Abstract: Systems and methods for theft deterrence of a vehicle are provided. Each of two or more immobilization point devices generate a random number and broadcasts it to all of the other immobilization points devices. Each of the immobilization point devices retains a local copy of its own random number and concatenates the local copy of its own random number with the random numbers of the other of the two or more immobilization point devices from the bus. From the random numbers broadcast on the bus, all of the random numbers are concatenated in a predetermined sequence to form a single challenge, which is transmitted to a remote transponder. Each of the immobilization point devices then compares a single response from the transponder to their local concatenation. When a specific portion of the response from the transponder matches a local concatenation, then enabling the function of the immobilization point device.

Abstract: A method provides secure communication between a first module and a second module within a vehicle communication network. A first anti-replay counter is provided within the first module, and a second anti-replay counter is provided within the second module. A message is transmitted from the first module to the second module over the vehicle communication network. The message includes a partial counter including only a portion of the contents of the first anti-replay counter, and the message is authenticated based on the partial counter.

Abstract: A system and method for validating a software file to be installed into a controller. The method includes preparing the software file including assigning a software version code to the software file, assigning a security version code to the software file, and signing the software file with the software file version code and the security version code. The signed software file is presented to the controller for installing on the controller and the controller verifies the software file signature to determine if the software file is valid and the security version code is valid. The controller allows the software file to be installed in the controller if both the signed software file is valid and the security version code is valid.

Abstract: A server includes an import module that receives a first content file and a first instruction file from a design network. The first instruction file includes a first set of parameters. A job request module, based on the first instruction parameter set, determines a second parameter set and generates a second instruction file comprising the second parameter set. The job request module transmits the first content file and the second parameter set to a signature server. An export module receives a signature file from the signature server. The signature server generates the signature file based on the second instruction file. The export module integrates the signature into the first content file to generate a second content file and downloads the second content file to at least one of a service server, a manufacturing server, and a supplier network.

Abstract: A system and method for verifying that operating software and calibration files are present and valid after a bootloader flashes the files into the memory on a vehicle ECU before allowing the operating software to execute. The ECU memory defines a memory segment for the operating software and the calibration files. A software manifest is provided in a memory slot before the operating software segment in the memory. Likewise, a calibration manifest is provided in a memory slot before the calibration segment in the ECU memory. After the software has been flashed into the ECU memory, a software flag is set in the software manifest memory slot and each time a calibration file is flashed, a calibration flag for the particular calibration file is set in the calibration manifest.

Abstract: A system and method for installing software on a secure controller without requiring the software to be properly signed. The method includes determining whether a by-pass flag has been set in the controller that identifies whether a file validation procedure is required to install the file and performing a pre-check operation to determine whether predetermined parameters of the file have been satisfied. The method also includes installing the file into a memory in the controller if the pre-check operation has been satisfied. The method further includes determining whether the file has a proper signature and indicating that the signature is proper if the by-pass flag is set and the file does not include a proper signature, and allowing the file to be installed if the signature has been indicated as being proper.

Abstract: A message filtering system for a communications system in a vehicle enabling communication between various systems and subsystems via a vehicle bus. Electronic devices may be coupled to the bus. Electronic control units (ECUs) may be located therebetween. The ECU may regulate or control the flow of messages between the bus and the electronic devices. Message filters may apply a filter policy to incoming and outgoing messages. In addition, the message filtering system may have an alert policy for violations of the filter policy. In one embodiment, the source identity of outgoing messages may be overwritten by a message filter dedicated to outgoing messages; this message filter may be an application specific integrated circuit.

Abstract: A system and method for implementing cross-network synchronization of nodes on a vehicle bus includes periodically sampling a notion of time from a first network, transmitting a message from the first network to a node on a second network, wherein the message includes the notion of time, and updating a local clock on the second network node based on the notion of time in the message.

Abstract: Methods and systems are provided for bypassing an authenticity check for a secure control module. In one embodiment, a method includes: receiving authenticity data from a secure source, wherein the authenticity data includes a signature and an identifier that is unique to the control module; programming the control module with the authenticity data; and bypassing the authenticity check of a control program of the control module based on the authenticity data.

Abstract: A system and method for installing software on a secure controller without requiring the software to be properly signed. The method includes determining whether a by-pass flag has been set in the controller that identifies whether a file validation procedure is required to install the file and performing a pre-check operation to determine whether predetermined parameters of the file have been satisfied. The method also includes installing the file into a memory in the controller if the pre-check operation has been satisfied. The method further includes determining whether the file has a proper signature and indicating that the signature is proper if the by-pass flag is set and the file does not include a proper signature, and allowing the file to be installed if the signature has been indicated as being proper.

Abstract: A system and method for by-passing a security code to allow developmental software to be installed on a production controller without having to authenticate the software. The method includes requesting information from the controller and creating an information ticket in the controller in response to the request that identifies the controller. The information ticket is sent to a secure server that creates an authorization ticket that identifies the controller from the information ticket and creates a security code for the ticket. The authorization ticket is presented to the controller and if the security code is verified by the controller, the controller allows the developmental software to be installed.

Abstract: A system and method for validating a software file to be installed into a controller. The method includes preparing the software file including assigning a software version code to the software file, assigning a security version code to the software file, and signing the software file with the software file version code and the security version code. The signed software file is presented to the controller for installing on the controller and the controller verifies the software file signature to determine if the software file is valid and the security version code is valid. The controller allows the software file to be installed in the controller if both the signed software file is valid and the security version code is valid.

Abstract: A system and method for changing a state of a binary flag in a flash memory. The method defines a cell segment including a predetermined number of bits as the binary flag, where each bit is converted to a logical 1 when the memory is erased. The method also defines that an even number of logical 1 bits in the flash cell segment is an even parity and an odd number of logical 1 bits in the flash cell segment is an odd parity, and defines whether an even parity is an ON state of the binary flag or an odd parity is the ON state of the binary flag. The method changes the parity of the binary flag by writing one of the bits in the flash cell segment from a logical 1 to a logical 0 to change the state of the flag.

Abstract: A message filtering system for a communications system in a vehicle enabling communication between various systems and subsystems via a vehicle bus. Electronic devices may be coupled to the bus. Electronic control units (ECUs) may be located therebetween. The ECU may regulate or control the flow of messages between the bus and the electronic devices. Message filters may apply a filter policy to incoming and outgoing messages. In addition, the message filtering system may have an alert policy for violations of the filter policy. In one embodiment, the source identity of outgoing messages may be overwritten by a message filter dedicated to outgoing messages; this message filter may be an application specific integrated circuit.

Abstract: An audio interruption and buffering playback system includes a primary audio source for reproducing primary audio content and a secondary audio source for reproducing secondary audio content. A processing device detects an interruption event that includes the secondary audio source reproducing secondary audio content having priority over the primary audio source. The processor mutes the output of the primary audio content in response to the interruption event. A buffer buffers the audio content from the primary audio source during the interruption event. The buffered audio content is reproduced by the processor to the user at an accelerated playback speed following the interruption event.

Abstract: A server includes an import module that receives a first content file and a first instruction file from a design network. The first instruction file includes a first set of parameters. A job request module, based on the first instruction parameter set, determines a second parameter set and generates a second instruction file comprising the second parameter set. The job request module transmits the first content file and the second parameter set to a signature server. An export module receives a signature file from the signature server. The signature server generates the signature file based on the second instruction file. The export module integrates the signature into the first content file to generate a second content file and downloads the second content file to at least one of a service server, a manufacturing server, and a supplier network.

Abstract: A system and method for writing a new or replacement public key to a bootloader stored in a memory segment in the memory of a vehicle ECU without having to rewrite the entire bootloader. The method includes defining a key table in the bootloader memory segment includes a number of vacant memory slots that are available to store replacement public keys if they are needed. The key table is a separate section of the bootloader memory segment so that the key table memory slots are not used by the bootloader code.

Abstract: A method for providing digital signatures for authenticating the source and content of binary files which are flash programmed into automotive embedded controllers. A piece of electronic content is digitally signed on a signing server by creating a hash value and encrypting it using the signer's private key. The content file and digital signature files are then delivered using one of several alternative approaches to a programming tool, which in turn loads the content and signature files onto the controller on which the content will execute. The controller verifies the content by decrypting the signature file to restore the hash value, and comparing the decrypted hash value to a hash value calculated from the content itself. Multiple signature files for a piece of content are supported.

Abstract: A system and method for verifying that operating software and calibration files are present and valid after a bootloader flashes the files into the memory on a vehicle ECU before allowing the operating software to execute. The ECU memory defines a memory segment for the operating software and the calibration files. A software manifest is provided in a memory slot before the operating software segment in the memory. Likewise, a calibration manifest is provided in a memory slot before the calibration segment in the ECU memory. After the software has been flashed into the ECU memory, a software flag is set in the software manifest memory slot and each time a calibration file is flashed, a calibration flag for the particular calibration file is set in the calibration manifest.

Abstract: A system and method for implementing cross-network synchronization of nodes on a vehicle bus includes periodically sampling a notion of time from a first network, transmitting a message from the first network to a node on a second network, wherein the message includes the notion of time, and updating a local clock on the second network node based on the notion of time in the message.