Abstract: A supplier network device is provided and includes a supplier processor and memory that stores a credential package including information for a chip or a vehicle control module (VCM). The supplier processor: receives ID and signature public keys from the chip, where the ID and signature public keys correspond respectively to private keys stored in the chip; transmit the ID and signature public keys to a certificate authority processor of a vehicle manufacturer data center; and receive the credential package including signing certificates from the certificate authority processor prior to assembling the VCM. The supplier processor: reads the ID public key from the VCM subsequent to incorporating the chip in the VCM; identifies the credential package based on the ID public key; and based on the identifying of the credential package, programs the VCM with the signing certificates prior to installation of the vehicle control module in a vehicle.

Abstract: A supplier network device is provided and includes a supplier processor and memory that stores a credential package including information for a chip or a vehicle control module (VCM). The supplier processor: receives ID and signature public keys from the chip, where the ID and signature public keys correspond respectively to private keys stored in the chip; transmit the ID and signature public keys to a certificate authority processor of a vehicle manufacturer data center; and receive the credential package including signing certificates from the certificate authority processor prior to assembling the VCM. The supplier processor: reads the ID public key from the VCM subsequent to incorporating the chip in the VCM; identifies the credential package based on the ID public key; and based on the identifying of the credential package, programs the VCM with the signing certificates prior to installation of the vehicle control module in a vehicle.

Abstract: Systems and methods for improved security for a core in a portable computing device (PCD), such as a core operating a high level operating system (HLOS) are presented. In operation, a monitor module on the SoC is initialized. The monitor module sends a request to the core of the SoC and the monitor module receives a response from the core. A timer in communication with the monitor module is checked. The timer is reset or disabled by the monitor module if the response from the core is received at the monitor module before the expiration of the timer. Otherwise, the monitor module applies at least one security measure to the core as a result of the timer expiring.

Abstract: Write protection management systems are disclosed. In this regard, in one exemplary aspect, a security control system is provided to authorize and write a specified number of data blocks to a write-protected region in a storage device. In another exemplary aspect, a write control system is provided to keep track of data blocks written to the write-protected region. The write control system automatically re-enables write protection on the write-protected region after the specified number of data blocks has been written to the write-protected region. By automatically protecting the write-protected region after writing the specified number of data blocks, it is possible to prevent unauthorized attempts to write to the write-protected region, thus ensuring data security and integrity in the write-protected region.

Abstract: Systems and methods for improved security for a core in a portable computing device (PCD), such as a core operating a high level operating system (HLOS) are presented. In operation, a monitor module on the SoC is initialized. The monitor module sends a request to the core of the SoC and the monitor module receives a response from the core. A timer in communication with the monitor module is checked. The timer is reset or disabled by the monitor module if the response from the core is received at the monitor module before the expiration of the timer. Otherwise, the monitor module applies at least one security measure to the core as a result of the timer expiring.

Abstract: Techniques for dynamically validating the integrity of a High Level Operating System (HLOS) stored on a data processing device are provided. The techniques include a method for execution on a data processing device including initiating a boot sequence on the data processing device, reading a code partition from a memory unit in the data processing device, such that the code partition is associated with a HLOS stored in the memory unit, performing a cryptographic function on the code partition, storing a result of the cryptographic function in a secure memory, continuing the boot sequence to load at least a portion of the HLOS into a non-secure memory unit, cryptographically signing the result of the cryptographic function stored in the secure memory unit, and sending the encrypted result of the cryptographic function to a remote server.

Abstract: Various embodiments of methods and systems for modification of instructions and/or data associated with one or more boot stages in a boot sequence are disclosed. The authenticity and integrity of the modified instructions and/or data in certain embodiments may be ensured by using a confidential key and a message authentication code (“MAC”) algorithm to generate a MAC output. The MAC output is compared to an expected MAC associated with the modified instructions and/or data. The confidential key is uniquely associated with the system on a chip (“SoC”) or a component of the SoC. In this way, embodiments of the solution guard against unauthorized modification or replacement of the OEM boot instructions.