Abstract: Disclosed are techniques for securing electronic control units (ECUs) in a vehicle. A security platform for a vehicle includes a key distribution center (KDC) for the vehicle. The KDC is configured to verify that a digital certificate associated with a first electronic control unit (ECU) on the vehicle is a valid certificate, where the digital certificate indicates a first security level of the first ECU. The KDC is configured to generate, based on the first security level of the first ECU, one or more security keys for secure communication between the first ECU and a set of ECUs on the vehicle, and provision the one or more security keys to the first ECU and the set of ECUs. In some embodiments, the KDC uses the provisioned keys to authenticate each ECU when the vehicle is powered up.

Abstract: Systems and methods for managing a compromised autonomous vehicle server are described herein. A processor may obtain an indication of a first server configured to control an autonomous vehicle being compromised. The autonomous vehicle may have previously been provisioned with a first public key. The first public key may be paired with a first private key. A processor may compile command information. The command information may include a command for the autonomous vehicle and a digital certificate of a second server configured to control the autonomous vehicle in the event of the first server being compromised. The digital certificate may include a second public key and may be signed with the first private key. The command may be signed with a second private key associated with the second server. The second private key may be paired with the second public key.

Abstract: Methods, systems, and apparatus, including computer programs encoded on computer storage media, for managing security of a vehicle are provided. One of the methods includes: monitoring a plurality of activities of one or more electronic devices associated with the vehicle; generating a plurality of event logs based on the monitored activities; sending the generated event logs to a server; and receiving, from the server, one or more alerts created based on the generated event logs.

Abstract: Systems and methods for managing a compromised autonomous vehicle server are described herein. A processor may obtain an indication of a first server configured to control an autonomous vehicle being compromised. The autonomous vehicle may have previously been provisioned with a first public key. The first public key may be paired with a first private key. A processor may compile command information. The command information may include a command for the autonomous vehicle and a digital certificate of a second server configured to control the autonomous vehicle in the event of the first server being compromised. The digital certificate may include a second public key and may be signed with the first private key. The command may be signed with a second private key associated with the second server. The second private key may be paired with the second public key.

Abstract: A first data tree and a second data tree may be accessed. The first data tree may include a first set of directory nodes and a first set of file nodes, and the second data tree may include a second set of directory nodes and a second set of file nodes. The first data tree may be converted into a first data tree file, and the second data tree may be converted into a second data tree file. A delta for the first data tree and the second data tree may be generated based on a comparison of the first data tree file and the second data tree file.

Abstract: Systems and methods for managing a compromised autonomous vehicle server are described herein. A processor may obtain an indication of a first server configured to control an autonomous vehicle being compromised. The autonomous vehicle may have previously been provisioned with a first public key. The first public key may be paired with a first private key. A processor may compile command information. The command information may include a command for the autonomous vehicle and a digital certificate of a second server configured to control the autonomous vehicle in the event of the first server being compromised. The digital certificate may include a second public key and may be signed with the first private key. The command may be signed with a second private key associated with the second server. The second private key may be paired with the second public key.

Abstract: Systems and methods for managing a compromised autonomous vehicle server are described herein. A processor may obtain an indication of a first server configured to control an autonomous vehicle being compromised. The autonomous vehicle may have previously been provisioned with a first public key. The first public key may be paired with a first private key. A processor may compile command information. The command information may include a command for the autonomous vehicle and a digital certificate of a second server configured to control the autonomous vehicle in the event of the first server being compromised. The digital certificate may include a second public key and may be signed with the first private key. The command may be signed with a second private key associated with the second server. The second private key may be paired with the second public key.

Abstract: Methods, systems, and apparatus, including computer programs encoded on computer storage media, for a system associated with a vehicle are provided. One of the systems includes one or more electronic control units (ECUs) connected to a controller area network (CAN) bus, one or more infotainment devices, and a security gateway coupled to the one or more ECUs via the CAN bus and connected to the one or more infotainment devices. The security gateway may be configured to receive signals from the CAN bus and the one or more infotainment devices and detect a security event based at least in part on received signals.

Abstract: Systems and methods for vehicle identification are described herein. A set of vehicle identification information may be obtained from a set of autonomous vehicles. Individual vehicle identification information may convey identifications of one or more vehicles and locations of the one or more vehicles. Vehicle context information for individual vehicles may be determined from the set of vehicle identification information. The vehicle context information for the individual vehicles may describe a context of the individual vehicles. The context may include one or a combination of a speed of travel, a direction of travel, a trajectory, or an identity profile.

Abstract: Disclosed are techniques for securing electronic control units (ECUs) in a vehicle. A security platform for a vehicle includes a key distribution center (KDC) for the vehicle. The KDC is configured to verify that a digital certificate associated with a first electronic control unit (ECU) on the vehicle is a valid certificate, where the digital certificate indicates a first security level of the first ECU. The KDC is configured to generate, based on the first security level of the first ECU, one or more security keys for secure communication between the first ECU and a set of ECUs on the vehicle, and provision the one or more security keys to the first ECU and the set of ECUs. In some embodiments, the KDC uses the provisioned keys to authenticate each ECU when the vehicle is powered up.

Abstract: Systems and methods for vehicle identification are described herein. A set of vehicle identification information may be obtained from a set of autonomous vehicles. Individual vehicle identification information may convey identifications of one or more vehicles and locations of the one or more vehicles. Vehicle context information for individual vehicles may be determined from the set of vehicle identification information. The vehicle context information for the individual vehicles may describe a context of the individual vehicles. The context may include one or a combination of a speed of travel, a direction of travel, a trajectory, or an identity profile.

Abstract: Disclosed are techniques for securing electronic control units (ECUs) in a vehicle. A security platform for a vehicle includes a key distribution center (KDC) for the vehicle. The KDC is configured to verify that a digital certificate associated with a first electronic control unit (ECU) on the vehicle is a valid certificate, where the digital certificate indicates a first security level of the first ECU. The KDC is configured to generate, based on the first security level of the first ECU, one or more security keys for secure communication between the first ECU and a set of ECUs on the vehicle, and provision the one or more security keys to the first ECU and the set of ECUs. In some embodiments, the KDC uses the provisioned keys to authenticate each ECU when the vehicle is powered up.

Abstract: Systems and methods for managing a compromised autonomous vehicle server are described herein. A processor may obtain an indication of a first server configured to control an autonomous vehicle being compromised. The autonomous vehicle may have previously been provisioned with a first public key. The first public key may be paired with a first private key. A processor may compile command information. The command information may include a command for the autonomous vehicle and a digital certificate of a second server configured to control the autonomous vehicle in the event of the first server being compromised. The digital certificate may include a second public key and may be signed with the first private key. The command may be signed with a second private key associated with the second server. The second private key may be paired with the second public key.

Abstract: Fingerprints of file node(s) within a first data tree and file node(s) within a second data tree may be generated. The first data tree may include a first set of directory nodes and a first set of file nodes. The second data tree may include a second set of directory nodes and a second set of file nodes. A delta between the first data tree and the second data tree may be generated based on a first classification of similarity between the first set of file nodes and the second set of file nodes, a second classification of similarity between the first set of directory nodes and the second set of directory nodes, and file-node delta(s) between file node(s) of the first set of file nodes and file node(s) of the second set of file nodes. The file-node delta(s) determined based on two or more of the fingerprints.

Abstract: Methods and systems for improving security of a vehicle are disclosed. In one embodiment, a method comprises receiving, from a requester, a request to access a vehicle compartment of a vehicle; determining a scope of access of the vehicle compartment for the requester based on an operation of the vehicle; and configuring a lock mechanism of the vehicle compartment based on the scope of access.

Abstract: A first data tree may include a first set of directory nodes and a first set of file nodes. A second data tree may include a second set of directory nodes and a second set of file nodes. Similarity between the first set of file nodes and the second set of file nodes may be classified based on file names, file paths, and file values. Similarity between the first set of directory nodes and the second set of directory nodes may be classified based on directory names, directory paths, nested folders, and included files. A delta between the first data tree and the second data tree may be generated based on the classification of similarity between the first set of file nodes and the second set of file nodes and the classification of similarity between the first set of directory nodes and the second set of directory nodes.

Abstract: Embodiments of the disclosure provide systems and methods for fraud detection in a transportation service. An exemplary system may include a communication interface configured to receive user data from a terminal device associated with a user providing the transportation service. The user data may include identification information of the terminal device. The system may also include a memory configured to store the user data. The system may also include at least one processor coupled to the memory. The processor may be configured to determine a first fingerprint based on the identification information. The processor may be further configured to determine whether the first fingerprint matches a first reference fingerprint associated with a registered terminal device. Moreover, the processor may be configured to generate a first notice when the first fingerprint does not match the first reference fingerprint.

Abstract: Methods, systems, and apparatus, including computer programs encoded on computer storage media, for managing security of a vehicle are provided. One of the methods includes: monitoring a plurality of activities of one or more electronic devices associated with the vehicle; generating a plurality of event logs based on the monitored activities; sending the generated event logs to a server; and receiving, from the server, one or more alerts created based on the generated event logs.

Abstract: Embodiments of the disclosure provide systems and methods for determining fingerprint information of a terminal device in a transportation service. An exemplary system may include a communication interface configured to establish a communication link between first and second terminal devices and receive user data from the first terminal device associated with a user of the transportation service. The communication interface may also be configured to receive authentication information authenticating the second terminal device. The system may also include a memory configured to store the user data and at least one processor coupled to the memory. The at least one processor is configured to determine a first fingerprint of the first terminal device based on the user data after receiving the authentication information authenticating the second terminal device.

Abstract: Disclosed are techniques for securing electronic control units (ECUs) in a vehicle while allowing secure repairing of the ECUs. A method of repairing a vehicle includes disabling message authentication in secure communication between any two ECUs in a plurality of ECUs on the vehicle, detecting a first ECU that has been changed based on detecting an absence of a valid security key on the first ECU, verifying that a digital certificate associated with the first ECU is a valid certificate, generating one or more security keys for secure communication between the first ECU and a set of ECUs in the plurality of ECUs, provisioning the one or more security keys to the first ECU and the set of ECUs, and enabling the message authentication in secure communication between any two ECUs of the plurality of ECUs.