CN106685985A - Vehicle remote diagnosis system and method based on information safety technology - Google Patents
Vehicle remote diagnosis system and method based on information safety technology Download PDFInfo
- Publication number
- CN106685985A CN106685985A CN201710034678.5A CN201710034678A CN106685985A CN 106685985 A CN106685985 A CN 106685985A CN 201710034678 A CN201710034678 A CN 201710034678A CN 106685985 A CN106685985 A CN 106685985A
- Authority
- CN
- China
- Prior art keywords
- diagnosis
- module
- key
- mac
- gateway
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/12—Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H04L63/0435—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply symmetric encryption, i.e. same key used for encryption and decryption
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/06—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
- H04L9/0643—Hash functions, e.g. MD5, SHA, HMAC or f9 MAC
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computing Systems (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- Health & Medical Sciences (AREA)
- General Health & Medical Sciences (AREA)
- Medical Informatics (AREA)
- Power Engineering (AREA)
- Small-Scale Networks (AREA)
Abstract
The invention relates to a vehicle remote diagnosis system and method based on an information safety technology. The vehicle remote diagnosis system based on an information safety technology includes a diagnosis target ECU and a remote diagnosis server, and also includes a vehicle diagnosis reception gateway, wherein the vehicle diagnosis reception gateway is arranged between the diagnosis target ECU and the remote diagnosis server, and is in communication connection with the diagnosis target ECU and the remote diagnosis server; an asymmetric encryption unit is arranged between the vehicle diagnosis reception gateway and the remote diagnosis server; a symmetric encryption unit is arranged between the vehicle diagnosis reception gateway and the diagnosis target ECU; the remote diagnosis server communicates with the vehicle diagnosis reception gateway through an asymmetric encryption mode; and the vehicle diagnosis reception gateway communicates with the diagnosis target ECU through a symmetric encryption mode. Compared with the prior art, the vehicle remote diagnosis system and method based on an information safety technology can guarantee anonymity, integrity and authenticity of the whole vehicle remote diagnosis process.
Description
Technical field
The present invention relates to a kind of vehicle remote diagnosis method, remote more particularly, to a kind of vehicle based on information security technology
Journey diagnostic method.
Background technology
In recent years, the important breakthrough that Internet information technique is constantly obtained is had benefited from, automobile industry starts to march toward informationization
Epoch, automobile product also progressively moves towards intelligent.The related notions such as " intelligent transportation ", " car networking " also receive Chinese scholars
Extensive concern.The development of the correlation technique on these fields and constantly improve will all promote automobile constantly intelligent and information
Change.Wherein, the method that vehicle carries out remote diagnosis has also been reached its maturity by Ethernet and V2X technologies.
But with car networking technology and vehicle intellectualized lifting, the information security issue that automobile faces is also more and more
It is taken seriously.During vehicle remote firmware is carried out, by the infomational message of remote diagnosis server transmission and by target
The diagnostic message that ECU (electronic control unit) is returned would be possible to be subject to illegal tracking, record and distort, it is therefore desirable to use
Corresponding information security technology is protected to these information.
The content of the invention
The purpose of the present invention is exactly the defect in order to overcome above-mentioned prior art to exist and provides a kind of vehicle remote diagnosis
Method.
The purpose of the present invention can be achieved through the following technical solutions:
A kind of vehicle remote diagnosis system based on information security technology, the system includes diagnosis target ECU and remotely examines
Disconnected server, the system also includes that vehicle diagnostics receive gateway, and described vehicle diagnostics receive gateway and are arranged on diagnosis target ECU
Communicate to connect and remote diagnosis server between and respectively with both, described vehicle diagnostics receive gateway and remote diagnosis service
Asymmetric encryption unit is provided between device, described vehicle diagnostics to be received and be provided with symmetric cryptography between gateway and diagnosis target ECU
Unit;
Described asymmetric encryption unit is used for the diagnosis request at remote diagnosis server end to remote diagnosis server
Asymmetric encryption is carried out, while whether safe be decrypted checking at vehicle diagnostics reception gateway end communicates, if then vehicle is examined
Disconnecting is received gateway and enters diagnostic state, and remote diagnosis server sends key K and receives gateway to vehicle diagnostics;
Described symmetric cryptography unit is used to be received when gateway enters diagnostic state in vehicle diagnostics reception in vehicle diagnostics
Gateway end carries out symmetric cryptography to diagnosis request, while whether safe be decrypted checking at diagnosis target ECU end communicates, if
Then diagnose target ECU and enter diagnostic state, vehicle diagnostics receive gateway and key K sent to diagnosis target ECU, and then remotely examine
Disconnected server carries out remote diagnosis by key K encryptions to target ECU.
Described asymmetric encryption unit includes:
It is arranged on the first key generation distribution memory module that vehicle diagnostics receive gateway end:The module generates asymmetric adding
Close public key Kg_pu and corresponding private key Kg_pr, and public key Kg_pu is sent to remote diagnosis server, by private key Kg_pr
Preserve;
The second key for being arranged on remote diagnosis server end generates distribution memory module:The module generates asymmetric encryption
Public key Kr_pu and corresponding private key Kr_pr, and by public key Kr_pu send to vehicle diagnostics receive gateway, by private key Kr_pr
Preserve;
It is arranged on the cryptographic Hash generation module at remote diagnosis server end:The module is used to generate diagnosis request eap-message digest
Cryptographic Hash MAC;
It is arranged on the asymmetric encryption module at remote diagnosis server end:The module is using public key Kg_pu to diagnosis request
It is concurrent that cryptographic Hash MAC of message Req_meg and diagnosis request eap-message digest is encrypted generation Kg_pu (Req_meg+MAC)
Deliver to vehicle diagnostics and receive gateway;
It is arranged on the asymmetric deciphering module that vehicle diagnostics receive gateway end:The module generates distribution and deposits using first key
The private key Kg_pr that storage module is preserved is decrypted cryptographic Hash Req_ for obtaining diagnosis request message and diagnosis request eap-message digest
meg+MAC;
It is arranged on the first checking confirmation module that vehicle diagnostics receive gateway end:The module is according to the Kg_pu for receiving
(Req_meg+MAC) the Hash calculation value of diagnosis request eap-message digest is calculated, and this Hash calculation value is obtained with decryption
Cryptographic Hash MAC of diagnosis request eap-message digest contrasted, if identical, vehicle diagnostics receive gateway and enter diagnostic state,
Checking confirm module Req_meg+MAC is encrypted by public key Kr_pu obtain Kr_pu (Res_meg+MAC) and send to
Remote diagnosis server confirms;
The second checking for being arranged on remote diagnosis server end end confirms module:The module generates distribution using the second key
The private key Kr_pr that memory module is preserved is decrypted and verifies message correctness to Kr_pu (Res_meg+MAC), if correctly, the
Two checkings confirm that cryptographic Hash MAC of key K and diagnosis request eap-message digest is carried out asymmetric encryption by module by public key Kg_pu
Obtain Kg_pu (K+MAC) and send to vehicle diagnostics to receive gateway;
It is arranged on the first key preserving module that vehicle diagnostics receive gateway end:The module is generated by first key distributes
Private key Kg_pr in memory module is decrypted to Kg_pu (K+MAC) and obtains key K and preserve.
Described symmetric cryptography unit includes:
It is arranged on the first symmetric cryptographic key memory module that vehicle diagnostics receive gateway end:The module stores symmetric cryptography
Private key Ke_pr;
It is arranged on the second symmetric cryptographic key memory module at diagnosis target ECU end:The module stores symmetric cryptography private key
Ke_pr;
It is arranged on the symmetrical encryption module that vehicle diagnostics receive gateway end:The module is stored using the first symmetric cryptographic key
Symmetric cryptography private key Ke_pr in module is to diagnosis request message Req_meg and cryptographic Hash MAC of diagnosis request eap-message digest
It is encrypted generation Ke_pr (Req_meg+MAC) and sends to diagnosis target ECU;
It is arranged on the symmetrical deciphering module at diagnosis target ECU end:The module adopts the second symmetric cryptographic key memory module
In symmetric cryptography private key Ke_pr Ke_pr (Req_meg+MAC) is decrypted;
The 3rd checking for being arranged on diagnosis target ECU end confirms module:The module is according to the Ke_pr (Req_meg for receiving
+ MAC) the Hash calculation value of diagnosis request eap-message digest is calculated, and this Hash calculation value and symmetrical deciphering module are decrypted
Cryptographic Hash MAC of the diagnosis request eap-message digest for obtaining is contrasted, if both are identical, sends confirmation to vehicle diagnostics
Receive gateway;
It is arranged on the 4th checking confirmation module that vehicle diagnostics receive gateway:The checking of module verification the 3rd confirms that module is sent out
The correctness of the confirmation sent, and cryptographic Hash MAC of the key K in key preserving module and diagnosis request eap-message digest is entered
Row symmetric cryptography obtains Ke_pr (K+MAC) and sends to diagnosis target ECU;
It is arranged on the second key preserving module at target ECU end:The module passes through the second symmetric cryptographic key memory module
In symmetric cryptography private key Ke_pr Ke_pr (K+MAC) is decrypted obtains key K and preserve.
A kind of vehicle remote diagnosis method based on information security technology, the method comprises the steps:
(1) remote diagnosis server carries out asymmetric encryption to diagnosis request and sends to vehicle diagnostics to receive gateway, holds
Row step (2);
(2) vehicle diagnostics reception gateway is decrypted checking to the diagnosis request for receiving and whether safe communicates, if then car
Diagnosis receives gateway and enters diagnostic state, and remote diagnosis server sends key K and receives gateway to vehicle diagnostics, and performs step
Suddenly (3), otherwise terminate;
(3) vehicle diagnostics receive gateway and symmetric cryptography are carried out to diagnosis request and is sent to diagnosis target ECU;
(4) diagnosis target ECU is decrypted checking to the diagnosis request for receiving and whether safe communicates, if then diagnosing target
ECU enters diagnostic state, and vehicle diagnostics receive gateway and key K sent to diagnosis target ECU, and then remote diagnosis server is logical
Cross key K encryptions carries out remote diagnosis to target ECU, otherwise terminates.
Described diagnosis request includes cryptographic Hash MAC of diagnosis request message Req_meg and diagnosis request eap-message digest,
Step (1) generates cryptographic Hash MAC of diagnosis request eap-message digest initially with hash algorithm before being encrypted to diagnosis request.
Compared with prior art, the invention has the advantages that:
(1) present invention is provided with vehicle diagnostics and receives gateway as intermediate communication bridge, improves diagnosis target ECU and remote
The safety of journey diagnosis server direction communication;
(2) vehicle diagnostics of the present invention receive gateway and remote diagnosis server is added when using ethernet communication using asymmetric
Secret skill art, and receive then more preferable using real-time between gateway and diagnosis target ECU in vehicle interior vehicle diagnostics, account for resource more
Few symmetric cryptosystem, although asymmetric encryption safety is higher, encryption and decryption cost time length, speed are slow, right
Claim that encryption technology speed is fast, amount of calculation is little and efficiency high but confidentiality is be not as good as asymmet-ric encryption method, using two methods
Effective combination, can comprehensive both pluses and minuses, so as to realize ensureing certain communication speed while communication security is improved,
Improve efficiency;
(3) asymmetric encryption techniques are applied to into the communication between vehicle diagnostics reception gateway and remote diagnosis server,
Using its powerful security feature, the data to transmitting maintain secrecy, it is ensured that the reliability and anonymity in transmitting procedure;
(4) symmetric cryptosystem is applied to into the communication between diagnosis reception gateway and diagnosis target ECU, is added using symmetrical
Close technical speed is fast, amount of calculation is little and efficiency high characteristic, and the data to transmitting maintain secrecy, it is ensured that the reliability in transmitting procedure
Property and anonymity;
(5) cryptographic Hash of diagnosis request eap-message digest is generated using hash algorithm to diagnosis request message while encryption
MAC, make use of the irreversible characteristic of hash algorithm, for verifying the integrity and verity of transmission data.
Description of the drawings
Fig. 1 is structured flowchart of the present invention based on the vehicle remote diagnosis system of information security technology;
Fig. 2 is the communication structure block diagram that remote diagnosis server of the present invention and vehicle diagnostics are received between gateway;
Fig. 3 is the communication structure block diagram that vehicle diagnostics of the present invention are received between gateway and diagnosis target ECU.
In figure, 1 is diagnosis target ECU, and 2 is that vehicle diagnostics receive gateway, and 3 is remote diagnosis server, and 4 are communication mould
Block, 5 is encrypting module.
Specific embodiment
Below in conjunction with the accompanying drawings the present invention is described in detail with specific embodiment.
Embodiment
As shown in figure 1, a kind of vehicle remote diagnosis system based on information security technology, the system includes diagnosis target
ECU and remote diagnosis server 3, the system also includes that vehicle diagnostics receive gateway 2, and vehicle diagnostics reception gateway 2 is arranged on examines
Communicate to connect between disconnected target ECU1 and remote diagnosis server 3 and respectively with both, vehicle diagnostics receive gateway 2 and remotely examine
Asymmetric encryption unit is provided between disconnected server 3, vehicle diagnostics receive and symmetrical adding is provided between gateway 2 and diagnosis target ECU1
Close unit;Asymmetric encryption unit is non-for carrying out to the diagnosis request of remote diagnosis server 3 at the end of remote diagnosis server 3
Symmetric cryptography, while whether safe be decrypted checking at vehicle diagnostics reception gateway 2 end communicates, if then vehicle diagnostics are received
Gateway 2 enters diagnostic state, and remote diagnosis server 3 sends key K and receives gateway 2 to vehicle diagnostics;Symmetric cryptography unit is used
In the end of gateway 2 is received in vehicle diagnostics when vehicle diagnostics receive gateway 2 into diagnostic state diagnosis request is carried out symmetrically to add
It is close, while whether safe be decrypted checking at diagnosis target ECU1 end communicates, if then diagnosing target ECU1 enters diagnosis shape
State, vehicle diagnostics are received gateway 2 and key K are sent to diagnosis target ECU1, and then remote diagnosis server 3 and added by key K
It is close that remote diagnosis are carried out to target ECU.In figure, diagnosis target ECU1, vehicle diagnostics receive gateway 2 and remote diagnosis server 3
A communication module 4 and an encrypting module 5 are equipped with, communication module 4 realizes information communication, and encrypting module 5 realizes symmetrical adding
Close and asymmetric encryption, the encrypting module 4 in remote diagnosis server 3 and vehicle diagnostics reception gateway 2 constitutes described
Asymmetric encryption unit, diagnose the encrypting module 4 that target ECU1 and vehicle diagnostics are received in gateway 2 constitute it is described symmetrical plus
Close unit.
Asymmetric encryption unit includes:
It is arranged on the first key generation distribution memory module that vehicle diagnostics receive the end of gateway 2:The module generates asymmetric
The public key Kg_pu of encryption and corresponding private key Kg_pr, and public key Kg_pu is sent to remote diagnosis server 3, by private key Kg_
Pr is preserved;The second key for being arranged on the end of remote diagnosis server 3 generates distribution memory module:The module generates asymmetric encryption
Public key Kr_pu and corresponding private key Kr_pr, and by public key Kr_pu send to vehicle diagnostics receive gateway 2, by private key Kr_pr
Preserve;It is arranged on the cryptographic Hash generation module at the end of remote diagnosis server 3:The module is used to generate diagnosis request eap-message digest
Cryptographic Hash MAC;It is arranged on the asymmetric encryption module at the end of remote diagnosis server 3:The module please to diagnosis using public key Kg_pu
Ask message Req_meg and diagnosis request eap-message digest cryptographic Hash MAC be encrypted generation Kg_pu (Req_meg+MAC) and
Send to vehicle diagnostics and receive gateway 2;It is arranged on the asymmetric deciphering module that vehicle diagnostics receive the end of gateway 2:The module is adopted
First key generates the private key Kg_pr that distribution memory module preserves and is decrypted and obtains diagnosis request message and diagnosis request disappears
Cryptographic Hash Req_meg+MAC of breath summary;It is arranged on the first checking confirmation module that vehicle diagnostics receive the end of gateway 2:The module
Kg_pu (Req_meg+MAC) according to receiving is calculated the Hash calculation value of diagnosis request eap-message digest, and by this Hash
Cryptographic Hash MAC of the diagnosis request eap-message digest that value of calculation is obtained with decryption is contrasted, if identical, vehicle diagnostics receive net
Close 2 and enter diagnostic state, checking confirms that module is encrypted by public key Kr_pu to Req_meg+MAC and obtains Kr_pu (Res_
Meg+MAC) and send to remote diagnosis server 3 and confirm;The second checking for being arranged on the end end of remote diagnosis server 3 confirms mould
Block:The module is carried out using the private key Kr_pr that the second key generates distribution memory module preservation to Kr_pu (Res_meg+MAC)
Message correctness is decrypted and verifies, if correctly, the second checking confirms that module is disappeared key K and diagnosis request by public key Kg_pu
Cryptographic Hash MAC of breath summary carries out asymmetric encryption and obtains Kg_pu (K+MAC) and send to vehicle diagnostics to receive gateway 2;Arrange
The first key preserving module at the end of gateway 2 is received in vehicle diagnostics:The module is generated in distribution memory module by first key
Private key Kg_pr Kg_pu (K+MAC) is decrypted obtains key K and preserve.
Symmetric cryptography unit includes:
It is arranged on the first symmetric cryptographic key memory module that vehicle diagnostics receive the end of gateway 2:The module stores symmetrically add
Close private key Ke_pr;It is arranged on the second symmetric cryptographic key memory module at diagnosis target ECU1 end:The module stores symmetric cryptography
Private key Ke_pr;It is arranged on the symmetrical encryption module that vehicle diagnostics receive the end of gateway 2:The module adopts the first symmetric cryptographic key
Symmetric cryptography private key Ke_pr in memory module is to diagnosis request message Req_meg and the Hash of diagnosis request eap-message digest
Value MAC is encrypted generation Ke_pr (Req_meg+MAC) and sends to diagnosis target ECU1;It is arranged on diagnosis target ECU1 end
Symmetrical deciphering module:The module is using the symmetric cryptography private key Ke_pr in the second symmetric cryptographic key memory module to Ke_pr
(Req_meg+MAC) it is decrypted;The 3rd checking for being arranged on diagnosis target ECU1 end confirms module:The module is according to receiving
Ke_pr (Req_meg+MAC) be calculated the Hash calculation value of diagnosis request eap-message digest, and by this Hash calculation value with it is right
Cryptographic Hash MAC for claiming the deciphering module diagnosis request eap-message digest that decryption is obtained is contrasted, if both are identical, are sent and is confirmed
Information to vehicle diagnostics receive gateway 2;It is arranged on the 4th checking confirmation module that vehicle diagnostics receive gateway 2:The module verification
3rd checking confirms the correctness of the confirmation that module sends, and the key K and diagnosis request in key preserving module is disappeared
Cryptographic Hash MAC of breath summary carries out symmetric cryptography and obtains Ke_pr (K+MAC) and send to diagnosis target ECU1;It is arranged on target
The second key preserving module at ECU ends:The module is by the symmetric cryptography private key Ke_ in the second symmetric cryptographic key memory module
Pr is decrypted to Ke_pr (K+MAC) and obtains key K and preserve.
A kind of vehicle remote diagnosis method based on information security technology, the method comprises the steps:
(1) remote diagnosis server 3 carries out asymmetric encryption to diagnosis request and sends to vehicle diagnostics to receive gateway 2,
Execution step (2);
(2) diagnosis request of 2 pairs of receptions of vehicle diagnostics reception gateway are decrypted checking and whether safe communicate, if then car
Diagnosis receives gateway 2 and enters diagnostic state, and remote diagnosis server 3 sends key K and receives gateway 2 to vehicle diagnostics, and holds
Row step (3), otherwise terminates;
(3) vehicle diagnostics receive gateway 2 and symmetric cryptography are carried out to diagnosis request and is sent to diagnosis target ECU1;
(4) diagnosis target ECU1 is decrypted checking to the diagnosis request for receiving and whether safe communicates, if then diagnosing mesh
Mark ECU1 enters diagnostic state, and vehicle diagnostics receive gateway 2 and key K sent to diagnosis target ECU1, and then remote diagnosis clothes
Business device 3 carries out remote diagnosis by key K encryptions to target ECU, otherwise terminates.
Diagnosis request includes cryptographic Hash MAC of diagnosis request message Req_meg and diagnosis request eap-message digest, step
(1) cryptographic Hash MAC of diagnosis request eap-message digest is generated before diagnosis request being encrypted initially with hash algorithm.Thus,
One diagnosis trust chain trusty is just set up, Diagnosis Service, the inquiry between target ECU and remote diagnosis reception gateway
Ask and response, then encryption and decryption can be carried out by key K and be verified with Hash MAC value, this method ensures whole vehicle remote
The anonymity of diagnosis process, integrity and verity.
Fig. 2 receives the communication structure block diagram between gateway 2, asymmetric encryption for remote diagnosis server 3 and vehicle diagnostics
Technology is realized that remote diagnosis server 3 obtains public key Kg_pu pair that vehicle diagnostics receive gateway 2 by way of software
Diagnosis request message, and cryptographic Hash MAC of the summarization generation of message is encrypted, and generates Kg_pu (Req_meg+MAC), envelope
The message format of Ethernet is dressed up, vehicle diagnostics is sent to by ethernet transceiver and is received gateway 2.Vehicle diagnostics receive gateway
2 after diagnosis request is received, and the encrypting module request vehicle diagnostics for receiving gateway 2 to vehicle diagnostics receive the individual of gateway 2
The public keys Kr_pu of key Kg_pr and remote diagnosis server 3.Vehicle diagnostics receive gateway 2 will be believed with private key Kg_pr
Breath is decrypted, and obtains the cryptographic Hash that diagnosis request message and eap-message digest are generated:Req_meg+MAC, then calculates diagnosis
The cryptographic Hash of eap-message digest is compared with the cryptographic Hash for sending, if identical, may certify that remote diagnosis server 3
The encryption message sent is not subject to the illegal verity and integrity distorted, then ensure that diagnosis request message.Vehicle is examined
Disconnecting is received gateway 2 and then enters diagnostic state.Next, vehicle diagnostics receive gateway 2 uses the public close of remote diagnosis server 3
Key Kr_pu returns remote diagnosis server 3 one and confirms message Kr_pu (Res_meg+MAC).Remote diagnosis server 3 is received
And verify after the confirmation message, by a communication key K, Kg_pu (K+MAC) is sent to car by way of asymmetric encryption
Diagnosis receive gateway 2.In order to ensure safety, key K is stored among first key preserving module.
Fig. 3 is the communication structure block diagram that vehicle diagnostics are received between gateway 2 and diagnosis target ECU1, into diagnostic state
Vehicle diagnostics receive gateway 2 using the private key Ke_pr transmitted from security module, and by way of symmetric cryptography, sending diagnosis please
Hash MAC value Ke_pr (Req_meg+MAC) that message is generated with eap-message digest is asked to give diagnosis target ECU1.The side of symmetric cryptography
Formula is then realized by hardware.Target ECU receives the information sent, and the private key Ke_pr sent with encrypting module is solved
It is close, and calculate the cryptographic Hash of informative abstract and the cryptographic Hash for sending is compared, to prove the verity and reliability of message.
After being proved to be successful, the communication module of target ECU encrypts the communication module one for returning to vehicle diagnostics reception gateway 2 really
Recognize message Ke_pr (Res_meg+MAC), finally then by vehicle diagnostics receive gateway 2 by key K by way of symmetric cryptography
Ke_pr (K+MAC) is sent to target ECU.Target ECU is by key storage in encrypting module, it is ensured that its safety.This is indicated
Target ECU enters diagnostic mode.
Claims (5)
1. a kind of vehicle remote diagnosis system based on information security technology, the system includes diagnosis target ECU (1) and remotely examines
Disconnected server (3), it is characterised in that the system also includes that vehicle diagnostics receive gateway (2), and described vehicle diagnostics receive gateway
(2) it is arranged between diagnosis target ECU (1) and remote diagnosis server (3) and respectively with both and communicates to connect, described vehicle
Diagnosis receives and asymmetric encryption unit is provided between gateway (2) and remote diagnosis server (3), and described vehicle diagnostics receive net
Close and be provided with symmetric cryptography unit between (2) and diagnosis target ECU (1);
Described asymmetric encryption unit is used to hold the diagnosis to remote diagnosis server (3) to ask in remote diagnosis server (3)
Asking carries out asymmetric encryption, while whether safe be decrypted checking at vehicle diagnostics reception gateway (2) end communicates, if then car
Diagnosis receives gateway (2) and enters diagnostic state, and remote diagnosis server (3) sends key K and receives gateway to vehicle diagnostics
(2);
Described symmetric cryptography unit is used to receive net in vehicle diagnostics when vehicle diagnostics receive gateway (2) into diagnostic state
Pass (2) is held and carries out symmetric cryptography to diagnosis request, while whether safe be decrypted checking at diagnosis target ECU (1) end communicates,
If then diagnosing target ECU (1) enters diagnostic state, vehicle diagnostics receive gateway (2) and key K are sent to diagnosis target ECU
(1), so remote diagnosis server (3) by key K encryption remote diagnosis are carried out to target ECU.
2. a kind of vehicle remote diagnosis system based on information security technology according to claim 1, it is characterised in that institute
The asymmetric encryption unit stated includes:
It is arranged on the first key generation distribution memory module that vehicle diagnostics receive gateway (2) end:The module generates asymmetric adding
Close public key Kg_pu and corresponding private key Kg_pr, and public key Kg_pu is sent to remote diagnosis server (3), by private key Kg_
Pr is preserved;
The second key for being arranged on remote diagnosis server (3) end generates distribution memory module:The module generates asymmetric encryption
Public key Kr_pu and corresponding private key Kr_pr, and by public key Kr_pu send to vehicle diagnostics receive gateway (2), by private key Kr_
Pr is preserved;
It is arranged on the cryptographic Hash generation module at remote diagnosis server (3) end:The module is used to generate diagnosis request eap-message digest
Cryptographic Hash MAC;
It is arranged on the asymmetric encryption module at remote diagnosis server (3) end:The module is disappeared using public key Kg_pu to diagnosis request
Cryptographic Hash MAC of breath Req_meg and diagnosis request eap-message digest is encrypted generation Kg_pu (Req_meg+MAC) and sends
Gateway (2) is received to vehicle diagnostics;
It is arranged on the asymmetric deciphering module that vehicle diagnostics receive gateway (2) end:The module generates distribution and deposits using first key
The private key Kg_pr that storage module is preserved is decrypted to Kg_pu (Req_meg+MAC) and obtains diagnosis request message and diagnosis request
Cryptographic Hash Req_meg+MAC of eap-message digest;
It is arranged on the first checking confirmation module that vehicle diagnostics receive gateway (2) end:The module is according to the Kg_pu for receiving
(Req_meg+MAC) the Hash calculation value of diagnosis request eap-message digest is calculated, and this Hash calculation value is obtained with decryption
Cryptographic Hash MAC of diagnosis request eap-message digest contrasted, if identical, vehicle diagnostics receive gateway (2) and enter diagnosis shape
State, checking confirms that module is encrypted by public key Kr_pu to Req_meg+MAC and obtains Kr_pu (Res_meg+MAC) and send
Confirm to remote diagnosis server (3);
The second checking for being arranged on remote diagnosis server (3) end end confirms module:The module generates distribution using the second key
The private key Kr_pr that memory module is preserved is decrypted and verifies message correctness to Kr_pu (Res_meg+MAC), if correctly, the
Two checkings confirm that cryptographic Hash MAC of key K and diagnosis request eap-message digest is carried out asymmetric encryption by module by public key Kg_pu
Obtain Kg_pu (K+MAC) and send to vehicle diagnostics to receive gateway (2);
It is arranged on the first key preserving module that vehicle diagnostics receive gateway (2) end:The module is generated by first key distributes
Private key Kg_pr in memory module is decrypted to Kg_pu (K+MAC) and obtains key K and preserve.
3. a kind of vehicle remote diagnosis system based on information security technology according to claim 2, it is characterised in that institute
The symmetric cryptography unit stated includes:
It is arranged on the first symmetric cryptographic key memory module that vehicle diagnostics receive gateway (2) end:The module stores symmetric cryptography
Private key Ke_pr;
It is arranged on the second symmetric cryptographic key memory module at diagnosis target ECU (1) end:The module stores symmetric cryptography private key
Ke_pr;
It is arranged on the symmetrical encryption module that vehicle diagnostics receive gateway (2) end:The module is stored using the first symmetric cryptographic key
Symmetric cryptography private key Ke_pr in module is to diagnosis request message Req_meg and cryptographic Hash MAC of diagnosis request eap-message digest
It is encrypted generation Ke_pr (Req_meg+MAC) and sends to diagnosis target ECU (1);
It is arranged on the symmetrical deciphering module at diagnosis target ECU (1) end:The module is using in the second symmetric cryptographic key memory module
Symmetric cryptography private key Ke_pr Ke_pr (Req_meg+MAC) is decrypted;
The 3rd checking for being arranged on diagnosis target ECU (1) end confirms module:The module is according to the Ke_pr (Req_meg+ for receiving
MAC the Hash calculation value of diagnosis request eap-message digest) is calculated, and this Hash calculation value and symmetrical deciphering module is decrypted
To cryptographic Hash MAC of diagnosis request eap-message digest contrasted, if both are identical, send confirmation and connect to vehicle diagnostics
Receive gateway (2);
It is arranged on the 4th checking confirmation module that vehicle diagnostics receive gateway (2):The checking of module verification the 3rd confirms that module is sent out
The correctness of the confirmation sent, and cryptographic Hash MAC of the key K in key preserving module and diagnosis request eap-message digest is entered
Row symmetric cryptography obtains Ke_pr (K+MAC) and sends to diagnosis target ECU (1);
It is arranged on the second key preserving module at target ECU end:The module is by the second symmetric cryptographic key memory module
Symmetric cryptography private key Ke_pr is decrypted to Ke_pr (K+MAC) and obtains key K and preserve.
4. a kind of vehicle remote diagnosis side of the vehicle remote diagnosis system based on information security technology as claimed in claim 1
Method, it is characterised in that the method comprises the steps:
(1) remote diagnosis server (3) carries out asymmetric encryption to diagnosis request and sends to vehicle diagnostics to receive gateway (2),
Execution step (2);
(2) vehicle diagnostics reception gateway (2) are decrypted checking to the diagnosis request for receiving and whether safe communicate, if then vehicle
Diagnosis receives gateway (2) and enters diagnostic state, and remote diagnosis server (3) sends key K and receives gateway (2) to vehicle diagnostics,
And execution step (3), otherwise terminate;
(3) vehicle diagnostics receive gateway (2) and symmetric cryptography are carried out to diagnosis request and is sent to diagnosis target ECU (1);
(4) diagnosis target ECU (1) is decrypted checking to the diagnosis request for receiving and whether safe communicates, if then diagnosing target
ECU (1) enters diagnostic state, and vehicle diagnostics receive gateway (2) and key K sent to diagnosis target ECU (1), and then remotely examine
Disconnected server (3) carries out remote diagnosis by key K encryptions to target ECU, otherwise terminates.
5. vehicle remote diagnosis method according to claim 4, it is characterised in that described diagnosis request includes that diagnosis please
Before asking cryptographic Hash MAC of message Req_meg and diagnosis request eap-message digest, step (1) to be encrypted diagnosis request first
Cryptographic Hash MAC of diagnosis request eap-message digest is generated using hash algorithm.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201710034678.5A CN106685985B (en) | 2017-01-17 | 2017-01-17 | A kind of vehicle remote diagnosis system and method based on information security technology |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201710034678.5A CN106685985B (en) | 2017-01-17 | 2017-01-17 | A kind of vehicle remote diagnosis system and method based on information security technology |
Publications (2)
Publication Number | Publication Date |
---|---|
CN106685985A true CN106685985A (en) | 2017-05-17 |
CN106685985B CN106685985B (en) | 2019-11-29 |
Family
ID=58860570
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201710034678.5A Active CN106685985B (en) | 2017-01-17 | 2017-01-17 | A kind of vehicle remote diagnosis system and method based on information security technology |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN106685985B (en) |
Cited By (13)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN107105060A (en) * | 2017-05-27 | 2017-08-29 | 天津恒天新能源汽车研究院有限公司 | A kind of method for realizing electric automobile information security |
CN107272649A (en) * | 2017-07-05 | 2017-10-20 | 东南(福建)汽车工业有限公司 | Malfunction remote diagnosis system and method |
CN109240273A (en) * | 2018-11-02 | 2019-01-18 | 上海博泰悦臻网络技术服务有限公司 | Vehicle remote diagnosis method, server-side, engine end and client based on cloud |
CN110213221A (en) * | 2018-02-28 | 2019-09-06 | 罗伯特·博世有限公司 | Method for executing diagnosis |
CN110554681A (en) * | 2018-05-30 | 2019-12-10 | 李尔公司 | Vehicle communication network and method |
CN112015158A (en) * | 2019-05-30 | 2020-12-01 | 比亚迪股份有限公司 | Vehicle gateway control system and method and vehicle |
CN112286171A (en) * | 2020-11-05 | 2021-01-29 | 中国第一汽车股份有限公司 | Remote diagnosis method, device, vehicle and storage medium |
CN112327796A (en) * | 2020-10-21 | 2021-02-05 | 诚迈科技(南京)股份有限公司 | Control method and electronic control unit for automobile diagnosis service |
CN112428947A (en) * | 2020-12-02 | 2021-03-02 | 上海拓殷电子科技技术有限公司 | Automobile intelligent system |
CN112541187A (en) * | 2020-12-21 | 2021-03-23 | 深圳市元征科技股份有限公司 | Cloud computing method and cloud computing cluster |
CN112738222A (en) * | 2020-12-28 | 2021-04-30 | 嬴彻科技(浙江)有限公司 | Vehicle diagnosis system and method, vehicle and gateway thereof, and storage medium |
CN113311816A (en) * | 2021-06-10 | 2021-08-27 | 中国第一汽车股份有限公司 | Vehicle remote diagnosis system and method |
CN113625691A (en) * | 2021-08-20 | 2021-11-09 | 深圳市元征科技股份有限公司 | Vehicle diagnosis method, diagnosis equipment and vehicle gateway |
Citations (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20060115085A1 (en) * | 2004-04-28 | 2006-06-01 | Denso Corporation | Communication system having plurality of nodes sharing a common cipher key, cipher key dispatching apparatus for use in the system, and anti-theft apparatus utilizing information derived from cipher key utilization |
CN1960347A (en) * | 2006-11-06 | 2007-05-09 | 吉林大学 | Wireless car borne gateway system |
CN104765357A (en) * | 2015-03-11 | 2015-07-08 | 西安电子科技大学 | Authorization system and method for vehicle remote diagnosis |
CN105187376A (en) * | 2015-06-16 | 2015-12-23 | 西安电子科技大学 | Safe communication method of internal automobile network in Telematics |
CN106101111A (en) * | 2016-06-24 | 2016-11-09 | 郑州信大捷安信息技术股份有限公司 | Vehicle electronics safe communication system and communication means |
CN106154903A (en) * | 2015-04-16 | 2016-11-23 | 上海汽车集团股份有限公司 | Carry out, with peripheral hardware, the system and method that information is mutual for car load network |
CN106713264A (en) * | 2016-11-18 | 2017-05-24 | 郑州信大捷安信息技术股份有限公司 | Method for vehicle safety remote control and diagnosis and system thereof |
-
2017
- 2017-01-17 CN CN201710034678.5A patent/CN106685985B/en active Active
Patent Citations (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20060115085A1 (en) * | 2004-04-28 | 2006-06-01 | Denso Corporation | Communication system having plurality of nodes sharing a common cipher key, cipher key dispatching apparatus for use in the system, and anti-theft apparatus utilizing information derived from cipher key utilization |
CN1960347A (en) * | 2006-11-06 | 2007-05-09 | 吉林大学 | Wireless car borne gateway system |
CN104765357A (en) * | 2015-03-11 | 2015-07-08 | 西安电子科技大学 | Authorization system and method for vehicle remote diagnosis |
CN106154903A (en) * | 2015-04-16 | 2016-11-23 | 上海汽车集团股份有限公司 | Carry out, with peripheral hardware, the system and method that information is mutual for car load network |
CN105187376A (en) * | 2015-06-16 | 2015-12-23 | 西安电子科技大学 | Safe communication method of internal automobile network in Telematics |
CN106101111A (en) * | 2016-06-24 | 2016-11-09 | 郑州信大捷安信息技术股份有限公司 | Vehicle electronics safe communication system and communication means |
CN106713264A (en) * | 2016-11-18 | 2017-05-24 | 郑州信大捷安信息技术股份有限公司 | Method for vehicle safety remote control and diagnosis and system thereof |
CN106713264B (en) * | 2016-11-18 | 2019-06-21 | 郑州信大捷安信息技术股份有限公司 | A kind of method and system remotely controlled for vehicle safety with diagnosis |
Cited By (18)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN107105060B (en) * | 2017-05-27 | 2020-12-08 | 天津恒天新能源汽车研究院有限公司 | Method for realizing information security of electric automobile |
CN107105060A (en) * | 2017-05-27 | 2017-08-29 | 天津恒天新能源汽车研究院有限公司 | A kind of method for realizing electric automobile information security |
CN107272649A (en) * | 2017-07-05 | 2017-10-20 | 东南(福建)汽车工业有限公司 | Malfunction remote diagnosis system and method |
CN110213221A (en) * | 2018-02-28 | 2019-09-06 | 罗伯特·博世有限公司 | Method for executing diagnosis |
CN110213221B (en) * | 2018-02-28 | 2023-08-11 | 罗伯特·博世有限公司 | Method for performing diagnostics |
CN110554681A (en) * | 2018-05-30 | 2019-12-10 | 李尔公司 | Vehicle communication network and method |
CN110554681B (en) * | 2018-05-30 | 2022-09-23 | 李尔公司 | Vehicle communication network and method |
CN109240273A (en) * | 2018-11-02 | 2019-01-18 | 上海博泰悦臻网络技术服务有限公司 | Vehicle remote diagnosis method, server-side, engine end and client based on cloud |
CN112015158B (en) * | 2019-05-30 | 2022-03-18 | 比亚迪股份有限公司 | Vehicle gateway control system and method and vehicle |
CN112015158A (en) * | 2019-05-30 | 2020-12-01 | 比亚迪股份有限公司 | Vehicle gateway control system and method and vehicle |
CN112327796A (en) * | 2020-10-21 | 2021-02-05 | 诚迈科技(南京)股份有限公司 | Control method and electronic control unit for automobile diagnosis service |
CN112286171A (en) * | 2020-11-05 | 2021-01-29 | 中国第一汽车股份有限公司 | Remote diagnosis method, device, vehicle and storage medium |
CN112428947A (en) * | 2020-12-02 | 2021-03-02 | 上海拓殷电子科技技术有限公司 | Automobile intelligent system |
CN112541187A (en) * | 2020-12-21 | 2021-03-23 | 深圳市元征科技股份有限公司 | Cloud computing method and cloud computing cluster |
CN112541187B (en) * | 2020-12-21 | 2024-05-03 | 深圳市元征科技股份有限公司 | Cloud computing method and cloud computing cluster |
CN112738222A (en) * | 2020-12-28 | 2021-04-30 | 嬴彻科技(浙江)有限公司 | Vehicle diagnosis system and method, vehicle and gateway thereof, and storage medium |
CN113311816A (en) * | 2021-06-10 | 2021-08-27 | 中国第一汽车股份有限公司 | Vehicle remote diagnosis system and method |
CN113625691A (en) * | 2021-08-20 | 2021-11-09 | 深圳市元征科技股份有限公司 | Vehicle diagnosis method, diagnosis equipment and vehicle gateway |
Also Published As
Publication number | Publication date |
---|---|
CN106685985B (en) | 2019-11-29 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN106685985B (en) | A kind of vehicle remote diagnosis system and method based on information security technology | |
Woo et al. | A practical wireless attack on the connected car and security protocol for in-vehicle CAN | |
CN110635893B (en) | Vehicle-mounted Ethernet information security protection method | |
CN112671798B (en) | Service request method, device and system in Internet of vehicles | |
CN108768652B (en) | Coalition block chain bottom layer encryption method capable of resisting quantum attack | |
CN111552270B (en) | Safety authentication and data transmission method and device for vehicle-mounted diagnosis | |
CN101990748A (en) | Method and device for transmitting messages in real time | |
KR20140122188A (en) | Method for detecting a manipulation of a sensor and/or sensor data of the sensor | |
Fassak et al. | A secure protocol for session keys establishment between ECUs in the CAN bus | |
CN111769938B (en) | Key management system and data verification system of block chain sensor | |
CN111756529B (en) | Quantum session key distribution method and system | |
CN106685653A (en) | Vehicle remote firmware updating method and device based on information security technology | |
CN112702318A (en) | Communication encryption method, decryption method, client and server | |
CN110753321A (en) | Safe communication method for vehicle-mounted TBOX and cloud server | |
CN112532393A (en) | Verification method of cross-link transaction, relay link node equipment and medium | |
CN109063523B (en) | Radio frequency identification security authentication method and system | |
CN111264045B (en) | Interactive system and method based on heterogeneous identity | |
WO2021139190A1 (en) | Intra-vehicle network-based communication method and apparatus | |
KR101269086B1 (en) | Data certification and acquisition method and system for vehicle | |
CN114915396B (en) | Hopping key digital communication encryption system and method based on national encryption algorithm | |
Zhang et al. | Authentication methods for internet of vehicles based on trusted connection architecture | |
CN113115255A (en) | Certificate issuing method, secret key authentication method, vehicle unlocking method, equipment and storage medium | |
CN110995671A (en) | Communication method and system | |
CN117714055B (en) | In-vehicle network communication method based on identity information | |
CN116155497B (en) | Sensitive data encryption and storage method in Internet of vehicles user application program |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |