CN109450954A - Auto communication interface equipment and its authentication method - Google Patents

Auto communication interface equipment and its authentication method Download PDF

Info

Publication number
CN109450954A
CN109450954A CN201811639103.7A CN201811639103A CN109450954A CN 109450954 A CN109450954 A CN 109450954A CN 201811639103 A CN201811639103 A CN 201811639103A CN 109450954 A CN109450954 A CN 109450954A
Authority
CN
China
Prior art keywords
communication interface
interface equipment
authentication
server
auto
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201811639103.7A
Other languages
Chinese (zh)
Other versions
CN109450954B (en
Inventor
蒋云
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Autel Intelligent Technology Corp Ltd
Original Assignee
Autel Intelligent Technology Corp Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Autel Intelligent Technology Corp Ltd filed Critical Autel Intelligent Technology Corp Ltd
Priority to CN201811639103.7A priority Critical patent/CN109450954B/en
Publication of CN109450954A publication Critical patent/CN109450954A/en
Priority to PCT/CN2019/129774 priority patent/WO2020135855A1/en
Application granted granted Critical
Publication of CN109450954B publication Critical patent/CN109450954B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/08Configuration management of networks or network elements
    • H04L41/0803Configuration setting
    • H04L41/0813Configuration setting characterised by the conditions triggering a change of settings
    • H04L41/082Configuration setting characterised by the conditions triggering a change of settings the condition being updates or upgrades of network functionality
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/12Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W4/00Services specially adapted for wireless communication networks; Facilities therefor
    • H04W4/30Services specially adapted for particular environments, situations or purposes
    • H04W4/40Services specially adapted for particular environments, situations or purposes for vehicles, e.g. vehicle-to-pedestrians [V2P]
    • H04W4/44Services specially adapted for particular environments, situations or purposes for vehicles, e.g. vehicle-to-pedestrians [V2P] for communication between vehicles and infrastructures, e.g. vehicle-to-cloud [V2C] or vehicle-to-home [V2H]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W76/00Connection management
    • H04W76/10Connection setup

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Mobile Radio Communication Systems (AREA)
  • Telephonic Communication Services (AREA)

Abstract

The present invention relates to a kind of auto communication interface equipment and its authentication methods.The auto communication interface equipment comprises determining that at least one elements of certificate relevant to the pending function in auto communication interface equipment and is uploaded to server;According to the elements of certificate, calculates and obtain corresponding first authentication value;It receives and the second authentication value obtained is calculated according to the elements of certificate by the server;Judge whether first authentication value and second authentication value match;If so, determining that the auto communication interface equipment authenticates successfully, the pending function is executed;If it is not, determining the auto communication interface equipment authentification failure.The authentication method is completed using the server for being located at network-side, is not needed additionally to increase hardware chip on hardware, is advantageously reduced product cost.Moreover, being located at the server of network-side does not have the limitation of built in hardware chip, powerful performance can have so that authentication method can extend to obtain good flexibility and higher safety.

Description

Auto communication interface equipment and its authentication method
[technical field]
The present invention relates to vehicle diagnosis product technical field more particularly to a kind of auto communication interface equipments and its authenticating party Method.
[background technique]
Vehicle diagnosis product leads to before executing a certain function (such as establishing the communication connection between automotive control system) It often requires authenticate auto communication interface equipment, to ensure that function can be executed smoothly.Equipment certification Process is usually utilized to be completed in the special chip that is built in auto communication interface equipment.
As a part of hardware circuit, special chip is encapsulated usually before product export to be fixed at equipment It is interior.This makes extension to special chip or change almost impossible.Moreover, being limited by hardware cost, special chip is logical Often only there is very limited memory space.
Limitation on these hardware, can not be good so that equipment authentication method flexibility during routine use is poor The actual needs (such as being integrated with more and more functions) of auto communication interface equipment is adapted to, and security performance is poor, held Easily it is cracked.How these limitations are avoided, and the safety and flexibility for improving equipment authentication method are skills in the urgent need to address Art problem.
[summary of the invention]
The embodiment of the present invention, which is intended to provide, a kind of is able to solve that existing equipment authentication method flexibility is poor, safety is bad Auto communication interface equipment and its authentication method.
In order to solve the above technical problems, the embodiment of the present invention the following technical schemes are provided:
A kind of authentication method of auto communication interface equipment.Wherein, the authentication method includes:
It determines at least one elements of certificate relevant to the pending function in auto communication interface equipment and is uploaded to clothes Business device;
According to the elements of certificate, calculates and obtain corresponding first authentication value;
It receives and the second authentication value obtained is calculated according to the elements of certificate by the server;
Judge whether first authentication value and second authentication value match;
If so, determining that the auto communication interface equipment authenticates successfully, then the pending function is executed;
If it is not, determining the auto communication interface equipment authentification failure.
In some embodiments, the elements of certificate includes: random number and identifying algorithm;It is described to be wanted according to the certification Element calculates and obtains corresponding first authentication value, comprising:
According to the pending function, corresponding identifying algorithm is determined;
Based on the random number, by the corresponding identifying algorithm, calculates and obtain corresponding first authentication value.
In some embodiments, the pending function includes firmware updating or establishes communication link n, and n is 1 to N just Integer, N are the total quantity that agreement can be used, each agreement is corresponding with a kind of communication link.
In some embodiments, the method also includes: receive the selection instruction from host computer, according to it is described selection refer to It enables, determines the pending function.
In some embodiments, at least one elements of certificate of the determination and it is uploaded to server, comprising: generate random number And the server is uploaded to by the host computer, the server is also used to receive the selection instruction from host computer With the determination pending function.
In some embodiments, when the pending function is to establish communication link n, the method also includes:
In the auto communication interface equipment authentification failure, refusal establishes communication link n;According to the control of the host computer System instruction, updating the pending function is to establish communication link m;Based on the updated pending function, re-authentication The auto communication interface equipment;M is different positive integers from n, and the value range of m is 1 between N.
In order to solve the above technical problems, the embodiment of the present invention is also the following technical schemes are provided: a kind of auto communication interface is set It is standby, including the diagnosis mould group for executing at least one pending function and for described wait hold in diagnosis mould group execution Before row function, the certification mould group of equipment certification is carried out, which is characterized in that
The certification mould group includes certification input unit, authentication calculations unit, comparing unit and communication unit;
Wherein, the certification input unit is relevant extremely to the pending function in auto communication interface equipment for determination A few elements of certificate;The authentication calculations unit is connect with the certification input unit, is calculated and is obtained corresponding first certification Value;
The communication unit be used to for the elements of certificate to be uploaded to server and receive from the server the Two authentication values;Second authentication value is that the server is obtained according to elements of certificate calculating;
The comparing unit is connect with the communication unit and the authentication calculations unit respectively, for judging described first Whether authentication value and second authentication value match;
When first authentication value and second authentication value match, export the auto communication interface equipment certification at First signal of function;
When first authentication value and second authentication value mismatch, the auto communication interface equipment certification is exported The second signal of failure;
The diagnosis mould group is connect with the comparing unit, when the comparing unit exports the first signal, described in execution Pending function, when the comparing unit exports second signal, refusal executes the pending function.
In some embodiments, the elements of certificate includes: random number and identifying algorithm, the certification input unit packet It includes: randomizer and identifying algorithm selector;
The randomizer is for generating one or more random numbers;The identifying algorithm selector is used for according to institute Pending function is stated, determines corresponding identifying algorithm.
In some embodiments, the pending function includes firmware updating or establishes communication link n, and n is 1 to N just Integer, N are the total quantity that agreement can be used, each agreement is corresponding with a kind of communication link.
In some embodiments, the auto communication interface equipment is slave computer;The slave computer passes through the communication unit Member is established with host computer and is communicated to connect, and is received the selection instruction from host computer and is determined according to the selection instruction described wait hold Row function.
In some embodiments, the host computer is connect with the server communication, and Xiang Suoshu server provides the choosing Instruction and the random number are selected, and second authentication value is fed back into the slave computer.
In some embodiments, when the second signal that the diagnosis mould group is exported according to the comparing unit, refusal is established When communication link n;
Under the control of the host computer, it is to establish communication link m that the diagnosis mould group, which updates the pending function,;
The certification mould group is based on the updated pending function, re-starts equipment certification;M is different from n Positive integer, the value range of m are 1 between N.
Compared with prior art, authentication method provided in an embodiment of the present invention has been come using the server for being located at network-side At not needing additionally to increase hardware chip on hardware, advantageously reduce product cost.Moreover, being located at the server of network-side There is no the limitation of built in hardware chip, can have powerful performance so that authentication method can extend to obtain it is very good Flexibility and higher safety.
[Detailed description of the invention]
One or more embodiments are illustrated by the picture in corresponding attached drawing, these exemplary theorys The bright restriction not constituted to embodiment, the element in attached drawing with same reference numbers label are expressed as similar element, remove Non- to have special statement, composition does not limit the figure in attached drawing.
Fig. 1 is the schematic diagram of the application scenarios of the auto communication interface equipment of the embodiment of the present invention;
Fig. 2 is the structural schematic diagram for the auto communication interface equipment that the one of embodiment of the present invention provides;
Fig. 3 is the application scenarios signal for the auto communication interface equipment slave computer that the one of embodiment of the present invention provides Figure;
Fig. 4 is the method flow diagram for the authentication method that the one of embodiment of the present invention provides;
Fig. 5 be another embodiment of the present invention provides authentication method method flow diagram;
Fig. 6 is flow chart of the authentication method shown in fig. 5 when establishing communication link;
Fig. 7 is flow chart of the authentication method shown in fig. 5 in firmware updating.
[specific embodiment]
To facilitate the understanding of the present invention, in the following with reference to the drawings and specific embodiments, the present invention will be described in more detail. It should be noted that be expressed " being fixed on " another element when element, it can directly on the other element or therebetween There may be one or more elements placed in the middle.When an element is expressed " connection " another element, it, which can be, directly connects It is connected to another element or there may be one or more elements placed in the middle therebetween.Term " on " used in this specification, The orientation or positional relationship of the instructions such as "lower", "inner", "outside", " bottom " is to be based on the orientation or positional relationship shown in the drawings, only It is that for the convenience of describing the present invention and simplifying the description, rather than the device or element of indication or suggestion meaning must have specifically Orientation is constructed and operated in a specific orientation, therefore is not considered as limiting the invention.In addition, term " first ", " the Two " " thirds " etc. are used for descriptive purposes only and cannot be understood as indicating or suggesting relative importance.
Unless otherwise defined, technical and scientific term all used in this specification is led with technology of the invention is belonged to The normally understood meaning of the technical staff in domain is identical.Used term is only in the description of the invention in this specification The purpose of description specific embodiment is not intended to the limitation present invention.Term "and/or" used in this specification includes one Any and all combinations of a or multiple relevant listed items.
In addition, as long as technical characteristic involved in invention described below difference embodiment is not constituted each other Conflict can be combined with each other.
Equipment certification can be employed to ensure that vehicle diagnosis product can be used normally, guarantee the peace of associated vehicle data Quan Xing is automobile auto communication interface equipment process indispensable before executing a certain pending function.Fig. 1 is the embodiment of the present invention The application scenarios schematic diagram of the automobile auto communication interface equipment of offer.
As shown in Figure 1, including automobile 10 and the auto communication interface equipment being connect with automobile in entire application scenarios 20。
Wherein, which specifically can be any kind of motor vehicles, such as lorry, car etc..It is with complete Whole electronic control system, to coordinate and control vehicle according to the operational order of driver etc., and to one or multinomial vehicle Parameter carries out real-time monitoring, it is ensured that automobile 10 is reliably run.
Common, for the ease of maintenance repair and maintenance, automobile 10 can also have at least one hardware communication interface (such as OBD interface), it is communicated to connect for being established with external equipment, completes the processes such as data interaction.
The auto communication interface equipment 20 can be applied to any kind of vehicle diagnostics product, for being with electronic control System connection is to read one or more data information.It specifically can be linked into automobile using wired or wirelessly 10 hardware communication interface establishes communication connection physically.
Certainly, other than the communication connection established physically between automobile 10, it is also necessary to be loaded with suitable or match Pair protocol configuration, could correctly enter the corresponding function system of automobile, read data.Therefore, in order to cope with different need It asks, is generally integrated that (such as J1708 agreement, J1939 are assisted there are many different vehicle diagnosis agreement on auto communication interface equipment 20 View, ISO15765 agreement) establishing communication link corresponding with vehicle diagnosis agreement, obtain the dependency number of automobile 10 it is believed that Breath.
In actual use, selected to be examined using one of automobile in user's operation auto communication interface equipment 20 Disconnected agreement request is established after corresponding communication link, and auto communication interface equipment 20 can carry out first following equipment and authenticate Journey:
1) one group of random number is generated in systems and is provided to built-in trusted authentication chip.
2) trusted authentication chip carries out operation to the random number of input, generates the second certification according to the identifying algorithm built in itself The authentication information is simultaneously returned to diagnostic device by information.
3) system equally also calls the identifying algorithm for being stored in internal system, and operation is carried out based on the random number, Obtain the first authentication information.
4) compare the first authentication information and whether the second authentication information is identical.When identical, determine that equipment authenticates successfully;? When not identical, determine that equipment certification is unsuccessful.And only after equipment authenticates successfully, which can It is normal to execute function.
It can see by above record, complete place one's entire reliance upon one of additional of equipment verification process and be exclusively used in The chip of equipment certification.It is found by the applicant that such verifying framework can bring the shadow of many passivenesses for auto communication interface equipment It rings, for example, can not after additional chip will lead to the rising of cost, the identifying algorithm that is recorded in trusted authentication chip is learned Change, Information Security is bad and the limited storage space of trusted authentication chip, cannot provide enough certifications for different functions The flexibility of algorithm, verification process is bad.
To avoid such some negative influences, equipment certification is carried out using server the embodiment of the invention provides a kind of Auto communication interface equipment.It is communicated with suitable communication unit with the server foundation for being located at network-side (i.e. cloud) Connection, replaces trusted authentication chip by server.Please continue to refer to Fig. 1, in the present embodiment, the scene further includes server 30 and communication network 40.
The server 30 is the equipment of remote deployment beyond the clouds.It specifically can be a specific entity and is also possible to greatly The part of functions unit of type cluster server, as long as sky can be stored required for the authentication function distribution for auto communication Between and operational capability.
The communication network 40 refers to the network of the foundation communication connection between server 30 and auto communication interface equipment 20, Specifically it can be bluetooth, WiFi, mobile cellular network or private local area network etc., as long as can allow for server 30 and automobile Communications Interface Unit 20 is used as network node, realizes data interaction between the two.
Fig. 2 is the structural schematic diagram of auto communication interface equipment provided in an embodiment of the present invention.As shown in Fig. 2, the automobile Communications Interface Unit may include diagnosis mould group 21 and certification mould group 22.
Wherein, diagnosis mould group 21 is for executing at least one pending function.The certification mould group 22 is then for described Before diagnosing the mould group execution pending function, authenticated to determine whether equipment can normally execute function.
Usual, the diagnosis mould group can integrate multinomial different function, such as firmware updating and foundation are based on The communication link of different diagnosing protocols.Here, " communication link n " can be used to indicate based on different diagnosing protocol foundation Communication link.The positive integer that n is 1 to N, each value are corresponding with a diagnosing protocol.For example, being integrated when in diagnosis mould group When having J1708 agreement, J1939 agreement and ISO15765 agreement, n can have three values of 1-3, assist respectively with above-mentioned three It discusses corresponding.
The diagnosis mould group 21 determines whether normally execute pending function based on the authentication result of certification mould group 22 Or refusal executes these pending functions.
Please continue to refer to Fig. 2, which may include certification input unit 221, authentication calculations unit 222, ratio Compared with unit 223 and communication unit 224.
Wherein, the certification input unit 221 is for determining at least one elements of certificate.The authentication calculations unit 222 It is connect with the certification input unit 221, calculates and obtain corresponding first authentication value.
Certification is such based on " under same computation rule, identical input must can obtain identical output " Assuming that come carry out.Here, using term as " elements of certificate " to need one or more as defeated when indicating certification The variable entered.Specific elements of certificate can be determined according to the actual situation, such as one group of random number etc..
In some embodiments, determining elements of certificate includes random number and identifying algorithm according to specific needs, described to recognize Demonstrate,proving input unit 221 can be by randomizer 2211 and identifying algorithm selector 2212.
Wherein, randomizer 2211 is the unit for generating one or more random numbers.It can specifically be used The chip or electronic device of any suitable method or principle.The identifying algorithm selector 2212 is for according to wait hold Row function determines the selecting unit of corresponding identifying algorithm.
The pending function refers to that diagnostic module determines function to be executed, can execute or implement in diagnostic module Multinomial different function in, selected by user or the needs of actual conditions and determine.
Identifying algorithm can be any suitable function, can be calculated according to input variable and determine unique output variable.
In the preferred embodiment, with diagnostic module 21 integrate multiple function correspondingly, auto communication interface equipment Different identifying algorithm there are many can also configuring, is respectively used to the certification of different function, to improve authenticating party well The flexibility of method.
The communication unit 224 is the unit for the communication connection between foundation and server.Based on communication unit 224 The elements of certificate can be uploaded to server and receive the second authentication value from server by the communication channel of offer.
Second authentication value is that the server calculates the output valve obtained according to the elements of certificate.Here, first recognizes The main body that " first " and " second " in card value and the second authentication value is only used for distinguishing calculating acquisition authentication value is not identical, and does not have to In two authentication values of restriction itself.The output valve can have any suitable type, and be not limited to numerical value, such as floating type number Value, integer numerical value either specific character string.
Please continue to refer to Fig. 2, there are two input terminal and an output ends for the tool of comparing unit 223.Wherein, two inputs End is connect with the communication unit 224 and the authentication calculations unit 222 respectively, for receiving the first authentication value and described second Authentication value.
Output end is then matched according to the two as a result, when first authentication value and second authentication value match, defeated The auto communication interface equipment authenticates successful first signal out, or in first authentication value and second authentication value When mismatch, the second signal of the auto communication interface equipment authentification failure is exported.Diagnosis mould group 21 can be based on output end The signal of output determines the authentication result of current pending function.Also that is, being held when the comparing unit exports the first signal The row pending function, and when the comparing unit exports second signal, refusal executes the pending function.
The specific structure of the comparing unit 223 can be determined according to the matching rule and mode of actual set, can be adopted It is realized with the mode of hardware circuit, software program and/or software and hardware combining.It is specially as it is known to those skilled in the art that Therefore not to repeat here.
In some embodiments, which can be slave computer, by mutual with corresponding host computer Cooperation is to complete equipment verification process.Fig. 3 is the applied field of auto communication interface equipment slave computer provided in an embodiment of the present invention Scape schematic diagram.As shown in figure 3, the application scenarios include: auto communication interface equipment slave computer 41, host computer 42 and server 43。
Wherein, auto communication interface equipment slave computer 41 and host computer 42, are established between host computer 42 and server 43 There is communication channel, bidirectional data transfers may be implemented.The communication channel can specifically be selected any kind of wired or wireless Communication mode.Same or different communication mode can also be used between two communication channels, for example, in auto communication interface It is connected between equipment slave computer 41 and host computer 42 using cable, wireless cellular network is used between host computer 42 and server 43 Network connection.
Host computer 42 refers to the computer equipment that can directly issue manipulation command.Its top layer for being located at user's interaction, Various feedback informations (such as variation of every signal) can be shown to user on the screen and user is acquired by input equipment Instruction to issue corresponding manipulation instruction.
Specifically, host computer 42 it is also an option that using any other type computer equipment, such as it is PC, flat Plate computer, mobile phone or other intelligent electronic devices that connection can be established with server.
Auto communication interface equipment slave computer 41 is the calculating for directly controlling equipment and obtaining condition of the vehicle or relevant parameter Machine.The manipulation instruction for being commonly used for reception host computer sending is construed to corresponding time sequence signal and directly controls automobile, or Person be for reading the status data of vehicle (generally analog quantity) after, be converted into digital signal and feed back to host computer with to user It shows.
Specifically, auto communication interface equipment slave computer 41 can by PLC, single-chip microcontroller, microprocessor or some other Rudimentary processor device is realized.
In actual use, one side auto communication interface equipment slave computer 41 is come from by communication unit to receive The selection instruction of host computer.Then the selection instruction received is parsed, and determines therefrom that current pending function.Finally, root It is calculated according to the corresponding identifying algorithm of the random number and pending function of generation and obtains the first authentication value.
On the other hand, host computer 42 also utilizes the communication module of itself, provides the selection instruction to server and from vapour The random number of vehicle Communications Interface Unit slave computer 41, which enables the server to calculate accordingly, obtains the second authentication value.By server meter The second authentication value obtained is calculated via host computer 42, is supplied to the mistake that auto communication interface equipment slave computer 41 completes equipment certification Journey.
In further embodiments, if make diagnosis mould group that can not establish communication link n because of authentification failure, host computer 42 can also provide assistance, under send instructions to update the pending function, become establishing logical based on another diagnosing protocol Believe link m.
Then, the updated pending function is based on by the certification mould group of auto communication interface equipment slave computer 41, Equipment certification is re-started to attempt the communication link established between automobile.
Wherein, m and n are different positive integers, and the value range of m is 1 between N, to indicate that communication link m is and recognizes Demonstrate,proving unsuccessful communication link n is the communication link based on different diagnosing protocols.
It should be noted that it is convenient for statement, auto communication interface equipment slave computer is illustratively disclosed in Fig. 3 41, the data information flow direction between host computer 42 and server 43.But those skilled in the art can also be according to the actual situation Needs, the functional steps that auto communication interface equipment needs to be implemented are adjusted to execute in host computer 42 or slave computer 41 (such as random number is generated by host computer 42).All these variations or adjustment belong to the scope of the present invention.
Those skilled in the art should further appreciate that functional unit described in the embodiment of the present invention is (such as Authenticate input unit, authentication calculations unit, comparing unit and communication unit) can with electronic hardware, computer software or The combination of the two is realized, in order to clearly illustrate the interchangeability of hardware and software, in the above description according to function Generally describe step performed by each exemplary circuit.These functions are implemented in hardware or software actually, Specific application and design constraint depending on technical solution.
Those skilled in the art can realize described each function to each specific application using distinct methods The function of energy unit, but such implementation should not be considered as beyond the scope of the present invention.The computer software can be stored in meter In calculation machine read/write memory medium, the program is when being executed, it may include such as the process of the embodiment of above-mentioned each method.Wherein, institute The storage medium stated can be magnetic disk, CD, read-only memory or random access memory etc..
A series of functional steps performed by the auto communication interface equipment disclosed based on the above embodiment, the present invention are implemented Example additionally provides a kind of authentication method based on server.Fig. 4 is the method stream for the authentication method that one embodiment of the invention provides Cheng Tu.As shown in figure 4, including at least following steps by the method that auto communication interface equipment executes:
410, it determines at least one elements of certificate relevant to the pending function in auto communication interface equipment and uploads To server.
Specifically used elements of certificate can be selected according to the actual situation, related to pending function.Such as one group with Machine number or identifying algorithm.These elements of certificate can be provided to server with transmission form in any other suitable format, such as Suitable check bit is added to ensure the reliability of data transmission.
420, it according to the elements of certificate, calculates and obtains corresponding first authentication value.
First authentication value is auto communication interface equipment according to the elements of certificate having determined, preparatory from Calling The computation rule set calculates the output valve obtained.
430, it receives and the second authentication value obtained is calculated according to the elements of certificate by the server.
Second authentication value is then the elements of certificate uploaded by server according to auto communication interface equipment, calculates acquisition Output valve.
440, judge whether first authentication value and second authentication value match.If so, executing step 450;If it is not, Execute step 460.
Matching refers to that the first authentication value and the second authentication value are consistent, before the hypothesis that can satisfy the above-mentioned certification referred to Propose-" output having the same ".Specifically it can complete to match using any suitable benchmark or comparison method
450, it determines that the auto communication interface equipment authenticates successfully, executes the pending function.Authenticate successfully conduct A kind of mark shows that auto communication interface equipment can normally execute function.
460, the auto communication interface equipment authentification failure is determined.And authentification failure then shows auto communication interface equipment It is unable to operate normally, it is understood that there may be unmatched situation.
Based on the matching result that step 440 obtains, when the auto communication interface equipment authenticates successfully, auto communication is connect Jaws equipment just executes the pending function.And in the auto communication interface equipment authentification failure, auto communication interface is set Refusal is executed the pending function by standby system.
Since server is for built-in trusted authentication chip, memory space and operation energy with almost limitless system Power.Therefore, in the preferred embodiment, the authentication method can be used in combination a variety of different identifying algorithms and collect successfully to meet The auto communication interface equipment that can be become increasingly abundant is the different identifying algorithm of the different function distribution of auto communication interface equipment, To the flexibility of effective lifting means certification.
As shown in figure 5, the elements of certificate of the authentication method includes random number and identifying algorithm.It may include walking as follows It is rapid:
510, one group of random number is generated.The random number by auto communication interface equipment can generate principle according to suitable and It generates.The size and digit of random number can determine according to the actual situation.
520, according to pending function, corresponding identifying algorithm is determined.
The pending function refers to the function that auto communication interface equipment currently needs to be implemented.In the present embodiment, different Identifying algorithm and different functions it is corresponding, have mapping relations.It, can be only as a result, after determining pending function One identifying algorithm for determining needs and using.
In some embodiments, the pending function may include firmware updating or establish communication link n.Wherein, it rises Grade firmware, which refers to, carries out version updating to the firmware program in auto communication interface equipment.And it establishes communication link n and refers to foundation Communication link based on some particular diagnosis agreement.
Here, the value range of n is 1 to N.N is to integrate in auto communication interface equipment, the available agreement used Total quantity.It is such, communication link corresponding with different agreement can be indicated by communication link n.
530, it based on the random number, by the corresponding identifying algorithm, calculates and obtains corresponding first certification Value.
540, the second authentication value from server and compared with first authentication value is received, determines current certification knot Fruit.The authentication result includes that auto communication interface equipment authenticates successfully or authentification failure.
Server is when calculating the second authentication value, using identical random number, and calls corresponding with pending function Identifying algorithm.
In some embodiments, auto communication interface equipment can only serve as the role of slave computer, additional by one Host computer is indirectly established with server and is communicated to connect.For example, slave computer generate random number can by the host computer, It is uploaded to the server.
Host computer can execute one or more function as the upper layer directly interacted with user, mutual with slave computer Cooperate to complete the complete procedure of certification.For example, host computer position machine and server can provide selection instruction separately down, to Determine pending function.The selection instruction refers to that host computer is collected, and request auto communication interface equipment executes a certain function User's manipulation instruction.
In further embodiments, auto communication interface equipment authentification failure, when can not establish communication link n, host computer New control instruction can also be further provided for, the communication link m of another diagnosing protocol is established in selection, more by pending function Newly it is " establishing communication link m ".
Server and slave computer again can carry out " establishing communication link m " this function according to the control instruction Certification is to want to make auto communication interface equipment and automobile successfully to establish communication connection.
Authentication method provided in an embodiment of the present invention is based on server and realizes, does not need using dedicated trusted authentication chip, To reduce the hardware cost of equipment.Moreover, identifying algorithm is set as a variety of, there is multiple authentication can provide very high peace Quan Xing.Even if identifying algorithm is revealed or is cracked accidentally, can also by very simply by update identifying algorithm in a manner of come The safety for restoring vehicle diagnosis product is no longer influenced by the limitation that built-in authentication chip is not easy to modification.
Fig. 6 and Fig. 7 is the specific example that authentication method shown in fig. 5 authenticates different pending functions respectively.Such as Shown in Fig. 6, when user's selection is communicated using diagnosing protocol 1 with automobile, host computer can be respectively to server and bottom Machine provides selection instruction 1 (S610) corresponding with diagnosing protocol 1.
Slave computer and server carry out operation using identical random number and identifying algorithm 1 corresponding with selection instruction 1, The first authentication value and the second authentication value are obtained respectively and based thereon determine whether to authenticate successfully (S620).
When authenticating successfully, slave computer normally executes function, establishes the communication link (S630) based on diagnosing protocol 1. Host computer passes through the electronic control system normal communication of the communication link and automobile, completes the task of vehicle diagnosis (S640)。
In authentification failure, slave computer cannot execute the function (S650) of establishing communication link 1.Host computer can not also pass through The electronic control system normal communication (S660) of the communication link 1 and automobile.
As shown in fig. 7, host computer can be respectively to server and bottom when user's selection uses the function of firmware updating Machine provides selection instruction 2 (S710) corresponding with firmware updating.
Slave computer and server carry out operation using identical random number and identifying algorithm 2 corresponding with selection instruction 2, The first authentication value and the second authentication value are obtained respectively and based thereon determine whether to authenticate successfully (S720).
When authenticating successfully, host computer is upgraded (S730) to the firmware program of slave computer.It is upper in authentification failure Machine can not be upgraded (S740) to the firmware program of slave computer.
Finally, it should be noted that the above embodiments are merely illustrative of the technical solutions of the present invention, rather than its limitations;At this It under the thinking of invention, can also be combined between the technical characteristic in above embodiments or different embodiment, step can be with It is realized with random order, and there are many other variations of different aspect present invention as described above, for simplicity, they do not have Have and is provided in details;Although the present invention is described in detail referring to the foregoing embodiments, the ordinary skill people of this field Member is it is understood that it is still possible to modify the technical solutions described in the foregoing embodiments, or to part of skill Art feature is equivalently replaced;And these are modified or replaceed, each reality of the present invention that it does not separate the essence of the corresponding technical solution Apply the range of a technical solution.

Claims (12)

1. a kind of authentication method of auto communication interface equipment characterized by comprising
It determines at least one elements of certificate relevant to the pending function in auto communication interface equipment and is uploaded to server;
According to the elements of certificate, calculates and obtain corresponding first authentication value;
It receives and the second authentication value obtained is calculated according to the elements of certificate by the server;
Judge whether first authentication value and second authentication value match;
If so, determining that the auto communication interface equipment authenticates successfully, the pending function is executed;
If it is not, determining the auto communication interface equipment authentification failure.
2. authentication method according to claim 1, which is characterized in that the elements of certificate includes: that random number and certification are calculated Method;It is described according to the elements of certificate, calculate and obtain corresponding first authentication value, comprising:
According to the pending function, corresponding identifying algorithm is determined;
Based on the random number, by the corresponding identifying algorithm, calculates and obtain corresponding first authentication value.
3. authentication method according to claim 1 or 2, which is characterized in that the pending function include firmware updating or Communication link n, the positive integer that n is 1 to N are established, N is the total quantity that agreement can be used, each agreement and a kind of communication link It is corresponding.
4. authentication method according to claim 3, which is characterized in that the method also includes:
The selection instruction from host computer is received,
According to the selection instruction, the pending function is determined.
5. authentication method according to claim 4, which is characterized in that at least one elements of certificate of the determination is simultaneously uploaded to Server, comprising:
It generates random number and the server is uploaded to by the host computer, the server is also used to receive described from upper The selection instruction of position machine is with the determination pending function.
6. according to the described in any item authentication methods of claim 3 to 5, which is characterized in that when the pending function is to establish When communication link n, the method also includes:
In the auto communication interface equipment authentification failure, refusal establishes communication link n;
According to the control instruction of the host computer, updating the pending function is to establish communication link m;
Based on the updated pending function, auto communication interface equipment described in re-authentication;M and n are different just whole Number, the value range of m are 1 between N.
7. a kind of auto communication interface equipment including the diagnosis mould group for executing at least one pending function and is used for Before the diagnosis mould group executes the pending function, the certification mould group of equipment certification is carried out, which is characterized in that
The certification mould group includes certification input unit, authentication calculations unit, comparing unit and communication unit;
Wherein, the certification input unit is for determining relevant to the pending function in auto communication interface equipment at least one A elements of certificate;The authentication calculations unit is connect with the certification input unit, is calculated and is obtained corresponding first authentication value;
The communication unit is used to for the elements of certificate to be uploaded to server and receives second recognizing from the server Card value;Second authentication value is that the server is obtained according to elements of certificate calculating;
The comparing unit is connect with the communication unit and the authentication calculations unit respectively, for judging first certification Whether value and second authentication value match;
When first authentication value and second authentication value match, it is successful to export the auto communication interface equipment certification First signal;
When first authentication value and second authentication value mismatch, the auto communication interface equipment authentification failure is exported Second signal;
The diagnosis mould group is connect with the comparing unit, when the comparing unit exports the first signal, is executed described wait hold Row function, when the comparing unit exports second signal, refusal executes the pending function.
8. auto communication interface equipment according to claim 7, which is characterized in that the elements of certificate includes: random number And identifying algorithm, the certification input unit include: randomizer and identifying algorithm selector;
The randomizer is for generating one or more random numbers;The identifying algorithm selector be used for according to it is described to Function is executed, determines corresponding identifying algorithm.
9. auto communication interface equipment according to claim 7 or 8, which is characterized in that the pending function includes rising Grade firmware establishes communication link n, the positive integer that n is 1 to N, and N is the total quantity that agreement can be used, each agreement and one kind Communication link is corresponding.
10. auto communication interface equipment according to claim 9, which is characterized in that the auto communication interface equipment is Slave computer;
The slave computer is established by the communication unit and host computer and is communicated to connect, and receives the selection instruction from host computer simultaneously The pending function is determined according to the selection instruction.
11. auto communication interface equipment according to claim 10, which is characterized in that the host computer and the server Communication connection, Xiang Suoshu server provides the selection instruction and the random number, and second authentication value is fed back to The slave computer.
12. according to the described in any item auto communication interface equipments of claim 7 to 11, which is characterized in that when the diagnosis mould The second signal that group is exported according to the comparing unit, when refusal establishes communication link n;
Under the control of the host computer, it is to establish communication link m that the diagnosis mould group, which updates the pending function,;
The certification mould group is based on the updated pending function, re-starts equipment certification;M and n are different just whole Number, the value range of m are 1 between N.
CN201811639103.7A 2018-12-29 2018-12-29 Automobile communication interface equipment and authentication method thereof Active CN109450954B (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
CN201811639103.7A CN109450954B (en) 2018-12-29 2018-12-29 Automobile communication interface equipment and authentication method thereof
PCT/CN2019/129774 WO2020135855A1 (en) 2018-12-29 2019-12-30 Vehicle communication interface device and authentication method therefor

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201811639103.7A CN109450954B (en) 2018-12-29 2018-12-29 Automobile communication interface equipment and authentication method thereof

Publications (2)

Publication Number Publication Date
CN109450954A true CN109450954A (en) 2019-03-08
CN109450954B CN109450954B (en) 2021-01-15

Family

ID=65539780

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201811639103.7A Active CN109450954B (en) 2018-12-29 2018-12-29 Automobile communication interface equipment and authentication method thereof

Country Status (2)

Country Link
CN (1) CN109450954B (en)
WO (1) WO2020135855A1 (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2020135855A1 (en) * 2018-12-29 2020-07-02 深圳市道通科技股份有限公司 Vehicle communication interface device and authentication method therefor
CN111400118A (en) * 2020-03-16 2020-07-10 杭州涂鸦信息技术有限公司 Serial port command creating method and system for on-line function file

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104333576A (en) * 2014-10-21 2015-02-04 普华基础软件股份有限公司 ECU (Electronic Control Unit) upgrading device and method
CN104890623A (en) * 2015-05-21 2015-09-09 深圳市德艾卡科技有限公司 Vehicle-mounted intelligent terminal control system and control method
CN105743854A (en) * 2014-12-11 2016-07-06 深圳富泰宏精密工业有限公司 Security authentication system and method
CN105790953A (en) * 2016-03-02 2016-07-20 飞天诚信科技股份有限公司 Dual-interface authentication device and working method thereof
US20160344747A1 (en) * 2015-05-22 2016-11-24 M2MD Technologies, Inc. Method and system for securely and automatically obtaining services from a machine device services server
CN107086996A (en) * 2017-04-14 2017-08-22 重庆邮电大学 Car networking safety certification device and method
CN108600224A (en) * 2018-04-25 2018-09-28 深圳市道通科技股份有限公司 The safety access method of diagnostic device and diagnostic device

Family Cites Families (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
AT507032B1 (en) * 2008-06-05 2011-07-15 Efkon Ag METHOD AND SYSTEM FOR CREATING MOTOR VEHICLE REMOTE DIAGNOSES
CN102183945B (en) * 2011-01-17 2012-11-14 武汉理工大学 Multifunctional remote fault diagnosis system for electric control automobile
KR20130049006A (en) * 2011-11-03 2013-05-13 주식회사 타오스 Vehicle management system using smart device and threeof method
CN105235639A (en) * 2015-09-02 2016-01-13 钱英 Electric vehicle antitheft method
CN106814675A (en) * 2016-12-31 2017-06-09 华晨汽车集团控股有限公司 Safety access method for verifying automotive diagnostic installation legitimacy
CN109450954B (en) * 2018-12-29 2021-01-15 深圳市道通科技股份有限公司 Automobile communication interface equipment and authentication method thereof

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104333576A (en) * 2014-10-21 2015-02-04 普华基础软件股份有限公司 ECU (Electronic Control Unit) upgrading device and method
CN105743854A (en) * 2014-12-11 2016-07-06 深圳富泰宏精密工业有限公司 Security authentication system and method
CN104890623A (en) * 2015-05-21 2015-09-09 深圳市德艾卡科技有限公司 Vehicle-mounted intelligent terminal control system and control method
US20160344747A1 (en) * 2015-05-22 2016-11-24 M2MD Technologies, Inc. Method and system for securely and automatically obtaining services from a machine device services server
CN105790953A (en) * 2016-03-02 2016-07-20 飞天诚信科技股份有限公司 Dual-interface authentication device and working method thereof
CN107086996A (en) * 2017-04-14 2017-08-22 重庆邮电大学 Car networking safety certification device and method
CN108600224A (en) * 2018-04-25 2018-09-28 深圳市道通科技股份有限公司 The safety access method of diagnostic device and diagnostic device

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2020135855A1 (en) * 2018-12-29 2020-07-02 深圳市道通科技股份有限公司 Vehicle communication interface device and authentication method therefor
CN111400118A (en) * 2020-03-16 2020-07-10 杭州涂鸦信息技术有限公司 Serial port command creating method and system for on-line function file
CN111400118B (en) * 2020-03-16 2023-09-26 杭州涂鸦信息技术有限公司 Method and system for creating serial port command for online function file

Also Published As

Publication number Publication date
CN109450954B (en) 2021-01-15
WO2020135855A1 (en) 2020-07-02

Similar Documents

Publication Publication Date Title
EP3902012A1 (en) Fault diagnostic method and apparatus, and vehicle
US20170222994A1 (en) Apparatus and method to securely control a remote operation
CN105992306B (en) Binding method of terminal and home gateway
CN104424779A (en) System and method for controlling vehicle by virtue of mobile terminal
KR102565199B1 (en) Access control system and access control method using the same
CN109525976A (en) With network method, system and readable storage medium storing program for executing
CN109039654B (en) TBOX identity authentication method and terminal equipment
US11722315B2 (en) Factory data storage and recovery
US11206534B2 (en) Method and apparatus for managing bundles of smart secure platform
CN104966343B (en) Access control method Internet-based
CN109379403B (en) Control method and device of Internet of things equipment, server and terminal equipment
CN106878292A (en) Control method, control device, mobile unit and transport facility
CN113301167B (en) Cross-specification sharing method, device and equipment for digital key
CN201965482U (en) Sorting and authorizing system of vehicle failure diagnosis functions
EP4262146A1 (en) Iot device and method for onboarding iot device to server
CN109450954A (en) Auto communication interface equipment and its authentication method
CN113038421A (en) Automobile diagnosis method, automobile diagnosis device and automobile gateway
CN110139274A (en) A kind of method for authenticating of bluetooth equipment, electronic equipment and can storage medium
CN107766717A (en) A kind of access control method, apparatus and system
CN109955934A (en) Electric vehicle identity authorization system and method
CN116101116B (en) Charging method, device and storage medium
CN109906452A (en) Method for authenticating, authentication device and right discriminating system
CN104837182B (en) Connection control method, control method, access control apparatus and control device
CN116155579A (en) Secure communication method, system, storage medium and vehicle
CN113734095B (en) Vehicle unlocking method and device, wireless key terminal and medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant