CN109450954A - Auto communication interface equipment and its authentication method - Google Patents
Auto communication interface equipment and its authentication method Download PDFInfo
- Publication number
- CN109450954A CN109450954A CN201811639103.7A CN201811639103A CN109450954A CN 109450954 A CN109450954 A CN 109450954A CN 201811639103 A CN201811639103 A CN 201811639103A CN 109450954 A CN109450954 A CN 109450954A
- Authority
- CN
- China
- Prior art keywords
- communication interface
- interface equipment
- authentication
- server
- auto
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/06—Authentication
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/08—Configuration management of networks or network elements
- H04L41/0803—Configuration setting
- H04L41/0813—Configuration setting characterised by the conditions triggering a change of settings
- H04L41/082—Configuration setting characterised by the conditions triggering a change of settings the condition being updates or upgrades of network functionality
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/12—Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W4/00—Services specially adapted for wireless communication networks; Facilities therefor
- H04W4/30—Services specially adapted for particular environments, situations or purposes
- H04W4/40—Services specially adapted for particular environments, situations or purposes for vehicles, e.g. vehicle-to-pedestrians [V2P]
- H04W4/44—Services specially adapted for particular environments, situations or purposes for vehicles, e.g. vehicle-to-pedestrians [V2P] for communication between vehicles and infrastructures, e.g. vehicle-to-cloud [V2C] or vehicle-to-home [V2H]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W76/00—Connection management
- H04W76/10—Connection setup
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Mobile Radio Communication Systems (AREA)
- Telephonic Communication Services (AREA)
Abstract
The present invention relates to a kind of auto communication interface equipment and its authentication methods.The auto communication interface equipment comprises determining that at least one elements of certificate relevant to the pending function in auto communication interface equipment and is uploaded to server;According to the elements of certificate, calculates and obtain corresponding first authentication value;It receives and the second authentication value obtained is calculated according to the elements of certificate by the server;Judge whether first authentication value and second authentication value match;If so, determining that the auto communication interface equipment authenticates successfully, the pending function is executed;If it is not, determining the auto communication interface equipment authentification failure.The authentication method is completed using the server for being located at network-side, is not needed additionally to increase hardware chip on hardware, is advantageously reduced product cost.Moreover, being located at the server of network-side does not have the limitation of built in hardware chip, powerful performance can have so that authentication method can extend to obtain good flexibility and higher safety.
Description
[technical field]
The present invention relates to vehicle diagnosis product technical field more particularly to a kind of auto communication interface equipments and its authenticating party
Method.
[background technique]
Vehicle diagnosis product leads to before executing a certain function (such as establishing the communication connection between automotive control system)
It often requires authenticate auto communication interface equipment, to ensure that function can be executed smoothly.Equipment certification
Process is usually utilized to be completed in the special chip that is built in auto communication interface equipment.
As a part of hardware circuit, special chip is encapsulated usually before product export to be fixed at equipment
It is interior.This makes extension to special chip or change almost impossible.Moreover, being limited by hardware cost, special chip is logical
Often only there is very limited memory space.
Limitation on these hardware, can not be good so that equipment authentication method flexibility during routine use is poor
The actual needs (such as being integrated with more and more functions) of auto communication interface equipment is adapted to, and security performance is poor, held
Easily it is cracked.How these limitations are avoided, and the safety and flexibility for improving equipment authentication method are skills in the urgent need to address
Art problem.
[summary of the invention]
The embodiment of the present invention, which is intended to provide, a kind of is able to solve that existing equipment authentication method flexibility is poor, safety is bad
Auto communication interface equipment and its authentication method.
In order to solve the above technical problems, the embodiment of the present invention the following technical schemes are provided:
A kind of authentication method of auto communication interface equipment.Wherein, the authentication method includes:
It determines at least one elements of certificate relevant to the pending function in auto communication interface equipment and is uploaded to clothes
Business device;
According to the elements of certificate, calculates and obtain corresponding first authentication value;
It receives and the second authentication value obtained is calculated according to the elements of certificate by the server;
Judge whether first authentication value and second authentication value match;
If so, determining that the auto communication interface equipment authenticates successfully, then the pending function is executed;
If it is not, determining the auto communication interface equipment authentification failure.
In some embodiments, the elements of certificate includes: random number and identifying algorithm;It is described to be wanted according to the certification
Element calculates and obtains corresponding first authentication value, comprising:
According to the pending function, corresponding identifying algorithm is determined;
Based on the random number, by the corresponding identifying algorithm, calculates and obtain corresponding first authentication value.
In some embodiments, the pending function includes firmware updating or establishes communication link n, and n is 1 to N just
Integer, N are the total quantity that agreement can be used, each agreement is corresponding with a kind of communication link.
In some embodiments, the method also includes: receive the selection instruction from host computer, according to it is described selection refer to
It enables, determines the pending function.
In some embodiments, at least one elements of certificate of the determination and it is uploaded to server, comprising: generate random number
And the server is uploaded to by the host computer, the server is also used to receive the selection instruction from host computer
With the determination pending function.
In some embodiments, when the pending function is to establish communication link n, the method also includes:
In the auto communication interface equipment authentification failure, refusal establishes communication link n;According to the control of the host computer
System instruction, updating the pending function is to establish communication link m;Based on the updated pending function, re-authentication
The auto communication interface equipment;M is different positive integers from n, and the value range of m is 1 between N.
In order to solve the above technical problems, the embodiment of the present invention is also the following technical schemes are provided: a kind of auto communication interface is set
It is standby, including the diagnosis mould group for executing at least one pending function and for described wait hold in diagnosis mould group execution
Before row function, the certification mould group of equipment certification is carried out, which is characterized in that
The certification mould group includes certification input unit, authentication calculations unit, comparing unit and communication unit;
Wherein, the certification input unit is relevant extremely to the pending function in auto communication interface equipment for determination
A few elements of certificate;The authentication calculations unit is connect with the certification input unit, is calculated and is obtained corresponding first certification
Value;
The communication unit be used to for the elements of certificate to be uploaded to server and receive from the server the
Two authentication values;Second authentication value is that the server is obtained according to elements of certificate calculating;
The comparing unit is connect with the communication unit and the authentication calculations unit respectively, for judging described first
Whether authentication value and second authentication value match;
When first authentication value and second authentication value match, export the auto communication interface equipment certification at
First signal of function;
When first authentication value and second authentication value mismatch, the auto communication interface equipment certification is exported
The second signal of failure;
The diagnosis mould group is connect with the comparing unit, when the comparing unit exports the first signal, described in execution
Pending function, when the comparing unit exports second signal, refusal executes the pending function.
In some embodiments, the elements of certificate includes: random number and identifying algorithm, the certification input unit packet
It includes: randomizer and identifying algorithm selector;
The randomizer is for generating one or more random numbers;The identifying algorithm selector is used for according to institute
Pending function is stated, determines corresponding identifying algorithm.
In some embodiments, the pending function includes firmware updating or establishes communication link n, and n is 1 to N just
Integer, N are the total quantity that agreement can be used, each agreement is corresponding with a kind of communication link.
In some embodiments, the auto communication interface equipment is slave computer;The slave computer passes through the communication unit
Member is established with host computer and is communicated to connect, and is received the selection instruction from host computer and is determined according to the selection instruction described wait hold
Row function.
In some embodiments, the host computer is connect with the server communication, and Xiang Suoshu server provides the choosing
Instruction and the random number are selected, and second authentication value is fed back into the slave computer.
In some embodiments, when the second signal that the diagnosis mould group is exported according to the comparing unit, refusal is established
When communication link n;
Under the control of the host computer, it is to establish communication link m that the diagnosis mould group, which updates the pending function,;
The certification mould group is based on the updated pending function, re-starts equipment certification;M is different from n
Positive integer, the value range of m are 1 between N.
Compared with prior art, authentication method provided in an embodiment of the present invention has been come using the server for being located at network-side
At not needing additionally to increase hardware chip on hardware, advantageously reduce product cost.Moreover, being located at the server of network-side
There is no the limitation of built in hardware chip, can have powerful performance so that authentication method can extend to obtain it is very good
Flexibility and higher safety.
[Detailed description of the invention]
One or more embodiments are illustrated by the picture in corresponding attached drawing, these exemplary theorys
The bright restriction not constituted to embodiment, the element in attached drawing with same reference numbers label are expressed as similar element, remove
Non- to have special statement, composition does not limit the figure in attached drawing.
Fig. 1 is the schematic diagram of the application scenarios of the auto communication interface equipment of the embodiment of the present invention;
Fig. 2 is the structural schematic diagram for the auto communication interface equipment that the one of embodiment of the present invention provides;
Fig. 3 is the application scenarios signal for the auto communication interface equipment slave computer that the one of embodiment of the present invention provides
Figure;
Fig. 4 is the method flow diagram for the authentication method that the one of embodiment of the present invention provides;
Fig. 5 be another embodiment of the present invention provides authentication method method flow diagram;
Fig. 6 is flow chart of the authentication method shown in fig. 5 when establishing communication link;
Fig. 7 is flow chart of the authentication method shown in fig. 5 in firmware updating.
[specific embodiment]
To facilitate the understanding of the present invention, in the following with reference to the drawings and specific embodiments, the present invention will be described in more detail.
It should be noted that be expressed " being fixed on " another element when element, it can directly on the other element or therebetween
There may be one or more elements placed in the middle.When an element is expressed " connection " another element, it, which can be, directly connects
It is connected to another element or there may be one or more elements placed in the middle therebetween.Term " on " used in this specification,
The orientation or positional relationship of the instructions such as "lower", "inner", "outside", " bottom " is to be based on the orientation or positional relationship shown in the drawings, only
It is that for the convenience of describing the present invention and simplifying the description, rather than the device or element of indication or suggestion meaning must have specifically
Orientation is constructed and operated in a specific orientation, therefore is not considered as limiting the invention.In addition, term " first ", " the
Two " " thirds " etc. are used for descriptive purposes only and cannot be understood as indicating or suggesting relative importance.
Unless otherwise defined, technical and scientific term all used in this specification is led with technology of the invention is belonged to
The normally understood meaning of the technical staff in domain is identical.Used term is only in the description of the invention in this specification
The purpose of description specific embodiment is not intended to the limitation present invention.Term "and/or" used in this specification includes one
Any and all combinations of a or multiple relevant listed items.
In addition, as long as technical characteristic involved in invention described below difference embodiment is not constituted each other
Conflict can be combined with each other.
Equipment certification can be employed to ensure that vehicle diagnosis product can be used normally, guarantee the peace of associated vehicle data
Quan Xing is automobile auto communication interface equipment process indispensable before executing a certain pending function.Fig. 1 is the embodiment of the present invention
The application scenarios schematic diagram of the automobile auto communication interface equipment of offer.
As shown in Figure 1, including automobile 10 and the auto communication interface equipment being connect with automobile in entire application scenarios
20。
Wherein, which specifically can be any kind of motor vehicles, such as lorry, car etc..It is with complete
Whole electronic control system, to coordinate and control vehicle according to the operational order of driver etc., and to one or multinomial vehicle
Parameter carries out real-time monitoring, it is ensured that automobile 10 is reliably run.
Common, for the ease of maintenance repair and maintenance, automobile 10 can also have at least one hardware communication interface (such as
OBD interface), it is communicated to connect for being established with external equipment, completes the processes such as data interaction.
The auto communication interface equipment 20 can be applied to any kind of vehicle diagnostics product, for being with electronic control
System connection is to read one or more data information.It specifically can be linked into automobile using wired or wirelessly
10 hardware communication interface establishes communication connection physically.
Certainly, other than the communication connection established physically between automobile 10, it is also necessary to be loaded with suitable or match
Pair protocol configuration, could correctly enter the corresponding function system of automobile, read data.Therefore, in order to cope with different need
It asks, is generally integrated that (such as J1708 agreement, J1939 are assisted there are many different vehicle diagnosis agreement on auto communication interface equipment 20
View, ISO15765 agreement) establishing communication link corresponding with vehicle diagnosis agreement, obtain the dependency number of automobile 10 it is believed that
Breath.
In actual use, selected to be examined using one of automobile in user's operation auto communication interface equipment 20
Disconnected agreement request is established after corresponding communication link, and auto communication interface equipment 20 can carry out first following equipment and authenticate
Journey:
1) one group of random number is generated in systems and is provided to built-in trusted authentication chip.
2) trusted authentication chip carries out operation to the random number of input, generates the second certification according to the identifying algorithm built in itself
The authentication information is simultaneously returned to diagnostic device by information.
3) system equally also calls the identifying algorithm for being stored in internal system, and operation is carried out based on the random number,
Obtain the first authentication information.
4) compare the first authentication information and whether the second authentication information is identical.When identical, determine that equipment authenticates successfully;?
When not identical, determine that equipment certification is unsuccessful.And only after equipment authenticates successfully, which can
It is normal to execute function.
It can see by above record, complete place one's entire reliance upon one of additional of equipment verification process and be exclusively used in
The chip of equipment certification.It is found by the applicant that such verifying framework can bring the shadow of many passivenesses for auto communication interface equipment
It rings, for example, can not after additional chip will lead to the rising of cost, the identifying algorithm that is recorded in trusted authentication chip is learned
Change, Information Security is bad and the limited storage space of trusted authentication chip, cannot provide enough certifications for different functions
The flexibility of algorithm, verification process is bad.
To avoid such some negative influences, equipment certification is carried out using server the embodiment of the invention provides a kind of
Auto communication interface equipment.It is communicated with suitable communication unit with the server foundation for being located at network-side (i.e. cloud)
Connection, replaces trusted authentication chip by server.Please continue to refer to Fig. 1, in the present embodiment, the scene further includes server
30 and communication network 40.
The server 30 is the equipment of remote deployment beyond the clouds.It specifically can be a specific entity and is also possible to greatly
The part of functions unit of type cluster server, as long as sky can be stored required for the authentication function distribution for auto communication
Between and operational capability.
The communication network 40 refers to the network of the foundation communication connection between server 30 and auto communication interface equipment 20,
Specifically it can be bluetooth, WiFi, mobile cellular network or private local area network etc., as long as can allow for server 30 and automobile
Communications Interface Unit 20 is used as network node, realizes data interaction between the two.
Fig. 2 is the structural schematic diagram of auto communication interface equipment provided in an embodiment of the present invention.As shown in Fig. 2, the automobile
Communications Interface Unit may include diagnosis mould group 21 and certification mould group 22.
Wherein, diagnosis mould group 21 is for executing at least one pending function.The certification mould group 22 is then for described
Before diagnosing the mould group execution pending function, authenticated to determine whether equipment can normally execute function.
Usual, the diagnosis mould group can integrate multinomial different function, such as firmware updating and foundation are based on
The communication link of different diagnosing protocols.Here, " communication link n " can be used to indicate based on different diagnosing protocol foundation
Communication link.The positive integer that n is 1 to N, each value are corresponding with a diagnosing protocol.For example, being integrated when in diagnosis mould group
When having J1708 agreement, J1939 agreement and ISO15765 agreement, n can have three values of 1-3, assist respectively with above-mentioned three
It discusses corresponding.
The diagnosis mould group 21 determines whether normally execute pending function based on the authentication result of certification mould group 22
Or refusal executes these pending functions.
Please continue to refer to Fig. 2, which may include certification input unit 221, authentication calculations unit 222, ratio
Compared with unit 223 and communication unit 224.
Wherein, the certification input unit 221 is for determining at least one elements of certificate.The authentication calculations unit 222
It is connect with the certification input unit 221, calculates and obtain corresponding first authentication value.
Certification is such based on " under same computation rule, identical input must can obtain identical output "
Assuming that come carry out.Here, using term as " elements of certificate " to need one or more as defeated when indicating certification
The variable entered.Specific elements of certificate can be determined according to the actual situation, such as one group of random number etc..
In some embodiments, determining elements of certificate includes random number and identifying algorithm according to specific needs, described to recognize
Demonstrate,proving input unit 221 can be by randomizer 2211 and identifying algorithm selector 2212.
Wherein, randomizer 2211 is the unit for generating one or more random numbers.It can specifically be used
The chip or electronic device of any suitable method or principle.The identifying algorithm selector 2212 is for according to wait hold
Row function determines the selecting unit of corresponding identifying algorithm.
The pending function refers to that diagnostic module determines function to be executed, can execute or implement in diagnostic module
Multinomial different function in, selected by user or the needs of actual conditions and determine.
Identifying algorithm can be any suitable function, can be calculated according to input variable and determine unique output variable.
In the preferred embodiment, with diagnostic module 21 integrate multiple function correspondingly, auto communication interface equipment
Different identifying algorithm there are many can also configuring, is respectively used to the certification of different function, to improve authenticating party well
The flexibility of method.
The communication unit 224 is the unit for the communication connection between foundation and server.Based on communication unit 224
The elements of certificate can be uploaded to server and receive the second authentication value from server by the communication channel of offer.
Second authentication value is that the server calculates the output valve obtained according to the elements of certificate.Here, first recognizes
The main body that " first " and " second " in card value and the second authentication value is only used for distinguishing calculating acquisition authentication value is not identical, and does not have to
In two authentication values of restriction itself.The output valve can have any suitable type, and be not limited to numerical value, such as floating type number
Value, integer numerical value either specific character string.
Please continue to refer to Fig. 2, there are two input terminal and an output ends for the tool of comparing unit 223.Wherein, two inputs
End is connect with the communication unit 224 and the authentication calculations unit 222 respectively, for receiving the first authentication value and described second
Authentication value.
Output end is then matched according to the two as a result, when first authentication value and second authentication value match, defeated
The auto communication interface equipment authenticates successful first signal out, or in first authentication value and second authentication value
When mismatch, the second signal of the auto communication interface equipment authentification failure is exported.Diagnosis mould group 21 can be based on output end
The signal of output determines the authentication result of current pending function.Also that is, being held when the comparing unit exports the first signal
The row pending function, and when the comparing unit exports second signal, refusal executes the pending function.
The specific structure of the comparing unit 223 can be determined according to the matching rule and mode of actual set, can be adopted
It is realized with the mode of hardware circuit, software program and/or software and hardware combining.It is specially as it is known to those skilled in the art that
Therefore not to repeat here.
In some embodiments, which can be slave computer, by mutual with corresponding host computer
Cooperation is to complete equipment verification process.Fig. 3 is the applied field of auto communication interface equipment slave computer provided in an embodiment of the present invention
Scape schematic diagram.As shown in figure 3, the application scenarios include: auto communication interface equipment slave computer 41, host computer 42 and server
43。
Wherein, auto communication interface equipment slave computer 41 and host computer 42, are established between host computer 42 and server 43
There is communication channel, bidirectional data transfers may be implemented.The communication channel can specifically be selected any kind of wired or wireless
Communication mode.Same or different communication mode can also be used between two communication channels, for example, in auto communication interface
It is connected between equipment slave computer 41 and host computer 42 using cable, wireless cellular network is used between host computer 42 and server 43
Network connection.
Host computer 42 refers to the computer equipment that can directly issue manipulation command.Its top layer for being located at user's interaction,
Various feedback informations (such as variation of every signal) can be shown to user on the screen and user is acquired by input equipment
Instruction to issue corresponding manipulation instruction.
Specifically, host computer 42 it is also an option that using any other type computer equipment, such as it is PC, flat
Plate computer, mobile phone or other intelligent electronic devices that connection can be established with server.
Auto communication interface equipment slave computer 41 is the calculating for directly controlling equipment and obtaining condition of the vehicle or relevant parameter
Machine.The manipulation instruction for being commonly used for reception host computer sending is construed to corresponding time sequence signal and directly controls automobile, or
Person be for reading the status data of vehicle (generally analog quantity) after, be converted into digital signal and feed back to host computer with to user
It shows.
Specifically, auto communication interface equipment slave computer 41 can by PLC, single-chip microcontroller, microprocessor or some other
Rudimentary processor device is realized.
In actual use, one side auto communication interface equipment slave computer 41 is come from by communication unit to receive
The selection instruction of host computer.Then the selection instruction received is parsed, and determines therefrom that current pending function.Finally, root
It is calculated according to the corresponding identifying algorithm of the random number and pending function of generation and obtains the first authentication value.
On the other hand, host computer 42 also utilizes the communication module of itself, provides the selection instruction to server and from vapour
The random number of vehicle Communications Interface Unit slave computer 41, which enables the server to calculate accordingly, obtains the second authentication value.By server meter
The second authentication value obtained is calculated via host computer 42, is supplied to the mistake that auto communication interface equipment slave computer 41 completes equipment certification
Journey.
In further embodiments, if make diagnosis mould group that can not establish communication link n because of authentification failure, host computer
42 can also provide assistance, under send instructions to update the pending function, become establishing logical based on another diagnosing protocol
Believe link m.
Then, the updated pending function is based on by the certification mould group of auto communication interface equipment slave computer 41,
Equipment certification is re-started to attempt the communication link established between automobile.
Wherein, m and n are different positive integers, and the value range of m is 1 between N, to indicate that communication link m is and recognizes
Demonstrate,proving unsuccessful communication link n is the communication link based on different diagnosing protocols.
It should be noted that it is convenient for statement, auto communication interface equipment slave computer is illustratively disclosed in Fig. 3
41, the data information flow direction between host computer 42 and server 43.But those skilled in the art can also be according to the actual situation
Needs, the functional steps that auto communication interface equipment needs to be implemented are adjusted to execute in host computer 42 or slave computer 41
(such as random number is generated by host computer 42).All these variations or adjustment belong to the scope of the present invention.
Those skilled in the art should further appreciate that functional unit described in the embodiment of the present invention is (such as
Authenticate input unit, authentication calculations unit, comparing unit and communication unit) can with electronic hardware, computer software or
The combination of the two is realized, in order to clearly illustrate the interchangeability of hardware and software, in the above description according to function
Generally describe step performed by each exemplary circuit.These functions are implemented in hardware or software actually,
Specific application and design constraint depending on technical solution.
Those skilled in the art can realize described each function to each specific application using distinct methods
The function of energy unit, but such implementation should not be considered as beyond the scope of the present invention.The computer software can be stored in meter
In calculation machine read/write memory medium, the program is when being executed, it may include such as the process of the embodiment of above-mentioned each method.Wherein, institute
The storage medium stated can be magnetic disk, CD, read-only memory or random access memory etc..
A series of functional steps performed by the auto communication interface equipment disclosed based on the above embodiment, the present invention are implemented
Example additionally provides a kind of authentication method based on server.Fig. 4 is the method stream for the authentication method that one embodiment of the invention provides
Cheng Tu.As shown in figure 4, including at least following steps by the method that auto communication interface equipment executes:
410, it determines at least one elements of certificate relevant to the pending function in auto communication interface equipment and uploads
To server.
Specifically used elements of certificate can be selected according to the actual situation, related to pending function.Such as one group with
Machine number or identifying algorithm.These elements of certificate can be provided to server with transmission form in any other suitable format, such as
Suitable check bit is added to ensure the reliability of data transmission.
420, it according to the elements of certificate, calculates and obtains corresponding first authentication value.
First authentication value is auto communication interface equipment according to the elements of certificate having determined, preparatory from Calling
The computation rule set calculates the output valve obtained.
430, it receives and the second authentication value obtained is calculated according to the elements of certificate by the server.
Second authentication value is then the elements of certificate uploaded by server according to auto communication interface equipment, calculates acquisition
Output valve.
440, judge whether first authentication value and second authentication value match.If so, executing step 450;If it is not,
Execute step 460.
Matching refers to that the first authentication value and the second authentication value are consistent, before the hypothesis that can satisfy the above-mentioned certification referred to
Propose-" output having the same ".Specifically it can complete to match using any suitable benchmark or comparison method
450, it determines that the auto communication interface equipment authenticates successfully, executes the pending function.Authenticate successfully conduct
A kind of mark shows that auto communication interface equipment can normally execute function.
460, the auto communication interface equipment authentification failure is determined.And authentification failure then shows auto communication interface equipment
It is unable to operate normally, it is understood that there may be unmatched situation.
Based on the matching result that step 440 obtains, when the auto communication interface equipment authenticates successfully, auto communication is connect
Jaws equipment just executes the pending function.And in the auto communication interface equipment authentification failure, auto communication interface is set
Refusal is executed the pending function by standby system.
Since server is for built-in trusted authentication chip, memory space and operation energy with almost limitless system
Power.Therefore, in the preferred embodiment, the authentication method can be used in combination a variety of different identifying algorithms and collect successfully to meet
The auto communication interface equipment that can be become increasingly abundant is the different identifying algorithm of the different function distribution of auto communication interface equipment,
To the flexibility of effective lifting means certification.
As shown in figure 5, the elements of certificate of the authentication method includes random number and identifying algorithm.It may include walking as follows
It is rapid:
510, one group of random number is generated.The random number by auto communication interface equipment can generate principle according to suitable and
It generates.The size and digit of random number can determine according to the actual situation.
520, according to pending function, corresponding identifying algorithm is determined.
The pending function refers to the function that auto communication interface equipment currently needs to be implemented.In the present embodiment, different
Identifying algorithm and different functions it is corresponding, have mapping relations.It, can be only as a result, after determining pending function
One identifying algorithm for determining needs and using.
In some embodiments, the pending function may include firmware updating or establish communication link n.Wherein, it rises
Grade firmware, which refers to, carries out version updating to the firmware program in auto communication interface equipment.And it establishes communication link n and refers to foundation
Communication link based on some particular diagnosis agreement.
Here, the value range of n is 1 to N.N is to integrate in auto communication interface equipment, the available agreement used
Total quantity.It is such, communication link corresponding with different agreement can be indicated by communication link n.
530, it based on the random number, by the corresponding identifying algorithm, calculates and obtains corresponding first certification
Value.
540, the second authentication value from server and compared with first authentication value is received, determines current certification knot
Fruit.The authentication result includes that auto communication interface equipment authenticates successfully or authentification failure.
Server is when calculating the second authentication value, using identical random number, and calls corresponding with pending function
Identifying algorithm.
In some embodiments, auto communication interface equipment can only serve as the role of slave computer, additional by one
Host computer is indirectly established with server and is communicated to connect.For example, slave computer generate random number can by the host computer,
It is uploaded to the server.
Host computer can execute one or more function as the upper layer directly interacted with user, mutual with slave computer
Cooperate to complete the complete procedure of certification.For example, host computer position machine and server can provide selection instruction separately down, to
Determine pending function.The selection instruction refers to that host computer is collected, and request auto communication interface equipment executes a certain function
User's manipulation instruction.
In further embodiments, auto communication interface equipment authentification failure, when can not establish communication link n, host computer
New control instruction can also be further provided for, the communication link m of another diagnosing protocol is established in selection, more by pending function
Newly it is " establishing communication link m ".
Server and slave computer again can carry out " establishing communication link m " this function according to the control instruction
Certification is to want to make auto communication interface equipment and automobile successfully to establish communication connection.
Authentication method provided in an embodiment of the present invention is based on server and realizes, does not need using dedicated trusted authentication chip,
To reduce the hardware cost of equipment.Moreover, identifying algorithm is set as a variety of, there is multiple authentication can provide very high peace
Quan Xing.Even if identifying algorithm is revealed or is cracked accidentally, can also by very simply by update identifying algorithm in a manner of come
The safety for restoring vehicle diagnosis product is no longer influenced by the limitation that built-in authentication chip is not easy to modification.
Fig. 6 and Fig. 7 is the specific example that authentication method shown in fig. 5 authenticates different pending functions respectively.Such as
Shown in Fig. 6, when user's selection is communicated using diagnosing protocol 1 with automobile, host computer can be respectively to server and bottom
Machine provides selection instruction 1 (S610) corresponding with diagnosing protocol 1.
Slave computer and server carry out operation using identical random number and identifying algorithm 1 corresponding with selection instruction 1,
The first authentication value and the second authentication value are obtained respectively and based thereon determine whether to authenticate successfully (S620).
When authenticating successfully, slave computer normally executes function, establishes the communication link (S630) based on diagnosing protocol 1.
Host computer passes through the electronic control system normal communication of the communication link and automobile, completes the task of vehicle diagnosis
(S640)。
In authentification failure, slave computer cannot execute the function (S650) of establishing communication link 1.Host computer can not also pass through
The electronic control system normal communication (S660) of the communication link 1 and automobile.
As shown in fig. 7, host computer can be respectively to server and bottom when user's selection uses the function of firmware updating
Machine provides selection instruction 2 (S710) corresponding with firmware updating.
Slave computer and server carry out operation using identical random number and identifying algorithm 2 corresponding with selection instruction 2,
The first authentication value and the second authentication value are obtained respectively and based thereon determine whether to authenticate successfully (S720).
When authenticating successfully, host computer is upgraded (S730) to the firmware program of slave computer.It is upper in authentification failure
Machine can not be upgraded (S740) to the firmware program of slave computer.
Finally, it should be noted that the above embodiments are merely illustrative of the technical solutions of the present invention, rather than its limitations;At this
It under the thinking of invention, can also be combined between the technical characteristic in above embodiments or different embodiment, step can be with
It is realized with random order, and there are many other variations of different aspect present invention as described above, for simplicity, they do not have
Have and is provided in details;Although the present invention is described in detail referring to the foregoing embodiments, the ordinary skill people of this field
Member is it is understood that it is still possible to modify the technical solutions described in the foregoing embodiments, or to part of skill
Art feature is equivalently replaced;And these are modified or replaceed, each reality of the present invention that it does not separate the essence of the corresponding technical solution
Apply the range of a technical solution.
Claims (12)
1. a kind of authentication method of auto communication interface equipment characterized by comprising
It determines at least one elements of certificate relevant to the pending function in auto communication interface equipment and is uploaded to server;
According to the elements of certificate, calculates and obtain corresponding first authentication value;
It receives and the second authentication value obtained is calculated according to the elements of certificate by the server;
Judge whether first authentication value and second authentication value match;
If so, determining that the auto communication interface equipment authenticates successfully, the pending function is executed;
If it is not, determining the auto communication interface equipment authentification failure.
2. authentication method according to claim 1, which is characterized in that the elements of certificate includes: that random number and certification are calculated
Method;It is described according to the elements of certificate, calculate and obtain corresponding first authentication value, comprising:
According to the pending function, corresponding identifying algorithm is determined;
Based on the random number, by the corresponding identifying algorithm, calculates and obtain corresponding first authentication value.
3. authentication method according to claim 1 or 2, which is characterized in that the pending function include firmware updating or
Communication link n, the positive integer that n is 1 to N are established, N is the total quantity that agreement can be used, each agreement and a kind of communication link
It is corresponding.
4. authentication method according to claim 3, which is characterized in that the method also includes:
The selection instruction from host computer is received,
According to the selection instruction, the pending function is determined.
5. authentication method according to claim 4, which is characterized in that at least one elements of certificate of the determination is simultaneously uploaded to
Server, comprising:
It generates random number and the server is uploaded to by the host computer, the server is also used to receive described from upper
The selection instruction of position machine is with the determination pending function.
6. according to the described in any item authentication methods of claim 3 to 5, which is characterized in that when the pending function is to establish
When communication link n, the method also includes:
In the auto communication interface equipment authentification failure, refusal establishes communication link n;
According to the control instruction of the host computer, updating the pending function is to establish communication link m;
Based on the updated pending function, auto communication interface equipment described in re-authentication;M and n are different just whole
Number, the value range of m are 1 between N.
7. a kind of auto communication interface equipment including the diagnosis mould group for executing at least one pending function and is used for
Before the diagnosis mould group executes the pending function, the certification mould group of equipment certification is carried out, which is characterized in that
The certification mould group includes certification input unit, authentication calculations unit, comparing unit and communication unit;
Wherein, the certification input unit is for determining relevant to the pending function in auto communication interface equipment at least one
A elements of certificate;The authentication calculations unit is connect with the certification input unit, is calculated and is obtained corresponding first authentication value;
The communication unit is used to for the elements of certificate to be uploaded to server and receives second recognizing from the server
Card value;Second authentication value is that the server is obtained according to elements of certificate calculating;
The comparing unit is connect with the communication unit and the authentication calculations unit respectively, for judging first certification
Whether value and second authentication value match;
When first authentication value and second authentication value match, it is successful to export the auto communication interface equipment certification
First signal;
When first authentication value and second authentication value mismatch, the auto communication interface equipment authentification failure is exported
Second signal;
The diagnosis mould group is connect with the comparing unit, when the comparing unit exports the first signal, is executed described wait hold
Row function, when the comparing unit exports second signal, refusal executes the pending function.
8. auto communication interface equipment according to claim 7, which is characterized in that the elements of certificate includes: random number
And identifying algorithm, the certification input unit include: randomizer and identifying algorithm selector;
The randomizer is for generating one or more random numbers;The identifying algorithm selector be used for according to it is described to
Function is executed, determines corresponding identifying algorithm.
9. auto communication interface equipment according to claim 7 or 8, which is characterized in that the pending function includes rising
Grade firmware establishes communication link n, the positive integer that n is 1 to N, and N is the total quantity that agreement can be used, each agreement and one kind
Communication link is corresponding.
10. auto communication interface equipment according to claim 9, which is characterized in that the auto communication interface equipment is
Slave computer;
The slave computer is established by the communication unit and host computer and is communicated to connect, and receives the selection instruction from host computer simultaneously
The pending function is determined according to the selection instruction.
11. auto communication interface equipment according to claim 10, which is characterized in that the host computer and the server
Communication connection, Xiang Suoshu server provides the selection instruction and the random number, and second authentication value is fed back to
The slave computer.
12. according to the described in any item auto communication interface equipments of claim 7 to 11, which is characterized in that when the diagnosis mould
The second signal that group is exported according to the comparing unit, when refusal establishes communication link n;
Under the control of the host computer, it is to establish communication link m that the diagnosis mould group, which updates the pending function,;
The certification mould group is based on the updated pending function, re-starts equipment certification;M and n are different just whole
Number, the value range of m are 1 between N.
Priority Applications (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201811639103.7A CN109450954B (en) | 2018-12-29 | 2018-12-29 | Automobile communication interface equipment and authentication method thereof |
PCT/CN2019/129774 WO2020135855A1 (en) | 2018-12-29 | 2019-12-30 | Vehicle communication interface device and authentication method therefor |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201811639103.7A CN109450954B (en) | 2018-12-29 | 2018-12-29 | Automobile communication interface equipment and authentication method thereof |
Publications (2)
Publication Number | Publication Date |
---|---|
CN109450954A true CN109450954A (en) | 2019-03-08 |
CN109450954B CN109450954B (en) | 2021-01-15 |
Family
ID=65539780
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201811639103.7A Active CN109450954B (en) | 2018-12-29 | 2018-12-29 | Automobile communication interface equipment and authentication method thereof |
Country Status (2)
Country | Link |
---|---|
CN (1) | CN109450954B (en) |
WO (1) | WO2020135855A1 (en) |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2020135855A1 (en) * | 2018-12-29 | 2020-07-02 | 深圳市道通科技股份有限公司 | Vehicle communication interface device and authentication method therefor |
CN111400118A (en) * | 2020-03-16 | 2020-07-10 | 杭州涂鸦信息技术有限公司 | Serial port command creating method and system for on-line function file |
Citations (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN104333576A (en) * | 2014-10-21 | 2015-02-04 | 普华基础软件股份有限公司 | ECU (Electronic Control Unit) upgrading device and method |
CN104890623A (en) * | 2015-05-21 | 2015-09-09 | 深圳市德艾卡科技有限公司 | Vehicle-mounted intelligent terminal control system and control method |
CN105743854A (en) * | 2014-12-11 | 2016-07-06 | 深圳富泰宏精密工业有限公司 | Security authentication system and method |
CN105790953A (en) * | 2016-03-02 | 2016-07-20 | 飞天诚信科技股份有限公司 | Dual-interface authentication device and working method thereof |
US20160344747A1 (en) * | 2015-05-22 | 2016-11-24 | M2MD Technologies, Inc. | Method and system for securely and automatically obtaining services from a machine device services server |
CN107086996A (en) * | 2017-04-14 | 2017-08-22 | 重庆邮电大学 | Car networking safety certification device and method |
CN108600224A (en) * | 2018-04-25 | 2018-09-28 | 深圳市道通科技股份有限公司 | The safety access method of diagnostic device and diagnostic device |
Family Cites Families (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
AT507032B1 (en) * | 2008-06-05 | 2011-07-15 | Efkon Ag | METHOD AND SYSTEM FOR CREATING MOTOR VEHICLE REMOTE DIAGNOSES |
CN102183945B (en) * | 2011-01-17 | 2012-11-14 | 武汉理工大学 | Multifunctional remote fault diagnosis system for electric control automobile |
KR20130049006A (en) * | 2011-11-03 | 2013-05-13 | 주식회사 타오스 | Vehicle management system using smart device and threeof method |
CN105235639A (en) * | 2015-09-02 | 2016-01-13 | 钱英 | Electric vehicle antitheft method |
CN106814675A (en) * | 2016-12-31 | 2017-06-09 | 华晨汽车集团控股有限公司 | Safety access method for verifying automotive diagnostic installation legitimacy |
CN109450954B (en) * | 2018-12-29 | 2021-01-15 | 深圳市道通科技股份有限公司 | Automobile communication interface equipment and authentication method thereof |
-
2018
- 2018-12-29 CN CN201811639103.7A patent/CN109450954B/en active Active
-
2019
- 2019-12-30 WO PCT/CN2019/129774 patent/WO2020135855A1/en active Application Filing
Patent Citations (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN104333576A (en) * | 2014-10-21 | 2015-02-04 | 普华基础软件股份有限公司 | ECU (Electronic Control Unit) upgrading device and method |
CN105743854A (en) * | 2014-12-11 | 2016-07-06 | 深圳富泰宏精密工业有限公司 | Security authentication system and method |
CN104890623A (en) * | 2015-05-21 | 2015-09-09 | 深圳市德艾卡科技有限公司 | Vehicle-mounted intelligent terminal control system and control method |
US20160344747A1 (en) * | 2015-05-22 | 2016-11-24 | M2MD Technologies, Inc. | Method and system for securely and automatically obtaining services from a machine device services server |
CN105790953A (en) * | 2016-03-02 | 2016-07-20 | 飞天诚信科技股份有限公司 | Dual-interface authentication device and working method thereof |
CN107086996A (en) * | 2017-04-14 | 2017-08-22 | 重庆邮电大学 | Car networking safety certification device and method |
CN108600224A (en) * | 2018-04-25 | 2018-09-28 | 深圳市道通科技股份有限公司 | The safety access method of diagnostic device and diagnostic device |
Cited By (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2020135855A1 (en) * | 2018-12-29 | 2020-07-02 | 深圳市道通科技股份有限公司 | Vehicle communication interface device and authentication method therefor |
CN111400118A (en) * | 2020-03-16 | 2020-07-10 | 杭州涂鸦信息技术有限公司 | Serial port command creating method and system for on-line function file |
CN111400118B (en) * | 2020-03-16 | 2023-09-26 | 杭州涂鸦信息技术有限公司 | Method and system for creating serial port command for online function file |
Also Published As
Publication number | Publication date |
---|---|
CN109450954B (en) | 2021-01-15 |
WO2020135855A1 (en) | 2020-07-02 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
EP3902012A1 (en) | Fault diagnostic method and apparatus, and vehicle | |
US20170222994A1 (en) | Apparatus and method to securely control a remote operation | |
CN105992306B (en) | Binding method of terminal and home gateway | |
CN104424779A (en) | System and method for controlling vehicle by virtue of mobile terminal | |
KR102565199B1 (en) | Access control system and access control method using the same | |
CN109525976A (en) | With network method, system and readable storage medium storing program for executing | |
CN109039654B (en) | TBOX identity authentication method and terminal equipment | |
US11722315B2 (en) | Factory data storage and recovery | |
US11206534B2 (en) | Method and apparatus for managing bundles of smart secure platform | |
CN104966343B (en) | Access control method Internet-based | |
CN109379403B (en) | Control method and device of Internet of things equipment, server and terminal equipment | |
CN106878292A (en) | Control method, control device, mobile unit and transport facility | |
CN113301167B (en) | Cross-specification sharing method, device and equipment for digital key | |
CN201965482U (en) | Sorting and authorizing system of vehicle failure diagnosis functions | |
EP4262146A1 (en) | Iot device and method for onboarding iot device to server | |
CN109450954A (en) | Auto communication interface equipment and its authentication method | |
CN113038421A (en) | Automobile diagnosis method, automobile diagnosis device and automobile gateway | |
CN110139274A (en) | A kind of method for authenticating of bluetooth equipment, electronic equipment and can storage medium | |
CN107766717A (en) | A kind of access control method, apparatus and system | |
CN109955934A (en) | Electric vehicle identity authorization system and method | |
CN116101116B (en) | Charging method, device and storage medium | |
CN109906452A (en) | Method for authenticating, authentication device and right discriminating system | |
CN104837182B (en) | Connection control method, control method, access control apparatus and control device | |
CN116155579A (en) | Secure communication method, system, storage medium and vehicle | |
CN113734095B (en) | Vehicle unlocking method and device, wireless key terminal and medium |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |