Abstract: Methods and systems are provided for bypassing an authenticity check for a secure control module. In one embodiment, a method includes: receiving authenticity data from a secure source, wherein the authenticity data includes a signature and an identifier that is unique to the control module; programming the control module with the authenticity data; and bypassing the authenticity check of a control program of the control module based on the authenticity data.

Abstract: A system and method for installing software on a secure controller without requiring the software to be properly signed. The method includes determining whether a by-pass flag has been set in the controller that identifies whether a file validation procedure is required to install the file and performing a pre-check operation to determine whether predetermined parameters of the file have been satisfied. The method also includes installing the file into a memory in the controller if the pre-check operation has been satisfied. The method further includes determining whether the file has a proper signature and indicating that the signature is proper if the by-pass flag is set and the file does not include a proper signature, and allowing the file to be installed if the signature has been indicated as being proper.

Abstract: A system and method for validating a software file to be installed into a controller. The method includes preparing the software file including assigning a software version code to the software file, assigning a security version code to the software file, and signing the software file with the software file version code and the security version code. The signed software file is presented to the controller for installing on the controller and the controller verifies the software file signature to determine if the software file is valid and the security version code is valid. The controller allows the software file to be installed in the controller if both the signed software file is valid and the security version code is valid.

Abstract: A system and method for by-passing a security code to allow developmental software to be installed on a production controller without having to authenticate the software. The method includes requesting information from the controller and creating an information ticket in the controller in response to the request that identifies the controller. The information ticket is sent to a secure server that creates an authorization ticket that identifies the controller from the information ticket and creates a security code for the ticket. The authorization ticket is presented to the controller and if the security code is verified by the controller, the controller allows the developmental software to be installed.

Abstract: A system and method for changing a state of a binary flag in a flash memory. The method defines a cell segment including a predetermined number of bits as the binary flag, where each bit is converted to a logical 1 when the memory is erased. The method also defines that an even number of logical 1 bits in the flash cell segment is an even parity and an odd number of logical 1 bits in the flash cell segment is an odd parity, and defines whether an even parity is an ON state of the binary flag or an odd parity is the ON state of the binary flag. The method changes the parity of the binary flag by writing one of the bits in the flash cell segment from a logical 1 to a logical 0 to change the state of the flag.

Abstract: A system and method for securely flashing a controller, where the controller includes at least one main processor and at least one secondary processor, and where the processing duties are distributed between the processors. A programming tool provides a content file to be flashed and a digital signature to the controller. The controller calculates a hash value of the content file, decrypts the digital signature using a public key to generate a decrypted hash value, compares the decrypted hash value to the calculated hash value, and determines that the content file is valid if the decrypted hash code matches the calculated hash value, where one or more of the steps of calculating the hash value, decrypting the digital signature, comparing the decrypted hash value to the calculated hash value and determining that the content file is valid, is performed by the main processor for the secondary processor.

Abstract: A server includes an import module that receives a first content file and a first instruction file from a design network. The first instruction file includes a first set of parameters. A job request module, based on the first instruction parameter set, determines a second parameter set and generates a second instruction file comprising the second parameter set. The job request module transmits the first content file and the second parameter set to a signature server. An export module receives a signature file from the signature server. The signature server generates the signature file based on the second instruction file. The export module integrates the signature into the first content file to generate a second content file and downloads the second content file to at least one of a service server, a manufacturing server, and a supplier network.

Abstract: A method for authenticating a piece of firmware to be downloaded to a controller. The method includes signing the firmware or a first part of the firmware with a first private key at a first trusted source and signing the firmware or a second part of the firmware with a second private key at a second trusted source. The method also includes validating the signed firmware or the first part of the firmware using a first public key at the controller and validating the firmware or the second part of the firmware using a second public key at the controller. The method further includes authenticating the firmware if the firmware or the first part of the firmware is validated by the first public key at the controller and the firmware or the second part of the firmware is validated by the second public key at the controller.

Abstract: A system and method for verifying that operating software and calibration files are present and valid after a bootloader flashes the files into the memory on a vehicle ECU before allowing the operating software to execute. The ECU memory defines a memory segment for the operating software and the calibration files. A software manifest is provided in a memory slot before the operating software segment in the memory. Likewise, a calibration manifest is provided in a memory slot before the calibration segment in the ECU memory. After the software has been flashed into the ECU memory, a software flag is set in the software manifest memory slot and each time a calibration file is flashed, a calibration flag for the particular calibration file is set in the calibration manifest.

Abstract: A system and method for writing a new or replacement public key to a bootloader stored in a memory segment in the memory of a vehicle ECU without having to rewrite the entire bootloader. The method includes defining a key table in the bootloader memory segment includes a number of vacant memory slots that are available to store replacement public keys if they are needed. The key table is a separate section of the bootloader memory segment so that the key table memory slots are not used by the bootloader code.

Abstract: A method for providing digital signatures for authenticating the source and content of binary files which are flash programmed into automotive embedded controllers. A piece of electronic content is digitally signed on a signing server by creating a hash value and encrypting it using the signer's private key. The content file and digital signature files are then delivered using one of several alternative approaches to a programming tool, which in turn loads the content and signature files onto the controller on which the content will execute. The controller verifies the content by decrypting the signature file to restore the hash value, and comparing the decrypted hash value to a hash value calculated from the content itself. Multiple signature files for a piece of content are supported.

Abstract: A method for centralization of process sequence checking includes defining a set of steps in a sequence for a process and defining an order of steps in said set of steps. The method includes determining whether one of said steps started independently of others of said steps and determining whether one of said steps completed independently of others of said steps. The method includes determining whether the sequence started, determining whether the sequence completed, and determining whether a sequence fault occurred.

Abstract: A vehicle diagnostics clearing system that detects a clear diagnostic faults flag and clears diagnostic faults from a control module includes a clear diagnostic faults flag monitoring module and a clear diagnostic faults module. The clear diagnostic faults flag monitoring module periodically monitors the clear diagnostic faults flag in the control module. When the clear diagnostic faults flag monitoring module detects that the clear diagnostic faults flag is set, the clear diagnostic faults module clears the diagnostic faults from the control module for a predetermined period.

Abstract: A memory system for a vehicle includes a first memory that is non-volatile, that is rewritable, and that stores a control program and identification data. A second memory is non-volatile. A control module transfers the identification data to the second memory, erases the first memory, rewrites the control program to the first memory, and transfers the identification data from the second memory to the first memory after erasing the first memory. The identification data may include data such as a software version identifier, a programming date, and/or a part number.