Secure firmware updates for remote vehicles

Abstract

Systems and methods of secure firmware updates on remote vehicles are provided. The system receives a request from a vehicle for an update to vehicle firmware, and identifies a blockchain address for the vehicle. The system generates a session identifier and identifies a firmware update file. The system generates a digital signature based on a combination of the session identifier and a first hash value of the firmware update file. The system provides, for storage in a block at the blockchain address, the digital signature. The system transmits the session identifier to the vehicle. The system transfers the firmware update file to the vehicle. The vehicle verifies the firmware update file using the digital signature retrieved from the block at the blockchain address, a second hash value of the firmware update file received from the data processing system, and the session identifier received from the data processing system.

Description

BACKGROUND[0001]Vehicles, such as automobiles, can include electronic components. The electronic components can perform functions on or for the vehicle. The vehicle can use the electronic components to facilitate vehicle-related functions, such as driving.SUMMARY[0002]The present disclosure is directed to systems and methods of secure firmware updates for remote vehicles. A vehicle can include numerous digital hardware components that run or execute firmware. The firmware run by the digital hardware components can be updated periodically to improve the functionality of the digital hardware components. It can be challenging to securely transfer the firmware update file due to network topology issues, cybersecurity threats or attacks, or other accidental or malicious issues that can result in the firmware being altered. Further, it can be challenging to efficiently securely transfer firmware update files without expensive or hard to scale infrastructure.[0003]Systems and methods of th...

AI Technical Summary

Benefits of technology

[0002]The present disclosure is directed to systems and methods of secure firmware updates for remote vehicles. A vehicle can include numerous digital hardware components that run or execute firmware. The firmware run by the digital hardware components can be updated periodically to improve the functionality of the digital hardware components. It can be challenging to securely transfer the firmware update file due to network topology issues, cybersecurity threats or attacks, or other accidental or malicious issues that can result in the firmware being altered. Further, it can be challenging to efficiently securely transfer firmware update files without expensive or hard to scale infrastructure.

[0003]Systems and methods of the present technical solution provide for secure firmware updates on remote vehicles. The present technical solution can provide an efficient, scalable system for securely transferring firmware updates to remote vehicles. For example, the present technical solution can combine a cryptographic hash (for example: sha256), a session management identifier and generate a digital signature stored in an immutable blockchain transaction. The digital signature can ensure data integrity of the firmware downloaded from a server to the vehicle during an over-the-air software update process. The vehicle can verify the firmware update by comparing a hash value of the firmware update file and the session identifier received from the blockchain with a hash value of the firmware update file and session identifier received from the server. Upon determining a match, the vehicle can proceed with installing the firmware update file.

[0004]At least one aspect is directed to a system to perform secure firmware updates on a remote vehicle. The system can include a data processing system. The data processing system can include one or more processors and memory. The data processing system can include one or more of a vehicle identification component, session handler component, firmware controller component, hash component and signature generation component. The data processing system can receive a request via a vehicle interface. The request can be for an update to a firmware executed by a component of a vehicle. The data processing system can identify a blockchain address for the vehicle based on the request. The data processing system can generate, responsive to the request, a session identifier for the request. The data processing system can identify a firmware update file responsive to the request. The data processing system can generate a digital signature based on a combination of the session identifier and a first hash value generated via application of a hash function to the firmware update file. The data processing system can provide, for storage in a block at the blockchain address, the digital signature. The data processing system can transmit the session identifier to the vehicle. The data processing system can transfer the firmware update file to the vehicle. Receipt of the firmware update file by the vehicle can cause the vehicle to verify the firmware update file prior to installation. The vehicle can verify the firmware update file based on a comparison of the digital signature retrieved from the block at the blockchain address with a second hash value generated via application of the hash function to the firmware update file received from the data processing system and the session identifier received from the data processing system.

Problems solved by technology

It can be challenging to securely transfer the firmware update file due to network topology issues, cybersecurity threats or attacks, or other accidental or malicious issues that can result in the firmware being altered.

Further, it can be challenging to efficiently securely transfer firmware update files without expensive or hard to scale infrastructure.

Images