A
security system and method for deterring theft of a product, especially an automotive vehicle, is provided. In an embodiment, a secure storage device is provided that can be presented to a vehicle computer. The secure storage device includes a digital
certificate associated with the vehicle and is operable to automatically install the
certificate on the vehicle's computer once presented to the computer. At this point the vehicle's computer checks whether the
certificate is valid and is issued by the private enterprise
certificate authority of the vehicle manufacturer. If it is valid, the vehicle's computer then presents the certificate to the
software upgrade server of the vehicle manufacurer. The
upgrade server checks its certificate
revocation list to see if the certificate has been revoked, perhaps because the vehicle is in a
list of reported stolen vehicles. If the vehicle is not in the
list i.e., its certificate is still valid, the
server then allows for
authorization of a fully autonomous online download (can be confirmed, if desired) and the
secure authentication of such activities. If the vehicle is in the list of reported stolen vehicles, the server performs an exceptional handling process to prevent any
software upgrade to the vehicle and reports the incident to the administrator to take firer action. The main vehicle computer may disable the stolen vehicle completely if the vehicle does not get its
software upgraded for a predetermined period of time from an authorized server.