Abstract: Digital certificates are generated for devices by a Certificate Authority (CA), which communicates with devices via another entity—registration authority (RA)—so that the CA and RA cannot associate certificates with devices. Each certificate is associated with a public signature key, and with a public encryption key used by CA to encrypt the certificate to hide it from the RA. Both keys are derived by CA from a single key. For example, the signature key can be derived from the public encryption key rather than generated independently. However, high security is obtained even when the CA does not sign the encrypted certificate. Reduced bandwidth and computational costs are obtained as a result. Other embodiments are also provided.

Abstract: To revoke a digital certificate, activation of the digital certificate is blocked by withholding an activation code from the certificate user. The certificates are generated by a plurality of entities in a robust process that preserves user privacy (e.g. anonymity) even in case of collusion of some of the entities. The process is suitable for connected vehicles, e.g. as an improvement for Security Credential Management System (SCMS).

Abstract: According to some embodiments, in a Vehicular-to-Everything (V2X) communications environment where vehicles can exchange messages with other entities, including nearby vehicles and pedestrians, systems and methods are provided to implement a mechanism or technique based on hash chaining that allows a large sequence of messages from the same source to be validated by verifying a single digital signature.

Abstract: An authenticated, ID-based private/public key pair, with a self-certified public key, is generated using Kummer arithmetic without bilinear pairings. Two or more parties can generate such key pairs and use them as their respective long-term key pairs which, when combined with the parties' short-term key pairs, can allow the parties to establish an authenticated, short-term shared key. Some embodiments are suitable for connected vehicles communicating with each other and/or with other systems. Other features are also provided.

Abstract: Improved pseudonym certificate management is provided for connected vehicle authentication and other applications. Temporary revocation of a certificate is enabled. With respect to Security Credential Management Systems (SCMS), pre-linkage values can be employed. The pre-linkage values can be encrypted using homomorphic encryption. Other embodiments are also provided.

Abstract: Embodiments described herein provide a tree-based key management protocol with enhanced computational and bandwidth efficiency. A tree structure including a plurality of nodes is formulated according to modules in a vehicle. A group key and a blinded key are computed for a leaf node from the plurality of nodes based at least in part on a multiplication operation defined in an ecliptic curve group. Or a group key and a blinded key are recursively computed for a non-leaf node based at least in part on a key derivation function and the multiplication operation involving a group key and a blinded key corresponding to nodes that is one level down to the non-leaf node.

Abstract: In a vehicle-to-everything (V2X) technology environment, systems and methods are provided for extending the distribution of activation codes (ACs) in an Activation Codes for Pseudonym Certificates (ACPC) system, in a privacy-preserving manner, to a unicast mode of communication. In this unicast ACPC (uACPC), in some embodiments, the ACs are distributed by the back-end system via a unicast channel upon the receipt of the vehicle's direct request for its respective ACs. In some embodiments, uACPC can leverage edge computing architecture for low latency delivery of certificate revocation lists (CRLs) and higher availability for the distribution of ACs.

Abstract: According to some embodiments, systems and methods are provided for revoking one or more of a plurality of entities in a vehicular public-key infrastructure. The systems and methods balance privacy and efficiency by distributing activation codes according to various approaches, including a direct request approach, a fixed-size subset approach, and a variable-size subset approach.

Abstract: Embodiments described herein provide systems and methods to prevent, or provide a countermeasure, to a co-existence attack, for example, that may occur in a Security Credential Management System (SCMS) where both regular butterfly key (RBK) protocol and unified butterfly key (UBK) protocol are supported. Embodiments described herein provide, support, employ, or implement hardware acceleration for a Hardware Security Module (HSM), for example, for cryptographic operations (e.g., block ciphers, digital signature schemes, and key exchange protocols).

Abstract: Embodiments described herein provide systems and methods to prevent, or provide a countermeasure, to a co-existence attack, for example, that may occur in a Security Credential Management System (SCMS) where both regular butterfly key (RBK) protocol and unified butterfly key (UBK) protocol are supported. Embodiments described herein provide, support, employ, or implement hardware acceleration for a Hardware Security Module (HSM), for example, for cryptographic operations (e.g., block ciphers, digital signature schemes, and key exchange protocols).

Abstract: Embodiments described herein provide systems and methods to prevent, or provide a countermeasure, to a co-existence attack, for example, that may occur in a Security Credential Management System (SCMS) where both regular butterfly key (RBK) protocol and unified butterfly key (UBK) protocol are supported. Embodiments described herein provide, support, employ, or implement hardware acceleration for a Hardware Security Module (HSM), for example, for cryptographic operations (e.g., block ciphers, digital signature schemes, and key exchange protocols).

Abstract: To revoke a digital certificate, activation of the digital certificate is blocked by withholding an activation code from the certificate user. The certificates are generated by a plurality of entities in a robust process that preserves user privacy (e.g. anonymity) even in case of collusion of some of the entities. The process is suitable for connected vehicles, e.g. as an improvement for Security Credential Management System (SCMS).

Abstract: To revoke a digital certificate (160p), activation of the digital certificate is blocked by withholding an activation code from the certificate user (110). The certificates are generated by a plurality of entities (210, 220, 838) in a robust process that preserves user privacy (e.g. anonymity) even in case of collusion of some of the entities. The process is suitable for connected vehicles, e.g. as an improvement for Security Credential Management System (SCMS).

Abstract: An authenticated, ID-based private/public key pair, with a self-certified public key, is generated using Kummer arithmetic without bilinear pairings. Two or more parties can generate such key pairs and use them as their respective long-term key pairs which, when combined with the parties' short-term key pairs, can allow the parties to establish an authenticated, short-term shared key. Some embodiments are suitable for connected vehicles communicating with each other and/or with other systems. Other features are also provided.

Abstract: To revoke a digital certificate, activation of the digital certificate is blocked by withholding an activation code from the certificate user. The certificates are generated by a plurality of entities in a robust process that preserves user privacy (e.g. anonymity) even in case of collusion of some of the entities. The process is suitable for connected vehicles, e.g. as an improvement for Security Credential Management System (SCMS).

Abstract: To revoke a digital certificate (160p), activation of the digital certificate is blocked by withholding an activation code from the certificate user (110). The certificates are generated by a plurality of entities (210, 220, 838) in a robust process that preserves user privacy (e.g. anonymity) even in case of collusion of some of the entities. The process is suitable for connected vehicles, e.g. as an improvement for Security Credential Management System (SCMS).

Abstract: According to some embodiments, in a Vehicular-to-Everything (V2X) communications environment where vehicles can exchange messages with other entities, including nearby vehicles and pedestrians, systems and methods are provided to implement a mechanism or technique based on hash chaining that allows a large sequence of messages from the same source to be validated by verifying a single digital signature.

Abstract: Digital certificates are generated for devices by a Certificate Authority (CA), which communicates with devices via another entity registration authority (RA)—so that the CA and RA cannot associate certificates with devices. Each certificate is associated with a public signature key, and with a public encryption key used by CA to encrypt the certificate to hide it from the RA. Both keys are derived by CA from a single key. For example, the signature key can be derived from the public encryption key rather than generated independently. However, high security is obtained even when the CA does not sign the encrypted certificate. Reduced bandwidth and computational costs are obtained as a result. Other embodiments are also provided.

Abstract: Pseudonym digital certificates (160p) are generated for devices (110/150) by a Pseudonym Certificate Authority (PCA), which communicates with devices via another entity—registration authority (RA)—so that the PCA and RA cannot associate certificates with devices. Each certificate is associated with a public signature key, and with a public encryption key used by PCA to encrypt the certificate to hide it from the RA. Both keys are derived by PCA from a single key. For example, the signature key can be derived from the public encryption key rather than generated independently. However, high security is obtained even when the PCA does not sign the encrypted certificate. Reduced bandwidth and computational costs are obtained as a result. Other embodiments are also provided.

Abstract: Embodiments described herein provide systems and methods to prevent, or provide a countermeasure, to a co-existence attack, for example, that may occur in a Security Credential Management System (SCMS) where both regular butterfly key (RBK) protocol and unified butterfly key (UBK) protocol are supported. Embodiments described herein provide, support, employ, or implement hardware acceleration for a Hardware Security Module (HSM), for example, for cryptographic operations (e.g., block ciphers, digital signature schemes, and key exchange protocols).