- Bidirectional Pipeline from the Cloud to the End Devices
The eSync system creates a data pipeline that provides data flow in both directions. It can push data down to the end devices in the vehicle, for OTA updates. And it can pull data up from the end devices in the vehicle, for diagnostic and telematics services.
Agents created for each eSync-compliant end device manage both the updating process and the status gathering process. Even the OTA process makes use of diagnostic capabilities, as agents provide status and capabilities information to the client. The client assembles the information and provides a current ‘manifest’ of eSync-compliant end devices on its network to the cloud server, which then uses that information to guide the OTA processes to the vehicle.
This approach has several benefits:
- Improved OTA cycle: Prior to an OTA update, the eSync system provides valid data of the state of the end device; during an OTA update the eSync system compresses and encrypts the files to be transmitted according to the reconstruction and decryption resources of the end device; after an OTA update the eSync system validates the successful completion of the update
- Data-driven prognostics: data from end devices feeds into the server, providing the database for diagnostics and predictive analytics
- Smart learning: the closed feedback loop of status-update-new status-new update drives enhanced efficiency and performance improvements
- Bidirectional End-to-End Security
OTA systems need a strong focus on cybersecurity, and should aim for a coherent ‘end-to-end’ security structure. Attackers can intrude anywhere between the OTA server in the cloud and the end device, and should not be able to read or manipulate any of the transmitted data, nor insert any malicious data of their own. The security system should also provide defense-in-depth, so that if one element is compromised the damage cannot spread.
To meet these requirements, a system must include cryptographic protocols tailored to the resource constraints of embedded systems. Sufficient protection exists only if the validation used for the cryptographic measures are appropriately distributed.
The eSync System provides layered bidirectional validation and distribution of cryptographic keys. All clients in the fleet must be validated by the server, and the server must be validated by all clients in the fleet. An additional layer of cybersecurity is created within the car, where all agents in the car must be validated by the client, and the client must be validated by all the agents in the car.
All communications can be encrypted in the eSync System. Communications over the air are typically encrypted using AES-256, a security protocol rating by the US Government as sufficient even for highly-classified material. Communications from the client to agents within the vehicle may use this same high level of encryption, or less complex encryption schemes, depending on the decryption resources available in the various end devices. The system also uses SHA-256 (Secure Hash) to create a secure digital ‘fingerprint’ of the original data file in the server, so that the update agent at the end device is able to verify after the many steps in the process -- compression, encryption, transmission over the air, transfer over the in-vehicle network, decryption and decompression -- that the resulting file has not been forged, spoofed, or in any way corrupted, and is in fact an exact duplicate of the original authorized file on the server.