Abstract: The present application relates to a method and apparatus for providing fault tolerant provisioning verification for cryptographic keys including receiving, via an interface, a first security key, a second security key, and a first verification data generated in response to the first security key and the second security key, coupling, by a processor, the first security key and the second security key to an electronic controller, receiving, by the processor, a second verification data generated by the electronic controller in response to the first security key and the second security key, and marking, by the processor, the controller as provisioned in response to the first verification data matching the second verification data.

Abstract: A first IoT device includes a memory, a transceiver, bloom filter evaluation, false positive comparison and control modules. The memory stores: a bloom filter set including an array of bits representing entries in a certificate revocation list; and a false positive set including a list of certificate entries falsely identified as being revoked. The transceiver receives from a second IoT device a message including a certificate. The bloom filter evaluation module receives the bloom filter set from a back office station and determines whether an identifier associated with the certificate is in the bloom filter set. The false positive comparison module receives the false positive set from the back office station and determines whether the identifier is in the false positive set. The control module permits communication between the first and second IoT devices based on whether the identifier is in the bloom filter and false positive sets.

Abstract: The present application relates to a method and apparatus for providing fault tolerant provisioning verification for cryptographic keys including receiving, via an interface, a first security key, a second security key, and a first verification data generated in response to the first security key and the second security key, coupling, by a processor, the first security key and the second security key to an electronic controller, receiving, by the processor, a second verification data generated by the electronic controller in response to the first security key and the second security key, and marking, by the processor, the controller as provisioned in response to the first verification data matching the second verification data.

Abstract: A first IoT device includes a memory, a transceiver, bloom filter evaluation, false positive comparison and control modules. The memory stores: a bloom filter set including an array of bits representing entries in a certificate revocation list; and a false positive set including a list of certificate entries falsely identified as being revoked. The transceiver receives from a second IoT device a message including a certificate. The bloom filter evaluation module receives the bloom filter set from a back office station and determines whether an identifier associated with the certificate is in the bloom filter set. The false positive comparison module receives the false positive set from the back office station and determines whether the identifier is in the false positive set. The control module permits communication between the first and second IoT devices based on whether the identifier is in the bloom filter and false positive sets.

Abstract: A supplier network device is provided and includes a supplier processor and memory that stores a credential package including information for a chip or a vehicle control module (VCM). The supplier processor: receives ID and signature public keys from the chip, where the ID and signature public keys correspond respectively to private keys stored in the chip; transmit the ID and signature public keys to a certificate authority processor of a vehicle manufacturer data center; and receive the credential package including signing certificates from the certificate authority processor prior to assembling the VCM. The supplier processor: reads the ID public key from the VCM subsequent to incorporating the chip in the VCM; identifies the credential package based on the ID public key; and based on the identifying of the credential package, programs the VCM with the signing certificates prior to installation of the vehicle control module in a vehicle.

Abstract: Examples of techniques for replacing a security credential in a vehicle control module are disclosed. In one example implementation according to aspects of the present disclosure, a method includes authorizing, by a management system, a service system to replace the security credential of the vehicle control module. The method further includes initiating, by the service system, a replace security credential command to replace the security credential in the vehicle control module. The method further includes verifying, by the vehicle control module, the replace security credential command. The method further includes initiating, by the vehicle control module, a replace security credential request. The method further includes verifying, by the management system, the replace security credential request. The method further includes creating, by the management system, a new security credential for the vehicle control module.

Abstract: A supplier network device is provided and includes a supplier processor and memory that stores a credential package including information for a chip or a vehicle control module (VCM). The supplier processor: receives ID and signature public keys from the chip, where the ID and signature public keys correspond respectively to private keys stored in the chip; transmit the ID and signature public keys to a certificate authority processor of a vehicle manufacturer data center; and receive the credential package including signing certificates from the certificate authority processor prior to assembling the VCM. The supplier processor: reads the ID public key from the VCM subsequent to incorporating the chip in the VCM; identifies the credential package based on the ID public key; and based on the identifying of the credential package, programs the VCM with the signing certificates prior to installation of the vehicle control module in a vehicle.

Abstract: A system and method of controlling access to electronic control units (ECUs) includes: receiving, at an ECU supplier computer, a supplier encryption key derived from a master encryption key using a supplier identifier that identifies an ECU supplier; issuing an ECU identifier that identifies an ECU and includes the supplier identifier; generating for the ECU an ECU unlock authorization key using the supplier encryption key and the ECU identifier; and storing the ECU unlock authorization key and the ECU identifier in the ECU.