Abstract: Aspects of the invention are directed to techniques for mutual authentication between a passenger that has requested a transportation service and a dispatched vehicle for providing the requested transportation service. A user device associated with the passenger verifies the dispatched vehicle using a vehicle access token generated by a transportation service platform and sends a secret key to the dispatched vehicle. The dispatched vehicle uses the secret key to recover passenger biometric information from a passenger secret received from the user device through the transportation service platform, captures passenger biometric information on-site, and compares the recovered passenger biometric information and the passenger biometric information collected on-site to verify the passenger.

Abstract: Methods, systems, and apparatus, including computer programs encoded on computer storage media, for a system associated with a vehicle are provided. One of the systems includes one or more electronic control units (ECUs) connected to a controller area network (CAN) bus, one or more infotainment devices, and a security gateway coupled to the one or more ECUs via the CAN bus and connected to the one or more infotainment devices. The security gateway may be configured to receive signals from the CAN bus and the one or more infotainment devices and detect a security event based at least in part on received signals.

Abstract: Methods and systems for improving security of a vehicle are disclosed. In one embodiment, a method comprises receiving, from a requester, a request to access a vehicle compartment of a vehicle; determining a scope of access of the vehicle compartment for the requester based on an operation of the vehicle; and configuring a lock mechanism of the vehicle compartment based on the scope of access.

Abstract: Disclosed are techniques for mutual authentication between a passenger that has requested a transportation service and a dispatched vehicle for providing the requested transportation service. A user device associated with the passenger verifies the dispatched vehicle using a vehicle access token generated by a transportation service platform and sends a secret key to the dispatched vehicle. The dispatched vehicle uses the secret key to recover passenger biometric information from a passenger secret received from the user device through the transportation service platform, captures passenger biometric information on-site, and compares the recovered passenger biometric information and the passenger biometric information collected on-site to verify the passenger.

Abstract: Embodiments of the disclosure provide systems and methods for determining fingerprint information of a terminal device in a transportation service. An exemplary system may include a communication interface configured to establish a communication link between first and second terminal devices and receive user data from the first terminal device associated with a user of the transportation service. The communication interface may also be configured to receive authentication information authenticating the second terminal device. The system may also include a memory configured to store the user data and at least one processor coupled to the memory. The at least one processor is configured to determine a first fingerprint of the first terminal device based on the user data after receiving the authentication information authenticating the second terminal device.

Abstract: A first data tree and a second data tree may be accessed. The first data tree may include a first set of directory nodes and a first set of file nodes, and the second data tree may include a second set of directory nodes and a second set of file nodes. The first data tree may be converted into a first data tree file, and the second data tree may be converted into a second data tree file. A delta for the first data tree and the second data tree may be generated based on a comparison of the first data tree file and the second data tree file.

Abstract: Embodiments of the disclosure provide systems and methods for fraud detection in a transportation service. An exemplary system may include a communication interface configured to receive user data from a terminal device associated with a user providing the transportation service. The user data may include identification information of the terminal device. The system may also include a memory configured to store the user data. The system may also include at least one processor coupled to the memory. The processor may be configured to determine a first fingerprint based on the identification information. The processor may be further configured to determine whether the first fingerprint matches a first reference fingerprint associated with a registered terminal device. Moreover, the processor may be configured to generate a first notice when the first fingerprint does not match the first reference fingerprint.

Abstract: Systems and methods for managing a compromised autonomous vehicle server are described herein. A processor may obtain an indication of a first server configured to control an autonomous vehicle being compromised. The autonomous vehicle may have previously been provisioned with a first public key. The first public key may be paired with a first private key. A processor may compile command information. The command information may include a command for the autonomous vehicle and a digital certificate of a second server configured to control the autonomous vehicle in the event of the first server being compromised. The digital certificate may include a second public key and may be signed with the first private key. The command may be signed with a second private key associated with the second server. The second private key may be paired with the second public key.

Abstract: Disclosed are techniques for securing electronic control units (ECUs) in a vehicle. A security platform for a vehicle includes a key distribution center (KDC) for the vehicle. The KDC is configured to verify that a digital certificate associated with a first electronic control unit (ECU) on the vehicle is a valid certificate, where the digital certificate indicates a first security level of the first ECU. The KDC is configured to generate, based on the first security level of the first ECU, one or more security keys for secure communication between the first ECU and a set of ECUs on the vehicle, and provision the one or more security keys to the first ECU and the set of ECUs. In some embodiments, the KDC uses the provisioned keys to authenticate each ECU when the vehicle is powered up.

Abstract: Embodiments of the disclosure provide systems and methods for fraud detecting in a transportation service. An exemplary method may include receiving user data from a terminal device associated with a user providing transportation service. The user data may include a location associated with the transportation service and positioning data of a geographical positioning system. The method may also include determining a first fingerprint based on the positioning data. The method may further include determining whether the first fingerprint matches a first reference fingerprint of a transmitter of the geographical position system corresponding to the location. Moreover, the method may include triggering a first fraud alert when the first fingerprint does not match the first reference fingerprint.

Abstract: Disclosed are techniques for securing electronic control units (ECUs) in a vehicle while allowing secure repairing of the ECUs. A method of repairing a vehicle includes disabling message authentication in secure communication between any two ECUs in a plurality of ECUs on the vehicle, detecting a first ECU that has been changed based on detecting an absence of a valid security key on the first ECU, verifying that a digital certificate associated with the first ECU is a valid certificate, generating one or more security keys for secure communication between the first ECU and a set of ECUs in the plurality of ECUs, provisioning the one or more security keys to the first ECU and the set of ECUs, and enabling the message authentication in secure communication between any two ECUs of the plurality of ECUs.

Abstract: A first data tree of a first version of the software and a second data tree of a second version of the software may be provided. The first data tree may be converted into a first data tree file, and the second data tree may be converted into a second data tree file. A delta for the first data tree and the second data tree may be generated based on a comparison of the first data tree file and the second data tree file. The delta may be packaged for provision to a client-side agent. The client-side agent may be configured to modify a client-side version of the software based on the delta.

Abstract: Systems and methods for vehicle identification are described herein. A set of vehicle identification information may be obtained from a set of autonomous vehicles. Individual vehicle identification information may convey identifications of one or more vehicles and locations of the one or more vehicles. Vehicle context information for individual vehicles may be determined from the set of vehicle identification information. The vehicle context information for the individual vehicles may describe a context of the individual vehicles. The context may include one or a combination of a speed of travel, a direction of travel, a trajectory, or an identity profile.

Abstract: Fingerprints of file node(s) within a first data tree and file node(s) within a second data tree may be generated. The first data tree may include a first set of directory nodes and a first set of file nodes. The second data tree may include a second set of directory nodes and a second set of file nodes. A delta between the first data tree and the second data tree may be generated based on a first classification of similarity between the first set of file nodes and the second set of file nodes, a second classification of similarity between the first set of directory nodes and the second set of directory nodes, and file-node delta(s) between file node(s) of the first set of file nodes and file node(s) of the second set of file nodes. The file-node delta(s) determined based on two or more of the fingerprints.

Abstract: A first data tree may include a first set of directory nodes and a first set of file nodes. A second data tree may include a second set of directory nodes and a second set of file nodes. Similarity between the first set of file nodes and the second set of file nodes may be classified based on file names, file paths, and file values. Similarity between the first set of directory nodes and the second set of directory nodes may be classified based on directory names, directory paths, nested folders, and included files. A delta between the first data tree and the second data tree may be generated based on the classification of similarity between the first set of file nodes and the second set of file nodes and the classification of similarity between the first set of directory nodes and the second set of directory nodes.

Abstract: Aspects of the invention relate to a method for securing a vehicle compartment including receiving authorization data; setting a mode of operation of an access element based on the authorization data, the access element operable to control a locking mechanism of the vehicle compartment in a vehicle; receiving sensor data indicating that the vehicle compartment in the vehicle has been opened; and in response to the authorization data corresponding to the second mode of operation and the sensor data contemporaneously indicating that the vehicle compartment is opened: initiating a security protocol. The access element (e.g., user accessible button disposed in the vehicle cabin) can be configured to operate in a first mode of operation that allows the access element to control the locking mechanism and a second mode of operation that prevents the access element from controlling the locking mechanism.

Abstract: Some embodiments include techniques for mutual authentication between a passenger that has requested a transportation service and a dispatched vehicle for providing the requested transportation service. A user device associated with the passenger verifies the dispatched vehicle using a vehicle access token generated by a transportation service platform and sends a secret key to the dispatched vehicle. The dispatched vehicle uses the secret key to recover passenger biometric information from a passenger secret received from the user device through the transportation service platform, captures passenger biometric information on-site, and compares the recovered passenger biometric information and the passenger biometric information collected on-site to verify the passenger.

Abstract: Methods and systems for improving security of a vehicle are disclosed. In one embodiment, a method comprises receiving, from a requester, a request to access a vehicle compartment of a vehicle; determining a scope of access of the vehicle compartment for the requester based on an operation of the vehicle; and configuring a lock mechanism of the vehicle compartment based on the scope of access.

Abstract: A method for network control, comprising receiving a request for a network view from an application at a Software Defined Network (SDN) controller, creating a network view from a network map, wherein the network map comprises a representation of a plurality of network devices and network paths in a SDN-based multiple layer network, and wherein the network view comprises at least a portion of the devices or paths in the network map, and sharing the network view with the application.

Abstract: A method for authenticating an Internet Protocol Security (IPsec) packet, wherein the method comprises, receiving the IPsec packet via an input port, performing a Sequence-Integrity Check Value (SEQ-ICV) check that validates a sequence number within the IPsec packet, and performing an Integrity Check Value (ICV) check that validates a checksum within the IPsec packet, wherein the SEQ-ICV check is performed before the ICV check. In yet another example embodiment, an apparatus for transmitting an IPsec packet, comprising a processor, and a transmitter coupled to the processor, wherein the transmitter is configured to transmit an IPsec packet that comprises a header that comprises a sequence number field that provides a sequence number, and a payload that comprises one or more SEQ-ICV segments used to authenticate the sequence number within the IPsec packet.