Abstract: A system for offline generation of digital assets includes: a security credential management system (SCMS) that is operable to generate and conditionally transmit digital assets; and a certificate authority communicatively connected to the SCMS by a communication network, the certificate authority being operable to receive the digital assets from the SCMS. The certificate authority is operable to securely provision a plurality of computerized devices based on the received digital assets, the certificate authority intermittently connects to the SCMS to receive the digital assets, the certificate authority is operable to securely provision the plurality of computerized devices while disconnected from the SCMS, and the provisioning by the certificate authority while disconnected from the SCMS is limited by a policy associated with the certificate authority.

Abstract: Systems, devices, and methods for updating computerized devices. Functions and operations can include: obtaining a filter data structure (e.g., a bloom filter data structure) that may include hash values corresponding to each of the computerized devices to be updated; determining whether a computerized device is to obtain a device update based on a hash value associated with the computerized device matching a hash value of the filter data structure; and providing the device update to the computerized device when there is a match. The provided device update may modify the operation of the computerized device that receives it.

Abstract: A first processing sends a validation request is sent, which includes a random number seed and a nonce to a second processing device. The first processing device generates a first set of random numbers using the random number seed according to an algorithm for random number generation, and maps the generated first set of random numbers to memory blocks that include a copy of software for the second processing device. A first hash is calculated from contents of the mapped memory blocks concatenated to the nonce. A second hash, calculated using information included in the validation request, the mapping model, the software for the second processing device, and the nonce is received. An action is automatically performed when the hashes do not match.

Abstract: Systems, methods, and devices for establishing a confidence level for local operational data for a device within a technological ecosystem, such as the V2X ecosystem. The systems, methods, and devices may perform operations that include: obtaining local operational data for the device; obtaining messages from multiple external devices participating in the ecosystem, wherein each of the messages includes external operational data for the transmitting external device; determining, based on the local operational data and the external operational data from the messages, a confidence level for the local operational data; and executing a remedial action when the confidence level falls below a threshold for the confidence level. The systems and devices may include a local data source that stores the local operational data and a communication interface.

Abstract: Systems, methods, computer-readable media, and devices for accessing onboard operational data in a vehicle. The systems, methods, computer-readable media, and devices may include hardware and/or software for performing operations that include: obtaining user information and vehicle information, obtaining verification information, e.g., from a verification source, verifying that a specific user is associated with the vehicle based on the verification information, communicatively connecting to the vehicle based on the vehicle information; obtaining the onboard data from the vehicle; and providing the onboard data to the user. In embodiments, the user may be the owner of the vehicle, the registrant of the vehicle, or a repair person that is servicing the vehicle and needs access to onboard data besides OBD error codes.

Abstract: A first processing sends a validation request is sent, which includes a random number seed and a nonce to a second processing device. The first processing device generates a first set of random numbers using the random number seed according to an algorithm for random number generation, and maps the generated first set of random numbers to memory blocks that include a copy of software for the second processing device. A first hash is calculated from contents of the mapped memory blocks concatenated to the nonce. A second hash, calculated using information included in the validation request, the mapping model, the software for the second processing device, and the nonce is received. An action is automatically performed when the hashes do not match.

Abstract: Systems, methods, and computer-readable media for managing digital certificates and other security credentials. A routing and management server is communicatively connected to a certificate user device and to a plurality of certificate generators. The server performs operations that may include: optionally registering the certificate user device; receiving a request for one or more digital certificates from the certificate user device; analyzing the request to determine an appropriate certificate generator, from among the plurality of certificate generators, for producing the one or more digital certificates; optionally translating the request into a format required by the appropriate certificate generator; transmitting the request to the appropriate certificate generator; receiving the one or more digital certificates from the appropriate certificate generator; and providing the one or more digital certificates to the certificate user device.

Abstract: A server including a processor and a non-transitory computer readable medium is provided. The medium includes computer-executable instructions cause the processor to perform operations including obtaining a filter data structure comprising a plurality of hash values, each hash value corresponding to a computer device of a plurality of computer devices in an update campaign, determining that a requesting computerized device is in the update campaign, in response to determining, sending a request to confirm that the computerized device is a member of the campaign, in response to confirming that the computerized device is a member of the campaign, providing the device update to the computerized device, and in response to determining that the computerized device does not belong to the campaign, providing an indication that there is no device update for the computerized device.

Abstract: A computer implemented method for validating software is provided. The method includes generating a first check value, by a remote computing device, based on a unique value and software of the remote computing device, outputting the first check value and the unique value from the remote computing device to a secure data repository, obtaining, by a secure computing device, an authentic copy of the software of the remote computing device, obtaining, by the secure computing device, the unique value and the first check value from the secure data repository, computing, by the secure computing device, a second check value based on the authentic copy of the software for the remote computing device and the unique value, and determining, by the secure computing device, whether the remote computing device has authentic software based on a comparison of the obtained first check value and the second check value.

Abstract: Systems, devices, and methods for updating computerized devices. Functions and operations can include: obtaining a filter data structure (e.g., a bloom filter data structure) that may include hash values corresponding to each of the computerized devices to be updated; determining whether a computerized device is to obtain a device update based on a hash value associated with the computerized device matching a hash value of the filter data structure; and providing the device update to the computerized device when there is a match. The provided device update may modify the operation of the computerized device that receives it.

Abstract: Systems, methods, computer-readable media, and devices for accessing onboard operational data in a vehicle. The systems, methods, computer-readable media, and devices may include hardware and/or software for performing operations that include: obtaining user information and vehicle information, obtaining verification information, e.g., from a verification source, verifying that a specific user is associated with the vehicle based on the verification information, communicatively connecting to the vehicle based on the vehicle information; obtaining the onboard data from the vehicle; and providing the onboard data to the user. In embodiments, the user may be the owner of the vehicle, the registrant of the vehicle, or a repair person that is servicing the vehicle and needs access to onboard data besides OBD error codes.

Abstract: A system for securely provisioning a plurality of computerized devices of a tenant, is provided. The system includes a processor, and a computer storage medium including instructions that when executed by the processor cause the processor to perform operations. The operations include receiving provisioning requests from the plurality of computerized devices needing certificates, each provisioning request indicating a tenant identifier identifying the tenant, and transmitting the provisioning requests to a set of security credential management system backend components based on the tenant identifier. The set of SCMS backend components includes enrollment certificate authorities operable to generate enrollment certificates, each provisioning request being transmitted to one of the one or more enrollment certificate authorities based on the tenant identifier of each provisioning request, and a pseudonym certificate authority operable to generate digital assets in response to receiving a provisioning request.

Abstract: A system for facilitating a plurality of virtual transmission control protocol connections between a target application and a source application is provided. The system includes a server proxy, a client proxy, and a network protection interposed between the server proxy and the client proxy. The server proxy is configured to receive an open request from the client proxy via a stateless protocol, including a target identifier, the open request originating from the source application, open a connection between the server proxy and the target application based on the target identifier, provide a response to the client proxy indicating a status of the open request, the response including at least one of a session identifier or a sequence identifier, receive, a data request from the client proxy, including the session identifier and an incremented sequence identifier, and provide the data request to the target application.

Abstract: An example system may include one or more application platforms (e.g., VMs) that run a registration authority and are communicatively connected to one or more compute engines that perform cryptographic computations required by the registration authority. The system may also include one or more application platforms that run an enrollment certificate authority and that are communicatively connected to one or more compute engines that perform cryptographic computations required by the enrollment certificate authority. It may further include one or more application platforms that run a pseudonym certificate authority and that are communicatively connected to one or more compute engines that perform cryptographic computations required by the pseudonym certificate authority. It may also include one or more load balancers communicatively connected to the one or more compute engines, the one or more load balancers to perform operations comprising distributing at least one request to the one or more compute engines.

Abstract: A first processing device obtains a first copy of software from a repository, the first copy including first computer instructions and first data for indicating a running state of a device. A validation request is sent, which includes a seed, an algorithm identifier, a number of random numbers to generate, and a nonce. The first processing device generates the number of first random numbers using the seed and an algorithm corresponding to the algorithm identifier, and maps the first random numbers to memory blocks, each of which includes a respective first computer instruction of the first copy or the first data. A first hash is calculated from contents of the mapped memory blocks and the nonce. A second hash, calculated using information included in the validation request and a software copy on a second processing device, is received. An action is automatically performed when the hashes do not match.

Abstract: Systems, methods, and devices for establishing a confidence level for local operational data for a device within a technological ecosystem, such as the V2X ecosystem. The systems, methods, and devices may perform operations that include: obtaining local operational data for the device; obtaining messages from multiple external devices participating in the ecosystem, wherein each of the messages includes external operational data for the transmitting external device; determining, based on the local operational data and the external operational data from the messages, a confidence level for the local operational data; and executing a remedial action when the confidence level falls below a threshold for the confidence level. The systems and devices may include a local data source that stores the local operational data and a communication interface.

Abstract: Systems, methods, and computer-readable media for managing digital certificates and other security credentials. A routing and management server is communicatively connected to a certificate user device and to a plurality of certificate generators. The server performs operations that may include: optionally registering the certificate user device; receiving a request for one or more digital certificates from the certificate user device; analyzing the request to determine an appropriate certificate generator, from among the plurality of certificate generators, for producing the one or more digital certificates; optionally translating the request into a format required by the appropriate certificate generator; transmitting the request to the appropriate certificate generator; receiving the one or more digital certificates from the appropriate certificate generator; and providing the one or more digital certificates to the certificate user device.

Abstract: A computer implemented method for validating software is provided. The method includes generating a first check value, by a remote computing device, based on a unique value and software of the remote computing device, outputting the first check value and the unique value from the remote computing device to a secure data repository, obtaining, by a secure computing device, an authentic copy of the software of the remote computing device, obtaining, by the secure computing device, the unique value and the first check value from the secure data repository, computing, by the secure computing device, a second check value based on the authentic copy of the software for the remote computing device and the unique value, and determining, by the secure computing device, whether the remote computing device has authentic software based on a comparison of the obtained first check value and the second check value.

Abstract: A system for providing quality of service (QoS) levels to clients requesting credentials from a credential management service is provided. The system includes an application programming interface (API) operable to receive credential requests from each of a plurality of clients, each credential request including a client identifier, and a QoS manager operable to: distribute the credential requests to a corresponding client queue of a plurality of client queues based on the client identifier, select a credential request distributed to the plurality of client queues based on a selection scheme, and transmit the selected credential request to a QoS queue of the credential management service for processing.

Abstract: A system for securely provisioning a plurality of computerized devices of a tenant, is provided. The system includes a processor, and a computer storage medium including instructions that when executed by the processor cause the processor to perform operations. The operations include receiving provisioning requests from r the plurality of computerized devices needing certificates, each provisioning request indicating a tenant identifier identifying the tenant, and transmitting the provisioning requests to a set of security credential management system backend components based on the tenant identifier. The set of SCMS backend components includes enrollment certificate authorities operable to generate enrollment certificates, each provisioning request being transmitted to one of the one or more enrollment certificate authorities based on the tenant identifier of each provisioning request, and a pseudonym certificate authority operable to generate digital assets in response to receiving a provisioning request.