Abstract: A vehicle system comprising a plurality of subsystems, each of the plurality of subsystems configured to perform at least a portion of at least one of a plurality of functions. The plurality of functions are organized in a hierarchy of functions including complex higher order functions and simpler lower order functions. The vehicle system further comprises an advanced computing module configured to control the plurality of subsystems in order to perform a higher order function and a lower order function that supports the higher order function. The advanced computing module comprises software instructions including a first gate point. The first gate point may be activated to prevent the advanced computing module from performing the higher order function.

Abstract: A vehicle system comprising a plurality of subsystems, each of the plurality of subsystems configured to perform at least a portion of at least one of a plurality of functions. The plurality of functions are organized in a hierarchy of functions including complex higher order functions and simpler lower order functions. The vehicle system further comprises an advanced computing module configured to control the plurality of subsystems in order to perform a higher order function and a lower order function that supports the higher order function. The advanced computing module comprises software instructions including a first gate point. The first gate point may be activated to prevent the advanced computing module from performing the higher order function.

Abstract: A system and method of evaluating one or more cybersecurity vulnerabilities to establish a priority metric for each of the one or more cybersecurity vulnerabilities, the method including: constructing a cybersecurity attack schema for each of the one or more cybersecurity vulnerabilities; determining, for each of the plurality of malicious actions of each of the one or more cybersecurity vulnerabilities, one or more resource metrics; obtaining, for each of the one or more cybersecurity vulnerabilities, one or more final resource metrics based on evaluating each of the one or more resource metrics; obtaining, for each of the one or more cybersecurity vulnerabilities, an impact metric that is indicative of a degree of damage that can be caused by the cybersecurity vulnerability; and calculating, for each of the one or more cybersecurity vulnerabilities, a cybersecurity priority level based on the impact metric and the one or more final resource metrics.

Abstract: A system and method of evaluating one or more cybersecurity vulnerabilities to establish a priority metric for each of the one or more cybersecurity vulnerabilities, the method including: constructing a cybersecurity attack schema for each of the one or more cybersecurity vulnerabilities; determining, for each of the plurality of malicious actions of each of the one or more cybersecurity vulnerabilities, one or more resource metrics; obtaining, for each of the one or more cybersecurity vulnerabilities, one or more final resource metrics based on evaluating each of the one or more resource metrics; obtaining, for each of the one or more cybersecurity vulnerabilities, an impact metric that is indicative of a degree of damage that can be caused by the cybersecurity vulnerability; and calculating, for each of the one or more cybersecurity vulnerabilities, a cybersecurity priority level based on the impact metric and the one or more final resource metrics.

Abstract: An updating system of a vehicle includes a communication module configured to wirelessly download an over the air (OTA) update package. The OTA update package includes: a predetermined period for beginning installation of the OTA update package; an indicator of a module and code to be updated; and replacement code. A display control module is configured to, when a transmission of the vehicle is in park and the predetermined period has not yet passed after the downloading of the OTA update package, display a message on a display within a passenger cabin of the vehicle. The message solicits user input regarding whether to: (i) begin installation of the OTA update package; or (ii) install the OTA update package at a later time.

Abstract: An updating system of a vehicle includes a communication module configured to wirelessly download an over the air (OTA) update package. The OTA update package includes: a predetermined period for beginning installation of the OTA update package; an indicator of a module and code to be updated; and replacement code. A display control module is configured to, when a transmission of the vehicle is in park and the predetermined period has not yet passed after the downloading of the OTA update package, display a message on a display within a passenger cabin of the vehicle. The message solicits user input regarding whether to: (i) begin installation of the OTA update package; or (ii) install the OTA update package at a later time.

Abstract: Methods and systems are provided for bypassing an authenticity check for a secure control module. In one embodiment, a method includes: receiving authenticity data from a secure source, wherein the authenticity data includes a signature and an identifier that is unique to the control module; programming the control module with the authenticity data; and bypassing the authenticity check of a control program of the control module based on the authenticity data.

Abstract: A system and method of regulating data communications between a vehicle electronics system and a computing device includes: communicatively linking a first data port of an isolation device with the vehicle electronics system; communicatively linking a second data port of the isolation device with the computing device; receiving data at the isolation device sent between the computing device and the vehicle electronics system; and permitting the data to pass through the isolation device based on the identity of the computing device, the rate at which the data passes through the isolation device, or the content of the data.

Abstract: A system and method of responding to unauthorized electronic access to a vehicle includes: receiving data indicating unauthorized electronic access to electronic hardware in the vehicle; initiating an electronic hardware countermeasure in response to the unauthorized electronic access; generating a command set that instructs at least a portion of the electronic hardware to implement the electronic hardware countermeasure; and communicating the command set to the portion of the electronic hardware.

Abstract: Systems and methods are provided for monitoring and detecting intrusions and authenticating messages on a communication network of a vehicle. A plurality of signals transmitted over communications network between an electronic control module and a remote electronic module are monitored. Reflectometry feature sets are extracted from the plurality of signals and compared to a repository of predetermined communication network feature sets to generate a mismatch value. The mismatch value is compared to a predetermined threshold range and an authenticated event occurs when the mismatch value is within the predetermined threshold range. When the mismatch value is outside the predetermined threshold range, a flagged event occurs and is recorded.

Abstract: A system and method of regulating data communications between a vehicle electronics system and a computing device includes: communicatively linking a first data port of an isolation device with the vehicle electronics system; communicatively linking a second data port of the isolation device with the computing device; receiving data at the isolation device sent between the computing device and the vehicle electronics system; and permitting the data to pass through the isolation device based on the identity of the computing device, the rate at which the data passes through the isolation device, or the content of the data.

Abstract: A system and method of responding to unauthorized electronic access to a vehicle includes: receiving data indicating unauthorized electronic access to electronic hardware in the vehicle; initiating an electronic hardware countermeasure in response to the unauthorized electronic access; generating a command set that instructs at least a portion of the electronic hardware to implement the electronic hardware countermeasure; and communicating the command set to the portion of the electronic hardware.

Abstract: Systems and methods are provided for monitoring and detecting intrusions and authenticating messages on a communication network of a vehicle. A plurality of signals transmitted over communications network between an electronic control module and a remote electronic module are monitored. Reflectometry feature sets are extracted from the plurality of signals and compared to a repository of predetermined communication network feature sets to generate a mismatch value. The mismatch value is compared to a predetermined threshold range and an authenticated event occurs when the mismatch value is within the predetermined threshold range. When the mismatch value is outside the predetermined threshold range, a flagged event occurs and is recorded.

Abstract: A system and method for writing a new or replacement public key to a bootloader stored in a memory segment in the memory of a vehicle ECU without having to rewrite the entire bootloader. The method includes defining a key table in the bootloader memory segment includes a number of vacant memory slots that are available to store replacement public keys if they are needed. The key table is a separate section of the bootloader memory segment so that the key table memory slots are not used by the bootloader code.

Abstract: A system and method for validating a software file to be installed into a controller. The method includes preparing the software file including assigning a software version code to the software file, assigning a security version code to the software file, and signing the software file with the software file version code and the security version code. The signed software file is presented to the controller for installing on the controller and the controller verifies the software file signature to determine if the software file is valid and the security version code is valid. The controller allows the software file to be installed in the controller if both the signed software file is valid and the security version code is valid.

Abstract: A server includes an import module that receives a first content file and a first instruction file from a design network. The first instruction file includes a first set of parameters. A job request module, based on the first instruction parameter set, determines a second parameter set and generates a second instruction file comprising the second parameter set. The job request module transmits the first content file and the second parameter set to a signature server. An export module receives a signature file from the signature server. The signature server generates the signature file based on the second instruction file. The export module integrates the signature into the first content file to generate a second content file and downloads the second content file to at least one of a service server, a manufacturing server, and a supplier network.

Abstract: A system and method for verifying that operating software and calibration files are present and valid after a bootloader flashes the files into the memory on a vehicle ECU before allowing the operating software to execute. The ECU memory defines a memory segment for the operating software and the calibration files. A software manifest is provided in a memory slot before the operating software segment in the memory. Likewise, a calibration manifest is provided in a memory slot before the calibration segment in the ECU memory. After the software has been flashed into the ECU memory, a software flag is set in the software manifest memory slot and each time a calibration file is flashed, a calibration flag for the particular calibration file is set in the calibration manifest.

Abstract: A system and method for installing software on a secure controller without requiring the software to be properly signed. The method includes determining whether a by-pass flag has been set in the controller that identifies whether a file validation procedure is required to install the file and performing a pre-check operation to determine whether predetermined parameters of the file have been satisfied. The method also includes installing the file into a memory in the controller if the pre-check operation has been satisfied. The method further includes determining whether the file has a proper signature and indicating that the signature is proper if the by-pass flag is set and the file does not include a proper signature, and allowing the file to be installed if the signature has been indicated as being proper.

Abstract: A system and method for securely flashing a controller, where the controller includes at least one main processor and at least one secondary processor, and where the processing duties are distributed between the processors. A programming tool provides a content file to be flashed and a digital signature to the controller. The controller calculates a hash value of the content file, decrypts the digital signature using a public key to generate a decrypted hash value, compares the decrypted hash value to the calculated hash value, and determines that the content file is valid if the decrypted hash code matches the calculated hash value, where one or more of the steps of calculating the hash value, decrypting the digital signature, comparing the decrypted hash value to the calculated hash value and determining that the content file is valid, is performed by the main processor for the secondary processor.

Abstract: A method for authenticating a piece of firmware to be downloaded to a controller. The method includes signing the firmware or a first part of the firmware with a first private key at a first trusted source and signing the firmware or a second part of the firmware with a second private key at a second trusted source. The method also includes validating the signed firmware or the first part of the firmware using a first public key at the controller and validating the firmware or the second part of the firmware using a second public key at the controller. The method further includes authenticating the firmware if the firmware or the first part of the firmware is validated by the first public key at the controller and the firmware or the second part of the firmware is validated by the second public key at the controller.