CN108337234A - Vehicle-mounted program file encryption method and device - Google Patents
Vehicle-mounted program file encryption method and device Download PDFInfo
- Publication number
- CN108337234A CN108337234A CN201711461011.XA CN201711461011A CN108337234A CN 108337234 A CN108337234 A CN 108337234A CN 201711461011 A CN201711461011 A CN 201711461011A CN 108337234 A CN108337234 A CN 108337234A
- Authority
- CN
- China
- Prior art keywords
- data slot
- encryption
- program file
- encrypted
- data
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/06—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
- H04L9/0618—Block ciphers, i.e. encrypting groups of characters of a plain text message using fixed encryption transformation
- H04L9/0631—Substitution permutation network [SPN], i.e. cipher composed of a number of stages or rounds each involving linear and nonlinear transformations, e.g. AES algorithms
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
- H04L9/0863—Generation of secret information including derivation or calculation of cryptographic keys or passwords involving passwords or one-time passwords
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Theoretical Computer Science (AREA)
- General Engineering & Computer Science (AREA)
- Databases & Information Systems (AREA)
- General Health & Medical Sciences (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- Bioethics (AREA)
- General Physics & Mathematics (AREA)
- Health & Medical Sciences (AREA)
- Computing Systems (AREA)
- Storage Device Security (AREA)
- Mobile Radio Communication Systems (AREA)
Abstract
The invention provides a vehicle-mounted program file encryption method and device, and relates to the field of electronics and electrics. The vehicle-mounted program file encryption method comprises the following steps: dividing data in the vehicle-mounted program file into more than one data segment; calculating to obtain the message authentication codes of more than one data segment according to more than one data segment; encrypting more than one data fragment by using a secret key and an Advanced Encryption Standard (AES); generating more than one encrypted subfiles based on the encrypted more than one data fragment and the message authentication code of the more than one data fragment, wherein each encrypted subfile comprises one encrypted data fragment and the message authentication code of the one encrypted data fragment; and combining to obtain the encrypted vehicle-mounted program file according to more than one encrypted subfile. The vehicle-mounted program file encryption method and device can improve the safety of vehicle control.
Description
Technical field
The present invention relates to electric field more particularly to a kind of onboard program file encrypting methods and device.
Background technology
Electronic control unit (Electronic Control Unit, ECU) being widely used on automobile is general.Electronics
Control unit can carry out operation according to the parameters information of acquisition in conjunction with the program for being stored in electronic control unit.It will fortune
The result of calculation changes signal in order to control, to realize that electronic control unit controls the entirety of automobile.
In order to meet various requirement of the user to automobile control function, electronic control unit needs to download each class method.Electricity
The format for the program file that sub-control unit is downloaded opens, and content belongs in plain text, is easier to be tampered.Under electronic control unit
, can not be after whether determining program file be tampered after carrying program file.If electronic control unit has downloaded the journey after distorting
Preface part can then cause a hidden trouble to the safety of automobile, reduce the safety of automobile control.
Invention content
An embodiment of the present invention provides a kind of onboard program file encrypting method and devices, can improve the peace of automobile control
Quan Xing.
In a first aspect, an embodiment of the present invention provides a kind of onboard program file encrypting methods, including:By onboard program text
Data in part are divided into more than one data slot;According to more than one data slot, it is calculated more than one
The respective message authentication code of data slot;More than one data slot is added using key and Advanced Encryption Standard AES
It is close;Message authentication code based on encrypted more than one data slot and more than one data slot, generate one with
On encryption subfile, each subfile of encrypting includes an encrypted data slot and the message authentication with a data slot
Code;According to more than one encryption subfile, combination obtains encryption onboard program file.
Second aspect, an embodiment of the present invention provides a kind of onboard program document encrypting apparatus, including:Division module, quilt
It is configured to the data in onboard program file being divided into more than one data slot;Computing module is configured as according to one
A above data slot, is calculated the respective message authentication code of more than one data slot;Encrypting module is configured as
More than one data slot is encrypted using key and Advanced Encryption Standard AES;Subfile generation module, is configured as
Based on encrypted more than one data slot, and message authentication code corresponding with more than one data slot, one is generated
A above encryption subfile, it is each to encrypt the message that subfile includes an encrypted data slot and a data slot and recognize
Demonstrate,prove code;Composite module is configured as according to more than one encryption subfile, and combination obtains encryption onboard program file.
A kind of onboard program file encrypting method of offer of the embodiment of the present invention and device.The number that will be arrived in onboard program file
According to more than one data slot is divided into, the message authentication code of data slot is obtained.Utilize key and Advanced Encryption Standard pair
Data slot is encrypted.Based on encrypted data slot and message authentication code, encryption subfile is generated.Utilize encryption subfile
Encrypted data slot and the corresponding message authentication code of data slot are transmitted, encrypted data slot is difficult to decrypt, and reduces vehicle-mounted
The possibility that program file is tampered in transmission process.The message authentication code of each data slot can judge the data slice
Whether section is wrong in transmission process, improves safety of the onboard program file in transmission process.To improve automobile
The safety of control.
Description of the drawings
From below in conjunction with the accompanying drawings to the present invention specific implementation mode description in may be better understood the present invention wherein,
Same or analogous reference numeral indicates same or analogous feature.
Fig. 1 is a kind of flow chart of onboard program file encrypting method in the embodiment of the present invention;
Fig. 2 is a kind of structural schematic diagram of the subfile in s19 files in the embodiment of the present invention;
Fig. 3 is a kind of flow chart of onboard program file encrypting method in another embodiment of the present invention;
Fig. 4 is a kind of structural schematic diagram of encryption subfile in the embodiment of the present invention;
Fig. 5 is the flow chart of another onboard program file encrypting method in another embodiment of the present invention;
Fig. 6 is the structural schematic diagram of another encryption subfile in the embodiment of the present invention;
Fig. 7 is a kind of flow chart of onboard program file encrypting method in further embodiment of this invention;
Fig. 8 is a kind of flow chart of onboard program file encrypting method in yet another embodiment of the invention;
Fig. 9 is a kind of structural schematic diagram of onboard program document encrypting apparatus in one embodiment of the invention;
Figure 10 is a kind of structural schematic diagram of onboard program document encrypting apparatus in another embodiment of the present invention;
Figure 11 is the structural schematic diagram of another onboard program document encrypting apparatus in another embodiment of the present invention;
Figure 12 is a kind of structural schematic diagram of onboard program document encrypting apparatus in further embodiment of this invention;
Figure 13 is a kind of structural schematic diagram of onboard program document encrypting apparatus in yet another embodiment of the invention.
Specific implementation mode
The feature and exemplary embodiment of various aspects of the invention is described more fully below.In following detailed description
In, it is proposed that many details, in order to provide complete understanding of the present invention.But to those skilled in the art
It will be apparent that the present invention can be implemented in the case of some details in not needing these details.Below to implementing
The description of example is just for the sake of by showing that the example of the present invention is better understood from the present invention to provide.The present invention never limits
In any concrete configuration set forth below and algorithm, but cover under the premise of without departing from the spirit of the present invention element,
Any modification, replacement and the improvement of component and algorithm.In the the accompanying drawings and the following description, well known structure and skill is not shown
Art is unnecessary fuzzy to avoid causing the present invention.
An embodiment of the present invention provides a kind of onboard program file encrypting method and devices.In one example, it can apply
In the scene in automobile download onboard program file, alternatively, mutually carry out data transmission with automobile applied to other equipment
In scene.Wherein, other equipment may be automobile.
By taking automobile downloads onboard program file as an example, the vehicle electronic control unit (Electronic in automobile
Control Unit, ECU) by car-mounted terminal onboard program file can be downloaded from far-end server.Alternatively, Vehicle Electronic Control
Unit can be integrated with car-mounted terminal, and the car-mounted terminal with vehicle electronic control unit can download onboard program from far-end server
In the scene of file.Wherein, car-mounted terminal can be wirelessly communicated with far-end server and be connect.For example, car-mounted terminal and remote service
Device is carried out by wireless communication techniques such as data network, Wireless Fidelity (Wireless Fidelity, WiFi), bluetooth or purple honeybees
Data transmission is realized in communication.Car-mounted terminal can realize data with vehicle electronic control unit by wire communication or wireless communication
Transmission.
Car-mounted terminal also can pass through the circuits wired connection such as data line, general with the hardware device for carrying onboard program file
The onboard program file download that car-mounted terminal is obtained from hardware device is to vehicle electronic control unit.Car-mounted terminal and automotive electronics
Control unit can realize data transmission by wire communication or wireless communication.
Onboard program file is encrypted, to ensure onboard program document transmission process or other during, keep away
Exempt to reveal onboard program file, to avoid the malice to onboard program file from distorting, improves the safety of onboard program file
Property, to improve the safety of automotive safety control.
Fig. 1 is a kind of flow chart of onboard program file encrypting method in the embodiment of the present invention.As shown in Figure 1, vehicle-mounted journey
Sequence file encrypting method includes step 101 to step 105.
In a step 101, the data in onboard program file are divided into more than one data slot.
In one example, onboard program file can be the program file of the newly downloaded control application of automobile, can also
It is the update program file of the existing control application of automobile.For formally, onboard program file can be s19 files or
Hex files.Onboard program file may include identifier, data address (also known as program address), data (also known as program) with
And verify and wait contents.Identifier may include data type and data length etc..In one example, if onboard program file is
S19 files, s19 files include multirow subfile, can the data in every row subfile be divided into more than one data slot.
For example, structural schematic diagrams of the Fig. 2 for the subfile in a kind of s19 files in the embodiment of the present invention.As shown in Fig. 2, in s19 files
Subfile may include data type, data length, data address, data and verification and.It can be by subfile in s19 files
Data are divided into more than one data slot.
In one example, if the data in onboard program file are smaller, the data in onboard program file can be made
For a data slot.
In one example, if the data in onboard program file are larger, the data in onboard program file can be drawn
It is divided into more than two data slots.The size of more than two data slots may be the same or different, herein and unlimited
It is fixed.
In a step 102, according to more than one data slot, it is calculated that more than one data slot is respective to disappear
Cease authentication code.
Each data slot is corresponding with message authentication code (Message Authentication Code, MAC).Message
Authentication code is a kind of verification tool that communicating pair uses, and whether integrality and the data for capableing of verification data are wrong.One
In a example, message authentication code can be obtained according to key and data summarization.
In step 103, more than one data slot is encrypted using key and Advanced Encryption Standard AES.
Using key and Advanced Encryption Standard (Advanced Encryption Standard, AES) to more than one
Each data slot in data slot is encrypted.Wherein, Advanced Encryption Standard is a kind of symmetric key encryption algorithm.
In one example, AES128 algorithms, AES192 algorithms or AES256 algorithms may be used and be encrypted.Corresponding, key also may be used
Use 128,192 or 256 keys.Hardware implementation may be used in Advanced Encryption Standardalgorithm, and software reality can also be used
It applies, does not limit herein.
AES encryption is carried out to onboard program file, onboard program file can be formed byte matrix;Successively to byte matrix
It carries out InvAddRoundKey transformation, byte substitution (also known as S boxes transformation), shiftrows and row and obscures transformation.
At step 104, it is based on the message of encrypted more than one data slot and more than one data slot
Authentication code generates more than one encryption subfile.
Wherein, this more than one encryption subfile of generation is combined into encrypted onboard program file.Namely
It says, all encryption subfiles of generation are combined into encrypted onboard program file.Each encryption subfile includes encrypted
One data slot and the message authentication code with the data slot.In one example, the often row subfile of onboard program file
Data can be divided into more than two data slots.For example, the data of a line subfile can divide in onboard program file
For three data data slots, then three encryption subfiles of generation can be corresponded to, each encryption subfile includes one encrypted
Data slot, and the message authentication code with the data slot.In one example, message authentication code need not be encrypted.
In one example, encryption subfile may also include the data address of the data slot and the verification of the data slot
With.Alternatively, encryption subfile may also include the encrypted data address of the data slot and the data slot verification and.
Encryption subfile carry onboard program file main contents, it can be achieved that onboard program file distinct device it
Between safe transmission.For example, safe transmission, program storage hardware equipment between far-end server and automobile and between automobile
Safe transmission etc. between safe transmission or automobile and automobile.
In step 105, according to more than one encryption subfile, combination obtains encryption onboard program file.
For example onboard program file includes three row subfiles, often the data of row subfile can be divided into two data slices
Section, then produce six encryption subfiles according to the onboard program file, this six encryption subfiles are combined into encryption vehicle
Carry program file.
In embodiments of the present invention, encrypted data slot and the corresponding message of data slot are transmitted using encryption subfile
Authentication code.Encrypted data slot is difficult to decrypt, and encrypts subfile and use user-defined format, even if intercepting and capturing encryption Ziwen
Part, it is also difficult to which parsing encryption subfile substantially reduces the possibility that onboard program file is revealed and is tampered in transmission process
Property.The message authentication code of each data slot can judge whether the data slot is wrong in transmission process, improves vehicle
Carry safety of the program file in transmission process.To improve the safety of automobile control.
Moreover, if the number of encryption subfile is two or more, that is to say, that the data of onboard program file are divided into two
A data slot.So, each data slot can be according to the message authentication code of itself, to determine the use of encryption subfile transmission
Whether the data slot come is wrong or imperfect.Wrong or incomplete data slot can be found as early as possible and takes corresponding measure.
Fig. 3 is a kind of flow chart of onboard program file encrypting method in another embodiment of the present invention.Fig. 3 and Fig. 1 are not
It is with place, onboard program file encrypting method shown in Fig. 3 may also include step 106 to step 111.
In step 106, the respective data initial address of more than one data slot is obtained.
When dividing data slot it can be seen that therefore the size of each data slot can obtain the number of each data slot
It is added in encryption subfile according to initial address, and by the data initial address of each data slot.Encrypting subfile can be by data
Segment and the data initial address of the data slot are transmitted together.Download can be according to the data of data slot and data slot
Initial address restores onboard program file.
In step 107, the respective data initial address of more than one data slot is separately added into corresponding encryption
Subfile.
In one example, the data that subfile may include an encrypted data slot, the data slot are each encrypted
Initial address and the corresponding message authentication code of the data slot.Encryption subfile may also include other content, herein and unlimited
It is fixed.
It should be noted that step 107 synchronous with above-mentioned steps 104 can execute.In one example, it is based on encrypted one
A above data slot, the respective data initial address of more than one data slot and more than one data slot
Message authentication code, generate more than one encryption subfile.
In step 108, according to encrypted more than one data slot, the respective data of more than one data slot
Initial address and the respective message authentication code of more than one data slot, it is each to obtain encrypted more than one data slot
From verification and.
For each encrypted data slot, according to the data starting point of encrypted data slot, the data slot
The message authentication code of location and the data slot, can be calculated the encrypted data slot verification and.In one example,
Each encrypt disappearing for the data initial address, the encrypted data slot, the data slot that subfile includes a data slot
Cease authentication code and the encrypted data slot verification and.
For example, Fig. 4 is a kind of structural schematic diagram of encryption subfile in the embodiment of the present invention.Encryption Ziwen shown in Fig. 4
Part is by the data initial address of data slot, encrypted data slot, the message authentication code of data slot and encrypted data slice
Section verification and be spliced successively.Wherein, the byte number of an encrypted data slot is that byte number is divided in preset encryption
Positive integer times.In the example of fig. 4, preset encryption segmentation byte number is 16 bytes, can be by encrypted data slot
Size is expressed as N × 16Bytes (i.e. N times of 16 bytes), and N is positive integer.The size of the message authentication code of data slot can be
16Bytes (i.e. 16 bytes) byte.The size of the verification sum of encrypted data slot can be 1Byte (i.e. 1 byte).
If the byte number that the data of onboard program file when dividing data slot in advance, occurs in onboard program file is insufficient
It, then can be to vehicle-mounted to realize that the byte number of encrypted data slot is the case where positive integer times of byte number are divided in preset encryption
Program file carries out cover, and addition does not influence the byte number of onboard program file, to realize the byte of encrypted data slot
Number is the positive integer times that byte number is divided in preset encryption.
In one example, onboard program file is s19 files, first data of the data division of onboard program file
The data initial address of segment is the data address in s19 files.Data after first data slot of onboard program file
The data initial address of segment, can be according to the size of each data slot and the data initial address of previous data slot
It determines.For example, the data initial address of second data slot, can according to the data initial address of first data slot and
The size of first data slot determines.
In embodiments of the present invention, the data initial address of data slot is unencryption.In one example, encrypted
The verification of one data slot and complement code for the first adduction.First adduction is the data initial address of a data slot, adds
The adduction of the message authentication code of a close data slot and a data slot.By taking hexadecimal as an example, encrypted data slice
The verification and calculating of section can be expressed as " verification of encrypted data slot and=0xFF-(the data initial addresses of data slot
The message authentication code of+encrypted data slot+data slot) ".
In step 109, at least one encryption subfile is downloaded to vehicle electronic control unit.
All encryption subfiles generated in step 104 are downloaded in vehicle electronic control unit, i.e., it will be in step 105
Encryption onboard program file download to Vehicle Electronic Control power supply in.It Radio Transmission Technology that can be used will encrypt subfile to download
To vehicle electronic control unit, professional operator's connecing the hardware device for carrying onboard program file and automobile is not needed
Mouth connection, to improve the efficiency of onboard program file download.Encryption subfile is downloaded in above-described embodiment to automotive electronics control
Unit processed, specifically can be implemented as through car-mounted terminal, and encryption subfile is downloaded to Vehicle Electronic Control list from far-end server
Member.That is, car-mounted terminal can download encryption subfile from far-end server, vehicle electronic control unit can be from car-mounted terminal
Download encryption subfile.For example, vehicle electronic control unit can pass through unified diagnostic service (UDS, Unified Diagnostic
Service it) is communicated with car-mounted terminal.
In one example, according to position of the encrypted data slot in onboard program file in N number of encryption subfile
Sequentially, the 1st encryption subfile to n-th encryption subfile is downloaded to vehicle electronic control unit successively, N is onboard program
The number of the corresponding encryption subfile of file.
For example, if onboard program file is made of an encryption subfile, this can be encrypted by car-mounted terminal
Subfile is downloaded in vehicle electronic control unit.Specifically, can be downloaded in the flash memory of electronic control unit.
It for another example, can be according in encryption subfile if onboard program file is made of two or more encryption subfile
Encrypted data slot putting in order in encrypting onboard program file, download successively includes the encryption of encrypted data slot
In subfile to vehicle electronic control unit.Specifically, can be downloaded in the flash memory of electronic control unit.
In one example, the program that can be downloaded at least one encryption subfile to vehicle electronic control unit is downloaded
Area.
Since the encryption subfile of download may malfunction in transmission process, cause encryption subfile in data slot simultaneously
It is imperfect or mistake occur.Therefore, after having downloaded encryption subfile, the data slot in encryption subfile can be carried out complete
The inspection of property and accuracy.Can not the data slot in the encryption subfile of download be written to Vehicle Electronic Control list at once
In member.Program download area can be set in vehicle electronic control unit, make program download area independently of vehicle electronic control unit
The part of middle run program file.It can all be carried out in program download area to encrypting the decryption of subfile and checking.
In step 110, according to the encryption subfile of download, the encrypted more than one data slot downloaded is each
From verification and.
It in one example, can be according to the data of encrypted data slot, data slot in the encryption subfile of download
The message authentication code of initial address and data slot, be calculated the encrypted data slot of download verification and.
In step 111, be based on the respective verification of encrypted more than one data slot and, and download encrypted
The respective verification of more than one data slot and, determine whether the encrypted more than one data slot downloaded complete and accurate
Really.
In one example, if encrypted more than one data slot it is respective verification and, respectively with the encryption of download
More than one data slot it is respective verification with it is consistent, it is determined that the encrypted more than one data slot of download is complete
With it is accurate.
In one example, if the more than wherein at least one verification of encrypted data slot and, it is encrypted with download
The verification of the data slot and inconsistent, it is determined that encrypted data slot of download is imperfect and/or inaccurate.
In order to avoid encryption subfile makes data slot imperfect or inaccurate situation occur in transmitting downloading process.
It, can be according to the school of the encrypted data slot after download after by encrypting subfile by the completion of onboard program file download
It tests and is verified, to determine whether encrypted data slot is complete and accurate.
Fig. 5 is the flow chart of another onboard program file encrypting method in another embodiment of the present invention.Fig. 5's and Fig. 1
The difference is that onboard program file encrypting method shown in fig. 5 may also include step 112 to step 118.
In step 112, the respective data initial address of more than one data slot is obtained.
The content for obtaining the respective data initial address of more than one data slot can be found in step in above-described embodiment
106 related description, details are not described herein.
In step 113, the respective data initial address of more than one data slot is encrypted using key and AES.
In order to further increase the safety of encryption subfile, key and Advanced Encryption Standard can be utilized to each data
The data initial address of segment is also encrypted.
In step 114, by more than one data slot respectively encrypted data initial address be separately added into it is corresponding
Encrypt subfile.
In one example, the encryption that subfile may include an encrypted data slot, the data slot is each encrypted
Data initial address and the data slot message authentication code.Encryption subfile may also include other content, herein not
It limits.
It is respectively encrypted according to encrypted more than one data slot, more than one data slot in step 115
Data initial address and the respective message authentication code of more than one data slot, obtain encrypted more than one data slice
Section it is respective verification and.
For each encrypted data slot, risen according to encrypted data slot, the encrypted data of the data slot
Beginning address message authentication code corresponding with the data slot, can be calculated the encrypted data slot verification and.One
In a example, it is each encrypt subfile may include the encrypted data initial address of a data slot, the encrypted data slot,
The verification of the message authentication code of the data slot and the encrypted data slot and.
For example, Fig. 6 is the structural schematic diagram of another encryption subfile in the embodiment of the present invention.Encryption shown in fig. 6
File is by the encrypted data initial address of data slot, encrypted data slot, the corresponding message authentication code of data slot and adds
It the verification of close data slot and is spliced successively.Wherein, the byte number of an encrypted data slot is preset encryption
Divide the positive integer times of byte number.In the example of fig. 6, preset encryption segmentation byte number is 16 bytes, can will be encrypted
The size of data slot is expressed as N × 16Bytes, and (i.e. N times of 16 bytes, N are positive integer.The message authentication code of data slot
Size can be 16Bytes (i.e. 16 bytes) byte.The size of the verification sum of encrypted data slot can be 1Byte (i.e. 1 byte).
If the byte number that the data of onboard program file when dividing data slot in advance, occurs in onboard program file is insufficient
It, then can be to vehicle-mounted to realize that the byte number of encrypted data slot is the case where positive integer times of byte number are divided in preset encryption
Program file carries out cover, and addition does not influence the byte number of onboard program file, to realize the byte of encrypted data slot
Number is the positive integer times that byte number is divided in preset encryption.
In one example, onboard program file is s19 files, first data of the data division of onboard program file
The data initial address of segment is the data address in s19 files.Data after first data slot of onboard program file
The data initial address of segment can be according to the size of each data slot and the data initial address of previous data slot
It determines.For example, the data initial address of second data slot can according to the data initial address of first data slot and
The size of first data slot determines.
In embodiments of the present invention, the data initial address of data slot is encrypted.In one example, encrypted one
The verification of a data slot and the complement code summed it up for second, the second adduction are the encrypted data starting point of a data slot
The adduction of the message authentication code of location, an encrypted data slot and a data slot.By taking hexadecimal as an example, encrypted number
It can be expressed as " verification of encrypted data slot and=0xFF-(the encrypted numbers of data slot according to the verification and calculating of segment
According to the message authentication code of initial address+encrypted data slot+data slot) ".
In step 116, at least one encryption subfile is downloaded to vehicle electronic control unit.
The content for downloading at least one encryption subfile to vehicle electronic control unit can be found in step in above-described embodiment
109 related description, details are not described herein.
In step 117, according to the encryption subfile of download, the encrypted more than one data slot downloaded is each
From verification and.
It in one example, can be according to the encryption of encrypted data slot, data slot in the encryption subfile of download
Data initial address and message authentication code with data slot, the verification of the encrypted data slot of download is calculated
With.
In step 118, be based on the respective verification of encrypted more than one data slot and, and download encrypted
The respective verification of more than one data slot and, determine whether the encrypted more than one data slot downloaded complete and accurate
Really.
Based on the respective verification of encrypted more than one data slot and, and the encrypted more than one number downloaded
And, determine whether the encrypted more than one data slot downloaded is complete and accurate content can join according to the respective verification of segment
See the step 111 in above-described embodiment, details are not described herein.
Fig. 7 is a kind of flow chart of onboard program file encrypting method in further embodiment of this invention.Fig. 7 and Fig. 1 are not
It is with place, the onboard program file encrypting method in Fig. 7 may also include step 119 to step 121.
In step 119, at least one encryption subfile is downloaded to vehicle electronic control unit.
The content for downloading at least one encryption subfile to vehicle electronic control unit can be found in step in above-described embodiment
109 related description, details are not described herein.
In the step 120, encrypted data slot at least one encryption subfile is decrypted using key and AES, root
According to the data slot after decryption, the message authentication code of the data slot after decryption is calculated.
In one example, key is storable in vehicle electronic control unit, for example, key is storable in automotive electronics
In the program Operational Zone of control unit, when being decrypted, key can be obtained from program Operational Zone, utilize Advanced Encryption Standard
It is decrypted.Using key and Advanced Encryption Standard, encrypted data slot is decrypted.The key phase that encryption and decryption use
Together.
According to the data of the data slot after decryption, the message authentication code of the data slot after decryption can be calculated.
In one example, if the data initial address of data slot is not encrypted before, institute can be obtained in download
After having encryption subfile, using the data slot of decryption and the data initial address of data slot, restore onboard program file.
It in one example, can be to encryption if also being encrypted to the data initial address of data slot before
Data slot decryption while, the encrypted data initial address of data slot is also decrypted.All add is obtained in download
After close subfile, using the data slot after decryption and the data initial address after data slot decryption, restore onboard program
File.
In step 121, if the corresponding message authentication code of data slot in encryption subfile, and according to the data after decryption
The message authentication code of fragment computations is inconsistent, then needs to re-download encryption subfile to vehicle electronic control unit.
If the message authentication code encrypted in subfile is calculated with according to the data slot in the encryption subfile after decryption
Message authentication code it is inconsistent, then it represents that encryption subfile in data slot occur in transmission process it is imperfect or wrong
The case where.It needs to re-download the encrypted data slot, that is to say, where needing to re-download encrypted data slot
Encrypt subfile.
In one example, it if sharing N number of encryption subfile, needs the 1st encryption subfile to n-th encrypting son
File is downloaded to vehicle electronic control unit successively.After downloading each encryption subfile, using message authentication code
Data slot in encryption subfile is verified.
If sharing N number of encryption subfile, if in (i-1)-th encryption subfile the message authentication code of data slot with according to the
The message authentication code that the data slot decrypted in i-1 encryption subfile calculates is inconsistent, then refuses to download i-th of encryption Ziwen
Part, and (i-1)-th encryption subfile is re-downloaded, i is integer, and 2≤i≤N.Until data in (i-1)-th encryption subfile
The corresponding message authentication code of segment and the message authentication code one calculated according to the data slot decrypted in (i-1)-th encryption subfile
It causes, starts to download i-th of encryption subfile.
For example, 3 encryption subfiles are shared, if the 1st message authentication code and basis for encrypting data slot in subfile
The message authentication code that the data slot decrypted in 1st encryption subfile calculates is inconsistent, then re-downloads the 1st encryption Ziwen
Part.If the corresponding message authentication code of data slot encrypts the number decrypted in subfile with according to the 1st in the 1st encryption subfile
It is consistent according to the message authentication code of fragment computations, then start to download the 2nd encryption subfile.If data in the 2nd encryption subfile
The message authentication code of segment and the message authentication code calculated according to the data slot decrypted in the 2nd encryption subfile are inconsistent,
Then re-download the 2nd encryption subfile.If the 2nd encryption subfile in data slot message authentication code with according to the 2nd
The message authentication code that the data slot decrypted in encryption subfile calculates is consistent, then starts to download the 3rd encryption subfile.If the
The message authentication code of data slot is calculated with according to the data slot decrypted in the 3rd encryption subfile in 3 encryption subfiles
Message authentication code it is inconsistent, then re-download the 3rd encryption subfile.If data slot disappears in the 3rd encryption subfile
Breath authentication code is consistent with the message authentication code calculated according to the data slot decrypted in the 3rd encryption subfile, downloading process knot
Beam.
In one embodiment, if encryption subfile in data slot message authentication code with according to the data slice after decryption
The message authentication code that section calculates is consistent, it is determined that the data slot in encryption subfile is completely and accurate.
In embodiments of the present invention, it after downloading an encryption subfile, by the verification of message authentication code, determines and downloads
Whether the data slot in obtained encryption subfile is complete and accurate, and determines the need for re-downloading the encryption Ziwen
Part.It is whether complete and accurate to find to download obtained encryption subfile as early as possible, it reduces and downloads the time it takes.
Fig. 8 is a kind of flow chart of onboard program file encrypting method in yet another embodiment of the invention.Fig. 8 and Fig. 1 are not
It is with place, onboard program file encrypting method shown in Fig. 8 may also include step 122 to step 127.
In step 122, the program download area at least one encryption subfile to vehicle electronic control unit is downloaded.
The content for downloading the program download area at least one encryption subfile to vehicle electronic control unit can be found in
The related description of step 109 in embodiment is stated, details are not described herein.
In step 123, using key and AES to encrypted data slot at least one encryption subfile, or, encryption
Data slot and data slot encrypted data initial address decryption.
Encrypted data slot at least one encryption subfile is decrypted using key and AES, and using key and
Contents of the AES to encrypted data slot at least one encryption subfile and the encrypted data initial address decryption of data slot
The related description of step 120 in above-described embodiment is can be found in, details are not described herein.
In step 124, according to the data initial address of more than one data slot and data slot after decryption,
Or, decryption after data slot and data slot decryption after data initial address, restore onboard program file.
In one example, if the number for the data slot that the data of onboard program file divide is one, and non-logarithm
It encrypts, then directly this encrypted data slot can be decrypted, the vehicle being restored according to the data initial address of segment
Carry program file.
In another example, if the number for the data slot that the data of onboard program file divide is one, and logarithm
It is encrypted according to the data initial address of segment, then it can be directly to the number of the secret of this encrypted data slot and the data slot
It is decrypted according to initial address, the onboard program file being restored.
In one example, if the number for the data slot that the data of onboard program file divide is two or more, and not
Data initial address encryption to data slot, then respectively decrypt the encrypted data slot more than the two.According to data
The data initial address of segment will be solved according to data slot putting in order in onboard program file when dividing data slot
Data slot combination after close, the onboard program file being restored.
In another example, if the number for the data slot that the data of onboard program file divide is two or more, and
To the encryption of the data initial address of data slot, then respectively to more than the two encrypted data slot and the two with
On data slot encrypted data initial address decryption.According to the data initial address after the decryption of data slot, according to
Data slot after decryption is combined, is obtained by data slot putting in order in onboard program file when dividing data slot
The onboard program file of recovery.
In step 125, according to the onboard program file of recovery, the cyclic redundancy school for the onboard program file being restored
Test code.
Cyclic redundancy check code (Cyclic Redundancy Check, CRC) is mainly used to detection or verification data transmission
Or the mistake being likely to occur after preserving.It is imperfect or inaccurate in order to avoid downloading obtained onboard program file, it can be to solution
The onboard program file of recovery after close carries out cyclic redundancy check.The onboard program file of recovery after decryption is recycled
Redundancy check can be carried out in the program download area in vehicle electronic control unit.
Include the cyclic redundancy check code of onboard program file in onboard program file, which is to add
The cyclic redundancy check code of onboard program file before close.
Encrypted onboard program file is obtained in download, and encrypted onboard program file is decrypted, is restored
Onboard program file after, according to the onboard program file of recovery, the cycle that the onboard program file of recovery is calculated is superfluous
Remaining check code.
In step 126, if the cyclic redundancy check code of onboard program file restored and following in onboard program file
Ring redundancy check code is consistent, then wipes the program file in vehicle electronic control unit Program Operational Zone, and program is downloaded
The onboard program file write-in program Operational Zone restored in area.
The cyclic redundancy check of the cyclic redundancy check code of the onboard program file of recovery and vehicle-mounted program file before encryption
Code is consistent, indicates that the onboard program file restored is consistent with onboard program file original before encryption.That is, the vehicle restored
It is complete and accurate to carry program file.
Vehicle electronic control unit includes program download area and program Operational Zone, and program download area is phase with program Operational Zone
Mutual independent two regions.Wherein, program Operational Zone runs the program file that current automobile uses.If it is determined that the vehicle-mounted journey restored
Preface part be it is complete, accurate, then can be by the onboard program file write-in program Operational Zone of recovery.If program is run in Operational Zone
There is program file, then wipes the program file run in program Operational Zone, then by the onboard program file write-in program of recovery
Operational Zone.Can be when automobile need the onboard program file of restoring running, the onboard program text of restoring running in program Operational Zone
Part.
In this step 127, if the cyclic redundancy check code of onboard program file restored and following in onboard program file
Ring redundancy check code is inconsistent, then re-downloads at least one encryption subfile to vehicle electronic control unit.
If the cyclic redundancy check code of the onboard program file restored and the cyclic redundancy check code in onboard program file
It is inconsistent, then it represents that the onboard program file of recovery and onboard program file original before encryption are inconsistent.That is, restoring
Onboard program file be imperfect and/or inaccurate.
If it is determined that the onboard program file restored is imperfect and/or inaccurate, then need to re-download encryption Ziwen
Part is to vehicle electronic control unit.Moreover, not by the onboard program file write-in program Operational Zone of recovery.Can also directly it delete not
The complete and/or inaccurate onboard program file restored.
In embodiments of the present invention, if the onboard program file restored is complete and accurate, by the onboard program file of recovery
It comes into operation, the onboard program file of recovery is made to run in the car.It avoids imperfect and/or inaccurate onboard program text
Part is run in the car, the risk that automobile is generated due to the onboard program running paper of mistake is avoided, to further increase
The safety of automobile control.
Fig. 9 is a kind of structural schematic diagram of onboard program document encrypting apparatus 200 in one embodiment of the invention.Such as Fig. 9 institutes
Show, onboard program document encrypting apparatus 200 includes division module 201, computing module 202, encrypting module 203, message generation mould
Block 204 and composite module 205.
Division module 201 is configured as the data in onboard program file being divided into more than one data slot.
Computing module 202 is configured as, according to more than one data slot, more than one data slot being calculated
Respective message authentication code.
Encrypting module 203 is configured as carrying out more than one data slot using key and Advanced Encryption Standard AES
Encryption.
Subfile generation module 204 is configured as based on encrypted more than one data slot, and and more than one
Data slot message authentication code, generate the encryption subfile of one or more, each subfile of encrypting includes encrypted one
The message authentication code of data slot and a data slot.
Composite module 205 is configured as according to more than one encryption subfile, and combination obtains encryption onboard program text
Part.
In embodiments of the present invention, encrypted data slot and the corresponding message of data slot are transmitted using encryption subfile
Authentication code.Encrypted data slot is difficult to decrypt, and encryption subfile uses user-defined format, even if intercepting and capturing encryption subfile
It is difficult to parse encryption subfile, substantially reduces the possibility that onboard program file is revealed and is tampered in transmission process.Often
The message authentication code of a data slot can judge whether the data slot is wrong in transmission process, improves onboard program
Safety of the file in transmission process.To improve the safety of automobile control.
Moreover, if the number of encryption subfile is two or more, that is to say, that the data of onboard program file are divided into two
A data slot.So, each data slot can be according to the message authentication code of itself, to determine the use of encryption subfile transmission
Whether the data slot come is wrong or imperfect.Wrong or incomplete data slot can be found as early as possible and is taken measures.
Figure 10 is a kind of structural schematic diagram of onboard program document encrypting apparatus 200 in another embodiment of the present invention.Figure 10
The difference from Fig. 9 is that onboard program document encrypting apparatus 200 shown in Fig. 10 may also include the first address acquisition module
206, first module 207, the verification of download module 208, first and the verification of acquisition module 209, second and 210 and of acquisition module is added
First correction verification module 211.
First address acquisition module 206 is configured as obtaining the respective data initial address of more than one data slot.
First is added module 207, is configured as respectively adding the respective data initial address of more than one data slot
Enter corresponding encryption subfile.
Download module 208 is configured as downloading at least one encryption subfile to vehicle electronic control unit.
First verification and acquisition module 209, if being configured as not originating the respective data of more than one data slot
Address encryption, according to encrypted more than one data slot, the respective data initial address of more than one data slot with
And the more than one respective message authentication code of data slot, obtain the encrypted respective verification of more than one data slot
With it is each to encrypt data initial address, an encrypted data slot, the data slice that subfile includes a data slot
Section message authentication code and an encrypted data slot verification and.
Second verification and acquisition module 210 are configured as downloading at least one encryption subfile to Vehicle Electronic Control
After unit, according to the encryption subfile of download, the respective verification of encrypted more than one data slot downloaded and.
First correction verification module 211, be configured as based on the respective verification of encrypted more than one data slot and, and
The encrypted more than one respective verification of data slot and the determining encrypted more than one data slot downloaded downloaded
It is whether complete and accurate.
In one example, if the respective data initial address unencryption of more than one data slot, encrypted one
The verification of data slot and complement code for the first adduction, the first adduction is the data initial address, encrypted of a data slot
The adduction of the message authentication code of one data slot and a data slot.
Figure 11 is the structural schematic diagram of another onboard program document encrypting apparatus 200 in another embodiment of the present invention.Figure
11 the difference from Fig. 9 is that, onboard program document encrypting apparatus 200 shown in Figure 11 may also include the second address obtain mould
Module 214, download module 208, third verification and acquisition module the 215, the 4th is added in block 212, address encryption module 213, second
Verification and acquisition module 216 and the second correction verification module 217.
Second address acquisition module 212 is configured as obtaining the respective data initial address of more than one data slot.
Address encryption module 213 is configured as playing the respective data of more than one data slot using key and AES
Beginning address encryption.
Second is added module 214, is configured as the respective encrypted data initial address point of more than one data slot
Corresponding encryption subfile is not added.
The content of download module 208 can be found in the declaratives of the download module 208 in above-described embodiment.
Third verifies and acquisition module 215, if being configured as to the respective data starting point of more than one data slot
Location is encrypted, according to the respective encrypted data initial address of encrypted more than one data slot, more than one data slot
And the more than one respective message authentication code of data slot, obtain the encrypted respective verification of more than one data slot
With each subfile of encrypting includes the encrypted data initial address of a data slot, an encrypted data slot, a number
According to segment message authentication code and an encrypted data slot verification and.
4th verification and acquisition module 216 are configured as downloading at least one encryption subfile to Vehicle Electronic Control
After unit, according to the encryption subfile of download, the respective verification of encrypted more than one data slot downloaded and.
Second correction verification module 217, be configured as based on the respective verification of encrypted more than one data slot and, and
The encrypted more than one respective verification of data slot and the determining encrypted more than one data slot downloaded downloaded
It is whether complete and accurate.
In one example, if the respective data initial address encryption of more than one data slot, an encrypted number
Verification according to segment and the complement code for the second adduction, the second adduction are the encrypted data initial address of a data slot, add
The adduction of the message authentication code of a close data slot and a data slot.
In an example of another embodiment of the present invention, the byte number of an encrypted data packet is preset encryption
Divide the positive integer times of byte number.
Figure 12 is a kind of structural schematic diagram of onboard program document encrypting apparatus 200 in further embodiment of this invention.Figure 12
The difference from Fig. 9 is that onboard program document encrypting apparatus 200 shown in Figure 12 may also include the reconciliation of download module 208
Close module 218.
Download module 208 is configured as downloading at least one encryption subfile to vehicle electronic control unit.
Deciphering module 218 is configured as using key and AES to encrypted data slot at least one encryption subfile
Decryption calculates the message authentication code of the data slot after decryption according to the data slot after decryption.
If download module 208 is additionally configured to the message authentication code of data slot in encryption subfile, after according to decryption
The message authentication code that calculates of data slot it is inconsistent, then need to re-download encryption subfile to vehicle electronic control unit.
In one example, above-mentioned download module 208 is specifically configured to:According to encrypted number in N number of encryption subfile
According to sequence of positions of the segment in onboard program file, the 1st encryption subfile to n-th encryption subfile is downloaded to successively
Vehicle electronic control unit, N are the number of the corresponding encryption subfile of onboard program file.
In one example, download module 208 is specifically configured to:If data slot in (i-1)-th encryption subfile
Message authentication code and the message authentication code calculated according to the data slot decrypted in (i-1)-th encryption subfile are inconsistent, then refuse
I-th of encryption subfile is downloaded absolutely, and re-downloads (i-1)-th encryption subfile, and i is integer, and 2≤i≤N;Until (i-1)-th
The message authentication code of data slot is calculated with according to the data slot decrypted in (i-1)-th encryption subfile in a encryption subfile
Message authentication code it is consistent, start download i-th encryption subfile.
In one example, above-mentioned download module 212 can be specifically configured to:At least one encryption subfile is downloaded to vapour
Program download area in vehicle electronic control unit.
Figure 13 is a kind of structural schematic diagram of onboard program document encrypting apparatus 200 in yet another embodiment of the invention.Figure 13
The difference is that, onboard program document encrypting apparatus 200 shown in Figure 13 may also include recovery module 219, obtain with Figure 12
Modulus block 220 and writing module 221.
Recovery module 219 is configured as the data initial address according to data slot and data slot after decryption, or,
Data slot after decryption and the data initial address after the decryption of data slot restore onboard program file.
Acquisition module 220 is configured as the onboard program file according to recovery, and the onboard program file being restored follows
Ring redundancy check code.
Writing module 221, if being configured as the cyclic redundancy check code and onboard program text of the onboard program file restored
Cyclic redundancy check code in part is consistent, then wipes the program file in vehicle electronic control unit Program Operational Zone, and will
The onboard program file write-in program Operational Zone restored in program download area.
If above-mentioned download module 208 is additionally configured to the cyclic redundancy check code of the onboard program file restored and vehicle-mounted journey
Cyclic redundancy check code in preface part is inconsistent, then re-downloads at least one encryption subfile to Vehicle Electronic Control list
Member.
Wherein, onboard program file includes cyclic redundancy check code.
It should be clear that each embodiment in this specification is described in a progressive manner, each embodiment it
Between just to refer each other for same or analogous part, the highlights of each of the examples are it is different from other embodiment it
Place.For device embodiments, related place may refer to the declaratives of embodiment of the method.The invention is not limited in upper
Literary particular step described and shown in figure and structure.Those skilled in the art can understand the spirit of the present invention
Afterwards, it is variously modified, modification and addition, or the sequence between changing the step.Also, it for brevity, omits here
To the detailed description of known method technology.
Function module shown in structures described above block diagram can be implemented as hardware, software, firmware or they
Combination.When realizing in hardware, it may, for example, be electronic circuit, application-specific integrated circuit (ASIC), firmware appropriate, insert
Part, function card etc..When being realized with software mode, element of the invention is used to execute program or the generation of required task
Code section.Either code segment can be stored in machine readable media program or the data-signal by being carried in carrier wave is passing
Defeated medium or communication links are sent." machine readable media " may include any medium for capableing of storage or transmission information.
Claims (24)
1. a kind of onboard program file encrypting method, which is characterized in that including:
Data in onboard program file are divided into more than one data slot;
According to one above data slot, one above respective message authentication of data slot is calculated
Code;
One above data slot is encrypted using key and Advanced Encryption Standard AES;
Message authentication code based on encrypted one above data slot and one above data slot,
Generate more than one encryption subfile, each encryption subfile include an encrypted data slot and with it is one
The message authentication code of data slot;
According to one above encryption subfile, combination obtains encryption onboard program file.
2. onboard program file encrypting method according to claim 1, which is characterized in that the onboard program file encryption
Method further includes:
Obtain one above respective data initial address of data slot;
The respective data initial address of one above data slot is separately added into the corresponding encryption subfile.
3. onboard program file encrypting method according to claim 1, which is characterized in that the onboard program file encryption
Method further includes:
Obtain one above respective data initial address of data slot;
The respective data initial address of one above data slot is encrypted using the key and the AES;
By one above data slot, respectively encrypted data initial address is separately added into the corresponding encryption Ziwen
Part.
4. onboard program file encrypting method according to claim 1, which is characterized in that an encrypted data slice
The byte number of section is the positive integer times that byte number is divided in preset encryption.
5. onboard program file encrypting method according to claim 1, which is characterized in that the onboard program file encryption
Method further includes:
At least one encryption subfile is downloaded to vehicle electronic control unit.
6. onboard program file encrypting method according to claim 5, which is characterized in that the onboard program file encryption
Method further includes:
If not to the respective data initial address of one above data slot encrypt, according to it is encrypted it is one more than
Data slot, one above respective data initial address of data slot and one above data slot
Respective message authentication code obtains the encrypted respective verification of one above data slot and each encryption
File includes the data initial address of a data slot, encrypted one data slot, one data slot
The verification of message authentication code and encrypted one data slot and;
After downloading at least one encryption subfile to vehicle electronic control unit, according to the encryption Ziwen of download
Part, the respective verification of the encrypted one above data slot downloaded and;
Based on the respective verification of the encrypted one above data slot and and the download it is encrypted one
Above data slot is respective to be verified and determines whether encrypted one above data slot of the download is complete
With it is accurate.
7. onboard program file encrypting method according to claim 6, which is characterized in that if not to one above
The respective data initial address of data slot is encrypted, the verification of an encrypted data slot and be first adduction
Complement code, first adduction is the data initial address of one data slot, encrypted one data slot and institute
State the adduction of the message authentication code of a data slot.
8. onboard program file encrypting method according to claim 5, which is characterized in that the onboard program file encryption
Method further includes:
If being encrypted to the respective data initial address of one above data slot, according to encrypted one above
Data slot, one above data slot respectively encrypted data initial address and with one above data
The respective message authentication code of segment, obtain the respective verification of encrypted one above data slot and, it is each described plus
Close subfile includes the encrypted data initial address of a data slot, encrypted one data slot, one number
According to segment message authentication code and encrypted one data slot verification and;
After downloading at least one encryption subfile to vehicle electronic control unit, according to the encryption Ziwen of download
Part, the respective verification of the encrypted one above data slot downloaded and;
Based on the respective verification of the encrypted one above data slot and and the download it is encrypted one
Above data slot is respective to be verified and determines whether encrypted one above data slot of the download is complete
With it is accurate.
9. onboard program file encrypting method according to claim 8, which is characterized in that if to one above number
It is encrypted according to the respective data initial address of segment, the verification of an encrypted data slot and the benefit for the second adduction
Code, second adduction is the encrypted data initial address of one data slot, encrypted one data slot
With the adduction of the message authentication code of one data slot.
10. onboard program file encrypting method according to claim 5, which is characterized in that the onboard program file adds
Decryption method further includes:
Encrypted data slot at least one encryption subfile is decrypted using key and the AES, after decryption
The data slot, calculate decryption after the data slot message authentication code;
If the message authentication code of data slot, disappears with what is calculated according to the data slot after decryption in the encryption subfile
It is inconsistent to cease authentication code, then needs to re-download the encryption subfile to the vehicle electronic control unit.
11. onboard program file encrypting method according to claim 10, which is characterized in that at least one described in the download
A encryption subfile to vehicle electronic control unit, including:
According to sequence of positions of the encrypted data slot in the onboard program file in N number of encryption subfile, by the 1st
Subfile is encrypted described in a encryption subfile to n-th and is downloaded to the vehicle electronic control unit successively, and N is the vehicle
Carry the number of the corresponding encryption subfile of program file.
12. onboard program file encrypting method according to claim 11, which is characterized in that if the encryption Ziwen
The corresponding message authentication code of data slot in part, it is inconsistent with the message authentication code according to the data slot calculating after decryption, then
Need to re-download the encryption subfile to the vehicle electronic control unit, including:
If the corresponding message authentication code of data slot in (i-1)-th encryption subfile, add with according to described in described (i-1)-th
The message authentication code that the data slot decrypted in close subfile calculates is inconsistent, then refuses to download i-th of encryption subfile,
And re-downloading (i-1)-th encryption subfile, i is integer, and 2≤i≤N;
Until in (i-1)-th encryption subfile data slot message authentication code, and according to (i-1)-th encryption
The message authentication code that the data slot decrypted in subfile calculates is consistent, starts to download i-th of encryption subfile.
13. onboard program file encrypting method according to claim 5, which is characterized in that at least one described in the download
A encryption subfile to vehicle electronic control unit, including:
Download the program download area at least one encryption subfile to the vehicle electronic control unit.
14. onboard program file encrypting method according to claim 10, which is characterized in that the onboard program file packet
Cyclic redundancy check code is included,
The onboard program file encrypting method further includes:
According to the data initial address of the data slot and the data slot after decryption, or, the data after decryption
Data initial address after segment and data slot decryption, restores the onboard program file;
According to the onboard program file of recovery, the cyclic redundancy check code for the onboard program file being restored;
If the cyclic redundancy check code of the onboard program file restored and the cyclic redundancy school in the onboard program file
It tests that code is consistent, then wipes the program file in vehicle electronic control unit Program Operational Zone, and described program is downloaded
The onboard program file write-in described program Operational Zone restored in area;
If the cyclic redundancy check code of the onboard program file restored and the cyclic redundancy school in the onboard program file
It is inconsistent to test code, then re-downloads at least one encryption subfile to vehicle electronic control unit.
15. a kind of onboard program document encrypting apparatus, which is characterized in that including:
Division module is configured as the data in onboard program file being divided into more than one data slot;
Computing module is configured as that one above data slice is calculated according to one above data slot
The respective message authentication code of section;
Encrypting module is configured as adding one above data slot using key and Advanced Encryption Standard AES
It is close;
Subfile generation module is configured as based on encrypted one above data slot, and with it is one with
On data slot message authentication code, generate more than one encryption subfile, each encryption subfile includes encrypting
A data slot and one data slot message authentication code;
Composite module is configured as according to one above encryption subfile, and combination obtains encryption onboard program file.
16. onboard program document encrypting apparatus according to claim 15, which is characterized in that the onboard program file adds
Close device further includes:
First address acquisition module is configured as obtaining one above respective data initial address of data slot;
First is added module, is configured as the respective data initial address of one above data slot being separately added into pair
The encryption subfile answered.
17. onboard program document encrypting apparatus according to claim 15, which is characterized in that the onboard program file adds
Close device further includes:
Second address acquisition module is configured as obtaining one above respective data initial address of data slot;
Address encryption module is configured as respective to one above data slot using the key and the AES
Data initial address is encrypted;
Second is added module, is configured as that respectively encrypted data initial address adds respectively by one above data slot
Enter the corresponding encryption subfile.
18. onboard program document encrypting apparatus according to claim 15, which is characterized in that an encrypted data
The byte number of segment is the positive integer times that byte number is divided in preset encryption.
19. onboard program document encrypting apparatus according to claim 15, which is characterized in that the onboard program file adds
Close device further includes:
Download module is configured as downloading at least one encryption subfile to vehicle electronic control unit.
20. onboard program document encrypting apparatus according to claim 19, which is characterized in that the onboard program file adds
Close device further includes:
Deciphering module is configured as using key and the AES to encrypted data slice at least one encryption subfile
Duan Xiemi calculates the message authentication code of the data slot after decryption according to the data slot after decryption;
If the download module is additionally configured to the message authentication code of data slot in the encryption subfile, after according to decryption
The message authentication code that calculates of the data slot it is inconsistent, then it is electric to the automobile to need to re-download the encryption subfile
Sub-control unit.
21. onboard program document encrypting apparatus according to claim 20, which is characterized in that the specific quilt of the download module
It is configured to:
According to sequence of positions of the encrypted data slot in the onboard program file in N number of encryption subfile, by the 1st
Subfile is encrypted described in a encryption subfile to n-th and is downloaded to the vehicle electronic control unit successively, and N is the vehicle
Carry the number of the corresponding encryption subfile of program file.
22. onboard program document encrypting apparatus according to claim 21, which is characterized in that the specific quilt of the download module
It is configured to:
If in (i-1)-th encryption subfile data slot message authentication code, and it is sub according to described (i-1)-th encryption
The message authentication code that the data slot decrypted in file calculates is inconsistent, then refuses to download i-th of encryption subfile, lay equal stress on
Newly downloaded (i-1)-th encryption subfile, i are integer, and 2≤i≤N;
Until in (i-1)-th encryption subfile data slot message authentication code, and according to (i-1)-th encryption
The message authentication code that the data slot decrypted in subfile calculates is consistent, starts to download i-th of encryption subfile.
23. onboard program document encrypting apparatus according to claim 19, which is characterized in that the specific quilt of the download module
It is configured to:
Download the program download area at least one encryption subfile to the vehicle electronic control unit.
24. onboard program document encrypting apparatus according to claim 20, which is characterized in that the onboard program file adds
Close device further includes:
Recovery module is configured as the data initial address according to the data slot and the data slot after decryption, or,
The data initial address after the data slot and data slot decryption after decryption, restores the onboard program file;
Acquisition module is configured as the onboard program file according to recovery, the onboard program file being restored
Cyclic redundancy check code;
Writing module, if being configured as the cyclic redundancy check code and onboard program text of the onboard program file restored
Cyclic redundancy check code in part is consistent, then wipes the program file in vehicle electronic control unit Program Operational Zone,
And described program Operational Zone is written into the onboard program file restored in described program download area;
If the download module be additionally configured to restore the onboard program file cyclic redundancy check code with it is described vehicle-mounted
Cyclic redundancy check code in program file is inconsistent, then re-downloads at least one encryption subfile to automotive electronics control
Unit processed;
Wherein, the onboard program file includes cyclic redundancy check code.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201711461011.XA CN108337234B (en) | 2017-12-28 | 2017-12-28 | Vehicle-mounted program file encryption method and device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201711461011.XA CN108337234B (en) | 2017-12-28 | 2017-12-28 | Vehicle-mounted program file encryption method and device |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN108337234A true CN108337234A (en) | 2018-07-27 |
| CN108337234B CN108337234B (en) | 2021-03-23 |
Family
ID=62924590
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201711461011.XA Active CN108337234B (en) | 2017-12-28 | 2017-12-28 | Vehicle-mounted program file encryption method and device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN108337234B (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN115473722A (en) * | 2022-09-07 | 2022-12-13 | 湖北亿纬动力有限公司 | Data encryption method and device, electronic equipment and storage medium |
| US11662991B2 (en) | 2017-10-24 | 2023-05-30 | Huawei International Pte. Ltd. | Vehicle-mounted device upgrade method and related device |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101344906A (en) * | 2008-05-19 | 2009-01-14 | 北京深思洛克数据保护中心 | Sectional type remote updating method |
| CN101950344A (en) * | 2010-09-21 | 2011-01-19 | 广东欧珀移动通信有限公司 | Encryption and decryption methods of embedded software program |
| US20120246485A1 (en) * | 2011-03-22 | 2012-09-27 | Fujitsu Limited | Encrypting method, recording medium of encrypting program, decrypting method, and recording medium of decrypting program |
| CN105184181A (en) * | 2015-06-15 | 2015-12-23 | 北京天诚同创电气有限公司 | File encryption method, file decryption method and file encryption device |
| CN105551700A (en) * | 2016-01-29 | 2016-05-04 | 深圳中科维优科技有限公司 | Program-controlled multi-channel variable resistor and resistance value adjustment and control method thereof |
| CN106326767A (en) * | 2016-08-19 | 2017-01-11 | 北京奇虎科技有限公司 | File encryption method, file decryption method and devices |
-
2017
- 2017-12-28 CN CN201711461011.XA patent/CN108337234B/en active Active
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101344906A (en) * | 2008-05-19 | 2009-01-14 | 北京深思洛克数据保护中心 | Sectional type remote updating method |
| CN101950344A (en) * | 2010-09-21 | 2011-01-19 | 广东欧珀移动通信有限公司 | Encryption and decryption methods of embedded software program |
| US20120246485A1 (en) * | 2011-03-22 | 2012-09-27 | Fujitsu Limited | Encrypting method, recording medium of encrypting program, decrypting method, and recording medium of decrypting program |
| CN105184181A (en) * | 2015-06-15 | 2015-12-23 | 北京天诚同创电气有限公司 | File encryption method, file decryption method and file encryption device |
| CN105551700A (en) * | 2016-01-29 | 2016-05-04 | 深圳中科维优科技有限公司 | Program-controlled multi-channel variable resistor and resistance value adjustment and control method thereof |
| CN106326767A (en) * | 2016-08-19 | 2017-01-11 | 北京奇虎科技有限公司 | File encryption method, file decryption method and devices |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US11662991B2 (en) | 2017-10-24 | 2023-05-30 | Huawei International Pte. Ltd. | Vehicle-mounted device upgrade method and related device |
| CN115473722A (en) * | 2022-09-07 | 2022-12-13 | 湖北亿纬动力有限公司 | Data encryption method and device, electronic equipment and storage medium |
Also Published As
| Publication number | Publication date |
|---|---|
| CN108337234B (en) | 2021-03-23 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US10965450B2 (en) | In-vehicle networking | |
| CN111279310B (en) | Vehicle-mounted equipment upgrading method and related equipment | |
| CN108200044B (en) | Vehicle-mounted program file encryption method and system | |
| US8972736B2 (en) | Fully authenticated content transmission from a provider to a recipient device via an intermediary device | |
| US20220276855A1 (en) | Method and apparatus for processing upgrade package of vehicle | |
| CN112543927B (en) | Equipment upgrading method and related equipment | |
| CN111726274B (en) | Automobile CAN bus data communication method, equipment and storage medium | |
| CN108965218A (en) | A kind of perturbed controller safety communicating method, apparatus and system | |
| CN107992753B (en) | Method for updating software of a control device of a vehicle | |
| CN110896387B (en) | Data transmission method, battery management system and storage medium | |
| CN110753321A (en) | Safe communication method for vehicle-mounted TBOX and cloud server | |
| CN111565182B (en) | Vehicle diagnosis method and device and storage medium | |
| CN112913189A (en) | OTA (over the air) upgrading method and device | |
| CN109314644A (en) | Data providing system, data protecting device, data offering method and computer program | |
| CN115665138A (en) | Automobile OTA (over the air) upgrading system and method | |
| CN111079178B (en) | Method for desensitizing and backtracking trusted electronic medical record | |
| CN113055181A (en) | OTA file security processing method, device and system | |
| CN108337234A (en) | Vehicle-mounted program file encryption method and device | |
| CN106453430A (en) | Method and device for verifying encrypted data transmission paths | |
| JP6534913B2 (en) | Information processing apparatus and fraudulent message detection method | |
| CN116419217B (en) | OTA data upgrading method, system, equipment and storage medium | |
| CN108462567A (en) | Vehicle-mounted program file downloading method and device | |
| JP6203798B2 (en) | In-vehicle control system, vehicle, management device, in-vehicle computer, data sharing method, and computer program | |
| CN115766244A (en) | Internet of vehicles information encryption method and device, computer equipment and storage medium | |
| CN113704789A (en) | Vehicle-mounted communication safety processing method, device, equipment and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| TR01 | Transfer of patent right |
Effective date of registration: 20220114 Address after: 352100 science and technology building, No. 2, Xingang Road, Zhangwan Town, Jiaocheng District, Ningde City, Fujian Province Patentee after: Ningde Shidai Runzhi Software Technology Co.,Ltd. Address before: 352100 Xingang Road, Zhangwan Town, Jiaocheng District, Ningde, Fujian 1 Patentee before: Contemporary Amperex Technology Co.,Ltd. |
|
| TR01 | Transfer of patent right |