CN108337234B - Vehicle-mounted program file encryption method and device - Google Patents
Vehicle-mounted program file encryption method and device Download PDFInfo
- Publication number
- CN108337234B CN108337234B CN201711461011.XA CN201711461011A CN108337234B CN 108337234 B CN108337234 B CN 108337234B CN 201711461011 A CN201711461011 A CN 201711461011A CN 108337234 B CN108337234 B CN 108337234B
- Authority
- CN
- China
- Prior art keywords
- data
- encrypted
- vehicle
- program file
- subfile
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/06—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
- H04L9/0618—Block ciphers, i.e. encrypting groups of characters of a plain text message using fixed encryption transformation
- H04L9/0631—Substitution permutation network [SPN], i.e. cipher composed of a number of stages or rounds each involving linear and nonlinear transformations, e.g. AES algorithms
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
- H04L9/0863—Generation of secret information including derivation or calculation of cryptographic keys or passwords involving passwords or one-time passwords
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Theoretical Computer Science (AREA)
- General Engineering & Computer Science (AREA)
- Databases & Information Systems (AREA)
- General Health & Medical Sciences (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- Bioethics (AREA)
- General Physics & Mathematics (AREA)
- Health & Medical Sciences (AREA)
- Computing Systems (AREA)
- Storage Device Security (AREA)
- Mobile Radio Communication Systems (AREA)
Abstract
The invention provides a vehicle-mounted program file encryption method and device, and relates to the field of electronics and electrics. The vehicle-mounted program file encryption method comprises the following steps: dividing data in the vehicle-mounted program file into more than one data segment; calculating to obtain the message authentication codes of more than one data segment according to more than one data segment; encrypting more than one data fragment by using a secret key and an Advanced Encryption Standard (AES); generating more than one encrypted subfiles based on the encrypted more than one data fragment and the message authentication code of the more than one data fragment, wherein each encrypted subfile comprises one encrypted data fragment and the message authentication code of the one encrypted data fragment; and combining to obtain the encrypted vehicle-mounted program file according to more than one encrypted subfile. The vehicle-mounted program file encryption method and device can improve the safety of vehicle control.
Description
Technical Field
The invention relates to the field of electronics and electrics, in particular to a vehicle-mounted program file encryption method and device.
Background
Electronic Control Units (ECUs) are widely used in automobiles. The electronic control unit can carry out operation by combining with a program stored in the electronic control unit according to the collected parameter information. And converting the operation result into a control signal, thereby realizing the integral control of the electronic control unit on the automobile.
In order to meet various requirements of users on the control function of the automobile, the electronic control unit needs to download various programs. The format of the program file downloaded by the electronic control unit is open, and the content belongs to the plaintext and is easy to be tampered. After the electronic control unit downloads the program file, it is impossible to determine whether the program file has been tampered with. If the electronic control unit downloads the tampered program file, potential safety hazards can be caused to the automobile, and the safety of automobile control is reduced.
Disclosure of Invention
The embodiment of the invention provides a vehicle-mounted program file encryption method and device, which can improve the safety of automobile control.
In a first aspect, an embodiment of the present invention provides a vehicle-mounted program file encryption method, including: dividing data in the vehicle-mounted program file into more than one data segment; calculating to obtain the message authentication codes of more than one data segment according to more than one data segment; encrypting more than one data fragment by using a secret key and an Advanced Encryption Standard (AES); generating more than one encrypted subfiles based on the encrypted more than one data fragment and the message authentication code of the more than one data fragment, wherein each encrypted subfile comprises one encrypted data fragment and the message authentication code of the one encrypted data fragment; and combining to obtain the encrypted vehicle-mounted program file according to more than one encrypted subfile.
In a second aspect, an embodiment of the present invention provides a vehicle-mounted program file encryption apparatus, including: the dividing module is configured to divide data in the vehicle-mounted program file into more than one data segment; the calculation module is configured to calculate and obtain the message authentication code of each of the more than one data segment according to the more than one data segment; an encryption module configured to encrypt one or more data fragments using a key and an Advanced Encryption Standard (AES); the subfile generating module is configured to generate more than one encrypted subfiles based on the encrypted more than one data fragment and the message authentication codes corresponding to the more than one data fragment, wherein each encrypted subfile comprises one encrypted data fragment and the message authentication code of the data fragment; and the combination module is configured to combine the encrypted vehicle-mounted program file according to more than one encrypted subfile.
The embodiment of the invention provides a vehicle-mounted program file encryption method and device. And dividing the data in the vehicle-mounted program file into more than one data segment to obtain the message authentication code of the data segment. The data segments are encrypted using a key and an advanced encryption standard. And generating an encrypted subfile based on the encrypted data segment and the message authentication code. The encrypted data fragment and the message authentication code corresponding to the data fragment are transmitted by using the encrypted subfile, so that the encrypted data fragment is difficult to decrypt, and the possibility that the vehicle-mounted program file is tampered in the transmission process is reduced. The message authentication code of each data segment can judge whether the data segment is wrong in the transmission process, so that the safety of the vehicle-mounted program file in the transmission process is improved. Thereby improving the safety of the automobile control.
Drawings
The present invention will be better understood from the following description of specific embodiments thereof taken in conjunction with the accompanying drawings, in which like or similar reference characters designate like or similar features.
FIG. 1 is a flowchart of a vehicle-mounted program file encryption method according to an embodiment of the present invention;
FIG. 2 is a diagram illustrating the structure of a subfile in an s19 file according to an embodiment of the present invention;
FIG. 3 is a flowchart illustrating a method for encrypting a vehicle-mounted program file according to another embodiment of the present invention;
FIG. 4 is a diagram illustrating a structure of an encrypted subfile according to an embodiment of the present invention;
FIG. 5 is a flowchart illustrating another method for encrypting a vehicle-mounted program file according to another embodiment of the present invention;
FIG. 6 is a diagram illustrating the structure of another encrypted subfile according to an embodiment of the present invention;
FIG. 7 is a flowchart illustrating a method for encrypting a vehicle-mounted program file according to another embodiment of the present invention;
FIG. 8 is a flowchart illustrating a method for encrypting a vehicle-mounted program file according to still another embodiment of the present invention;
FIG. 9 is a schematic structural diagram of an apparatus for encrypting a vehicle-mounted program file according to an embodiment of the present invention;
FIG. 10 is a schematic structural diagram of an in-vehicle program file encryption apparatus according to another embodiment of the present invention;
FIG. 11 is a schematic structural diagram of another vehicle-mounted program file encryption apparatus according to another embodiment of the present invention;
FIG. 12 is a schematic structural diagram of an apparatus for encrypting a vehicle-mounted program file according to another embodiment of the present invention;
fig. 13 is a schematic structural diagram of an in-vehicle program file encryption device according to still another embodiment of the present invention.
Detailed Description
Features and exemplary embodiments of various aspects of the present invention will be described in detail below. In the following detailed description, numerous specific details are set forth in order to provide a thorough understanding of the present invention. It will be apparent, however, to one skilled in the art that the present invention may be practiced without some of these specific details. The following description of the embodiments is merely intended to provide a better understanding of the present invention by illustrating examples of the present invention. The present invention is in no way limited to any specific configuration and algorithm set forth below, but rather covers any modification, replacement or improvement of elements, components or algorithms without departing from the spirit of the invention. In the drawings and the following description, well-known structures and techniques are not shown in order to avoid unnecessarily obscuring the present invention.
The embodiment of the invention provides a vehicle-mounted program file encryption method and device. In one example, the method can be applied to a scene that a vehicle downloads a vehicle-mounted program file in a vehicle, or a scene that other equipment and the vehicle perform data transmission mutually. Wherein, other equipment can also be the car.
Taking the example of downloading the vehicle-mounted program file by the vehicle, an Electronic Control Unit (ECU) in the vehicle may download the vehicle-mounted program file from a remote server through a vehicle-mounted terminal. Alternatively, the vehicle electronic control unit may be integrated with a vehicle-mounted terminal, and the vehicle-mounted terminal having the vehicle electronic control unit may download the vehicle-mounted program file from a remote server in a scene. The vehicle-mounted terminal and the remote server can be in wireless communication connection. For example, the vehicle-mounted terminal and the remote server communicate with each other through Wireless communication technologies such as a data network, Wireless Fidelity (WiFi), bluetooth, or zigbee, so as to implement data transmission. The vehicle-mounted terminal and the automobile electronic control unit can realize data transmission through wired communication or wireless communication.
The vehicle-mounted terminal can also be in wired connection with hardware equipment carrying the vehicle-mounted program file through a data line and other lines, and the vehicle-mounted program file obtained by the vehicle-mounted terminal from the hardware equipment is downloaded to the automobile electronic control unit. The vehicle-mounted terminal and the automobile electronic control unit can realize data transmission through wired communication or wireless communication.
The vehicle-mounted program file is encrypted, so that the vehicle-mounted program file is prevented from being leaked in the transmission process or other processes of the vehicle-mounted program file, malicious tampering of the vehicle-mounted program file is avoided, the safety of the vehicle-mounted program file is improved, and the safety of automobile safety control is improved.
Fig. 1 is a flowchart of a vehicle-mounted program file encryption method according to an embodiment of the present invention. As shown in fig. 1, the in-vehicle program file encryption method includes steps 101 to 105.
In step 101, the data in the in-vehicle program file is divided into one or more data segments.
In one example, the in-vehicle program file may be a program file of a control application newly downloaded by the automobile, or may be an update program file of an existing control application of the automobile. Formally, the in-vehicle program file may be an s19 file or a hex file. The in-vehicle program file may include an identifier, a data address (also called a program address), data (also called a program), and a checksum. The identifier may include a data type, a data length, and the like. In one example, if the in-vehicle program file is an s19 file, the s19 file includes multiple rows of subfiles, and the data in each row of subfiles can be divided into more than one data segment. For example, fig. 2 is a schematic structural diagram of a subfile in an s19 file according to an embodiment of the present invention. As shown in fig. 2, subfiles in the s19 file may include data type, data length, data address, data, and checksum. The data of the sub-file in the s19 file may be divided into more than one data segment.
In one example, if the data in the in-vehicle program file is small, the data in the in-vehicle program file may be treated as one piece of data.
In one example, if the data in the in-vehicle program file is large, the data in the in-vehicle program file may be divided into two or more data segments. The size of the two or more data fragments may be the same or different, and is not limited herein.
In step 102, a message authentication code for each of the one or more data segments is calculated based on the one or more data segments.
Each data fragment corresponds to a Message Authentication Code (MAC). The message authentication code is a verification tool used by both communication parties, and can verify the integrity of data and whether the data is wrong. In one example, the message authentication code may be obtained from a key and a data digest.
In step 103, more than one data segment is encrypted using a key and the advanced encryption standard AES.
Each of the one or more data fragments is encrypted using a key and an Advanced Encryption Standard (AES). Wherein the advanced encryption standard is a symmetric key encryption algorithm. In one example, the encryption may be performed using the AES128 algorithm, the AES192 algorithm, or the AES256 algorithm. Correspondingly, the key may also use 128-bit, 192-bit or 256-bit keys. The advanced encryption standard algorithm may be implemented by hardware or software, and is not limited herein.
Carrying out AES encryption on the vehicle-mounted program file, and forming a byte matrix on the vehicle-mounted program file; the byte matrix is sequentially subjected to round key addition transformation, byte substitution (also called S box transformation), row shift transformation and column confusion transformation.
In step 104, one or more encrypted subfiles are generated based on the encrypted one or more data fragments and the message authentication code of the one or more data fragments.
The generated more than one encrypted subfiles can be combined into an encrypted vehicle-mounted program file. That is, all the generated encrypted subfiles can be combined into an encrypted in-vehicle program file. Each encrypted subfile includes an encrypted piece of data and a message authentication code associated with the piece of data. In one example, the data of each line of subfiles of the in-vehicle program file may be divided into more than two data segments. For example, the data of a line of subfiles in the vehicle-mounted program file can be divided into three data fragments, and then three encrypted subfiles can be correspondingly generated, wherein each encrypted subfile comprises an encrypted data fragment and a message authentication code corresponding to the data fragment. In one example, the message authentication code does not require encryption.
In one example, the encrypted subfile may also include a data address of the data fragment and a checksum of the data fragment. Alternatively, the encrypted subfile may further include an encrypted data address of the data fragment and a checksum of the data fragment.
The encrypted subfile bears the main content of the vehicle-mounted program file, and the vehicle-mounted program file can be safely transmitted among different devices. For example, the secure transmission between the remote server and the vehicle, the secure transmission between the program storage hardware device and the vehicle, or the secure transmission between the vehicle and the vehicle, etc.
In step 105, an encrypted in-vehicle program file is obtained by combining the encrypted subfiles.
For example, the vehicle-mounted program file comprises three lines of subfiles, the data of each line of subfile can be divided into two data fragments, six encrypted subfiles can be generated according to the vehicle-mounted program file, and the six encrypted subfiles can be combined into the encrypted vehicle-mounted program file.
In the embodiment of the invention, the encrypted data segment and the message authentication code corresponding to the data segment are transmitted by using the encrypted subfile. The encrypted data fragment is difficult to decrypt, the encrypted subfile adopts a custom format, and even if the encrypted subfile is intercepted, the encrypted subfile is difficult to analyze, so that the possibility that the vehicle-mounted program file is leaked and tampered in the transmission process is greatly reduced. The message authentication code of each data segment can judge whether the data segment is wrong in the transmission process, so that the safety of the vehicle-mounted program file in the transmission process is improved. Thereby improving the safety of the automobile control.
Further, if the number of the encrypted sub-files is two or more, that is, the data of the in-vehicle program file is divided into two data pieces. Then, each data fragment can determine whether the data fragment transmitted by the encrypted subfile is wrong or incomplete according to the message authentication code of the data fragment. Wrong or incomplete data segments can be found as soon as possible and corresponding measures can be taken.
Fig. 3 is a flowchart of a vehicle-mounted program file encryption method according to another embodiment of the present invention. Fig. 3 is different from fig. 1 in that the in-vehicle program file encryption method shown in fig. 3 may further include steps 106 to 111.
In step 106, a data start address of each of the one or more data segments is obtained.
The size of each data fragment can be known when the data fragments are divided, so that the data start address of each data fragment can be obtained and added to the encrypted subfile. The encryption subfile may transmit the data fragment with the data start address of the data fragment. And the downloading party can recover the vehicle-mounted program file according to the data segments and the data starting addresses of the data segments.
In step 107, the data start addresses of the more than one data fragments are added to the corresponding encryption subfiles, respectively.
In one example, each encrypted subfile may include an encrypted data fragment, a data start address of the data fragment, and a message authentication code corresponding to the data fragment. The encrypted subfile may also include other content, and is not limited herein.
It should be noted that step 107 can be executed synchronously with step 104. In one example, the one or more encrypted subfiles are generated based on the encrypted one or more data fragments, respective data start addresses of the one or more data fragments, and message authentication codes of the one or more data fragments.
In step 108, a checksum of each of the encrypted one or more data fragments is obtained based on the encrypted one or more data fragments, the data start address of each of the one or more data fragments, and the message authentication code of each of the one or more data fragments.
For each encrypted data segment, a checksum of the encrypted data segment may be calculated according to the encrypted data segment, a data start address of the data segment, and a message authentication code of the data segment. In one example, each encrypted subfile includes a data start address of a data fragment, the encrypted data fragment, a message authentication code of the data fragment, and a checksum of the encrypted data fragment.
For example, fig. 4 is a schematic structural diagram of an encrypted subfile according to an embodiment of the present invention. The encrypted subfile shown in fig. 4 is formed by sequentially splicing a data start address of a data fragment, the encrypted data fragment, a message authentication code of the data fragment, and a checksum of the encrypted data fragment. And the byte number of the encrypted data segment is a positive integral multiple of the preset encrypted segmentation byte number. In the example of fig. 4, the preset number of encrypted split Bytes is 16Bytes, and the size of the encrypted data fragment can be represented as N × 16Bytes (i.e., N times of 16 Bytes), where N is a positive integer. The message authentication code of a data fragment may be 16Bytes (i.e., 16 Bytes) in size. The size of the checksum of the encrypted data segment may be 1Byte (i.e., 1 Byte).
If the number of bytes of the data of the vehicle-mounted program file is not enough to realize that the number of bytes of the encrypted data segment is a positive integer multiple of the preset number of encrypted split bytes when the vehicle-mounted program file is divided into the data segments in advance, the vehicle-mounted program file can be subjected to bit complementing, the number of bytes which does not influence the vehicle-mounted program file is added, and therefore the number of bytes of the encrypted data segment is a positive integer multiple of the preset number of encrypted split bytes.
In one example, the vehicle-mounted program file is an s19 file, and the data start address of the first data segment of the data partition of the vehicle-mounted program file is the data address in the s19 file. The data start address of the data segment after the first data segment of the vehicle-mounted program file can be determined according to the size of each data segment and the data start address of the previous data segment. For example, the data start address of the second data segment may be determined according to the data start address of the first data segment and the size of the first data segment.
In an embodiment of the invention, the data start address of the data fragment is unencrypted. In one example, the checksum of the encrypted piece of data is the complement of the first sum. The first summation is the summation of the data starting address of one data segment, the encrypted one data segment and the message authentication code of the one data segment. Taking hexadecimal as an example, the checksum calculation of the encrypted data fragment may be expressed as "checksum of the encrypted data fragment is 0 xFF- (data start address of the data fragment + encrypted data fragment + message authentication code of the data fragment)".
In step 109, at least one encrypted subfile is downloaded to the automotive electronic control unit.
And downloading all the encrypted subfiles generated in the step 104 into the automobile electronic control unit, namely downloading the encrypted vehicle-mounted program file in the step 105 into the automobile electronic control power supply. The encrypted subfiles can be downloaded to an automobile electronic control unit by using a wireless transmission technology, and professional operators are not required to connect hardware equipment carrying the vehicle-mounted program files with interfaces of automobiles, so that the downloading efficiency of the vehicle-mounted program files is improved. In the above embodiment, the downloading of the encrypted subfile to the electronic control unit of the vehicle may be specifically implemented by downloading the encrypted subfile from a remote server to the electronic control unit of the vehicle through the vehicle-mounted terminal. That is, the in-vehicle terminal may download the encryption subfile from the remote server, and the automotive electronic control unit may download the encryption subfile from the in-vehicle terminal. For example, the automotive electronic control unit may communicate with the in-vehicle terminal through a Universal Diagnostic Service (UDS).
In one example, the 1 st encryption subfile to the nth encryption subfile are sequentially downloaded to the electronic control unit of the automobile according to the position sequence of the encrypted data segments in the vehicle-mounted program file, wherein N is the number of the encryption subfiles corresponding to the vehicle-mounted program file.
For example, if the in-vehicle program file is composed of one encryption subfile, the one encryption subfile can be downloaded to the electronic control unit of the vehicle through the in-vehicle terminal. In particular, it can be downloaded to a flash memory of the electronic control unit.
For another example, if the vehicle-mounted program file is composed of more than two encryption subfiles, the encryption subfiles including the encrypted data fragments can be sequentially downloaded to the electronic control unit of the vehicle according to the arrangement sequence of the encrypted data fragments in the encryption subfiles in the vehicle-mounted program file. In particular, it can be downloaded to a flash memory of the electronic control unit.
In one example, at least one encrypted subfile may be downloaded to a program download area in an automotive electronic control unit.
The downloaded encrypted subfile may be transmitted with errors, so that the data fragment in the encrypted subfile is incomplete or has errors. Therefore, after the encrypted subfile is downloaded, the integrity and accuracy of the data fragment in the encrypted subfile can be checked. The data fragment in the downloaded encrypted subfile cannot be immediately written into the automotive electronic control unit. The program download area may be provided in the automotive electronic control unit such that the program download area is independent of the portion of the automotive electronic control unit in which the program file is run. Decryption of the encrypted subfile and checking may be performed in the program download area.
In step 110, a checksum of each of the downloaded encrypted one or more data fragments is obtained according to the downloaded encrypted subfile.
In one example, the checksum of the downloaded encrypted data segment may be calculated according to the encrypted data segment in the downloaded encrypted subfile, the data start address of the data segment, and the message authentication code of the data segment.
In step 111, it is determined whether the downloaded encrypted one or more data segments are complete and accurate based on the respective checksums of the encrypted one or more data segments and the respective checksums of the downloaded encrypted one or more data segments.
In one example, if the checksum of each of the encrypted one or more data segments is consistent with the checksum of each of the downloaded encrypted one or more data segments, it is determined that the downloaded encrypted one or more data segments are complete and accurate.
In one example, if the checksum of at least one of the encrypted data segments does not match the checksum of the downloaded encrypted data segment, the downloaded encrypted data segment is determined to be incomplete and/or inaccurate.
In order to avoid the situation that the encrypted subfile causes incomplete or inaccurate data fragments in the transmission and downloading process. After the vehicle-mounted program file is downloaded through the encryption subfile, verification can be performed according to the checksum of the downloaded encrypted data segment to determine whether the encrypted data segment is complete and accurate.
FIG. 5 is a flowchart illustrating another vehicle-mounted program file encryption method according to another embodiment of the present invention. Fig. 5 is different from fig. 1 in that the in-vehicle program file encryption method shown in fig. 5 may further include steps 112 to 118.
In step 112, the data start address of each of the one or more data segments is obtained.
The content of obtaining the data start address of each of the more than one data segments can refer to the related description of step 106 in the above embodiment, and is not described herein again.
In step 113, the respective data start addresses of the one or more data fragments are encrypted using the key and AES.
To further increase the security of the encrypted subfiles, the data start address of each data fragment may also be encrypted using a key and advanced encryption standards.
In step 114, the encrypted data start addresses of the more than one data fragments are added to the corresponding encrypted subfiles respectively.
In one example, each encrypted subfile may include an encrypted data fragment, an encrypted data start address of the data fragment, and a message authentication code of the data fragment. The encrypted subfile may also include other content, and is not limited herein.
In step 115, a checksum of each of the encrypted one or more data fragments is obtained based on the encrypted one or more data fragments, the encrypted data start address of each of the one or more data fragments, and the message authentication code of each of the one or more data fragments.
For each encrypted data segment, a checksum of the encrypted data segment may be calculated according to the encrypted data segment, the encrypted data start address of the data segment, and the message authentication code corresponding to the data segment. In one example, each encrypted subfile may include an encrypted data start address of a data fragment, the encrypted data fragment, a message authentication code of the data fragment, and a checksum of the encrypted data fragment.
For example, fig. 6 is a schematic structural diagram of another encrypted subfile in the embodiment of the present invention. The encrypted subfile shown in fig. 6 is formed by sequentially splicing the encrypted data start address of the data fragment, the encrypted data fragment, the message authentication code corresponding to the data fragment, and the checksum of the encrypted data fragment. And the byte number of the encrypted data segment is a positive integral multiple of the preset encrypted segmentation byte number. In the example of fig. 6, the preset number of encrypted split Bytes is 16Bytes, and the size of the encrypted data fragment may be represented as N × 16Bytes (i.e., N times 16Bytes, where N is a positive integer).
If the number of bytes of the data of the vehicle-mounted program file is not enough to realize that the number of bytes of the encrypted data segment is a positive integer multiple of the preset number of encrypted split bytes when the vehicle-mounted program file is divided into the data segments in advance, the vehicle-mounted program file can be subjected to bit complementing, the number of bytes which does not influence the vehicle-mounted program file is added, and therefore the number of bytes of the encrypted data segment is a positive integer multiple of the preset number of encrypted split bytes.
In one example, the vehicle-mounted program file is an s19 file, and the data start address of the first data segment of the data partition of the vehicle-mounted program file is the data address in the s19 file. The data start address of the data segment after the first data segment of the vehicle-mounted program file can be determined according to the size of each data segment and the data start address of the previous data segment. For example, the data start address of the second data segment may be determined according to the data start address of the first data segment and the size of the first data segment.
In an embodiment of the invention, the data start address of the data fragment is encrypted. In one example, the checksum of the encrypted one of the data segments is a complement of the second sum, which is a sum of the encrypted data start address of the one of the data segments, the encrypted one of the data segments, and the message authentication code of the one of the data segments. Taking hexadecimal as an example, the checksum calculation of the encrypted data fragment may be expressed as "checksum of the encrypted data fragment is 0 xFF- (encrypted data start address of the data fragment + encrypted data fragment + message authentication code of the data fragment)".
At step 116, at least one encrypted subfile is downloaded to the automotive electronic control unit.
For the content of downloading at least one encrypted subfile to the electronic control unit of the vehicle, reference may be made to the related description of step 109 in the above embodiment, which is not described herein again.
In step 117, a checksum of each of the downloaded encrypted one or more data fragments is obtained based on the downloaded encrypted subfile.
In one example, a checksum of the downloaded encrypted data segment may be calculated based on the encrypted data segment in the downloaded encrypted subfile, the encrypted data start address of the data segment, and a message authentication code associated with the data segment.
In step 118, it is determined whether the downloaded encrypted one or more data segments are complete and accurate based on the respective checksums of the encrypted one or more data segments and the respective checksums of the downloaded encrypted one or more data segments.
For the content of determining whether the downloaded encrypted data segment is complete and accurate based on the checksum of each encrypted data segment and the checksum of each downloaded encrypted data segment, refer to step 111 in the foregoing embodiment, which is not described herein again.
FIG. 7 is a flowchart illustrating a method for encrypting a vehicle-mounted program file according to another embodiment of the present invention. Fig. 7 is different from fig. 1 in that the in-vehicle program file encryption method in fig. 7 may further include steps 119 to 121.
At step 119, at least one encrypted subfile is downloaded to the vehicle electronic control unit.
For the content of downloading at least one encrypted subfile to the electronic control unit of the vehicle, reference may be made to the related description of step 109 in the above embodiment, which is not described herein again.
In step 120, the encrypted data segment in the at least one encrypted subfile is decrypted using the key and AES, and a message authentication code of the decrypted data segment is calculated based on the decrypted data segment.
In one example, the key may be stored in the vehicle electronic control unit, for example, the key may be stored in a program running area of the vehicle electronic control unit, and when decryption is performed, the key may be obtained from the program running area and decrypted by using the advanced encryption standard. The encrypted data segment is decrypted using the key and the advanced encryption standard. The encryption and decryption use the same key.
And calculating the message authentication code of the decrypted data segment according to the data of the decrypted data segment.
In one example, if the data start address of the data fragment is not encrypted before, the in-vehicle program file may be recovered by using the decrypted data fragment and the data start address of the data fragment after all encrypted subfiles are downloaded.
In one example, if the data start address of the data segment is also encrypted before, the encrypted data segment may be decrypted at the same time as the encrypted data start address of the data segment is also decrypted. And after all the encrypted subfiles are downloaded, the vehicle-mounted program file can be recovered by using the decrypted data fragments and the data starting addresses decrypted by the data fragments.
In step 121, if the message authentication code corresponding to the data segment in the encrypted subfile is not consistent with the message authentication code calculated according to the decrypted data segment, the encrypted subfile needs to be downloaded to the vehicle electronic control unit again.
And if the message authentication code in the encrypted subfile is not consistent with the message authentication code calculated according to the decrypted data segment in the encrypted subfile, the condition that the data segment in the encrypted subfile is incomplete or wrong in the transmission process is shown. The encrypted data segment, that is, the encrypted subfile where the encrypted data segment is located, needs to be downloaded again.
In one example, if there are N encryption subfiles, the 1 st encryption subfile to the nth encryption subfile need to be downloaded to the vehicle electronic control unit in sequence. After each encrypted subfile is downloaded, the data fragments in the encrypted subfiles can be verified by using the message authentication codes.
And setting N encryption subfiles in total, if the message authentication code of the data fragment in the (i-1) th encryption subfile is not consistent with the message authentication code calculated according to the decrypted data fragment in the (i-1) th encryption subfile, refusing to download the (i) th encryption subfile, and re-downloading the (i-1) th encryption subfile, wherein i is an integer, and i is more than or equal to 2 and less than or equal to N. And starting to download the ith encryption subfile until the message authentication code corresponding to the data fragment in the ith-1 encryption subfile is consistent with the message authentication code calculated according to the decrypted data fragment in the ith-1 encryption subfile.
For example, there are 3 encryption subfiles in total, and if the message authentication code of the data fragment in the 1 st encryption subfile is not consistent with the message authentication code calculated according to the decrypted data fragment in the 1 st encryption subfile, the 1 st encryption subfile is downloaded again. And if the message authentication code corresponding to the data fragment in the 1 st encryption subfile is consistent with the message authentication code calculated according to the data fragment decrypted in the 1 st encryption subfile, starting to download the 2 nd encryption subfile. And if the message authentication code of the data fragment in the 2 nd encryption subfile is not consistent with the message authentication code calculated according to the data fragment decrypted in the 2 nd encryption subfile, the 2 nd encryption subfile is downloaded again. And if the message authentication code of the data fragment in the 2 nd encryption subfile is consistent with the message authentication code calculated according to the data fragment decrypted in the 2 nd encryption subfile, starting to download the 3 rd encryption subfile. And if the message authentication code of the data fragment in the 3 rd encryption subfile is not consistent with the message authentication code calculated according to the data fragment decrypted in the 3 rd encryption subfile, the 3 rd encryption subfile is downloaded again. And if the message authentication code of the data fragment in the 3 rd encryption subfile is consistent with the message authentication code calculated according to the data fragment decrypted in the 3 rd encryption subfile, ending the downloading process.
In one embodiment, if the message authentication code of the data fragment in the encrypted subfile is consistent with the message authentication code calculated from the decrypted data fragment, it is determined that the data fragment in the encrypted subfile is complete and accurate.
In the embodiment of the invention, after downloading an encrypted subfile, whether the data fragment in the downloaded encrypted subfile is complete and accurate is determined through the verification of the message authentication code, and whether the encrypted subfile needs to be downloaded again is determined. Therefore, whether the downloaded encrypted subfile is complete and accurate or not can be found as soon as possible, and the time spent on downloading is reduced.
FIG. 8 is a flowchart illustrating a method for encrypting a vehicle-mounted program file according to still another embodiment of the present invention. Fig. 8 is different from fig. 1 in that the in-vehicle program file encryption method shown in fig. 8 may further include steps 122 to 127.
In step 122, at least one encrypted subfile is downloaded to a program download area in the automotive electronic control unit.
For the content of the program downloading area for downloading at least one encrypted subfile to the electronic control unit of the vehicle, reference may be made to the related description of step 109 in the foregoing embodiment, which is not described herein again.
In step 123, the encrypted data segment in the at least one encrypted subfile, or the encrypted data segment and the encrypted data start address of the data segment, are decrypted using the key and AES.
For the contents of decrypting the encrypted data segment in the at least one encrypted subfile by using the key and the AES, and decrypting the encrypted data segment in the at least one encrypted subfile and the data start address encrypted by using the key and the AES, reference may be made to the related description of step 120 in the above embodiment, which is not described herein again.
In step 124, the vehicle-mounted program file is restored according to the decrypted data starting addresses of the data segments and the data segments or the decrypted data starting addresses of the data segments and the data segments.
In one example, if the number of data segments of the data partition of the in-vehicle program file is one and the data start address of the data segment is not encrypted, the encrypted data segment may be directly decrypted to obtain the recovered in-vehicle program file.
In another example, if the number of data segments of the data partition of the in-vehicle program file is one and the data start address of the data segment is encrypted, the one encrypted data segment and the confidential data start address of the data segment may be directly decrypted to obtain the recovered in-vehicle program file.
In one example, if the number of data segments of the data division of the in-vehicle program file is two or more and the data start addresses of the data segments are not encrypted, the two or more encrypted data segments are decrypted, respectively. And combining the decrypted data segments according to the data initial addresses of the data segments and the arrangement sequence of the data segments in the vehicle-mounted program file during data segment division to obtain a recovered vehicle-mounted program file.
In another example, if the number of data segments of the data division of the in-vehicle program file is two or more and the data start addresses of the data segments are encrypted, the two or more encrypted data segments and the encrypted data start addresses of the two or more data segments are decrypted, respectively. And combining the decrypted data segments according to the decrypted data initial addresses of the data segments and the arrangement sequence of the data segments in the vehicle-mounted program file when the data segments are divided to obtain a recovered vehicle-mounted program file.
In step 125, a cyclic redundancy check code of the recovered vehicle-mounted program file is obtained according to the recovered vehicle-mounted program file.
Cyclic Redundancy Check (CRC) codes are used primarily to detect or Check errors that may occur after data transmission or storage. In order to avoid the incompleteness or inaccuracy of the downloaded vehicle-mounted program file, cyclic redundancy check can be performed on the decrypted and recovered vehicle-mounted program file. The cyclic redundancy check of the decrypted recovered vehicle-mounted program file may be performed in a program download area in the vehicle electronic control unit.
The vehicle-mounted program file comprises a cyclic redundancy check code of the vehicle-mounted program file, and the cyclic redundancy check code is the cyclic redundancy check code of the vehicle-mounted program file before encryption.
And after the encrypted vehicle-mounted program file is downloaded and decrypted to obtain a recovered vehicle-mounted program file, calculating to obtain the cyclic redundancy check code of the recovered vehicle-mounted program file according to the recovered vehicle-mounted program file.
In step 126, if the cyclic redundancy check code of the recovered vehicle-mounted program file is consistent with the cyclic redundancy check code in the vehicle-mounted program file, the program file in the program operation area in the vehicle electronic control unit is erased, and the vehicle-mounted program file recovered in the program download area is written into the program operation area.
And the cyclic redundancy check code of the recovered vehicle-mounted program file is consistent with the cyclic redundancy check code of the vehicle-mounted program file before encryption, and the recovered vehicle-mounted program file is consistent with the original vehicle-mounted program file before encryption. That is, the recovered in-vehicle program file is complete and accurate.
The electronic control unit of the automobile comprises a program downloading area and a program operating area, wherein the program downloading area and the program operating area are two areas which are independent mutually. Wherein the program operating area operates a program file currently used by the vehicle. If the recovered vehicle-mounted program file is determined to be complete and accurate, the recovered vehicle-mounted program file can be written into the program operation area. And if the program file runs in the program running area, erasing the program file running in the program running area, and writing the recovered vehicle-mounted program file into the program running area. When the automobile needs to run the recovered vehicle-mounted program file, the recovered vehicle-mounted program file can be run in the program running area.
In step 127, if the cyclic redundancy check code of the recovered vehicle-mounted program file is not consistent with the cyclic redundancy check code in the vehicle-mounted program file, at least one encryption subfile is downloaded to the vehicle electronic control unit again.
And if the cyclic redundancy check code of the recovered vehicle-mounted program file is inconsistent with the cyclic redundancy check code in the vehicle-mounted program file, indicating that the recovered vehicle-mounted program file is inconsistent with the original vehicle-mounted program file before encryption. That is, the recovered in-vehicle program file is incomplete and/or inaccurate.
If the recovered vehicle-mounted program file is determined to be incomplete and/or inaccurate, the encrypted subfile needs to be downloaded to the vehicle electronic control unit again. Further, the restored in-vehicle program file is not written in the program operating area. Incomplete and/or inaccurately recovered in-vehicle program files may also be deleted directly.
In the embodiment of the invention, if the recovered vehicle-mounted program file is complete and accurate, the recovered vehicle-mounted program file is put into use, so that the recovered vehicle-mounted program file runs in the automobile. The method and the device avoid running incomplete and/or inaccurate vehicle-mounted program files in the automobile, avoid the risk of the automobile caused by the running of wrong vehicle-mounted program files, and further improve the safety of automobile control.
Fig. 9 is a schematic structural diagram of a vehicle-mounted program file encryption device 200 according to an embodiment of the present invention. As shown in fig. 9, the in-vehicle program file encryption apparatus 200 includes a division module 201, a calculation module 202, an encryption module 203, a message generation module 204, and a combination module 205.
The dividing module 201 is configured to divide data in the vehicle-mounted program file into more than one data segment.
The calculating module 202 is configured to calculate a message authentication code of each of the at least one data segment according to the at least one data segment.
An encryption module 203 configured to encrypt the one or more data segments using a key and an advanced encryption standard, AES.
The subfile generating module 204 is configured to generate one or more encrypted subfiles based on the encrypted one or more data fragments and the message authentication codes associated with the one or more data fragments, wherein each encrypted subfile comprises one data fragment and one message authentication code of the data fragment.
And the combination module 205 is configured to combine the encrypted vehicle-mounted program file according to more than one encrypted subfile.
In the embodiment of the invention, the encrypted data segment and the message authentication code corresponding to the data segment are transmitted by using the encrypted subfile. The encrypted data fragment is difficult to decrypt, the encrypted subfile adopts a custom format, and even if the encrypted subfile is intercepted, the encrypted subfile is difficult to analyze, so that the possibility that the vehicle-mounted program file is leaked and tampered in the transmission process is greatly reduced. The message authentication code of each data segment can judge whether the data segment is wrong in the transmission process, so that the safety of the vehicle-mounted program file in the transmission process is improved. Thereby improving the safety of the automobile control.
Moreover, if the number of the encrypted subfiles is more than two, that is, the data of the in-vehicle program file is divided into two data segments. Then, each data fragment can determine whether the data fragment transmitted by the encrypted subfile is wrong or incomplete according to the message authentication code of the data fragment. Wrong or incomplete data segments can be found and measures can be taken as soon as possible.
Fig. 10 is a schematic structural diagram of a vehicle-mounted program file encryption device 200 according to another embodiment of the present invention. Fig. 10 is different from fig. 9 in that the in-vehicle program file encryption device 200 shown in fig. 10 may further include a first address acquisition module 206, a first joining module 207, a downloading module 208, a first checksum acquisition module 209, a second checksum acquisition module 210, and a first verification module 211.
The first address obtaining module 206 is configured to obtain a data start address of each of the one or more data segments.
The first adding module 207 is configured to add respective data start addresses of the more than one data fragments to the corresponding encrypted subfiles.
And a download module 208 configured to download the at least one encrypted subfile to the automotive electronic control unit.
The first checksum obtaining module 209 is configured to, if the data start address of each of the more than one data fragment is not encrypted, obtain a checksum of each of the encrypted more than one data fragment according to the encrypted more than one data fragment, the data start address of each of the more than one data fragment, and the message authentication code of each of the more than one data fragment, where each encrypted subfile includes the data start address of one data fragment, the encrypted one data fragment, the message authentication code of one data fragment, and the checksum of the encrypted one data fragment.
And the second checksum obtaining module 210 is configured to obtain a checksum of each of the downloaded encrypted more than one data segment according to the downloaded encrypted subfile after downloading the at least one encrypted subfile to the electronic control unit of the automobile.
The first checking module 211 is configured to determine whether the downloaded encrypted one or more data segments are complete and accurate based on the checksums of the encrypted one or more data segments and the checksums of the downloaded encrypted one or more data segments.
In one example, if the data start address of each of the more than one data segment is not encrypted, the checksum of the encrypted data segment is the complement of the first sum, and the first sum is the sum of the data start address of the data segment, the encrypted data segment, and the message authentication code of the data segment.
Fig. 11 is a schematic structural diagram of another vehicle-mounted program file encryption device 200 according to another embodiment of the present invention. Fig. 11 is different from fig. 9 in that the in-vehicle program file encryption device 200 shown in fig. 11 may further include a second address acquisition module 212, an address encryption module 213, a second joining module 214, a download module 208, a third checksum acquisition module 215, a fourth checksum acquisition module 216, and a second check module 217.
The second address obtaining module 212 is configured to obtain a data start address of each of the one or more data fragments.
An address encryption module 213 configured to encrypt a data start address of each of the one or more data fragments using the key and AES.
And a second adding module 214 configured to add the respective encrypted data start addresses of the more than one data fragments to the corresponding encrypted subfiles respectively.
The content of the download module 208 can be referred to the description part of the download module 208 in the above embodiments.
The third checksum obtaining module 215 is configured to, if the data start address of each of the more than one data fragment is encrypted, obtain a checksum of each of the encrypted more than one data fragment according to the encrypted more than one data fragment, the encrypted data start address of each of the more than one data fragment, and the message authentication code of each of the more than one data fragment, where each encrypted subfile includes the encrypted data start address of one data fragment, the encrypted one data fragment, the message authentication code of one data fragment, and the checksum of the encrypted one data fragment.
And the fourth checksum obtaining module 216 is configured to obtain a checksum of each of the downloaded encrypted more than one data fragment according to the downloaded encrypted subfile after downloading the at least one encrypted subfile to the electronic control unit of the automobile.
A second check module 217 configured to determine whether the downloaded encrypted one or more data segments are complete and accurate based on the respective checksums of the encrypted one or more data segments and the respective checksums of the downloaded encrypted one or more data segments.
In one example, if the respective data start addresses of more than one data segment are encrypted, the checksum of the encrypted data segment is the complement of the second sum, and the second sum is the sum of the encrypted data start address of the data segment, the encrypted data segment, and the message authentication code of the data segment.
In an example of another embodiment of the present invention, the number of bytes of an encrypted packet is a positive integer multiple of the preset number of encrypted split bytes.
Fig. 12 is a schematic structural diagram of a vehicle-mounted program file encryption device 200 according to another embodiment of the present invention. Fig. 12 is different from fig. 9 in that the in-vehicle program file encryption device 200 shown in fig. 12 may further include a download module 208 and a decryption module 218.
And a download module 208 configured to download the at least one encrypted subfile to the automotive electronic control unit.
A decryption module 218 configured to decrypt the encrypted data segment in the at least one encrypted subfile using the key and AES, and calculate a message authentication code of the decrypted data segment based on the decrypted data segment.
The download module 208 is further configured to re-download the encrypted subfile to the vehicle ecu if the message authentication code of the data segment in the encrypted subfile is not identical to the message authentication code calculated according to the decrypted data segment.
In an example, the downloading module 208 is specifically configured to: and sequentially downloading the 1 st encryption subfile to the Nth encryption subfile to an automobile electronic control unit according to the position sequence of the encrypted data segments in the N encryption subfiles in the vehicle-mounted program file, wherein N is the number of the encryption subfiles corresponding to the vehicle-mounted program file.
In one example, the download module 208 is specifically configured to: if the message authentication code of the data fragment in the (i-1) th encrypted subfile is not consistent with the message authentication code calculated according to the decrypted data fragment in the (i-1) th encrypted subfile, refusing to download the (i) th encrypted subfile, and re-downloading the (i-1) th encrypted subfile, wherein i is an integer and is more than or equal to 2 and less than or equal to N; and starting to download the ith encryption subfile until the message authentication code of the data fragment in the ith-1 encryption subfile is consistent with the message authentication code calculated according to the decrypted data fragment in the ith-1 encryption subfile.
In one example, the download module 212 may be specifically configured to: and downloading at least one encryption subfile to a program downloading area in the automobile electronic control unit.
Fig. 13 is a schematic structural diagram of an in-vehicle program file encryption device 200 according to still another embodiment of the present invention. Fig. 13 differs from fig. 12 in that the in-vehicle program file encryption device 200 shown in fig. 13 may further include a recovery module 219, an acquisition module 220, and a writing module 221.
And a restoring module 219 configured to restore the vehicle-mounted program file according to the decrypted data segment and the data start address of the data segment, or the decrypted data segment and the decrypted data start address of the data segment.
And the obtaining module 220 is configured to obtain the cyclic redundancy check code of the recovered vehicle-mounted program file according to the recovered vehicle-mounted program file.
And the writing module 221 is configured to erase the program file in the program operation area in the automobile electronic control unit and write the vehicle-mounted program file recovered in the program downloading area into the program operation area if the cyclic redundancy check code of the recovered vehicle-mounted program file is consistent with the cyclic redundancy check code in the vehicle-mounted program file.
The downloading module 208 is further configured to re-download the at least one encrypted sub-file to the vehicle electronic control unit if the cyclic redundancy check code of the recovered vehicle-mounted program file is inconsistent with the cyclic redundancy check code in the vehicle-mounted program file.
The vehicle-mounted program file comprises a cyclic redundancy check code.
It should be clear that the embodiments in this specification are described in a progressive manner, and the same or similar parts in the embodiments are referred to each other, and each embodiment focuses on the differences from the other embodiments. For the device embodiments, reference may be made to the description of the method embodiments in the relevant part. The present invention is not limited to the specific steps and structures described above and shown in the drawings. Those skilled in the art may make various changes, modifications and additions or change the order between the steps after appreciating the spirit of the invention. Also, a detailed description of known process techniques is omitted herein for the sake of brevity.
The functional blocks shown in the above-described structural block diagrams may be implemented as hardware, software, firmware, or a combination thereof. When implemented in hardware, it may be, for example, an electronic circuit, an Application Specific Integrated Circuit (ASIC), suitable firmware, plug-in, function card, or the like. When implemented in software, the elements of the invention are the programs or code segments used to perform the required tasks. The program or code segments may be stored in a machine-readable medium or transmitted by a data signal carried in a carrier wave over a transmission medium or a communication link. A "machine-readable medium" may include any medium that can store or transfer information.
Claims (18)
1. A vehicle-mounted program file encryption method is characterized by comprising the following steps:
dividing data in the vehicle-mounted program file into more than one data segment;
calculating to obtain the message authentication codes of the more than one data segments according to the more than one data segments;
encrypting the one or more data segments using a key and an Advanced Encryption Standard (AES);
generating one or more encrypted subfiles based on the encrypted one or more data fragments and the message authentication codes of the one or more data fragments, wherein each encrypted subfile comprises one encrypted data fragment and the message authentication code of the one encrypted data fragment;
combining to obtain an encrypted vehicle-mounted program file according to the more than one encrypted subfiles;
downloading at least one encryption subfile to the automobile electronic control unit;
decrypting the encrypted data fragment in the at least one encrypted subfile by using a key and the AES, and calculating a message authentication code of the decrypted data fragment according to the decrypted data fragment;
if the message authentication code of the data fragment in the encrypted subfile is not consistent with the message authentication code calculated according to the decrypted data fragment, the encrypted subfile needs to be downloaded to the automobile electronic control unit again;
the in-vehicle program file includes a cyclic redundancy check code,
the vehicle-mounted program file encryption method further comprises the following steps:
restoring the vehicle-mounted program file according to the decrypted data segments and the data starting addresses of the data segments, or the decrypted data segments and the data starting addresses of the data segments;
according to the recovered vehicle-mounted program file, obtaining a cyclic redundancy check code of the recovered vehicle-mounted program file;
if the cyclic redundancy check code of the recovered vehicle-mounted program file is consistent with the cyclic redundancy check code in the vehicle-mounted program file, erasing the program file in a program operation area in the automobile electronic control unit, and writing the recovered vehicle-mounted program file in a program downloading area into the program operation area;
and if the recovered cyclic redundancy check code of the vehicle-mounted program file is inconsistent with the cyclic redundancy check code in the vehicle-mounted program file, re-downloading the at least one encryption sub-file to the automobile electronic control unit.
2. The vehicle-mounted program file encryption method according to claim 1, further comprising:
acquiring respective data starting addresses of the more than one data fragments;
and adding the respective data starting addresses of the more than one data fragments into the corresponding encryption subfiles respectively.
3. The vehicle-mounted program file encryption method according to claim 1, further comprising:
acquiring respective data starting addresses of the more than one data fragments;
encrypting respective data start addresses of the one or more data fragments using the key and the AES;
and respectively adding the respective encrypted data starting addresses of the more than one data fragments into the corresponding encrypted subfiles.
4. The vehicle-mounted program file encryption method according to claim 1, wherein the number of bytes of the encrypted data segment is a positive integer multiple of the preset number of encrypted split bytes.
5. The vehicle-mounted program file encryption method according to claim 1, further comprising:
if the data starting address of each of the more than one data fragment is not encrypted, obtaining a checksum of each of the more than one encrypted data fragment according to the more than one encrypted data fragment, the data starting address of each of the more than one data fragment, and the message authentication code of each of the more than one data fragment, wherein each encrypted subfile comprises the data starting address of one data fragment, the encrypted data fragment, the message authentication code of the data fragment, and the checksum of the encrypted data fragment;
after downloading the at least one encryption subfile to an automobile electronic control unit, obtaining the check sum of each downloaded encrypted data fragment according to the downloaded encryption subfile;
determining whether the downloaded encrypted data segments are complete and accurate based on the respective checksums of the encrypted data segments and the respective checksums of the downloaded encrypted data segments.
6. The vehicle-mounted program file encryption method according to claim 5, wherein if the respective data start addresses of the one or more data sections are not encrypted, the checksum of an encrypted data section is a complement of a first sum, and the first sum is a sum of the data start address of the data section, the encrypted data section, and a message authentication code of the data section.
7. The vehicle-mounted program file encryption method according to claim 1, further comprising:
if the respective data starting addresses of the more than one data fragments are encrypted, obtaining respective checksums of the encrypted more than one data fragments according to the encrypted more than one data fragments, the respective encrypted data starting addresses of the more than one data fragments and respective message authentication codes of the more than one data fragments, wherein each encrypted subfile comprises the encrypted data starting address of one data fragment, the encrypted one data fragment, the message authentication code of the one data fragment and the checksum of the encrypted one data fragment;
after downloading the at least one encryption subfile to an automobile electronic control unit, obtaining the check sum of each downloaded encrypted data fragment according to the downloaded encryption subfile;
determining whether the downloaded encrypted data segments are complete and accurate based on the respective checksums of the encrypted data segments and the respective checksums of the downloaded encrypted data segments.
8. The vehicle-mounted program file encryption method according to claim 7, wherein if the respective data start addresses of the one or more data clips are encrypted, the checksum of an encrypted one data clip is a complement of a second sum, and the second sum is a sum of the encrypted data start address of the one data clip, the encrypted one data clip, and the message authentication code of the one data clip.
9. The vehicle-mounted program file encryption method according to claim 1, wherein the downloading of the at least one encrypted subfile to an automotive electronic control unit comprises:
and sequentially downloading the 1 st encryption subfile to the Nth encryption subfile to the automobile electronic control unit according to the position sequence of the encrypted data segments in the N encryption subfiles in the vehicle-mounted program file, wherein N is the number of the encryption subfiles corresponding to the vehicle-mounted program file.
10. The method for encrypting the vehicle-mounted program file according to claim 9, wherein if the message authentication code corresponding to the data segment in the encrypted subfile is not consistent with the message authentication code calculated according to the decrypted data segment, the step of downloading the encrypted subfile to the vehicle ecu again comprises:
if the message authentication code corresponding to the data fragment in the ith-1 encrypted subfile is not consistent with the message authentication code calculated according to the decrypted data fragment in the ith-1 encrypted subfile, refusing to download the ith encrypted subfile and re-downloading the ith-1 encrypted subfile, wherein i is an integer and is more than or equal to 2 and less than or equal to N;
and starting to download the ith encryption subfile until the message authentication code of the data fragment in the ith-1 encryption subfile is consistent with the message authentication code calculated according to the decrypted data fragment in the ith-1 encryption subfile.
11. The vehicle-mounted program file encryption method according to claim 1, wherein the downloading of the at least one encrypted subfile to an automotive electronic control unit comprises:
and downloading the at least one encryption subfile to a program downloading area in the automobile electronic control unit.
12. An on-vehicle program file encryption device, characterized by comprising:
the dividing module is configured to divide data in the vehicle-mounted program file into more than one data segment;
the calculation module is configured to calculate and obtain a message authentication code of each of the more than one data segments according to the more than one data segments;
an encryption module configured to encrypt the one or more data segments using a key and an Advanced Encryption Standard (AES);
a subfile generating module configured to generate one or more encrypted subfiles based on the one or more encrypted data fragments and the message authentication codes associated with the one or more encrypted data fragments, each encrypted subfile including an encrypted one of the data fragments and the message authentication code associated with the one of the data fragments;
the combination module is configured to combine the encrypted vehicle-mounted program file according to the more than one encrypted subfiles;
the downloading module is configured to download at least one encrypted subfile to the automobile electronic control unit;
a decryption module configured to decrypt the encrypted data segment in the at least one encrypted subfile using a key and the AES, and calculate a message authentication code of the decrypted data segment according to the decrypted data segment;
the downloading module is further configured to download the encrypted subfile to the automotive electronic control unit again if the message authentication code of the data segment in the encrypted subfile is inconsistent with the message authentication code calculated according to the decrypted data segment;
the vehicle-mounted program file encryption device further comprises:
the recovery module is configured to recover the vehicle-mounted program file according to the decrypted data segments and the data starting addresses of the data segments, or the decrypted data segments and the data starting addresses of the data segments;
the acquisition module is configured to obtain a cyclic redundancy check code of the recovered vehicle-mounted program file according to the recovered vehicle-mounted program file;
the writing module is configured to erase the program file in the program operation area in the automobile electronic control unit and write the vehicle-mounted program file recovered in the program downloading area into the program operation area if the cyclic redundancy check code of the recovered vehicle-mounted program file is consistent with the cyclic redundancy check code in the vehicle-mounted program file;
the downloading module is further configured to download the at least one encryption sub-file to an automobile electronic control unit again if the recovered cyclic redundancy check code of the vehicle-mounted program file is inconsistent with the cyclic redundancy check code in the vehicle-mounted program file;
the vehicle-mounted program file comprises a cyclic redundancy check code.
13. The vehicle-mounted program file encryption device according to claim 12, further comprising:
a first address obtaining module configured to obtain respective data start addresses of the more than one data segments;
and the first adding module is configured to add the respective data starting addresses of the more than one data fragments into the corresponding encrypted subfiles respectively.
14. The vehicle-mounted program file encryption device according to claim 12, further comprising:
a second address obtaining module configured to obtain respective data start addresses of the one or more data fragments;
an address encryption module configured to encrypt a data start address of each of the one or more data fragments using the key and the AES;
and the second adding module is configured to add the respective encrypted data starting addresses of the more than one data fragments into the corresponding encrypted subfiles respectively.
15. The vehicle-mounted program file encryption device according to claim 12, wherein the number of bytes of the encrypted one data piece is a positive integer multiple of the preset number of encrypted divided bytes.
16. The vehicle-mounted program file encryption device according to claim 12, wherein the download module is specifically configured to:
and sequentially downloading the 1 st encryption subfile to the Nth encryption subfile to the automobile electronic control unit according to the position sequence of the encrypted data segments in the N encryption subfiles in the vehicle-mounted program file, wherein N is the number of the encryption subfiles corresponding to the vehicle-mounted program file.
17. The vehicle-mounted program file encryption device according to claim 16, wherein the download module is specifically configured to:
if the message authentication code of the data fragment in the ith-1 th encrypted subfile is not consistent with the message authentication code calculated according to the decrypted data fragment in the ith-1 st encrypted subfile, refusing to download the ith encrypted subfile and re-downloading the ith-1 st encrypted subfile, wherein i is an integer and is more than or equal to 2 and less than or equal to N;
and starting to download the ith encryption subfile until the message authentication code of the data fragment in the ith-1 encryption subfile is consistent with the message authentication code calculated according to the decrypted data fragment in the ith-1 encryption subfile.
18. The vehicle-mounted program file encryption device according to claim 12, wherein the download module is specifically configured to:
and downloading the at least one encryption subfile to a program downloading area in the automobile electronic control unit.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201711461011.XA CN108337234B (en) | 2017-12-28 | 2017-12-28 | Vehicle-mounted program file encryption method and device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201711461011.XA CN108337234B (en) | 2017-12-28 | 2017-12-28 | Vehicle-mounted program file encryption method and device |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN108337234A CN108337234A (en) | 2018-07-27 |
| CN108337234B true CN108337234B (en) | 2021-03-23 |
Family
ID=62924590
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201711461011.XA Active CN108337234B (en) | 2017-12-28 | 2017-12-28 | Vehicle-mounted program file encryption method and device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN108337234B (en) |
Families Citing this family (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| EP3690643B1 (en) | 2017-10-24 | 2023-01-25 | Huawei International Pte. Ltd. | Vehicle-mounted device upgrading method and related device |
| CN115473722A (en) * | 2022-09-07 | 2022-12-13 | 湖北亿纬动力有限公司 | Data encryption method and device, electronic equipment and storage medium |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101344906A (en) * | 2008-05-19 | 2009-01-14 | 北京深思洛克数据保护中心 | Sectional type remote updating method |
| CN101950344A (en) * | 2010-09-21 | 2011-01-19 | 广东欧珀移动通信有限公司 | Encryption and decryption methods of embedded software program |
| CN105184181A (en) * | 2015-06-15 | 2015-12-23 | 北京天诚同创电气有限公司 | File encryption method, file decryption method and file encryption device |
| CN105551700A (en) * | 2016-01-29 | 2016-05-04 | 深圳中科维优科技有限公司 | Program-controlled multi-channel variable resistor and resistance value adjustment and control method thereof |
| CN106326767A (en) * | 2016-08-19 | 2017-01-11 | 北京奇虎科技有限公司 | File encryption method, file decryption method and devices |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US8645713B2 (en) * | 2011-03-22 | 2014-02-04 | Fujitsu Limited | Encrypting method, recording medium of encrypting program, decrypting method, and recording medium of decrypting program |
-
2017
- 2017-12-28 CN CN201711461011.XA patent/CN108337234B/en active Active
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101344906A (en) * | 2008-05-19 | 2009-01-14 | 北京深思洛克数据保护中心 | Sectional type remote updating method |
| CN101950344A (en) * | 2010-09-21 | 2011-01-19 | 广东欧珀移动通信有限公司 | Encryption and decryption methods of embedded software program |
| CN105184181A (en) * | 2015-06-15 | 2015-12-23 | 北京天诚同创电气有限公司 | File encryption method, file decryption method and file encryption device |
| CN105551700A (en) * | 2016-01-29 | 2016-05-04 | 深圳中科维优科技有限公司 | Program-controlled multi-channel variable resistor and resistance value adjustment and control method thereof |
| CN106326767A (en) * | 2016-08-19 | 2017-01-11 | 北京奇虎科技有限公司 | File encryption method, file decryption method and devices |
Also Published As
| Publication number | Publication date |
|---|---|
| CN108337234A (en) | 2018-07-27 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN108200044B (en) | Vehicle-mounted program file encryption method and system | |
| CN110225063B (en) | Upgrading method and system of automobile-mounted system, server and vehicle-mounted terminal | |
| CN109479000B (en) | Reuse system, key generation device, data security device, vehicle-mounted computer, reuse method, and storage medium | |
| CN111131313B (en) | Safety guarantee method and system for replacing ECU (electronic control Unit) of intelligent networked automobile | |
| CN109314640B (en) | Vehicle information collection system, vehicle-mounted computer, vehicle information collection device, vehicle information collection method, and recording medium | |
| CN107566407B (en) | Bidirectional authentication data secure transmission and storage method based on USBKey | |
| CN111279310A (en) | Vehicle-mounted equipment upgrading method and related equipment | |
| CN106572106B (en) | Method for transmitting message between TBOX terminal and TSP platform | |
| US11212080B2 (en) | Communication system, vehicle, server device, communication method, and computer program | |
| CN111510485A (en) | OTA upgrade package downloading method, device, vehicle end and server | |
| EP3832980B1 (en) | Method for data transmission, battery management system, and storage medium | |
| CN109314644B (en) | Data providing system, data protection device, data providing method, and storage medium | |
| CN109314645B (en) | Data providing system, data protection device, data providing method, and storage medium | |
| CN115396121B (en) | Security authentication method for security chip OTA data packet and security chip device | |
| CN111565182B (en) | Vehicle diagnosis method and device and storage medium | |
| CN115665138A (en) | Automobile OTA (over the air) upgrading system and method | |
| CN108337234B (en) | Vehicle-mounted program file encryption method and device | |
| CN113132082A (en) | Communication method and device based on vehicle intranet | |
| CN113114654A (en) | Terminal equipment access security authentication method, device and system | |
| CN116566824A (en) | Quantum security OTA upgrading method and system | |
| CN110727455A (en) | Software remote upgrading method and related equipment | |
| CN116419217B (en) | OTA data upgrading method, system, equipment and storage medium | |
| CN107154920B (en) | Encryption method and decryption method for security information and receiving device for receiving security information | |
| JP6203798B2 (en) | In-vehicle control system, vehicle, management device, in-vehicle computer, data sharing method, and computer program | |
| CN108462567A (en) | Vehicle-mounted program file downloading method and device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| TR01 | Transfer of patent right | ||
| TR01 | Transfer of patent right |
Effective date of registration: 20220114 Address after: 352100 science and technology building, No. 2, Xingang Road, Zhangwan Town, Jiaocheng District, Ningde City, Fujian Province Patentee after: Ningde Shidai Runzhi Software Technology Co.,Ltd. Address before: 352100 Xingang Road, Zhangwan Town, Jiaocheng District, Ningde, Fujian 1 Patentee before: Contemporary Amperex Technology Co.,Ltd. |