CN108200044A - Vehicle-mounted program file encryption method and system - Google Patents
Vehicle-mounted program file encryption method and system Download PDFInfo
- Publication number
- CN108200044A CN108200044A CN201711466140.8A CN201711466140A CN108200044A CN 108200044 A CN108200044 A CN 108200044A CN 201711466140 A CN201711466140 A CN 201711466140A CN 108200044 A CN108200044 A CN 108200044A
- Authority
- CN
- China
- Prior art keywords
- encryption
- vehicle
- subfile
- target data
- electronic control
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/06—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
- H04L9/0618—Block ciphers, i.e. encrypting groups of characters of a plain text message using fixed encryption transformation
- H04L9/0631—Substitution permutation network [SPN], i.e. cipher composed of a number of stages or rounds each involving linear and nonlinear transformations, e.g. AES algorithms
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
- H04L9/0863—Generation of secret information including derivation or calculation of cryptographic keys or passwords involving passwords or one-time passwords
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Theoretical Computer Science (AREA)
- General Engineering & Computer Science (AREA)
- Health & Medical Sciences (AREA)
- Databases & Information Systems (AREA)
- Bioethics (AREA)
- General Health & Medical Sciences (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Computing Systems (AREA)
- Storage Device Security (AREA)
- Mobile Radio Communication Systems (AREA)
- Information Transfer Between Computers (AREA)
Abstract
The invention provides a vehicle-mounted program file encryption method and system, and relates to the technical field of electronics and electrics. The vehicle-mounted program file encryption method comprises the following steps: the remote server acquires a vehicle unique identification code of a vehicle to be downloaded; dividing data in the vehicle-mounted program file into more than one data segment; generating more than one target data segment by using the unique vehicle identification code and more than one data segment, and calculating to obtain the respective message authentication codes of the more than one target data segment, wherein at least one target data segment comprises the unique vehicle identification code; encrypting more than one target data fragment by using a secret key and an Advanced Encryption Standard (AES); and generating more than one encrypted subfile based on the encrypted more than one target data fragment and the message authentication code of the more than one target data fragment. By using the technical scheme of the invention, the safety of automobile control can be improved.
Description
Technical field
The present invention relates to electric field more particularly to a kind of onboard program file encrypting method and systems.
Background technology
Electronic control unit (Electronic Control Unit, ECU) being widely used on automobile is general.Electronics
Control unit can carry out operation according to the parameters information of acquisition with reference to the program for being stored in electronic control unit.It will fortune
The result of calculation changes signal in order to control, and the entirety of automobile is controlled so as to fulfill electronic control unit.
In order to meet a variety of demands of the user to automobile control function, electronic control unit needs to download or update each class
Sequence.At this stage, frequently with seedkey algorithms to needing to carry out safety certification to the electronic control unit for being used to download.But
Seedkey algorithms are easily revealed and are cracked, and program file is caused easily to be tampered, and are increased loss of data in program file and are let out
The risk of dew also increases electronic control unit failure and remote server or electronic control unit by the wind of hacker attack
Danger.And after electronic control unit downloads program file, can not be after whether determining program file be tampered.If under electronic control unit
The program file after distorting has been carried, then can have been caused a hidden trouble to the safety of automobile, has reduced the safety of automobile control.
Invention content
An embodiment of the present invention provides a kind of onboard program file encrypting method and systems, can improve the peace of automobile control
Quan Xing.
In a first aspect, an embodiment of the present invention provides a kind of onboard program file encrypting method, including:Remote server obtains
Take the vehicle unique identifier of vehicle to be downloaded;Data in onboard program file are divided into more than one by remote server
Data slot;Remote server utilizes vehicle unique identifier and more than one data slot, generates more than one target
Data slot, and the more than one respective message authentication code of target data segment, at least one target data piece is calculated
Section includes vehicle unique identifier;Remote server is using key and Advanced Encryption Standard AES to more than one number of targets
It is encrypted according to segment;Remote server is based on encrypted more than one target data segment and more than one target
The message authentication code of data slot, generates more than one encryption subfile, and an encryption subfile includes an encrypted mesh
Data slot and the message authentication code with an encrypted target data segment are marked, alternatively, an encryption subfile includes encryption
A data slot and an encrypted target data segment the message authentication code through key and AES encryption.
Second aspect, an embodiment of the present invention provides a kind of onboard program file encryption system, including remote server;Far
Journey server includes:Identification code acquisition module is configured as obtaining the vehicle unique identifier of vehicle to be downloaded;Division module,
It is configured as the data in onboard program file being divided into more than one data slot;Computing module is configured as utilizing
Vehicle unique identifier and more than one data slot generate more than one target data segment, and are calculated one
The above respective message authentication code of target data segment, at least one target data segment include vehicle unique identifier;
Encrypting module is configured as that more than one target data segment is encrypted using key and Advanced Encryption Standard AES;Son
File generating module is configured as based on encrypted more than one target data segment and more than one target data
The message authentication code of segment, generates more than one encryption subfile, and an encryption subfile includes an encrypted number of targets
Message authentication code according to segment and with an encrypted target data segment, alternatively, an encryption subfile includes encrypted one
The message authentication code through key and AES encryption of a data slot and an encrypted target data segment.
In embodiments of the present invention, added after vehicle unique identifier is added in the data of onboard program file
It is close, form encryption subfile.Since vehicle unique identifier has uniqueness, the onboard program text in the embodiment of the present invention
The encryption method of part is difficult to crack, and different vehicles has different vehicle unique identifiers.That is, even if different vehicle
Download be identical onboard program file, by addition vehicle unique identifier and encrypt after, different vehicles download
Data and message authentication code in encryption onboard program file are also different.It improves and difficulty is cracked to encryption onboard program file
Degree so as to reduce the risk that loss of data leakage and encryption are cracked in onboard program file, also reduces program file
The possibility being tampered in transmission process, and then improve the safety of automobile control.
Description of the drawings
From below in conjunction with the accompanying drawings to the present invention specific embodiment description in may be better understood the present invention wherein,
The same or similar reference numeral represents the same or similar feature.
Fig. 1 is a kind of schematic diagram of a scenario of onboard program file download in the embodiment of the present invention;
Fig. 2 is a kind of flow chart of onboard program file encrypting method in the embodiment of the present invention;
Fig. 3 is a kind of flow chart of onboard program file encrypting method in another embodiment of the present invention;
Fig. 4 is a kind of flow chart of onboard program file encrypting method in further embodiment of this invention;
Fig. 5 is a kind of onboard program file encryption system in one embodiment of the invention;
Fig. 6 is a kind of onboard program file encryption system in another embodiment of the present invention;
Fig. 7 is a kind of structure diagram of onboard program file encryption system in further embodiment of this invention;
Fig. 8 is a kind of hardware architecture diagram of remote server in one embodiment of the invention;
Fig. 9 is a kind of hardware architecture diagram of vehicle electronic control unit in one embodiment of the invention.
Specific embodiment
The feature and exemplary embodiment of various aspects of the invention is described more fully below.In following detailed description
In, it is proposed that many details, in order to provide complete understanding of the present invention.But to those skilled in the art
It will be apparent that the present invention can be implemented in the case of some details in not needing to these details.Below to implementing
The description of example is used for the purpose of by showing that the example of the present invention is better understood from the present invention to provide.The present invention never limits
In any concrete configuration set forth below and algorithm, but cover under the premise of without departing from the spirit of the present invention element,
Any modification, replacement and the improvement of component and algorithm.In the the accompanying drawings and the following description, well known structure and skill is not shown
Art is unnecessary fuzzy to avoid causing the present invention.
An embodiment of the present invention provides a kind of onboard program file encrypting method and systems.In one example, it can apply
In the scene for downloading onboard program file in automobile, alternatively, mutually carry out data transmission applied to other equipment and automobile
In scene.Wherein, other equipment may be automobile.
By taking automobile downloads onboard program file as an example, the vehicle electronic control unit (Electronic in automobile
Control Unit, ECU) can onboard program file be downloaded from far-end server by car-mounted terminal.Alternatively, Vehicle Electronic Control
Unit can be integrated with car-mounted terminal, and the car-mounted terminal with vehicle electronic control unit can download onboard program from far-end server
In the scene of file.Wherein, car-mounted terminal can be wirelessly communicated with far-end server and be connect.For example, car-mounted terminal and remote service
Device is carried out by wireless communication techniques such as data network, Wireless Fidelity (Wireless Fidelity, WiFi), bluetooth or purple honeybees
Data transmission is realized in communication.Car-mounted terminal can realize data with vehicle electronic control unit by wire communication or wireless communication
Transmission.
For example, Fig. 1 is a kind of schematic diagram of a scenario of onboard program file download in the embodiment of the present invention.As shown in Figure 1, vehicle
Mounted terminal is connect with remote server by Radio Transmission Technology.Vehicle electronic control unit passes through controller LAN
(Controller Area Network, CAN) bus is connect with car-mounted terminal, CAN bus may include two transmission end CANH and
CANL.Wherein, the state of CANH is high level or suspended state, and the state of CANL is low level or suspended state.Automotive electronics
It may include non-erasable area and program Operational Zone in flash memory, that is, Flash of control unit.Non-erasable area's operation has bootload
Program, that is, BootLoader.Program Operational Zone is used to run onboard program.
Car-mounted terminal also can pass through the circuits wired connection such as data line, general with carrying the hardware device of onboard program file
Car-mounted terminal is from the onboard program file download that hardware device obtains to vehicle electronic control unit.Car-mounted terminal and automotive electronics
Control unit can realize data transmission by wire communication or wireless communication.
Onboard program file is encrypted, so as to ensure during onboard program document transmission process or other, is kept away
Exempt to reveal onboard program file, so as to avoid that the malice of onboard program file is distorted, improve the safety of onboard program file
Property, so as to improve the safety of automotive safety control.
Fig. 2 is a kind of flow chart of onboard program file encrypting method in the embodiment of the present invention.As shown in Fig. 2, vehicle-mounted journey
Sequence file encrypting method includes step 101 to step 105.
In a step 101, remote server obtains the vehicle unique identifier of vehicle to be downloaded.
Wherein, vehicle unique identifier (Vehicle Identification Number, VIN) for identify vehicle and
With uniqueness.That is, the vehicle unique identifier of different vehicles is different.Vehicle unique identifier contains vehicle
Manufacturer, age, vehicle, body model and code, engine code and assembling place etc. information.
In a step 102, the data in onboard program file are divided into more than one data slot by remote server.
In one example, onboard program file can be the program file of the newly downloaded control application of automobile, can also
It is the update program file or nominal data file of the existing control application of automobile.For formally, onboard program file can
Think s19 files or hex files or bin file.Onboard program file may include identifier, data address (with being also known as program
Location), data (also known as program) and verification and wait contents.Identifier may include data type and data length etc..At one
In example, if onboard program file is s19 files, s19 files include multirow subfile, can draw the data in every row subfile
It is divided into more than one data slot.
In one example, if the data in onboard program file are smaller, the data in onboard program file can be made
For a data slot.
In one example, if the data in onboard program file are larger, the data in onboard program file can be drawn
It is divided into more than two data slots.The size of more than two data slots may be the same or different, herein and unlimited
It is fixed.
In step 103, remote server utilizes vehicle unique identifier and more than one data slot, generates one
Above target data segment, and the more than one respective message authentication code of target data segment is calculated.
In embodiments of the present invention, each data slot corresponds to a target data segment.Target data segment can wrap
Data slot is included, may also comprise data slot and vehicle unique identifier.Wherein, at least one target data segment includes vehicle
Unique identifier.For example, in all target data segments, the target data segment including vehicle unique identifier can be with
It it is one, or multiple.Each number of targets segment it can also include vehicle unique identifier.Uniquely knowing including vehicle
Under conditions of the target data segment of other code is one, the target data segment including vehicle unique identifier can be all targets
Any one target data segment in data slot.For example, the target data segment including vehicle unique identifier is first
A target data segment or the last one target data segment.Vehicle unique identifier can also be located at pre-set fixed bit
The target data segment put, does not limit herein.
Each target data segment is corresponding with message authentication code (Message Authentication Code, MAC).
Message authentication code is a kind of verification tool that communicating pair uses, and whether integrality and the data for being capable of verification data are wrong.
In one example, message authentication code can be obtained according to key and the data summarization of target data segment.
In one example, the byte number of target data segment divides the positive integer times of byte number for preset encryption.Than
Such as, preset encryption segmentation byte number is 16 bytes, and the size of target data segment can be expressed as to M × 16Bytes (i.e. 16
The M of byte), M is positive integer.The size of the message authentication code of target data segment can be 16Bytes (i.e. 16 bytes) byte.Add
The size of the verification sum of close data slot can be 1Byte (i.e. 1 byte).
If when dividing data slot in advance under conditions of considering vehicle unique identifier, there is the number of onboard program file
According to byte number be not enough to realize target data segment byte number for it is preset encryption divide byte number positive integer times feelings
Condition can then carry out onboard program file cover, and addition does not influence the byte number of onboard program file, so as to fulfill encrypted number
Divide the positive integer times of byte number for preset encryption according to the byte number of segment.
At step 104, remote server utilizes key and Advanced Encryption Standard AES to more than one target data piece
Section is encrypted.
Using key and Advanced Encryption Standard (Advanced Encryption Standard, AES) to more than one
Each target data segment in target data segment is encrypted.Wherein, Advanced Encryption Standard is that a kind of symmetric key adds
Close algorithm.In one example, AES128 algorithms, AES192 algorithms or AES256 algorithms may be used to be encrypted.It is corresponding,
The key of 128,192 or 256 can also be used in key.Hardware implementation may be used in Advanced Encryption Standardalgorithm, can also adopt
With software implementation, do not limit herein.
AES encryption is carried out to the target data segment formed according to onboard program file, target data segment can be formed
Byte matrix;Carry out InvAddRoundKey transformation, byte substitution (also known as S boxes transformation), shiftrows and row successively to byte matrix
Obscure transformation.
In step 105, remote server is based on encrypted more than one target data segment and more than one
The message authentication code of target data segment generates more than one encryption subfile.
Wherein, one encryption subfile include an encrypted target data segment and with an encrypted target data piece
The message authentication code of section.Alternatively, an encryption subfile includes an encrypted data slot and an encrypted target data
The message authentication code through key and AES encryption of segment.That is, the message authentication code in encryption subfile can be not add
Close message authentication code or encrypted message authentication code.Encryption subfile may also include other content, herein and unlimited
It is fixed.
This more than one encryption subfile of generation is combined into encrypted onboard program file.It is that is, raw
Into all encryption subfiles be combined into encrypted onboard program file.In one example, onboard program file is every
The data of row subfile can be divided into more than two data slots.For example, in onboard program file a line subfile number
According to three data slots can be divided into, then three encryption subfiles of generation can be corresponded to.
In one example, encryption subfile may also include the data address or the target data piece of the target data segment
The encrypted data address of section.Data address can be the starting data address of target data segment or terminate data
Address etc., does not limit herein.Encryption subfile may also include the target data segment verification and.
Encryption subfile carry onboard program file main contents, it can be achieved that onboard program file distinct device it
Between safe transmission.For example, between safe transmission, program storage hardware equipment and automobile between far-end server and automobile
Safe transmission between safe transmission or automobile and automobile etc..
Remote server can also be combined according to more than one encryption subfile and obtain encryption onboard program file.
For example onboard program file includes three row subfiles, often the data of row subfile can be divided into two data slices
Section, then can generate six encryption subfiles according to the onboard program file, this six encryption subfiles are combined into encryption vehicle
Carry program file.
In embodiments of the present invention, added after vehicle unique identifier is added in the data of onboard program file
It is close, form encryption subfile.Since vehicle unique identifier has uniqueness, the onboard program text in the embodiment of the present invention
The encryption method of part is difficult to crack, and different vehicles has different vehicle unique identifiers.That is, even if different vehicle
Download be identical onboard program file, by addition vehicle unique identifier and encrypt after, different vehicles download
Data and the message authentication code for encrypting onboard program file are also different.It improves and difficulty is cracked to encryption onboard program file,
So as to reduce the risk that loss of data is revealed in onboard program file, also reduce program file and be tampered in transmission process
Possibility, and then improve automobile control safety.
Encrypted target data segment and the corresponding message authentication code of target data segment are transmitted using subfile is encrypted.Root
It can judge whether the target data segment is wrong in transmission process, carries according to the message authentication code of each target data segment
High safety of the onboard program file in transmission process.
Moreover, encryption subfile includes message authentication code, if the number of encryption subfile is two or more, for each
Whether encrypt subfile can wrong or not to determine the use of data slot that encryption subfile transmission comes according to message authentication code
Completely.Wrong or incomplete data slot can be found as early as possible and takes corresponding measure.
Fig. 3 is a kind of flow chart of onboard program file encrypting method in another embodiment of the present invention.Fig. 3 and Fig. 2 are not
It is with part, onboard program file encrypting method shown in Fig. 3 may also include step 106 to step 111.
In step 106, remote server is by the respective data initial address of more than one data slot and data slice
Segment length is separately added into corresponding encryption subfile.
When dividing data slot it can be seen that the size of each data slot, therefore, can obtain the number of each data slot
According to initial address.After all encryption subfiles have been downloaded for the ease of vehicle electronic control unit, by encryption after decryption
File access pattern is onboard program file.The respective data initial address of data slot and data fragment length can be added in corresponding
It encrypts in subfile, vehicle electronic control unit can be according to the data initial address of the data slot in encryption subfile, by number
According to segment onboard program file is reverted to according to putting in order in onboard program file.
In one example, onboard program file is s19 files, first data that the data of onboard program file divide
The data initial address of segment is the data address in s19 files.Data after first data slot of onboard program file
The data initial address of segment, size that can be according to each data slot length, that is, data slot and previous data slot
Data initial address determine.It, can be according to first data slot for example, the data initial address of second data slot
Data initial address and the data of first data slot judge that length determines.
In step 107, vehicle electronic control unit receives the safety certification check code that remote server is sent.
Wherein, safety certification check code uniquely knows the vehicle got using key and AES encryption for remote server
The message authentication code calculated after other code encryption.Specifically, the vehicle that remote server can obtain the vehicle from vehicle is uniquely known
Other code, is encrypted vehicle unique identifier using key and AES, and the message for calculating encrypted vehicle unique identifier is recognized
Demonstrate,prove code.In one example, vehicle electronic control unit can pass through unified diagnostic service (UDS, Unified Diagnostic
Service it) communicates with car-mounted terminal.It is that communication control service progress is vehicle-mounted that car-mounted terminal can be serviced by the 0x28 of UDS
Communication control between terminal and vehicle electronic control unit forbids non-diagnostic session, makes car-mounted terminal and Vehicle Electronic Control
Communication between unit enters silent mode.So as in the scene for being related to multiple vehicle electronic control units, ensure vehicle-mounted
Terminal and the vehicle electronic control unit holding session for needing to download onboard program file.Car-mounted terminal can pass through the 0x22 of UDS
Service reads data service and reads the vehicle unique identifier of vehicle to be downloaded, and vehicle unique identifier is transferred to long-range clothes
Business device.
Remote server can be using the message authentication code of encrypted vehicle unique identifier as safety certification check code to vehicle
Mounted terminal is sent, then safety certification check code is sent to vehicle electronic control unit by car-mounted terminal.For example, car-mounted terminal can
Data service is write by the 0x2E services of UDS, automotive electronics unit is written into safety certification check code.Vehicle Electronic Control list
Member receives the safety certification check code that car-mounted terminal is sent.In one example, the safety certification check code of reception can be inputted
Into BootLoader, realize that safety certification check code is matched with the vehicle unique identifier of vehicle to be downloaded by BootLoader
Detection.Specifically, the BootLoader in vehicle electronic control unit can service the response for writing data service by 0x2E
Increase the vehicle unique identifier matching detection process of safety certification check code and vehicle to be downloaded in journey.
In step 108, vehicle electronic control unit detection safety certification check code whether the vehicle with vehicle to be downloaded
Unique identifier matches.
Vehicle electronic control unit can get the vehicle unique identifier of this vehicle vehicle i.e. to be downloaded, to safety certification
Check code handles it or the vehicle unique identifier of vehicle to be downloaded is handled, so as to detect safety certification check code
Whether matched with the vehicle unique identifier of vehicle to be downloaded.Here " matching ", which refers to, meets preset certain condition.
In one example, vehicle electronic control unit decrypts safety check code using key and AES encryption, recovers
Vehicle unique identifier, detect the vehicle unique identifier that recovers whether the vehicle unique identifier with vehicle to be downloaded
Match.
For example, after the BootLoader in vehicle electronic control unit receives safety certification check code, it can be to safety certification
Check code is carried out inverse message authentication code and calculates and calculated based on key and AES decryption, and safety certification check code is reverted to vehicle
Unique identifier, so as to which the vehicle unique identifier directly obtained with vehicle electronic control unit from vehicle to be downloaded carries out pair
Than.If for example, the vehicle unique identifier that recovers of safety certification check code with vehicle electronic control unit directly to be downloaded
The vehicle unique identifier that vehicle obtains is consistent, it is determined that the vehicle unique identifier of safety certification check code and vehicle to be downloaded
Matching.For another example, safety certification check code can be repeatedly received, the vehicle that multiple safety certification check code recovers is carried out and uniquely knows
The comparison for the vehicle unique identifier that other code is directly obtained with vehicle electronic control unit from vehicle to be downloaded, if scheduled right
Than vehicle unique identifier that in number, safety certification check code recovers at least once and vehicle electronic control unit directly from
The vehicle unique identifier that vehicle to be downloaded obtains is consistent, it is determined that safety certification check code and the vehicle of vehicle to be downloaded are unique
Identification code matches.If for example, the vehicle unique identifier and vehicle electronic control unit that are recovered in 3 safety certification check codes
Directly from the comparison for the vehicle unique identifier that vehicle to be downloaded obtains, safety certification check code recovers in the 3rd comparison
The vehicle unique identifier that is directly obtained from vehicle to be downloaded of vehicle unique identifier and vehicle electronic control unit it is consistent, then
Determine that safety certification check code is matched with the vehicle unique identifier of vehicle to be downloaded.
In one example, the vehicle electronic control unit utilizes the key and the AES to the vehicle to be downloaded
Vehicle unique identification code encryption and comparison test code is calculated, detect the safety check code whether with it is described comparison inspection
Test code matching.The computational methods for comparing check code are identical with the computational methods of safety check code.
For example, BootLoader in vehicle electronic control unit using key and AES to the vehicle of vehicle to be downloaded only
One identification code encryption simultaneously calculates, and obtains comparison check code, so as to compare safety check code and comparison check code.If for example, safety
Check code is consistent with comparison check code, it is determined that safety check code is matched with comparison check code.For another example, safety can repeatedly be received
Authentication check code carries out multiple safety check code and comparison check code comparison, if in scheduled comparison number, pacifies at least once
Full check code is consistent with comparison check code, it is determined that safety check code is matched with comparison check code.If for example, in 3 safe schools
It tests in comparison of the code with comparing check code, safety check code is consistent with comparison check code in the 3rd comparison, it is determined that safety check
Code is matched with comparison check code.
In step 109, if safety certification check code is matched with the vehicle unique identifier of vehicle to be downloaded, automobile electricity
Sub-control unit downloads at least one encryption subfile to vehicle electronic control unit.
Safety certification check code is matched with the vehicle unique identifier of vehicle to be downloaded, represents that vehicle to be downloaded needs to download
Onboard program file be remote server encryption onboard program file to be issued.Vehicle electronic control unit determines to recognize safely
Card check code is matched with the vehicle unique identifier of vehicle to be downloaded, then can download all encryption subfiles to electronic car and control
Unit.
Radio Transmission Technology can be used to be downloaded to vehicle electronic control unit by subfile is encrypted, do not need to professional operation people
Member connects the interface of hardware device and automobile for carrying onboard program file, so as to improve the effect of onboard program file download
Rate.Encryption subfile is downloaded in above-described embodiment to vehicle electronic control unit, specifically can be implemented as through car-mounted terminal, from
Far-end server downloads encryption subfile to vehicle electronic control unit.That is, car-mounted terminal can be under far-end server
Encryption subfile is carried, vehicle electronic control unit can download encryption subfile from car-mounted terminal.
In one example, if encryption onboard program file includes N number of encryption subfile, N is positive integer.Add according to N number of
Sequence of positions of the encrypted data slot in onboard program file in close subfile adds the 1st encryption subfile to n-th
Close subfile is downloaded to vehicle electronic control unit successively, and N is the number of the corresponding encryption subfile of onboard program file.
For example, if onboard program file is made of an encryption subfile, this can be encrypted by car-mounted terminal
Subfile is downloaded in vehicle electronic control unit.
It for another example, can be according in encryption subfile if onboard program file is made of two or more encryption subfile
Data slot putting in order in onboard program file in encrypted target data segment downloads include encrypted mesh successively
In the encryption subfile to vehicle electronic control unit for marking data slot.
In step 110, vehicle electronic control unit decrypts at least one encryption subfile using key and AES, root
According to the target data segment in the encryption subfile after decryption, target data segment in the encryption subfile after decryption is calculated
Message authentication code.
In one example, key is storable in vehicle electronic control unit.When being decrypted, key can be obtained,
It is decrypted using AES.Using key and AES, encrypted data slot is decrypted.It is identical to encrypt the key used with decryption.
According to the data of the target data segment after decryption, the message of the target data segment after decryption can be calculated
Authentication code.
If encryption subfile includes the data initial address of data slot, after being decrypted, using the number of targets of decryption
According to the data initial address of the data slot in segment and data slot, restore onboard program file.
In step 111, if the message authentication code in subfile is encrypted, with the mesh in the encryption subfile after decryption
It marks the message authentication code that data slot calculates to mismatch, then remote server transmits encryption subfile to Vehicle Electronic Control again
Unit.
If encrypt the message authentication code in subfile and the target data segment in the encryption subfile after decryption
The message authentication code of calculating mismatches, then it represents that the target data segment in encryption subfile occurs endless in transmission process
Whole or wrong situation.It needs to re-download the encrypted target data segment, that is to say, that need to re-download encrypted mesh
Mark the encryption subfile where data slot.Perhaps transmission encrypts subfile to Vehicle Electronic Control list to remote server again
Member.
In one example, it if sharing N number of encryption subfile, needs the 1st encryption subfile to n-th encrypting son
File is downloaded to vehicle electronic control unit successively.After each encryption subfile is downloaded, using message authentication code
Data slot in encryption subfile is verified.
If sharing N number of encryption subfile, if (i-1)-th message authentication code and root for encrypting target data segment in subfile
It is mismatched according to the message authentication code of target data fragment computations decrypted in (i-1)-th encryption subfile, then refuses i-th of download
Subfile is encrypted, and re-downloads (i-1)-th encryption subfile, that is to say, that remote server needs to transmit (i-1)-th again
Encrypt subfile.Wherein, i is integer, and 2≤i≤N.Disappear until target data segment is corresponding in (i-1)-th encryption subfile
Breath authentication code is matched with according to the message authentication code of target data fragment computations decrypted in (i-1)-th encryption subfile, is started
Download i-th of encryption subfile.That is, remote server needs i-th of encryption subfile of transmission.
For example, share 3 encryption subfiles, if the 1st encryption subfile in target data segment message authentication code with
The message authentication code of target data fragment computations according to being decrypted in the 1st encryption subfile mismatches, then re-downloads the 1st
Encrypt subfile.If the corresponding message authentication code of target data segment according to the 1st with encrypting Ziwen in the 1st encryption subfile
The message authentication code matching for the target data fragment computations decrypted in part then starts to download the 2nd encryption subfile.If the 2nd
The message authentication code of target data segment according to the 2nd with encrypting the target data segment decrypted in subfile in encryption subfile
The message authentication code of calculating mismatches, then re-downloads the 2nd encryption subfile.If target data in the 2nd encryption subfile
The message authentication code of segment according to the 2nd with encrypting the message authentication code of target data fragment computations decrypted in subfile
Match, then start to download the 3rd encryption subfile.If the message authentication code and root of target data segment in the 3rd encryption subfile
It is mismatched according to the message authentication code of target data fragment computations decrypted in the 3rd encryption subfile, then re-downloads the 3rd and add
Close subfile.If the message authentication code of target data segment according in the 3rd encryption subfile with solving in the 3rd encryption subfile
The message authentication code matching of close target data fragment computations, downloading process terminate.
In one embodiment, if encryption subfile in target data segment message authentication code with according to the mesh after decryption
Mark the message authentication code matching that data slot calculates, it is determined that the data slot in encryption subfile is completely and accurate.
In embodiments of the present invention, it after an encryption subfile is downloaded, by the verification of message authentication code, determines to download
Whether the target data segment in obtained encryption subfile is complete and accurate, and determines the need for re-downloading encryption
File.It is whether complete and accurate so as to find to download obtained encryption subfile as early as possible, it reduces and downloads the time it takes.
Fig. 4 is a kind of flow chart of onboard program file encrypting method in further embodiment of this invention.Fig. 4 and Fig. 3 are not
It is with part, the step 106 in onboard program file encrypting method shown in Fig. 3 can be replaced onboard program shown in Fig. 4
Step 112 in file encrypting method.
In step 112, remote server plays data of the more than one data slot respectively through key and AES encryption
Beginning address and data fragment length add in corresponding encryption subfile.
In order to further improve the safety of encryption subfile, key and AES can be utilized to each target data segment
Data initial address be also encrypted.The data of key and AES to data slot in each target data segment can also be used
Fragment length is also encrypted.
In one example, if data initial address and data fragment length in encryption subfile are also encrypted,
The encrypted data of data slot in target data segment can be originated while being decrypted to encrypted target data segment
Address and data fragment length are also decrypted.After download obtains all encryption subfiles, using the data slice after decryption
The data slot length after data initial address and data slot decryption after section, data slot decryption, restores onboard program text
Part.
Fig. 5 is a kind of structure diagram of onboard program file encryption system in one embodiment of the invention.As shown in figure 5,
Onboard program file system 20 includes remote server 21.Wherein, remote server 21 includes identification code acquisition module 210, draws
Sub-module 211, computing module 212, encrypting module 213 and subfile generation module 214.
Identification code acquisition module 210 is configured as obtaining the vehicle unique identifier of vehicle to be downloaded.
Division module 211 is configured as the data in onboard program file being divided into more than one data slot.
Computing module 212 is configured as using vehicle unique identifier and more than one data slot, generation one with
On target data segment, and the more than one respective message authentication code of target data segment, at least one mesh is calculated
Mark data slot includes vehicle unique identifier.
Encrypting module 213 is configured as using key and Advanced Encryption Standard AES to more than one target data segment
It is encrypted.
Subfile generation module 214, be configured as based on encrypted more than one target data segment and one with
On target data segment message authentication code, generate more than one encryption subfile, an encryption subfile includes encryption
A target data segment and message authentication code with an encrypted target data segment, alternatively, an encryption subfile
The message authentication code through key and AES encryption including an encrypted data slot and an encrypted target data segment.
Fig. 6 is a kind of structure diagram of onboard program file encryption system in another embodiment of the present invention.Fig. 6 and Fig. 5
The difference lies in remote server 21 may also include the first addition module 215 and/or second and add in module 216.
First adds in module 215, is configured as the respective data initial address of more than one data slot and data
Fragment length is separately added into corresponding encryption subfile.
Second adds in module 216, is configured as more than one data slot the respectively data through key and AES encryption
Initial address and data fragment length add in corresponding encryption subfile.
Fig. 7 is a kind of structure diagram of onboard program file encryption system in further embodiment of this invention.Fig. 7 and Fig. 5
The difference lies in onboard program file encryption system 20 shown in Fig. 7 further includes vehicle electronic control unit 22.Wherein,
Vehicle electronic control unit 22 includes receiving module 220, matching module 221, trigger module 222, download module 223 and decryption mould
Block 224.
Receiving module 220 is configured as receiving the safety certification check code that remote server is sent, safety certification check code
For remote server using key and AES encryption to the message authentication that is calculated after the vehicle unique identification code encryption that gets
Code;
Matching module 221, be configured as detection safety certification check code whether the vehicle unique identification with vehicle to be downloaded
Code matching.
In one example, matching module 221 can be specifically configured to using the key and the AES encryption to described
Safety check code is decrypted, and recovers vehicle unique identifier;And the vehicle unique identifier that recovers of detection whether with it is described
The vehicle unique identifier matching of vehicle to be downloaded.
In one example, matching module 221 can be specifically configured to treat down to described using the key and the AES
Simultaneously comparison test code is calculated in the vehicle unique identification code encryption of carrier vehicle;And the detection safety check code whether and institute
State the matching of comparison test code.
Trigger module 222 matches if being configured as safety certification check code with the vehicle unique identifier of vehicle to be downloaded,
Then vehicle electronic control unit allows to download at least one encryption subfile to vehicle electronic control unit.
Download module 223 is configured as downloading at least one encryption subfile to vehicle electronic control unit.
Deciphering module 224 is configured as decrypting at least one encryption subfile using key and AES, after decryption
Encryption subfile in target data segment, calculate decryption after encryption subfile in target data segment message authentication
Code;
In one example, if download module 223 is additionally configured to the message authentication code in encryption subfile, and according to solution
The message authentication code of the target data fragment computations in encryption subfile after close mismatches, then re-downloads encryption subfile extremely
Vehicle electronic control unit.
Include N number of encryption subfile in encryption onboard program file, N is under conditions of positive integer, download module 223 can have
Body is configured as:If the corresponding message authentication code of target data segment in (i-1)-th encryption subfile, with being added according to (i-1)-th
The message authentication code for the target data fragment computations decrypted in close subfile mismatches, then refuses to download i-th of encryption subfile,
And (i-1)-th encryption subfile is re-downloaded, i is integer, and 2≤i≤N;Until target data in (i-1)-th encryption subfile
The message authentication code of segment, with encrypting the message authentication code of target data fragment computations decrypted in subfile according to (i-1)-th
Matching starts to download i-th of encryption subfile.
Fig. 8 is a kind of hardware architecture diagram of remote server in one embodiment of the invention.As shown in figure 8, long-range clothes
Business device 300 includes memory 301, processor 302 and is stored in the calculating that can be run on memory 301 and on processor 302
Machine program.
In one example, above-mentioned processor 302 can include central processing unit (CPU) or specific integrated circuit
(ASIC) or may be configured to implement the embodiment of the present invention one or more integrated circuits.
Memory 301 can include the mass storage for data or instruction.For example it is unrestricted, memory
301 may include HDD, floppy disk, flash memory, CD, magneto-optic disk, tape or universal serial bus (USB) driver or two
The combination of a or more the above.In a suitable case, memory 301 may include can be removed or non-removable (or solid
Medium calmly).In a suitable case, memory 301 can be inside or outside remote server 300.In specific embodiment
In, memory 301 is non-volatile solid state memory.In a particular embodiment, memory 301 includes read-only memory (ROM).
In a suitable case, which can be the ROM of masked edit program, programming ROM (PROM), erasable PROM (EPROM), electricity
Erasable PROM (EEPROM), electrically-alterable ROM (EAROM) or the combination of flash memory or two or more the above.
Processor 302 is run and executable program generation by reading the executable program code stored in memory 301
The corresponding program of code, for performing the onboard program file encrypting method in above-mentioned each embodiment.
In one example, remote server 300 may also include communication interface 303 and bus 304.Wherein, such as Fig. 8 institutes
Show, memory 301, processor 302, communication interface 303 are connected by bus 304 and complete mutual communication.
Communication interface 303 is mainly used for realizing in the embodiment of the present invention between each module, device, unit and/or equipment
Communication.It also can the access input equipment of communication interface 303 and/or output equipment.
Bus 304 includes hardware, software or both, and the component of remote server 300 is coupled to each other together.Citing comes
It says and unrestricted, bus 304 may include accelerated graphics port (AGP) or other graphics bus, enhancing Industry Standard Architecture
(EISA) bus, Front Side Bus (FSB), super transmission (HT) interconnection, Industry Standard Architecture (ISA) bus, infinite bandwidth interconnect, are low
Number of pins (LPC) bus, memory bus, micro- channel architecture (MCA) bus, peripheral component interconnection (PCI) bus, PCI-
Express (PCI-X) bus, Serial Advanced Technology Attachment (SATA) bus, Video Electronics Standards Association part (VLB) bus or
The combination of other suitable buses or two or more the above.In a suitable case, bus 304 may include one
Or multiple buses.Although specific bus has been described and illustrated in the embodiment of the present invention, the present invention considers any suitable bus
Or interconnection.
Fig. 9 is a kind of hardware architecture diagram of vehicle electronic control unit in one embodiment of the invention.As shown in figure 9,
Vehicle electronic control unit 400 includes memory 401, processor 402 and is stored on memory 401 and can be in processor 402
The computer program of upper operation.
In one example, above-mentioned processor 402 can include central processing unit (CPU) or specific integrated circuit
(ASIC) or may be configured to implement the embodiment of the present invention one or more integrated circuits.
Memory 401 can include the mass storage for data or instruction.For example it is unrestricted, memory
401 may include HDD, floppy disk, flash memory, CD, magneto-optic disk, tape or universal serial bus (USB) driver or two
The combination of a or more the above.In a suitable case, memory 401 may include can be removed or non-removable (or solid
Medium calmly).In a suitable case, memory 401 can be inside or outside vehicle electronic control unit 400.Specific
In embodiment, memory 401 is non-volatile solid state memory.In a particular embodiment, memory 401 includes read-only memory
(ROM).In a suitable case, which can be the ROM of masked edit program, programming ROM (PROM), erasable PROM
(EPROM), electric erasable PROM (EEPROM), electrically-alterable ROM (EAROM) or flash memory or two or more the above
Combination.
Processor 402 is run and executable program generation by reading the executable program code stored in memory 401
The corresponding program of code, for performing the onboard program file encrypting method in above-mentioned each embodiment.
In one example, vehicle electronic control unit 400 may also include communication interface 403 and bus 404.Wherein, such as
Shown in Fig. 9, memory 401, processor 402, communication interface 403 are connected by bus 404 and complete mutual communication.
Communication interface 403 is mainly used for realizing in the embodiment of the present invention between each module, device, unit and/or equipment
Communication.It also can the access input equipment of communication interface 403 and/or output equipment.
Bus 404 includes hardware, software or both, and the component of remote server 400 is coupled to each other together.Citing comes
It says and unrestricted, bus 404 may include accelerated graphics port (AGP) or other graphics bus, enhancing Industry Standard Architecture
(EISA) bus, Front Side Bus (FSB), super transmission (HT) interconnection, Industry Standard Architecture (ISA) bus, infinite bandwidth interconnect, are low
Number of pins (LPC) bus, memory bus, micro- channel architecture (MCA) bus, peripheral component interconnection (PCI) bus, PCI-
Express (PCI-X) bus, Serial Advanced Technology Attachment (SATA) bus, Video Electronics Standards Association part (VLB) bus or
The combination of other suitable buses or two or more the above.In a suitable case, bus 404 may include one
Or multiple buses.Although specific bus has been described and illustrated in the embodiment of the present invention, the present invention considers any suitable bus
Or interconnection.
One embodiment of the invention also provides a kind of storage medium, has program stored therein on the storage medium, which is handled
Device can realize the onboard program file encrypting method in above-mentioned each embodiment when performing.
It should be clear that each embodiment in this specification is described by the way of progressive, each embodiment it
Between just to refer each other for the same or similar part, the highlights of each of the examples are it is different from other embodiment it
Place.For system embodiment, remote server embodiment, vehicle electronic control unit embodiment and storage medium embodiment
Speech, related part may refer to the declaratives of embodiment of the method.The invention is not limited in described above and show in figure
The particular step and structure gone out.Those skilled in the art can be variously modified, repair after the spirit for understanding the present invention
Sequence between changing and adding or change the step.Also, it for brevity, omits here to the detailed of known method technology
Thin description.
Structures described above frame function module shown in figure, functional unit can be implemented as hardware, software, firmware or
Person's combination thereof.When realizing in hardware, electronic circuit, application-specific integrated circuit (ASIC), appropriate may, for example, be
Firmware, plug-in unit, function card etc..When being realized with software mode, element of the invention is used to perform required task
Program or code segment.Either code segment can be stored in machine readable media or the number by being carried in carrier wave program
It is believed that number being sent in transmission medium or communication links." machine readable media " can include being capable of storage or transmission information
Any medium.The example of machine readable media includes electronic circuit, semiconductor memory devices, ROM, flash memory, erasable ROM
(EROM), floppy disk, CD-ROM, CD, hard disk, fiber medium, radio frequency (RF) link, etc..Code segment can via such as because
The computer network of special net, Intranet etc. is downloaded.
Claims (14)
1. a kind of onboard program file encrypting method, which is characterized in that including:
Remote server obtains the vehicle unique identifier of vehicle to be downloaded;
Data in onboard program file are divided into more than one data slot by the remote server;
The remote server utilizes the vehicle unique identifier and one above data slot, generates more than one
Target data segment, and the more than one respective message authentication code of target data segment is calculated, it is at least one described
Target data segment includes the vehicle unique identifier;
The remote server adds one above target data segment using key and Advanced Encryption Standard AES
It is close;
The remote server is based on encrypted one above target data segment and one above target
The message authentication code of data slot, generates more than one encryption subfile, and an encryption subfile includes encrypted one
A target data segment and the message authentication code with an encrypted target data segment, alternatively, encryption
File includes adding through the key and the AES for an encrypted data slot and an encrypted target data segment
Close message authentication code.
2. onboard program file encrypting method according to claim 1, which is characterized in that further include:
The remote server divides the respective data initial address of one above data slot and data fragment length
The corresponding encryption subfile is not added in;
Alternatively,
The remote server plays data of one above data slot respectively through the key and the AES encryption
Beginning address and data fragment length add in the corresponding encryption subfile.
3. onboard program file encrypting method according to claim 1, which is characterized in that further include:
Vehicle electronic control unit downloads at least one encryption subfile to the vehicle electronic control unit.
4. onboard program file encrypting method according to claim 3, which is characterized in that download it is described it is at least one plus
Before close subfile to vehicle electronic control unit, further include:
The vehicle electronic control unit receives the safety certification check code that remote server is sent, the safety certification check code
For the remote server using the key and the AES encryption to being calculated after the vehicle unique identification code encryption that gets
Message authentication code;
The vehicle electronic control unit detect the safety check code whether the vehicle unique identification with the vehicle to be downloaded
Code matching;
If the safety certification check code is matched with the vehicle unique identifier of the vehicle to be downloaded, the automotive electronics control
Unit processed allows to download at least one encryption subfile to the vehicle electronic control unit.
5. onboard program file encrypting method according to claim 4, which is characterized in that the vehicle electronic control unit
Detect whether the safety check code matches with the vehicle unique identifier of the vehicle to be downloaded, including:
The vehicle electronic control unit decrypts the safety check code using the key and the AES encryption, recovers
Vehicle unique identifier;The vehicle unique identifier that vehicle electronic control unit detection recovers whether with it is described to be downloaded
The vehicle unique identifier matching of vehicle;
Alternatively,
The vehicle electronic control unit utilizes the vehicle unique identifier of the key and the AES to the vehicle to be downloaded
It encrypts and comparison test code is calculated;The vehicle electronic control unit detect the safety check code whether with the comparison
Check code matches.
6. onboard program file encrypting method according to claim 3, which is characterized in that in the Vehicle Electronic Control list
After member downloads at least one encryption subfile to vehicle electronic control unit, further include:
The vehicle electronic control unit decrypts at least one encryption subfile using key and the AES, according to solution
The target data segment in encryption subfile after close calculates the message of the target data segment in the encryption subfile after decryption
Authentication code;
If the message authentication code in the encryption subfile, with the target data segment meter in the encryption subfile after decryption
The message authentication code of calculation mismatches, then the remote server transmits the encryption subfile to the Vehicle Electronic Control again
Unit.
7. onboard program file encrypting method according to claim 6, which is characterized in that the encryption onboard program file
Including N number of encryption subfile, N is positive integer;
If the message authentication code in the encryption subfile, with the target data segment meter in the encryption subfile after decryption
The message authentication code of calculation mismatches, then the remote server transmits the encryption subfile to the Vehicle Electronic Control again
Unit, including:
If the corresponding message authentication code of target data segment in (i-1)-th encryption subfile, and according to (i-1)-th institute
It states the message authentication code of target data fragment computations decrypted in encryption subfile to mismatch, then the vehicle electronic control unit
Refusal downloads i-th of encryption subfile, and the remote server transmits (i-1)-th encryption subfile again, and i is whole
Number, and 2≤i≤N;
Until in (i-1)-th encryption subfile target data segment message authentication code, and according to described (i-1)-th
The message authentication code of the target data fragment computations matching decrypted in encryption subfile, the remote server start transmission i-th
A encryption subfile.
8. a kind of onboard program file encryption system, which is characterized in that including remote server;
The remote server includes:
Identification code acquisition module is configured as obtaining the vehicle unique identifier of vehicle to be downloaded;
Division module is configured as the data in onboard program file being divided into more than one data slot;
Computing module is configured as, using the vehicle unique identifier and one above data slot, generating one
Above target data segment, and the more than one respective message authentication code of target data segment is calculated, it is at least one
The target data segment includes the vehicle unique identifier;
Encrypting module, be configured as using key and Advanced Encryption Standard AES to one above target data segment into
Row encryption;
Subfile generation module is configured as based on encrypted one above target data segment and one
The message authentication code of above target data segment generates more than one encryption subfile, an encryption subfile packet
An encrypted target data segment and the message authentication code with an encrypted target data segment are included, alternatively, one
The encryption subfile include an encrypted data slot and an encrypted target data segment through the key
With the message authentication code of the AES encryption.
9. onboard program file encryption system according to claim 8, which is characterized in that the remote server also wraps
It includes:
First adds in module, is configured as the respective data initial address of one above data slot and data slot
Length is separately added into the corresponding encryption subfile;
And/or
Second adds in module, is configured as one above data slot respectively through the key and the AES encryption
Data initial address and data fragment length add in the corresponding encryption subfile.
10. onboard program file encryption system according to claim 8, which is characterized in that the onboard program file adds
Close system further includes vehicle electronic control unit;
The vehicle electronic control unit includes:
Download module is configured as downloading at least one encryption subfile to the vehicle electronic control unit.
11. onboard program file encryption system according to claim 10, which is characterized in that the Vehicle Electronic Control list
Member further includes:
Receiving module is configured as receiving the safety certification check code that remote server is sent, and the safety certification check code is
The remote server is using the key and the AES encryption to calculating after the vehicle unique identification code encryption that gets
Message authentication code;
Matching module, be configured as detecting the safety certification check code whether the vehicle unique identification with the vehicle to be downloaded
Code matching;
Trigger module, if being configured as the vehicle unique identifier of the safety certification check code and the vehicle to be downloaded
Match, then the vehicle electronic control unit allows to download at least one encryption subfile to the Vehicle Electronic Control list
Member.
12. onboard program file encryption system according to claim 11, which is characterized in that the specific quilt of the matching module
It is configured to:
The safety check code is decrypted using the key and the AES encryption, recovers vehicle unique identifier;And inspection
Survey whether the vehicle unique identifier recovered matches with the vehicle unique identifier of the vehicle to be downloaded;
Alternatively,
To the vehicle unique identification code encryption of the vehicle to be downloaded and comparison inspection is calculated using the key and the AES
Test code;And whether the detection safety check code matches with the comparison test code.
13. onboard program file encryption system according to claim 10, which is characterized in that the Vehicle Electronic Control list
Member further includes deciphering module;
The deciphering module is configured as decrypting at least one encryption subfile using key and the AES, according to solution
The target data segment in encryption subfile after close calculates the message of the target data segment in the encryption subfile after decryption
Authentication code;
The download module, if the message authentication code in the encryption subfile is additionally configured to, and according to the encryption after decryption
The message authentication code of target data fragment computations in subfile mismatches, then re-downloads the encryption subfile to the vapour
Vehicle electronic control unit.
14. onboard program file encryption system according to claim 13, which is characterized in that the encryption onboard program text
Part includes N number of encryption subfile, and N is positive integer;
The download module is specifically configured to:
If the corresponding message authentication code of target data segment in (i-1)-th encryption subfile, and according to (i-1)-th institute
The message authentication code of target data fragment computations decrypted in encryption subfile is stated to mismatch, then refuse to download i-th it is described plus
Close subfile, and re-download (i-1)-th encryption subfile, i are integer, and 2≤i≤N;
Until in (i-1)-th encryption subfile target data segment message authentication code, and according to described (i-1)-th
The message authentication code of the target data fragment computations matching decrypted in encryption subfile, starts to download i-th of encryption Ziwen
Part.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201711466140.8A CN108200044B (en) | 2017-12-28 | 2017-12-28 | Vehicle-mounted program file encryption method and system |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201711466140.8A CN108200044B (en) | 2017-12-28 | 2017-12-28 | Vehicle-mounted program file encryption method and system |
Publications (2)
Publication Number | Publication Date |
---|---|
CN108200044A true CN108200044A (en) | 2018-06-22 |
CN108200044B CN108200044B (en) | 2021-02-19 |
Family
ID=62585820
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201711466140.8A Active CN108200044B (en) | 2017-12-28 | 2017-12-28 | Vehicle-mounted program file encryption method and system |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN108200044B (en) |
Cited By (12)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN109189405A (en) * | 2018-07-19 | 2019-01-11 | 山东省科学院自动化研究所 | A kind of method and system of proving program Flash data consistency |
CN110035080A (en) * | 2019-04-10 | 2019-07-19 | 陕西天行健车联网信息技术有限公司 | For the encrypting and decrypting system and its method of car-mounted terminal |
CN111294771A (en) * | 2018-12-10 | 2020-06-16 | 大陆汽车电子(连云港)有限公司 | In-vehicle device, system for implementing in-vehicle communication and related method |
CN111356114A (en) * | 2020-02-19 | 2020-06-30 | 北京百度网讯科技有限公司 | In-vehicle electronic control unit upgrading method, device, equipment and vehicle system |
CN111459496A (en) * | 2020-04-07 | 2020-07-28 | 珠海格力电器股份有限公司 | Method for generating tamper-proof program file and method for upgrading equipment |
CN111739190A (en) * | 2020-05-27 | 2020-10-02 | 深圳市元征科技股份有限公司 | Vehicle diagnostic file encryption method, device, equipment and storage medium |
CN112637161A (en) * | 2018-09-12 | 2021-04-09 | 宁德时代新能源科技股份有限公司 | Data transmission method and storage medium |
CN113721956A (en) * | 2021-08-26 | 2021-11-30 | 广州擎天实业有限公司 | Method for updating control program of excitation system |
CN113886863A (en) * | 2021-12-07 | 2022-01-04 | 成都中科合迅科技有限公司 | Data encryption method and data encryption device |
CN113992331A (en) * | 2021-11-15 | 2022-01-28 | 苏州挚途科技有限公司 | Vehicle-mounted Ethernet data transmission method, device and system |
CN115473722A (en) * | 2022-09-07 | 2022-12-13 | 湖北亿纬动力有限公司 | Data encryption method and device, electronic equipment and storage medium |
US11662991B2 (en) | 2017-10-24 | 2023-05-30 | Huawei International Pte. Ltd. | Vehicle-mounted device upgrade method and related device |
Citations (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101271501A (en) * | 2008-04-30 | 2008-09-24 | 北京握奇数据系统有限公司 | Encryption and decryption method and device of digital media file |
CN101950344A (en) * | 2010-09-21 | 2011-01-19 | 广东欧珀移动通信有限公司 | Encryption and decryption methods of embedded software program |
CN102073824A (en) * | 2011-01-12 | 2011-05-25 | 深圳昂楷科技有限公司 | Method for generating and updating unique identifier of encrypted document |
CN103166943A (en) * | 2011-12-19 | 2013-06-19 | 北汽福田汽车股份有限公司 | Method and system for encryption transmission electronic control unit (ECU) objective file |
CN103326822A (en) * | 2013-07-18 | 2013-09-25 | 上海交通大学 | Data-fragment-based method and system for protecting privacy of participatory perception system |
CN106203128A (en) * | 2015-04-30 | 2016-12-07 | 宋青见 | Web data encipher-decipher method, device and system |
CN106682519A (en) * | 2017-01-04 | 2017-05-17 | 重庆长安汽车股份有限公司 | Method and system for remotely flashing vehicle controller program |
WO2017141468A1 (en) * | 2016-02-15 | 2017-08-24 | スター精密株式会社 | Identification information transfer system and identification information decryption method |
-
2017
- 2017-12-28 CN CN201711466140.8A patent/CN108200044B/en active Active
Patent Citations (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101271501A (en) * | 2008-04-30 | 2008-09-24 | 北京握奇数据系统有限公司 | Encryption and decryption method and device of digital media file |
CN101950344A (en) * | 2010-09-21 | 2011-01-19 | 广东欧珀移动通信有限公司 | Encryption and decryption methods of embedded software program |
CN102073824A (en) * | 2011-01-12 | 2011-05-25 | 深圳昂楷科技有限公司 | Method for generating and updating unique identifier of encrypted document |
CN103166943A (en) * | 2011-12-19 | 2013-06-19 | 北汽福田汽车股份有限公司 | Method and system for encryption transmission electronic control unit (ECU) objective file |
CN103326822A (en) * | 2013-07-18 | 2013-09-25 | 上海交通大学 | Data-fragment-based method and system for protecting privacy of participatory perception system |
CN106203128A (en) * | 2015-04-30 | 2016-12-07 | 宋青见 | Web data encipher-decipher method, device and system |
WO2017141468A1 (en) * | 2016-02-15 | 2017-08-24 | スター精密株式会社 | Identification information transfer system and identification information decryption method |
CN106682519A (en) * | 2017-01-04 | 2017-05-17 | 重庆长安汽车股份有限公司 | Method and system for remotely flashing vehicle controller program |
Cited By (20)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US11662991B2 (en) | 2017-10-24 | 2023-05-30 | Huawei International Pte. Ltd. | Vehicle-mounted device upgrade method and related device |
CN109189405B (en) * | 2018-07-19 | 2022-03-01 | 山东省科学院自动化研究所 | Method and system for verifying Flash data consistency of program |
CN109189405A (en) * | 2018-07-19 | 2019-01-11 | 山东省科学院自动化研究所 | A kind of method and system of proving program Flash data consistency |
CN112637161A (en) * | 2018-09-12 | 2021-04-09 | 宁德时代新能源科技股份有限公司 | Data transmission method and storage medium |
CN112637161B (en) * | 2018-09-12 | 2022-07-08 | 宁德时代新能源科技股份有限公司 | Data transmission method and storage medium |
CN111294771A (en) * | 2018-12-10 | 2020-06-16 | 大陆汽车电子(连云港)有限公司 | In-vehicle device, system for implementing in-vehicle communication and related method |
CN110035080A (en) * | 2019-04-10 | 2019-07-19 | 陕西天行健车联网信息技术有限公司 | For the encrypting and decrypting system and its method of car-mounted terminal |
CN110035080B (en) * | 2019-04-10 | 2021-11-02 | 陕西天行健车联网信息技术有限公司 | Encryption and decryption system and method for vehicle-mounted terminal |
CN111356114A (en) * | 2020-02-19 | 2020-06-30 | 北京百度网讯科技有限公司 | In-vehicle electronic control unit upgrading method, device, equipment and vehicle system |
CN111356114B (en) * | 2020-02-19 | 2023-06-20 | 阿波罗智联(北京)科技有限公司 | In-vehicle electronic control unit upgrading method, device, equipment and vehicle system |
CN111459496A (en) * | 2020-04-07 | 2020-07-28 | 珠海格力电器股份有限公司 | Method for generating tamper-proof program file and method for upgrading equipment |
CN111459496B (en) * | 2020-04-07 | 2021-06-08 | 珠海格力电器股份有限公司 | Method for generating tamper-proof program file and method for upgrading equipment |
CN111739190B (en) * | 2020-05-27 | 2022-09-20 | 深圳市元征科技股份有限公司 | Vehicle diagnostic file encryption method, device, equipment and storage medium |
CN111739190A (en) * | 2020-05-27 | 2020-10-02 | 深圳市元征科技股份有限公司 | Vehicle diagnostic file encryption method, device, equipment and storage medium |
CN113721956A (en) * | 2021-08-26 | 2021-11-30 | 广州擎天实业有限公司 | Method for updating control program of excitation system |
CN113721956B (en) * | 2021-08-26 | 2024-02-20 | 广州擎天实业有限公司 | Method for updating excitation system control program |
CN113992331A (en) * | 2021-11-15 | 2022-01-28 | 苏州挚途科技有限公司 | Vehicle-mounted Ethernet data transmission method, device and system |
CN113886863B (en) * | 2021-12-07 | 2022-03-15 | 成都中科合迅科技有限公司 | Data encryption method and data encryption device |
CN113886863A (en) * | 2021-12-07 | 2022-01-04 | 成都中科合迅科技有限公司 | Data encryption method and data encryption device |
CN115473722A (en) * | 2022-09-07 | 2022-12-13 | 湖北亿纬动力有限公司 | Data encryption method and device, electronic equipment and storage medium |
Also Published As
Publication number | Publication date |
---|---|
CN108200044B (en) | 2021-02-19 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN108200044A (en) | Vehicle-mounted program file encryption method and system | |
CN111279310B (en) | Vehicle-mounted equipment upgrading method and related equipment | |
CN109479000B (en) | Reuse system, key generation device, data security device, vehicle-mounted computer, reuse method, and storage medium | |
CN111726274B (en) | Automobile CAN bus data communication method, equipment and storage medium | |
CN109314640B (en) | Vehicle information collection system, vehicle-mounted computer, vehicle information collection device, vehicle information collection method, and recording medium | |
CN103166759B (en) | Use the method and apparatus downloaded for secure firmware of diagnosis link connector (DLC) and ONSTAR system | |
JP5310761B2 (en) | Vehicle network system | |
EP3148236A1 (en) | System and method for controlling access to an in-vehicle communication network | |
CN106572106B (en) | Method for transmitting message between TBOX terminal and TSP platform | |
CN106357400B (en) | Establish the method and system in channel between TBOX terminal and TSP platform | |
US9450937B2 (en) | Vehicle network authentication system, and vehicle network authentication method | |
US20150180840A1 (en) | Firmware upgrade method and system thereof | |
US11212080B2 (en) | Communication system, vehicle, server device, communication method, and computer program | |
CN107992753B (en) | Method for updating software of a control device of a vehicle | |
CN105635147A (en) | Vehicle-mounted-special-equipment-system-based secure data transmission method and system | |
Van den Herrewegen et al. | Beneath the bonnet: A breakdown of diagnostic security | |
CN109190362B (en) | Secure communication method and related equipment | |
CN111181928A (en) | Vehicle diagnosis method, server, and computer-readable storage medium | |
WO2022017314A1 (en) | Information reading method, apparatus, system and storage medium | |
CN111565182B (en) | Vehicle diagnosis method and device and storage medium | |
CN109314645B (en) | Data providing system, data protection device, data providing method, and storage medium | |
CN109314644B (en) | Data providing system, data protection device, data providing method, and storage medium | |
CN113132082A (en) | Communication method and device based on vehicle intranet | |
CN108352991B (en) | Information processing apparatus and unauthorized message detection method | |
CN108337234B (en) | Vehicle-mounted program file encryption method and device |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant | ||
TR01 | Transfer of patent right | ||
TR01 | Transfer of patent right |
Effective date of registration: 20220125 Address after: 352100 science and Technology Co., Ltd., No. 2, Xingang Road, Zhangwan Town, Jiaocheng District, Ningde City, Fujian Province Patentee after: Ningde Shidai Runzhi Software Technology Co.,Ltd. Address before: 352100 Xingang Road, Zhangwan Town, Jiaocheng District, Ningde, Fujian 1 Patentee before: Contemporary Amperex Technology Co.,Ltd. |