Abstract: A system and method of evaluating one or more cybersecurity vulnerabilities to establish a priority metric for each of the one or more cybersecurity vulnerabilities, the method including: constructing a cybersecurity attack schema for each of the one or more cybersecurity vulnerabilities; determining, for each of the plurality of malicious actions of each of the one or more cybersecurity vulnerabilities, one or more resource metrics; obtaining, for each of the one or more cybersecurity vulnerabilities, one or more final resource metrics based on evaluating each of the one or more resource metrics; obtaining, for each of the one or more cybersecurity vulnerabilities, an impact metric that is indicative of a degree of damage that can be caused by the cybersecurity vulnerability; and calculating, for each of the one or more cybersecurity vulnerabilities, a cybersecurity priority level based on the impact metric and the one or more final resource metrics.

Abstract: A system and method of evaluating one or more cybersecurity vulnerabilities to establish a priority metric for each of the one or more cybersecurity vulnerabilities, the method including: constructing a cybersecurity attack schema for each of the one or more cybersecurity vulnerabilities; determining, for each of the plurality of malicious actions of each of the one or more cybersecurity vulnerabilities, one or more resource metrics; obtaining, for each of the one or more cybersecurity vulnerabilities, one or more final resource metrics based on evaluating each of the one or more resource metrics; obtaining, for each of the one or more cybersecurity vulnerabilities, an impact metric that is indicative of a degree of damage that can be caused by the cybersecurity vulnerability; and calculating, for each of the one or more cybersecurity vulnerabilities, a cybersecurity priority level based on the impact metric and the one or more final resource metrics.

Abstract: A method and apparatus that authenticate an application are provided. The method includes connecting an authentication application on the first device to a second application of a second device on a second address and port in response to receiving a first request on a first address and port from the second application, receiving a second request including a signed certificate of the second device, determining whether the signed certificate is valid, in response to determining the signed certificate is valid, displaying a screen to accept request if the signed certificate is unapproved, and performing a function if the request is accepted.

Abstract: A system and method of establishing a secure time value in a connected device. The method includes: receiving a hash of a pinset at the connected device from each independent time server in a federation, wherein the pinset is stored at the connected device as well as at the independent time servers remotely located from the connected device; receiving at the connected device a time value along with each hash of the pinset; attempting to verify the hashes of the pinset received from each of the plurality of independent time servers at the connected device; and determining at the connected device which time values received from the plurality of independent time servers are valid based on validity of the hashes.

Abstract: A system and a method for communicating over a Bluetooth Low Energy (BLE) connection in a vehicle. The method includes the steps of: establishing a Bluetooth Low Energy (BLE) connection between a mobile device and a BLE system in the vehicle, wherein the establishing step includes receiving first credentials of the mobile device at the BLE system; providing second credentials to the mobile device from the vehicle, wherein the second credentials are different than the first credentials; and receiving a message from the mobile device that is encrypted using the first and second credentials.

Abstract: A system and method of regulating access to a vehicle from a wireless device communicating using short-range wireless communications includes: transmitting a vehicle access certificate signing request from the wireless device to a central facility; receiving an authenticated vehicle access certificate from the central facility in response to the vehicle access certificate signing request, wherein the authenticated vehicle access certificate is signed using a central facility private key and includes the wireless device public key; transmitting the authenticated vehicle access certificate containing the wireless device public key from the wireless device to the vehicle via a short-range wireless communications protocol; receiving from the vehicle a shared secret that is encrypted by the wireless device public key; decrypting the received shared secret using a wireless device private key; generating a command controlling vehicle functions; and transmitting the command from the wireless device to the vehicle.

Abstract: A system and method of establishing a secure time value in a connected device. The method includes: receiving a hash of a pinset at the connected device from each independent time server in a federation, wherein the pinset is stored at the connected device as well as at the independent time servers remotely located from the connected device; receiving at the connected device a time value along with each hash of the pinset; attempting to verify the hashes of the pinset received from each of the plurality of independent time servers at the connected device; and determining at the connected device which time values received from the plurality of independent time servers are valid based on validity of the hashes.

Abstract: A system and method of regulating access to a vehicle from a wireless device communicating using short-range wireless communications includes: transmitting a vehicle access certificate signing request from the wireless device to a central facility; receiving an authenticated vehicle access certificate from the central facility in response to the vehicle access certificate signing request, wherein the authenticated vehicle access certificate is signed using a central facility private key and includes the wireless device public key; transmitting the authenticated vehicle access certificate containing the wireless device public key from the wireless device to the vehicle via a short-range wireless communications protocol; receiving from the vehicle a shared secret that is encrypted by the wireless device public key; decrypting the received shared secret using a wireless device private key; generating a command controlling vehicle functions; and transmitting the command from the wireless device to the vehicle.

Abstract: A mobile communication system that includes a vehicle and a mobile device is provided. The method pertains to revoking communication control privileges of the mobile device previously authorized to control the vehicle. The method includes the steps of receiving a revocation request at the vehicle via a user interface device, the revocation request including a request to revoke the communication control privileges of the previously authorized mobile device, wherein the control privileges includes a capacity to remotely command at least one of a plurality of vehicle functions; and based on the revocation request, revoking at the vehicle the communication control privileges of the previously authorized mobile device.

Abstract: A system and a method for communicating over a Bluetooth Low Energy (BLE) connection in a vehicle. The method includes the steps of: establishing a Bluetooth Low Energy (BLE) connection between a mobile device and a BLE system in the vehicle, wherein the establishing step includes receiving first credentials of the mobile device at the BLE system; providing second credentials to the mobile device from the vehicle, wherein the second credentials are different than the first credentials; and receiving a message from the mobile device that is encrypted using the first and second credentials.

Abstract: A system and a method are disclosed providing user information in a vehicle. The method includes the steps of: providing over a vehicle network a cryptographic key in response to receiving a wireless signal from a wireless transmitter at a first electronic control unit (ECU); receiving at a second ECU the cryptographic key; authenticating the cryptographic key at the second ECU; and providing user information via the second ECU based on the authentication.

Abstract: A mobile communication system that includes a vehicle and a mobile device is provided. The method pertains to revoking communication control privileges of the mobile device previously authorized to control the vehicle. The method includes the steps of receiving a revocation request at the vehicle via a user interface device, the revocation request including a request to revoke the communication control privileges of the previously authorized mobile device, wherein the control privileges includes a capacity to remotely command at least one of a plurality of vehicle functions; and based on the revocation request, revoking at the vehicle the communication control privileges of the previously authorized mobile device.

Abstract: A method of providing access to a password-protected electronic control unit (ECU) using encryption includes generating a cryptographic key for the ECU using a master password, a serial number of the ECU, and a password-based key derivation function; converting the generated cryptographic key into an ECU password; and accessing data from the ECU using the ECU password.

Abstract: A system and a method are disclosed providing user information in a vehicle. The method includes the steps of: providing over a vehicle network a cryptographic key in response to receiving a wireless signal from a wireless transmitter at a first electronic control unit (ECU); receiving at a second ECU the cryptographic key; authenticating the cryptographic key at the second ECU; and providing user information via the second ECU based on the authentication.

Abstract: A method of providing access to a password-protected electronic control unit (ECU) using encryption includes generating a cryptographic key for the ECU using a master password, a serial number of the ECU, and a password-based key derivation function; converting the generated cryptographic key into an ECU password; and accessing data from the ECU using the ECU password.