection associated with a vehicle function, and transmitting a request to implement the vehicle function via the low frequency antenna coupled to the computer processor and the low frequency antenna of the vehicle.

Abstract: A control module reflash system includes a control module located in a vehicle that controls at least one function of the vehicle according to stored vehicle software. An external interface module receives a software file from a source external to the vehicle and receives a part number for the stored vehicle software in the control module. The external interface module retrieves a comparison software file from the source external to the vehicle corresponding to the part number and compares the software file and the comparison software file. The external interface module identifies differences between the software file and the comparison software file, generates a compressed file based on the differences, and provides the compressed file to the control module. The control module generates a flash file based on the received compressed file and the stored vehicle software and modifies the stored vehicle software based on the flash file.

Abstract: Methods and a system are provided for confirming that a user of an electronic device is an authorized user of a vehicle. The method comprises receiving a request regarding the vehicle from the electronic device in response to a user action, verifying that the user is able to cause the vehicle to perform a predetermined operation, and permitting the request to proceed only if the vehicle performs the predetermined operation.

Abstract: A mobile client system initiates a wireless communication with a transaction system and receives a digital certificate from the transaction system in response. The digital certificate includes an embedded geographic location of the transaction system. The mobile client system also compares the geographic location of the transaction system with a current geographic location of the mobile client system and establishes an encrypted communication channel with the transaction system upon determining that the location of the transaction system is in proximity of the current location of the mobile client system. The mobile client system further sends the user credentials to the transaction system via the encrypted communication channel. Upon successful authentication of the mobile client system via the user credentials, the mobile client system performs a transaction with the transaction system using a graphical user interface of the client system.

Abstract: Methods and apparatus are provided for protecting private data on a vehicle. The method comprises receiving a first signal generated by a user of the vehicle and, in response to the first signal, deleting predetermined data stored on the vehicle to prevent the private data from being accessed.

Abstract: A system and method for writing a new or replacement public key to a bootloader stored in a memory segment in the memory of a vehicle ECU without having to rewrite the entire bootloader. The method includes defining a key table in the bootloader memory segment includes a number of vacant memory slots that are available to store replacement public keys if they are needed. The key table is a separate section of the bootloader memory segment so that the key table memory slots are not used by the bootloader code.

Abstract: Method and apparatus for system control includes inputs for an input device which may take the form of switches or sensors. Input device states are related to identification keys. The identification keys are communicated wirelessly or through hard-wired means to a system.

Abstract: A system and method for validating a software file to be installed into a controller. The method includes preparing the software file including assigning a software version code to the software file, assigning a security version code to the software file, and signing the software file with the software file version code and the security version code. The signed software file is presented to the controller for installing on the controller and the controller verifies the software file signature to determine if the software file is valid and the security version code is valid. The controller allows the software file to be installed in the controller if both the signed software file is valid and the security version code is valid.

Abstract: A wireless data link system between a vehicle having a vehicle controller and a computing device having a computing processor is provided. The wireless data link system includes a vehicle data link (“VDL”) device and a computing data link (“CDL”). The VDL device has a VDL controller, a VDL memory, and a VDL interface circuitry. The VDL interface circuitry provides a connection to the vehicle controller for exchanging data. The VDL memory stores a passcode that provides a secure connection and a VDL recognizable code that is associated with the VDL device. The CDL device has a CDL controller, a CDL memory, and CDL interface circuitry. The CDL interface circuitry provides a connection to the computing processor for exchanging data.

Abstract: A system and method for verifying that operating software and calibration files are present and valid after a bootloader flashes the files into the memory on a vehicle ECU before allowing the operating software to execute. The ECU memory defines a memory segment for the operating software and the calibration files. A software manifest is provided in a memory slot before the operating software segment in the memory. Likewise, a calibration manifest is provided in a memory slot before the calibration segment in the ECU memory. After the software has been flashed into the ECU memory, a software flag is set in the software manifest memory slot and each time a calibration file is flashed, a calibration flag for the particular calibration file is set in the calibration manifest.