CN107147646B - A kind of automobile function interface security authorization access system and security certificate access method - Google Patents
A kind of automobile function interface security authorization access system and security certificate access method Download PDFInfo
- Publication number
- CN107147646B CN107147646B CN201710328780.6A CN201710328780A CN107147646B CN 107147646 B CN107147646 B CN 107147646B CN 201710328780 A CN201710328780 A CN 201710328780A CN 107147646 B CN107147646 B CN 107147646B
- Authority
- CN
- China
- Prior art keywords
- application program
- mounted terminal
- intelligent vehicle
- vehicle mounted
- built
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000013475 authorization Methods 0.000 title claims abstract description 20
- 238000000034 method Methods 0.000 title claims abstract description 16
- 238000007726 management method Methods 0.000 claims description 27
- 238000012550 audit Methods 0.000 claims description 9
- 238000004891 communication Methods 0.000 claims description 3
- 238000012545 processing Methods 0.000 claims description 3
- 230000008901 benefit Effects 0.000 abstract description 3
- 238000013461 design Methods 0.000 abstract description 3
- 230000008859 change Effects 0.000 description 2
- 230000007812 deficiency Effects 0.000 description 2
- 238000001514 detection method Methods 0.000 description 2
- 239000000446 fuel Substances 0.000 description 2
- 230000006855 networking Effects 0.000 description 2
- 206010048669 Terminal state Diseases 0.000 description 1
- 230000005856 abnormality Effects 0.000 description 1
- 238000004378 air conditioning Methods 0.000 description 1
- 230000005540 biological transmission Effects 0.000 description 1
- 239000008358 core component Substances 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 238000010586 diagram Methods 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 238000012544 monitoring process Methods 0.000 description 1
- 238000004886 process control Methods 0.000 description 1
- 230000008439 repair process Effects 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/20—Network architectures or network communication protocols for network security for managing network security; network security policies in general
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0894—Escrow, recovery or storing of secret information, e.g. secret key escrow or cryptographic key storage
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
Abstract
The present invention provides a kind of automobile function interface security authorization access system and security certificate access method, including application and policy management element, application and tactful preset unit and the intelligent vehicle mounted terminal for being built-in with safety chip;The application and policy management element are separately connected the application and tactful preset unit and the intelligent vehicle mounted terminal by network, and the intelligent vehicle mounted terminal is applied and strategy preset unit is connect with described;The present invention by being configured, distributing to application security strategy, secure storage and execute operation, intelligent vehicle mounted terminal is realized to access the security certificate of different type automobile function interface, make hacker can not be by malevolence program from accessing automobile function interface, it obtains automobile function interface data or controls the execution of automobile ECU unit, to improve intelligent vehicle mounted terminal by the safety of application program access automobile function interface, has the advantages that design science and safe and reliable.
Description
Technical field:
The present invention relates to intelligent vehicle mounted terminal technical fields, and in particular to a kind of automobile function interface security authorization access system
System and security certificate access method.
Background technique:
Core component of the intelligent vehicle mounted terminal as car networking system accesses automobile function interface, energy by application program
The running information for enough obtaining body of a motor car and surrounding automobile is realized to automobile real-time online monitoring, management and transmission data, auxiliary
User carries out safe driving, to improve travel safety.
With the fast development of car networking technology, people are more and more to the application demand of intelligent vehicle mounted terminal.Currently, intelligence
Energy car-mounted terminal accesses different types of automobile function interface by application program, not only in available automobile speed, traveling
The data such as journey and amount of fuel, and can be set wiper operating mode and air-conditioner temperature, control central door lock, key igniting and
Automobile speed etc..Intelligent vehicle mounted terminal facilitates user to obtain the data of automobile function interface and understands the operating shape of current automobile
Condition, and the automobile function interface operated to needs controls, once the data that note abnormalities, can take urgent measure in time,
The failure being likely to occur is avoided, and then ensures the person and property safety of user.
However, intelligent vehicle mounted terminal, while bringing convenient and practical, there is also very important security risks.
For example, hacker or criminal may intercept and capture current body of a motor car information by malicious application and automobile function interface returns
Data information, cause data information to reveal, or automobile ECU unit illegally is set and controlled, to the person and property of user
Safety threatens.
How to realize that intelligent vehicle mounted terminal accesses the security certificate of automobile function interface, is urgently to be solved at present ask
Topic.
Summary of the invention:
It is an object of the invention to be directed to existing intelligent vehicle mounted terminal to automobile function interface authorization access security side
The deficiency in face proposes a kind of automobile function interface security authorization access system and security certificate access method, have design science,
Highly-safe advantage.
In order to achieve the above objectives, The technical solution adopted by the invention is as follows:
A kind of automobile function interface security authorization access system, including application and policy management element, application and strategy are in advance
It sets unit and is built-in with the intelligent vehicle mounted terminal of safety chip;
The application and policy management element are separately connected the application and the strategy preset unit and intelligence by network
Energy car-mounted terminal, the intelligent vehicle mounted terminal are connect with the application and tactful preset unit;
The application and policy management element include application program auditing module and policy management module, the application program
Auditing module is signed for auditing to the safety of application program, and to the application program by audit,
In, the application program is divided into built-in application program and in non-built application program, and the signature includes the letter of the application program
Breath and type identification;The in non-built application program after signature is also sent directly to described by the application program auditing module
Intelligent vehicle mounted terminal;
The policy management module connects the intelligent vehicle mounted terminal automobile function comprising the application program for being arranged
The security strategy of the access authority of mouth, and the security strategy is issued to the intelligent vehicle mounted terminal and carries out encryption storage;
The application and tactful preset unit will be preset in described intelligent vehicle-carried by the built-in application program of signature
Terminal, and the security strategy is obtained from the policy management module, the safety will be preset in after security strategy encryption
In chip;
Automatically the signature that the application program is verified after the intelligent vehicle mounted terminal starting, obtains the label after being proved to be successful
The type identification in name is stored in the intelligent vehicle mounted terminal;When the intelligent vehicle mounted terminal receives the application program
When to the access request of the automobile function interface, the intelligent vehicle mounted terminal is according to the corresponding type of the application program
Mark is directly decrypted and is executed the security strategy or decrypts and execute the security strategy by the safety chip.
Based on above-mentioned, the type identification includes built-in application Program Type mark and in non-built Application Type mark
Know, the intelligent vehicle mounted terminal judges that the application program is answered for built according to the corresponding type identification of the application program
With program or in non-built application program, wherein described in the built-in application program is decrypted and executed by the safety chip
The security strategy is directly decrypted and executed to security strategy, the in non-built application program by the intelligent vehicle mounted terminal.
Based on above-mentioned, the security strategy includes access authority of the built-in application program to the automobile function interface
With the in non-built application program to the access authority of the automobile function interface;The in non-built application program is to the automobile
The access authority of functional interface includes the automobile function interface acquisition ECU of the in non-built application program by ECU unit
The data information of unit;
The built-in application program includes that the built-in application program passes through to the access authority of the automobile function interface
The automobile function interface of the ECU unit obtain the data information of the ECU unit, the setting ECU unit state and
Control the operation of the ECU unit.
Based on above-mentioned, the ECU unit includes power drive system ECU, chassis control system ECU, body control system
ECU and information and communication control system ECU and back control system ECU.
Based on above-mentioned, the safety chip is also respectively used to the intelligent vehicle mounted terminal, thermoacoustic prime engine MCU and described
The data information transmitted between ECU unit is filtered and encryption and decryption processing.
A kind of security certificate access method based on automobile function interface security authorization access system, the security certificate
Access method includes:
Application program and security policy distribution stage
The application program auditing module audits the safety of the application program, and to by described in audit
Application program is signed, and is sent directly to the intelligent vehicle mounted terminal by the in non-built application program of signature, warp
The built-in application program for crossing signature is predisposed the intelligent vehicle mounted terminal, institute by the application and tactful preset unit
State the information and type identification that signature includes the application program;
The security strategy, the application and tactful preset unit are set in the policy management module from the strategy
The security strategy is obtained in management module, will be preset in the safety chip after security strategy encryption;The strategy
The security strategy is also directly issued to the intelligent vehicle mounted terminal, the intelligent vehicle mounted terminal encryption storage institute by management module
State security strategy;
Security strategy executes the stage
Automatically the signature that the application program is verified after the intelligent vehicle mounted terminal starting, obtains the label after being proved to be successful
The type identification in name is stored in the intelligent vehicle mounted terminal;When the application requests access the automobile function
When interface, the intelligent vehicle mounted terminal is by the safe core according to the corresponding type identification selection of the application program
The safe plan is still directly decrypted and executed to piece by the intelligent vehicle mounted terminal to decrypt and execute the security strategy
Slightly.
Based on above-mentioned, the type identification includes built-in application Program Type mark and in non-built Application Type mark
Know, the intelligent vehicle mounted terminal judges the class of the application program according to the corresponding type identification of the application program
The security strategy is decrypted by the safety chip and executed to type if the application program is built-in application program;If
The application program is in non-built application program, then directly decrypts and execute the safe plan by the intelligent vehicle mounted terminal
Slightly.
Based on above-mentioned, in the application program and security policy distribution stage, will be preset in after security strategy encryption
Step in the safety chip includes:
Step 1, the application and tactful preset unit obtain the public key of the safety chip from the intelligent vehicle mounted terminal;
Step 2, the application and tactful preset unit generate key at random, encrypt the security strategy with the key,
And the key described in the public key encryption of the safety chip;
Step 3, the application and tactful preset unit send the ciphertext of the security strategy and the ciphertext of the key
It is stored to the safety chip.
Based on above-mentioned, the step of the security strategy is decrypted by the safety chip and executed to the built-in application program
Suddenly include:
Step 1, the intelligent vehicle mounted terminal is decrypted the ciphertext of the key by the private key of the safety chip,
Obtain the plaintext of the key;
Step 2, the ciphertext of the security strategy stored in safety chip described in the plaintext decryption by the key, is obtained
Take the plaintext of the security strategy;
Step 3, the intelligent vehicle mounted terminal inquires the built-in application program to the automobile in the security strategy
Whether the access of functional interface is allowed to, if being allowed to, corresponding access request is forwarded to the row of the intelligent vehicle mounted terminal
Vehicle controls MCU;Otherwise the access request is intercepted.
Based on above-mentioned, the peace is directly decrypted and executed to the in non-built application program by the intelligent vehicle mounted terminal
The step of strategy includes: entirely
Step 1, shown intelligent vehicle mounted terminal decrypts the ciphertext of the security strategy stored in the intelligent vehicle mounted terminal,
Obtain the plaintext of the security strategy;
Step 2, the intelligent vehicle mounted terminal inquires the in non-built application program to the vapour in the security strategy
Whether the access of vehicle functional interface is allowed to, if being allowed to, returns to the automobile function to the in non-built application program and connects
The data information of mouth, otherwise intercepts the data information of the automobile function interface.
The present invention has substantive distinguishing features outstanding and a significant progress: the present invention by generation to security strategy, point
Hair, secure storage and execution realize intelligent vehicle mounted terminal and access the security certificate of different type automobile function interface, make black
Visitor can not obtain automobile function interface data or control automobile ECU unit by malevolence program from accessing automobile function interface
It executes, to improve the safety that intelligent vehicle mounted terminal accesses automobile function interface by application program, efficiently solves existing
There is the problem of technical security deficiency, has the advantages that design science and safe and reliable.
Detailed description of the invention:
Fig. 1 is the structural diagram of the present invention.
Specific embodiment:
It is clearer in order to enable the invention to, below by specific embodiment, to technical solution of the present invention do into
The detailed description of one step.
As shown in Figure 1, the present invention provides a kind of automobile function interface security authorization access system, including application and strategy pipe
Reason unit, application and tactful preset unit and the intelligent vehicle mounted terminal for being built-in with safety chip;
The application and policy management element are separately connected the application and the strategy preset unit and intelligence by network
Energy car-mounted terminal, the intelligent vehicle mounted terminal are connect with the application and tactful preset unit;
The application and policy management element include application program auditing module and policy management module, the application program
Auditing module is signed for auditing to the safety of application program, and to the application program by audit,
In, the application program is divided into built-in application program and in non-built application program, and the signature includes the letter of the application program
Breath and type identification;The in non-built application program after signature is also sent directly to described by the application program auditing module
Intelligent vehicle mounted terminal;
The policy management module connects the intelligent vehicle mounted terminal automobile function comprising the application program for being arranged
The security strategy of the access authority of mouth, and the security strategy is issued to the intelligent vehicle mounted terminal and carries out encryption storage;
The application and tactful preset unit will be preset in described intelligent vehicle-carried by the built-in application program of signature
Terminal, and the security strategy is obtained from the policy management module, the safety will be preset in after security strategy encryption
In chip;
Automatically the signature that the application program is verified after the intelligent vehicle mounted terminal starting, obtains the label after being proved to be successful
The type identification in name is stored in the intelligent vehicle mounted terminal;When the intelligent vehicle mounted terminal receives the application program
When to the access request of the automobile function interface, the intelligent vehicle mounted terminal is according to the corresponding type of the application program
Mark is directly decrypted and is executed the security strategy or decrypts and execute the security strategy by the safety chip.
Specifically, the type identification includes that built-in application Program Type mark and in non-built Application Type identify,
The intelligent vehicle mounted terminal judges the application program for built-in application according to the corresponding type identification of the application program
Program or in non-built application program, wherein the peace is decrypted by the safety chip and executed to the built-in application program
The security strategy is directly decrypted and executed to full strategy, the in non-built application program by the intelligent vehicle mounted terminal.
Specifically, the security strategy include the built-in application program to the access authority of the automobile function interface and
Access authority of the in non-built application program to the automobile function interface;The in non-built application program is to the automobile function
The access authority of energy interface includes that the in non-built application program is mono- by the automobile function interface acquisition ECU of ECU unit
The data information of member;The built-in application program includes the built-in application program to the access authority of the automobile function interface
The data information of the ECU unit, the state of the setting ECU unit are obtained by the automobile function interface of the ECU unit
And the operation of the control ECU unit;Preferably, the ECU unit includes power drive system ECU, chassis control system
ECU, body control system ECU and information and communication control system ECU and back control system ECU.
User can be with by the in non-built application program of the intelligent vehicle mounted terminal and the built-in application program
It obtains body of a motor car information and inquires the operational situation of the automobile function interface of current automobile, such as: user passes through described non-interior
Set VIN code, the vehicle fuel amount, mileage travelled, vapour of application program and the available current automobile of the built-in application program
Vehicle speed, engine detection information, lane information, voice amusement, light information, water-thermometer information, car door indicate information, parking brake
Prompt information and air bag detection information etc..
The automobile function of current automobile ECU unit is arranged by the built-in application program of the intelligent vehicle mounted terminal by user
Energy Interface status, such as: user can carry out gear setting, air-conditioning setting, light setting, rain by the built-in application program
Curette setting, central door lock control, ignition control, engine control, automobile speed control, air bag control and brake control
Deng.
When finding data exception, user can be connect by the corresponding automobile function of built-in application process control in time
Mouthful, guarantee that each functional interface of automobile operates normally, such as: the built-in application program that user passes through the intelligent vehicle mounted terminal
It was found that when the non-normal switching-off of current automobile door lock, can timely closed door, prevent unexpected generation;User passes through described intelligent vehicle-carried
When the built-in application program of terminal finds the engine service data exception of current automobile, it can be tieed up accordingly in advance
It repairs, avoids vehicle failure and personal safety threatens.
Specifically, the safety chip is also respectively to the intelligent vehicle mounted terminal and the thermoacoustic prime engine MCU, the ECU
The data information transmitted between unit is filtered and encryption and decryption processing.The cryptographic service that the safety chip provides includes number
Signature, encryption and decryption, certificate storage;The cryptographic algorithm that the safety chip is supported include: SM1, SM2, SM3, SM4 national secret algorithm and
International cryptography algorithm 3DES, AES, RSA and SHA-1, SHA-256.
In actual use, the built-in application program is looked forward to being responsible for exploitation by vehicle, and pre- after vehicle looks forward to stringent verifying
It sets in the write-in intelligent vehicle mounted terminal, and the built-in application program needs to pass through institute to the access of the automobile function interface
Safety chip is stated to execute the security strategy stored in the safety chip;Automobile described in the built-in application routine access
The data transmitted during functional interface are also filtered by the safety chip and encryption and decryption.User cannot voluntarily become
The built-in application program of the intelligent vehicle mounted terminal can not voluntarily change the peace stored in the safety chip
Full strategy.When necessary, user needs to upgrade at the shop 4S or dealer the system of the intelligent vehicle mounted terminal, changes the intelligence
The built-in application program of energy car-mounted terminal, and by the programming of the safety chip correspondingly by the security strategy after change
It stores in the safety chip.
In actual use, the in non-built application program is third party application, and vehicle is looked forward to the in non-built application
It after program is audited, can be issued, while the security strategy is issued to described by the application shop etc. that vehicle is looked forward to
Intelligent vehicle mounted terminal, user are not available the third party application access automobile function for looking forward to audit and publication without vehicle and connect
Mouthful.User is only capable of obtaining the body information of current automobile and the automobile function interface by the in non-built application program simultaneously
Data information, be unable to control the ECU unit of automobile.
Specifically, the present invention also provides a kind of security certificates based on automobile function interface security authorization access system
Access method, the security certificate access method include:
Application program and security policy distribution stage
The application program auditing module audits the safety of the application program, and to by described in audit
Application program is signed, and is sent directly to the intelligent vehicle mounted terminal by the in non-built application program of signature, warp
The built-in application program for crossing signature is predisposed the intelligent vehicle mounted terminal, institute by the application and tactful preset unit
State the information and type identification that signature includes the application program;
The security strategy, the application and tactful preset unit are set in the policy management module from the strategy
The security strategy is obtained in management module, will be preset in the safety chip after security strategy encryption;The strategy
The security strategy is also directly issued to the intelligent vehicle mounted terminal, the intelligent vehicle mounted terminal encryption storage institute by management module
State security strategy;
Security strategy executes the stage
Automatically the signature that the application program is verified after the intelligent vehicle mounted terminal starting, obtains the label after being proved to be successful
The type identification in name is stored in the intelligent vehicle mounted terminal;When the application requests access the automobile function
When interface, the intelligent vehicle mounted terminal is by the safe core according to the corresponding type identification selection of the application program
The safe plan is still directly decrypted and executed to piece by the intelligent vehicle mounted terminal to decrypt and execute the security strategy
Slightly;Preferably, if the application program is built-in application program, the safety is decrypted and executed by the safety chip
Strategy;If the application program is in non-built application program, institute is directly decrypted and executed by the intelligent vehicle mounted terminal
State security strategy.
Specifically, in the application program and security policy distribution stage institute will be preset in after security strategy encryption
The step stated in safety chip includes:
Step 1, the application and tactful preset unit obtain the public key of the safety chip from the intelligent vehicle mounted terminal;
Step 2, the application and tactful preset unit generate key at random, encrypt the security strategy with the key,
And the key described in the public key encryption of the safety chip;
Step 3, the application and tactful preset unit send the ciphertext of the security strategy and the ciphertext of the key
It is stored to the safety chip.
Specifically, the step of built-in application program is decrypted by the safety chip and executes the security strategy
Include:
Step 1, the intelligent vehicle mounted terminal is decrypted the ciphertext of the key by the private key of the safety chip,
Obtain the plaintext of the key;
Step 2, the ciphertext of the security strategy stored in safety chip described in the plaintext decryption by the key, is obtained
Take the plaintext of the security strategy;
Step 3, the intelligent vehicle mounted terminal inquires the built-in application program to the automobile in the security strategy
Whether the access of functional interface is allowed to, if being allowed to, corresponding access request is forwarded to the row of the intelligent vehicle mounted terminal
Vehicle controls MCU;Otherwise the access request is intercepted.
Specifically, the safety is directly decrypted and executed to the in non-built application program by the intelligent vehicle mounted terminal
Strategy step include:
Step 1, shown intelligent vehicle mounted terminal decrypts the ciphertext of the security strategy stored in the intelligent vehicle mounted terminal,
Obtain the plaintext of the security strategy;
Step 2, the intelligent vehicle mounted terminal inquires the in non-built application program to the vapour in the security strategy
Whether the access of vehicle functional interface is allowed to, if being allowed to, returns to the automobile function to the in non-built application program and connects
The data information of mouth, otherwise intercepts the data information of the automobile function interface.
Finally it should be noted that: the above embodiments are merely illustrative of the technical scheme of the present invention and are not intended to be limiting thereof, institute
The those of ordinary skill in category field carries out a specific embodiment of the invention under the spirit for not departing from technical solution of the present invention
It modifies or some technical features can be equivalently replaced, should all cover and work as in the claimed technical proposal scope of the present invention
In.
Claims (10)
1. a kind of automobile function interface security authorization accesses system, it is characterised in that: including application and policy management element, application
And tactful preset unit and the intelligent vehicle mounted terminal for being built-in with safety chip;
The application and policy management element are separately connected the application and the strategy preset unit and intelligent vehicle by network
Mounted terminal, the intelligent vehicle mounted terminal are connect with the application and tactful preset unit;
The application and policy management element include application program auditing module and policy management module, the application program audit
Module is signed for auditing to the safety of application program, and to the application program by audit, wherein institute
It states application program and is divided into built-in application program and in non-built application program, the signature includes the information and class of the application program
Type mark;The in non-built application program after signature is also sent directly to the intelligent vehicle by the application program auditing module
Mounted terminal;
The policy management module is for being arranged comprising the application program to the intelligent vehicle mounted terminal automobile function interface
The security strategy of access authority, and the security strategy is issued to the intelligent vehicle mounted terminal and carries out encryption storage;
The application and tactful preset unit will be preset in the intelligent vehicle mounted terminal by the built-in application program of signature
, and the security strategy is obtained from the policy management module, the safety chip will be preset in after security strategy encryption
It is interior;
Automatically the signature that the application program is verified after the intelligent vehicle mounted terminal starting, obtains after being proved to be successful in the signature
The type identification be stored in the intelligent vehicle mounted terminal;When the intelligent vehicle mounted terminal receives the application program to institute
When stating the access request of automobile function interface, the intelligent vehicle mounted terminal is according to the corresponding type identification of the application program
Directly decrypts and execute the security strategy or decrypt and execute the security strategy by the safety chip.
2. automobile function interface security authorization according to claim 1 accesses system, it is characterised in that: the type identification
Including built-in application Program Type mark and in non-built Application Type mark, the intelligent vehicle mounted terminal is according to the application
The corresponding type identification of program judges the application program for built-in application program or in non-built application program, wherein institute
It states built-in application program and decrypts and execute the security strategy by the safety chip, the in non-built application program is direct
The security strategy is decrypted and executed by the intelligent vehicle mounted terminal.
3. automobile function interface security authorization according to claim 2 accesses system, it is characterised in that: the security strategy
Including the built-in application program to the access authority of the automobile function interface and the in non-built application program to the vapour
The access authority of vehicle functional interface;The in non-built application program includes described non-to the access authority of the automobile function interface
Built-in application program obtains the data information of the ECU unit by the automobile function interface of ECU unit;
The built-in application program includes the built-in application program described in the access authority of the automobile function interface
The automobile function interface of ECU unit obtains the state and control of the data information of the ECU unit, the setting ECU unit
The operation of the ECU unit.
4. automobile function interface security authorization according to claim 3 accesses system, which is characterized in that the ECU unit
Including power drive system ECU, chassis control system ECU, body control system ECU and information and communication control system ECU and
Back control system ECU.
5. automobile function interface security authorization according to claim 4 accesses system, it is characterised in that: the safety chip
It is also respectively used to carry out the data information transmitted between the intelligent vehicle mounted terminal, thermoacoustic prime engine MCU and the ECU unit
Filter and encryption and decryption processing.
6. a kind of security certificate access method based on automobile function interface security authorization described in claim 1 access system,
It is characterized in that, the security certificate access method includes:
Application program and security policy distribution stage
The application program auditing module audits the safety of the application program, and to the application by audit
Program is signed, and is sent directly to the intelligent vehicle mounted terminal by the in non-built application program of signature, by label
The built-in application program of name is predisposed the intelligent vehicle mounted terminal, the label by the application and tactful preset unit
Name includes the information and type identification of the application program;
The security strategy, the application and tactful preset unit are set in the policy management module from the tactical management
The security strategy is obtained in module, will be preset in the safety chip after security strategy encryption;The tactical management
The security strategy is also directly issued to the intelligent vehicle mounted terminal by module, and the intelligent vehicle mounted terminal encryption stores the peace
Full strategy;
Security strategy executes the stage
Automatically the signature that the application program is verified after the intelligent vehicle mounted terminal starting, obtains after being proved to be successful in the signature
The type identification be stored in the intelligent vehicle mounted terminal;When the application requests access the automobile function interface
When, the intelligent vehicle mounted terminal according to the corresponding type identification selection of the application program be by the safety chip come
It decrypts and executes the security strategy and still directly decrypt and execute the security strategy by the intelligent vehicle mounted terminal.
7. automobile function interface security authorization access method according to claim 6, it is characterised in that: the type identification
Including built-in application Program Type mark and in non-built Application Type mark, the intelligent vehicle mounted terminal is according to the application
The corresponding type identification of program judges the type of the application program, if the application program is built-in application program,
The security strategy is then decrypted and executed by the safety chip;If the application program is in non-built application program,
The security strategy is directly decrypted and executed by the intelligent vehicle mounted terminal.
8. automobile function interface security authorization access method according to claim 7, which is characterized in that apply journey described
Sequence and security policy distribution stage, the step being preset in the safety chip after the security strategy is encrypted include:
Step 1, the application and tactful preset unit obtain the public key of the safety chip from the intelligent vehicle mounted terminal;
Step 2, the application and tactful preset unit generate key at random, encrypt the security strategy with the key, are used in combination
Key described in the public key encryption of the safety chip;
Step 3, the ciphertext of the ciphertext of the security strategy and the key is sent to institute by the application and tactful preset unit
Safety chip is stated to be stored.
9. automobile function interface security authorization access method according to claim 8, which is characterized in that the built-in application
Program is decrypted by the safety chip and includes: the step of executing the security strategy
Step 1, the intelligent vehicle mounted terminal is decrypted the ciphertext of the key by the private key of the safety chip, obtains
The plaintext of the key;
Step 2, the ciphertext of the security strategy stored in safety chip described in the plaintext decryption by the key obtains institute
State the plaintext of security strategy;
Step 3, the intelligent vehicle mounted terminal inquires the built-in application program to the automobile function in the security strategy
Whether the access of interface is allowed to, if being allowed to, corresponding access request is forwarded to the driving control of the intelligent vehicle mounted terminal
MCU processed;Otherwise the access request is intercepted.
10. automobile function interface security authorization access method according to claim 7 or 8, which is characterized in that described non-interior
Setting the step of application program directly decrypts by the intelligent vehicle mounted terminal and executes the security strategy includes:
Step 1, shown intelligent vehicle mounted terminal decrypts the ciphertext of the security strategy stored in the intelligent vehicle mounted terminal, obtains
The plaintext of the security strategy;
Step 2, the intelligent vehicle mounted terminal inquires the in non-built application program to the automobile function in the security strategy
Whether the access of energy interface is allowed to, if being allowed to, returns to the automobile function interface to the in non-built application program
Otherwise data information intercepts the data information of the automobile function interface.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201710328780.6A CN107147646B (en) | 2017-05-11 | 2017-05-11 | A kind of automobile function interface security authorization access system and security certificate access method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201710328780.6A CN107147646B (en) | 2017-05-11 | 2017-05-11 | A kind of automobile function interface security authorization access system and security certificate access method |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN107147646A CN107147646A (en) | 2017-09-08 |
| CN107147646B true CN107147646B (en) | 2019-09-13 |
Family
ID=59777197
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201710328780.6A Active CN107147646B (en) | 2017-05-11 | 2017-05-11 | A kind of automobile function interface security authorization access system and security certificate access method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN107147646B (en) |
Families Citing this family (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107682334B (en) * | 2017-09-30 | 2019-12-31 | 郑州信大捷安信息技术股份有限公司 | OBD interface data safety protection system and data safety protection method |
| CN107888628B (en) * | 2017-12-28 | 2020-10-27 | 智车优行科技(北京)有限公司 | Vehicle communication system |
| CN108305147A (en) * | 2018-02-02 | 2018-07-20 | 武汉畅行共享科技有限公司 | The shared vehicle platform system of integrated user terminal and trade company's end two-way PLC function |
| CN108377249B (en) * | 2018-03-20 | 2021-01-12 | 陈瑛昊 | Information authentication method in new energy automobile based on Internet of things technology |
| CN112052030A (en) * | 2020-08-24 | 2020-12-08 | 东风汽车有限公司 | Interface authority configuration method, storage medium and system of vehicle-mounted application program |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102833250A (en) * | 2012-08-28 | 2012-12-19 | 华南理工大学 | Security management method and system for vehicular mobile Internet |
| CN103368987A (en) * | 2012-03-27 | 2013-10-23 | 百度在线网络技术(北京)有限公司 | Cloud server, application program verification, certification and management system and application program verification, certification and management method |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| JP5449905B2 (en) * | 2009-07-29 | 2014-03-19 | フェリカネットワークス株式会社 | Information processing apparatus, program, and information processing system |
-
2017
- 2017-05-11 CN CN201710328780.6A patent/CN107147646B/en active Active
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103368987A (en) * | 2012-03-27 | 2013-10-23 | 百度在线网络技术(北京)有限公司 | Cloud server, application program verification, certification and management system and application program verification, certification and management method |
| CN102833250A (en) * | 2012-08-28 | 2012-12-19 | 华南理工大学 | Security management method and system for vehicular mobile Internet |
Also Published As
| Publication number | Publication date |
|---|---|
| CN107147646A (en) | 2017-09-08 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN107147646B (en) | A kind of automobile function interface security authorization access system and security certificate access method | |
| CN106101111B (en) | Vehicle electronics safe communication system and communication means | |
| TWI779139B (en) | Vehicle virtual key generation and use method, system and user terminal | |
| CN107919955B (en) | Vehicle network security authentication method, system, vehicle, device and medium | |
| CN107085870B (en) | Regulating vehicle access using encryption methods | |
| CN105320034B (en) | Using diagnostic tool diagnostic data is safely provided from vehicle to remote server | |
| CN111050317B (en) | Intelligent traffic data safety sharing method based on alliance block chain | |
| US11167723B2 (en) | Method for access management of a vehicle | |
| CN106972926B (en) | encryption and decryption method, device and system for wireless automobile key | |
| US8938614B2 (en) | Motor vehicle electronics device, motor vehicle, method for displaying data on a motor vehicle display apparatus, and computer program product | |
| CN107682334B (en) | OBD interface data safety protection system and data safety protection method | |
| CN109727358A (en) | Vehicle share system based on bluetooth key | |
| CN105635147A (en) | Vehicle-mounted-special-equipment-system-based secure data transmission method and system | |
| CN108171430A (en) | Data processing method, mobile unit and UBI analysis centers server | |
| CN106713264A (en) | Method for vehicle safety remote control and diagnosis and system thereof | |
| CN108306727A (en) | For encrypting, decrypting and the method and apparatus of certification | |
| CN108235291A (en) | A kind of safety certification device and method for vehicle anti-theft | |
| CN113347133B (en) | Authentication method and device of vehicle-mounted equipment | |
| CN110365486B (en) | Certificate application method, device and equipment | |
| CN107181742A (en) | A kind of shared bicycle electronic lock system and its method for unlocking | |
| US10507795B1 (en) | Vehicle-based password | |
| CN103929428A (en) | Method for achieving communication safety of vehicle-mounted electronic information system | |
| CN109495449A (en) | A kind of vehicle CAN bus encryption method | |
| CN111224774B (en) | Authentication method and system for using rented vehicle and third-party platform | |
| CN109890009A (en) | A kind of vehicle communication system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| PE01 | Entry into force of the registration of the contract for pledge of patent right |
Denomination of invention: A Security Authorization Access System and Security Authorization Access Method for Automotive Function Interface Granted publication date: 20190913 Pledgee: Bank of Zhengzhou Co.,Ltd. Zhongyuan Science and Technology City Sub branch Pledgor: ZHENGZHOU XINDA JIEAN INFORMATION TECHNOLOGY Co.,Ltd. Registration number: Y2024980007004 |
|
| PE01 | Entry into force of the registration of the contract for pledge of patent right |