Abstract: Systems, methods, and computer-readable media for managing digital certificates and other security credentials. A routing and management server is communicatively connected to a certificate user device and to a plurality of certificate generators. The server performs operations that may include: optionally registering the certificate user device; receiving a request for one or more digital certificates from the certificate user device; analyzing the request to determine an appropriate certificate generator, from among the plurality of certificate generators, for producing the one or more digital certificates; optionally translating the request into a format required by the appropriate certificate generator; transmitting the request to the appropriate certificate generator; receiving the one or more digital certificates from the appropriate certificate generator; and providing the one or more digital certificates to the certificate user device.

Abstract: A server including a processor and a non-transitory computer readable medium is provided. The medium includes computer-executable instructions cause the processor to perform operations including obtaining a filter data structure comprising a plurality of hash values, each hash value corresponding to a computer device of a plurality of computer devices in an update campaign, determining that a requesting computerized device is in the update campaign, in response to determining, sending a request to confirm that the computerized device is a member of the campaign, in response to confirming that the computerized device is a member of the campaign, providing the device update to the computerized device, and in response to determining that the computerized device does not belong to the campaign, providing an indication that there is no device update for the computerized device.

Abstract: A computer implemented method for validating software is provided. The method includes generating a first check value, by a remote computing device, based on a unique value and software of the remote computing device, outputting the first check value and the unique value from the remote computing device to a secure data repository, obtaining, by a secure computing device, an authentic copy of the software of the remote computing device, obtaining, by the secure computing device, the unique value and the first check value from the secure data repository, computing, by the secure computing device, a second check value based on the authentic copy of the software for the remote computing device and the unique value, and determining, by the secure computing device, whether the remote computing device has authentic software based on a comparison of the obtained first check value and the second check value.

Abstract: Systems, devices, and methods for updating computerized devices. Functions and operations can include: obtaining a filter data structure (e.g., a bloom filter data structure) that may include hash values corresponding to each of the computerized devices to be updated; determining whether a computerized device is to obtain a device update based on a hash value associated with the computerized device matching a hash value of the filter data structure; and providing the device update to the computerized device when there is a match. The provided device update may modify the operation of the computerized device that receives it.

Abstract: Systems, methods, computer-readable media, and devices for accessing onboard operational data in a vehicle. The systems, methods, computer-readable media, and devices may include hardware and/or software for performing operations that include: obtaining user information and vehicle information, obtaining verification information, e.g., from a verification source, verifying that a specific user is associated with the vehicle based on the verification information, communicatively connecting to the vehicle based on the vehicle information; obtaining the onboard data from the vehicle; and providing the onboard data to the user. In embodiments, the user may be the owner of the vehicle, the registrant of the vehicle, or a repair person that is servicing the vehicle and needs access to onboard data besides OBD error codes.

Abstract: A system for facilitating a plurality of virtual transmission control protocol connections between a target application and a source application is provided. The system includes a server proxy, a client proxy, and a network protection interposed between the server proxy and the client proxy. The server proxy is configured to receive an open request from the client proxy via a stateless protocol, including a target identifier, the open request originating from the source application, open a connection between the server proxy and the target application based on the target identifier, provide a response to the client proxy indicating a status of the open request, the response including at least one of a session identifier or a sequence identifier, receive, a data request from the client proxy, including the session identifier and an incremented sequence identifier, and provide the data request to the target application.

Abstract: A system for securely provisioning a plurality of computerized devices of a tenant, is provided. The system includes a processor, and a computer storage medium including instructions that when executed by the processor cause the processor to perform operations. The operations include receiving provisioning requests from the plurality of computerized devices needing certificates, each provisioning request indicating a tenant identifier identifying the tenant, and transmitting the provisioning requests to a set of security credential management system backend components based on the tenant identifier. The set of SCMS backend components includes enrollment certificate authorities operable to generate enrollment certificates, each provisioning request being transmitted to one of the one or more enrollment certificate authorities based on the tenant identifier of each provisioning request, and a pseudonym certificate authority operable to generate digital assets in response to receiving a provisioning request.

Abstract: An example system may include one or more application platforms (e.g., VMs) that run a registration authority and are communicatively connected to one or more compute engines that perform cryptographic computations required by the registration authority. The system may also include one or more application platforms that run an enrollment certificate authority and that are communicatively connected to one or more compute engines that perform cryptographic computations required by the enrollment certificate authority. It may further include one or more application platforms that run a pseudonym certificate authority and that are communicatively connected to one or more compute engines that perform cryptographic computations required by the pseudonym certificate authority. It may also include one or more load balancers communicatively connected to the one or more compute engines, the one or more load balancers to perform operations comprising distributing at least one request to the one or more compute engines.

Abstract: A first processing device obtains a first copy of software from a repository, the first copy including first computer instructions and first data for indicating a running state of a device. A validation request is sent, which includes a seed, an algorithm identifier, a number of random numbers to generate, and a nonce. The first processing device generates the number of first random numbers using the seed and an algorithm corresponding to the algorithm identifier, and maps the first random numbers to memory blocks, each of which includes a respective first computer instruction of the first copy or the first data. A first hash is calculated from contents of the mapped memory blocks and the nonce. A second hash, calculated using information included in the validation request and a software copy on a second processing device, is received. An action is automatically performed when the hashes do not match.

Abstract: Systems, methods, and devices for establishing a confidence level for local operational data for a device within a technological ecosystem, such as the V2X ecosystem. The systems, methods, and devices may perform operations that include: obtaining local operational data for the device; obtaining messages from multiple external devices participating in the ecosystem, wherein each of the messages includes external operational data for the transmitting external device; determining, based on the local operational data and the external operational data from the messages, a confidence level for the local operational data; and executing a remedial action when the confidence level falls below a threshold for the confidence level. The systems and devices may include a local data source that stores the local operational data and a communication interface.

Abstract: Systems, methods, and computer-readable media for managing digital certificates and other security credentials. A routing and management server is communicatively connected to a certificate user device and to a plurality of certificate generators. The server performs operations that may include: optionally registering the certificate user device; receiving a request for one or more digital certificates from the certificate user device; analyzing the request to determine an appropriate certificate generator, from among the plurality of certificate generators, for producing the one or more digital certificates; optionally translating the request into a format required by the appropriate certificate generator; transmitting the request to the appropriate certificate generator; receiving the one or more digital certificates from the appropriate certificate generator; and providing the one or more digital certificates to the certificate user device.

Abstract: A computer implemented method for validating software is provided. The method includes generating a first check value, by a remote computing device, based on a unique value and software of the remote computing device, outputting the first check value and the unique value from the remote computing device to a secure data repository, obtaining, by a secure computing device, an authentic copy of the software of the remote computing device, obtaining, by the secure computing device, the unique value and the first check value from the secure data repository, computing, by the secure computing device, a second check value based on the authentic copy of the software for the remote computing device and the unique value, and determining, by the secure computing device, whether the remote computing device has authentic software based on a comparison of the obtained first check value and the second check value.

Abstract: A system for providing quality of service (QoS) levels to clients requesting credentials from a credential management service is provided. The system includes an application programming interface (API) operable to receive credential requests from each of a plurality of clients, each credential request including a client identifier, and a QoS manager operable to: distribute the credential requests to a corresponding client queue of a plurality of client queues based on the client identifier, select a credential request distributed to the plurality of client queues based on a selection scheme, and transmit the selected credential request to a QoS queue of the credential management service for processing.

Abstract: A system for securely provisioning a plurality of computerized devices of a tenant, is provided. The system includes a processor, and a computer storage medium including instructions that when executed by the processor cause the processor to perform operations. The operations include receiving provisioning requests from r the plurality of computerized devices needing certificates, each provisioning request indicating a tenant identifier identifying the tenant, and transmitting the provisioning requests to a set of security credential management system backend components based on the tenant identifier. The set of SCMS backend components includes enrollment certificate authorities operable to generate enrollment certificates, each provisioning request being transmitted to one of the one or more enrollment certificate authorities based on the tenant identifier of each provisioning request, and a pseudonym certificate authority operable to generate digital assets in response to receiving a provisioning request.

Abstract: A system can include a certificate application programming interface (API) device that is operable to receive, via an application programming interface (API), an enrollment request for the at least one computerized device. The certificate API device can also generate, via the API, an enrollment package and an end entity certificate package for the at least one computerized device by obtaining the enrollment package and the end entity certificate package from a certificate management service (CMS). The certificate API device can also transmit, via the API, the enrollment package and the end entity certificate package to the at least one computerized device. The system can also include the CMS that is operable to provide the enrollment package and the end entity certificate package to the certificate API device.

Abstract: A system for facilitating a plurality of virtual transmission control protocol connections between a target application and a source application is provided. The system includes a server proxy, a client proxy, and a network protection interposed between the server proxy and the client proxy. The server proxy is configured to receive an open request from the client proxy via a stateless protocol, including a target identifier, the open request originating from the source application, open a connection between the server proxy and the target application based on the target identifier, provide a response to the client proxy indicating a status of the open request, the response including at least one of a session identifier or a sequence identifier, receive, a data request from the client proxy, including the session identifier and an incremented sequence identifier, and provide the data request to the target application.

Abstract: A system includes a campaign management service to detect a campaign initiation request indicating a number of computerized devices to be updated for a campaign and store data corresponding to the computerized devices to be updated. The campaign management service can generate a bloom filter data structure comprising hash values based on the data for each of the computerized devices to be updated and transmit the bloom filter data structure to a network edge. The system can include the network edge that can use the bloom filter data structure from the campaign management service to determine whether a computerized device is to obtain a device update from the campaign management service. The network edge can retrieve the device update and modify the computerized device by transmitting the device update to the computerized device, which then installs it.

Abstract: Systems, methods and devices are provided for provisioning a computerized device. The system may include a distributor computer that is connected to the computerized device and is operable to receive a first digital asset and transmit it to the computerized device, and a server that is connected to the distributor computer, and that transmits the first digital asset to the distributor computer when a first authorizing condition is met, the first digital asset being configured to cause the computerized device to become partially provisioned, wherein the server transmits a second digital asset to the computerized device, and the computerized device is functional after the second digital asset is transmitted to the computerized device.

Abstract: A system for securely producing and using high-entropy security information, such as a password. The system includes a printer, a display device, and a generator computer that is connected to the printer and the display device. The generator computer generates the high-entropy set of characters, (e.g., password), and also generates a machine-readable representation of the high-entropy set of characters, (e.g., a barcode). The generator computer causes the printer to print the high-entropy set of characters and the machine-readable representation on paper, and then deletes the high-entropy set of characters and the machine-readable representation from the system. The high-entropy set of characters, (e.g., password), may be entered into a target computer by scanning the barcode on the paper using a barcode scanner connected to the target computer, which is significantly faster than, and eliminates the human error associated with, typing in a high-entropy set of characters.

Abstract: A system for facilitating a plurality of virtual transmission control protocol connections between a target application and a source application is provided. The system includes a server proxy, a client proxy, and a network protection interposed between the server proxy and the client proxy. The server proxy is configured to receive an open request from the client proxy via a stateless protocol, including a target identifier, the open request originating from the source application, open a connection between the server proxy and the target application based on the target identifier, provide a response to the client proxy indicating a status of the open request, the response including at least one of a session identifier and a sequence identifier, receive, a data request from the client proxy, including the session identifier and an incremented sequence identifier, and provide the data request to the target application.