Abstract: A method for validation of virtual function pointers includes compiling a source code file with one or more classes whereby each of the classes has a virtual table, and the compiling includes associating a security check function with the virtual function invocation site such that the associated security check function is executed prior to an invocation of the virtual function, generating a class hierarchy hash table (CHHT), whereby when the compiled source code file is executed, the security check function is used to determine whether an invoked virtual function pointer of a virtual function associated with the security check function is valid by looking up an indicator in the CHHT according to a hash result of the virtual function pointer and an address of a virtual table containing the virtual function pointer.

Abstract: A vehicle-mounted device upgrade method and a related device. The method may be applied to a vehicle-mounted system, a vehicle-mounted control device and one or more to-be-upgraded vehicle-mounted devices, and the method may include: obtaining, by the vehicle-mounted control device, a vehicle-mounted upgrade package, where the vehicle-mounted upgrade package includes a plurality of upgrade files, and each upgrade file is used to upgrade at least one to-be-upgraded vehicle-mounted device; performing, by the vehicle-mounted control device, security verification on the plurality of upgrade files; and sending, by the vehicle-mounted control device, a target upgrade file to a target to-be-upgraded vehicle-mounted device that is to be upgraded by using the target upgrade file, where the target upgrade file is an upgrade file on which security verification succeeds in the plurality of upgrade files. According to this application, the vehicle-mounted device can be securely and efficiently upgraded.

Abstract: A system and method generate private keys for devices participating in a self-certified identity based encryption scheme. A private key is used by the devices to establish a common session key for encoding digital communications between devices.

Abstract: A method for authenticating a connection between a user device and a vehicle includes sending, by the vehicle, a first wireless signal through a connection channel, receiving, by the vehicle, a second wireless signal through the connection channel, and acquiring, by the vehicle, a second signal strength sequence from second N continuous signal strength characteristics (PFVeh) of the second wireless signal, receiving, by the user device from the vehicle, the first wireless signal, acquiring a first signal strength sequence from first N continuous signal strength characteristics (PFUDev) of the first wireless signal, and communicating, by the user device, the first signal strength sequence to the vehicle.

Abstract: This document describes a system and method for generating two types of session keys for encoding digital communications between two devices. In particular, the first type of session key possesses escrow properties whereby a trusted third party will be able to generate the first type of session key to decode the digital communications between the two devices while the second type of session key does not possess escrow properties.

Abstract: A method for authenticating a connection between a user device and a vehicle includes sending, by the vehicle, a first wireless signal through a connection channel, receiving, by the vehicle, a second wireless signal through the connection channel, and acquiring, by the vehicle, a second signal strength sequence from second N continuous signal strength characteristics (PFVeh) of the second wireless signal, receiving, by the user device from the vehicle, the first wireless signal, acquiring a first signal strength sequence from first N continuous signal strength characteristics (PFUDev) of the first wireless signal, and communicating, by the user device, the first signal strength sequence to the vehicle.

Abstract: This document describes a device and method for validation of virtual function pointers. The method is about compiling a source code file with one or more classes whereby each of the classes has a virtual table, the compiling comprises: associating a security check function with the virtual function invocation site such that the associated security check function is executed prior to an invocation of the virtual function; generating a Class Hierarchy Hash Table (CHHT); whereby when the compiled source code file is executed, the security check function is used to determine whether an invoked virtual function pointer of a virtual function associated with the security check function is valid by looking up a indicator in the CHHT according to a hash result of the virtual function pointer and an address of a virtual table containing the virtual function pointer.

Abstract: A network architecture for updating control units in a remote network such as in a vehicle comprises an administration module, a verification module and an agent module. The administration module formulates a policy for governing the update of control units based on context information about the control units provided to the administration module. In formulating the policy, the administration unit takes account of compatibility between the control units with regard to versions of the update so that the update can succeed. Or, if the update fails in whole or part, a stable state of the remote network can nevertheless still be obtained, since the administration module may provide error handling procedures for the agent module when errors are encountered during update.

Abstract: This document describes a system and method for generating two types of session keys for encoding digital communications between two devices. In particular, the first type of session key possesses escrow properties whereby a trusted third party will be able to generate the first type of session key to decode the digital communications between the two devices while the second type of session key does not possess escrow properties.

Abstract: A vehicle-mounted device upgrade method and a related device. The method may be applied to a vehicle-mounted system, a vehicle-mounted control device and one or more to-be-upgraded vehicle-mounted devices, and the method may include: obtaining, by the vehicle-mounted control device, a vehicle-mounted upgrade package, where the vehicle-mounted upgrade package includes a plurality of upgrade files, and each upgrade file is used to upgrade at least one to-be-upgraded vehicle-mounted device; performing, by the vehicle-mounted control device, security verification on the plurality of upgrade files; and sending, by the vehicle-mounted control device, a target upgrade file to a target to-be-upgraded vehicle-mounted device that is to be upgraded by using the target upgrade file, where the target upgrade file is an upgrade file on which security verification succeeds in the plurality of upgrade files. According to this application, the vehicle-mounted device can be securely and efficiently upgraded.

Abstract: This document discloses a system and method for verifying system integrity of an electronic device. The electronic device includes a verifier device provided within a secure environment of the electronic device and a scanner device provided within a normal environment of the electronic device whereby the secure environment comprises hardware that is isolated from the hardware in the normal environment, i.e. these two environments are hardware isolated.

Abstract: This document describes a system and method for generating private keys for devices participating in a self-certified identity based encryption scheme whereby the private key is used by the devices to establish a common session key for encoding digital communications between devices.

Abstract: A system and method for securing Short Message Service (SMS) communications between two communication devices disclosed herein. SMS communications between these two communication devices are secured using a SMS encryption technique that utilizes the communication device's unique address as inputs to encrypt and decrypt the SMS messages.

Abstract: This document discloses a system and method for verifying system integrity of an electronic device. The electronic device includes a verifier device provided within a secure environment of the electronic device and a scanner device provided within a normal environment of the electronic device whereby the secure environment comprises hardware that is isolated from the hardware in the normal environment, i.e. these two environments are hardware isolated.

Abstract: Embodiments of the application provide a mobile device architecture having non-protected environment and one or more protected containers for isolating application programs and application data according to their sensitivity or privacy levels. Access policy and exception policy are defined for each protected container to limit access to application program and data associated with or stored in the protected container(s). A communication monitor module is provided to implement the access and exception policy, and manage communication in the mobile device, including intra-container communication, inter-container communication and communication to and from the non-protected environment.