CN109450954B - Automobile communication interface equipment and authentication method thereof - Google Patents

Automobile communication interface equipment and authentication method thereof Download PDF

Info

Publication number
CN109450954B
CN109450954B CN201811639103.7A CN201811639103A CN109450954B CN 109450954 B CN109450954 B CN 109450954B CN 201811639103 A CN201811639103 A CN 201811639103A CN 109450954 B CN109450954 B CN 109450954B
Authority
CN
China
Prior art keywords
authentication
communication interface
function
executed
server
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201811639103.7A
Other languages
Chinese (zh)
Other versions
CN109450954A (en
Inventor
蒋云
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Autel Intelligent Technology Corp Ltd
Original Assignee
Autel Intelligent Technology Corp Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Autel Intelligent Technology Corp Ltd filed Critical Autel Intelligent Technology Corp Ltd
Priority to CN201811639103.7A priority Critical patent/CN109450954B/en
Publication of CN109450954A publication Critical patent/CN109450954A/en
Priority to PCT/CN2019/129774 priority patent/WO2020135855A1/en
Application granted granted Critical
Publication of CN109450954B publication Critical patent/CN109450954B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/08Configuration management of networks or network elements
    • H04L41/0803Configuration setting
    • H04L41/0813Configuration setting characterised by the conditions triggering a change of settings
    • H04L41/082Configuration setting characterised by the conditions triggering a change of settings the condition being updates or upgrades of network functionality
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/12Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W4/00Services specially adapted for wireless communication networks; Facilities therefor
    • H04W4/30Services specially adapted for particular environments, situations or purposes
    • H04W4/40Services specially adapted for particular environments, situations or purposes for vehicles, e.g. vehicle-to-pedestrians [V2P]
    • H04W4/44Services specially adapted for particular environments, situations or purposes for vehicles, e.g. vehicle-to-pedestrians [V2P] for communication between vehicles and infrastructures, e.g. vehicle-to-cloud [V2C] or vehicle-to-home [V2H]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W76/00Connection management
    • H04W76/10Connection setup

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Mobile Radio Communication Systems (AREA)
  • Telephonic Communication Services (AREA)

Abstract

The invention relates to an automobile communication interface device and an authentication method thereof. The automotive communication interface device includes: determining at least one authentication element related to a function to be executed in the automobile communication interface equipment and uploading the authentication element to a server; calculating to obtain a corresponding first authentication value according to the authentication element; receiving a second authentication value calculated by the server according to the authentication element; judging whether the first authentication value is matched with the second authentication value; if so, determining that the authentication of the automobile communication interface equipment is successful, and executing the function to be executed; and if not, determining that the authentication of the automobile communication interface equipment fails. The authentication method is completed by using the server positioned at the network end, and a hardware chip is not required to be additionally arranged on hardware, so that the product cost is reduced. Moreover, the server at the network end has no limitation of a built-in hardware chip, and can have strong performance so that the authentication method can be expanded to obtain good flexibility and higher security.

Description

Automobile communication interface equipment and authentication method thereof
[ technical field ] A method for producing a semiconductor device
The invention relates to the technical field of automobile diagnosis products, in particular to automobile communication interface equipment and an authentication method thereof.
[ background of the invention ]
Before a vehicle diagnostic product performs a certain function (e.g., establishing a communication connection with a vehicle control system), authentication of a vehicle communication interface device is generally required to ensure that the function can be performed smoothly. This device authentication process is typically done using a dedicated chip built into the automotive communication interface device.
As part of the hardware circuit, the dedicated chip is usually packaged and fixed in the device before the product is shipped. This makes extension or modification of the dedicated chip almost impossible. Furthermore, due to the cost of hardware, dedicated chips typically have very limited memory space.
These hardware limitations make the device authentication method have poor flexibility in daily use, cannot well adapt to the actual needs of the automobile communication interface device (for example, more and more functions are integrated), has poor safety performance, and is easy to crack. How to avoid these limitations and improve the security and flexibility of the device authentication method are technical problems that need to be solved urgently.
[ summary of the invention ]
The embodiment of the invention aims to provide the automobile communication interface equipment and the authentication method thereof, which can solve the problems of poor flexibility and poor safety of the existing equipment authentication method.
In order to solve the above technical problems, embodiments of the present invention provide the following technical solutions:
an authentication method for an automotive communication interface device. Wherein, the authentication method comprises the following steps:
determining at least one authentication element related to a function to be executed in the automobile communication interface equipment and uploading the authentication element to a server;
calculating to obtain a corresponding first authentication value according to the authentication element;
receiving a second authentication value calculated by the server according to the authentication element;
judging whether the first authentication value is matched with the second authentication value;
if so, determining that the authentication of the automobile communication interface equipment is successful, and executing the function to be executed;
and if not, determining that the authentication of the automobile communication interface equipment fails.
In some embodiments, the authentication element comprises: a random number and an authentication algorithm; the calculating to obtain the corresponding first authentication value according to the authentication element includes:
determining a corresponding authentication algorithm according to the function to be executed;
and calculating to obtain a corresponding first authentication value through the corresponding authentication algorithm on the basis of the random number.
In some embodiments, the function to be performed includes upgrading firmware or establishing a communication link N, N being a positive integer from 1 to N, N being the total number of available protocols, each protocol corresponding to one communication link.
In some embodiments, the method further comprises: receiving a selection instruction from an upper computer, and determining the function to be executed according to the selection instruction.
In some embodiments, the determining and uploading to the server of the at least one authentication element comprises: and generating a random number and uploading the random number to the server through the upper computer, wherein the server is also used for receiving the selection instruction from the upper computer so as to determine the function to be executed.
In some embodiments, when the function to be performed is to establish a communication link n, the method further comprises:
refusing to establish a communication link n when the authentication of the automobile communication interface equipment fails; updating the function to be executed to establish a communication link m according to the control instruction of the upper computer; re-authenticating the automotive communication interface device based on the updated function to be executed; m and N are different positive integers, and the value range of m is between 1 and N.
In order to solve the above technical problems, embodiments of the present invention further provide the following technical solutions: an automotive communication interface device comprising a diagnostic module for performing at least one function to be performed and an authentication module for performing device authentication before said diagnostic module performs said function to be performed,
the authentication module comprises an authentication input unit, an authentication calculation unit, a comparison unit and a communication unit;
wherein the authentication input unit is used for determining at least one authentication element related to a function to be executed in the automobile communication interface device; the authentication calculation unit is connected with the authentication input unit and calculates to obtain a corresponding first authentication value;
the communication unit is configured to upload the authentication element to a server and receive a second authentication value from the server; the second authentication value is obtained by the server through calculation according to the authentication element;
the comparison unit is respectively connected with the communication unit and the authentication calculation unit and is used for judging whether the first authentication value is matched with the second authentication value;
when the first authentication value is matched with the second authentication value, outputting a first signal that the automobile communication interface equipment is successfully authenticated;
when the first authentication value is not matched with the second authentication value, outputting a second signal that the automobile communication interface equipment fails to authenticate;
the diagnosis module is connected with the comparison unit, executes the function to be executed when the comparison unit outputs a first signal, and refuses to execute the function to be executed when the comparison unit outputs a second signal.
In some embodiments, the authentication element comprises: a random number and an authentication algorithm, the authentication input unit including: a random number generator and an authentication algorithm selector;
the random number generator is used for generating one or more random numbers; the authentication algorithm selector is used for determining a corresponding authentication algorithm according to the function to be executed.
In some embodiments, the function to be performed includes upgrading firmware or establishing a communication link N, N being a positive integer from 1 to N, N being the total number of available protocols, each protocol corresponding to one communication link.
In some embodiments, the automotive communication interface device is a lower computer; the lower computer establishes communication connection with the upper computer through the communication unit, receives a selection instruction from the upper computer and determines the function to be executed according to the selection instruction.
In some embodiments, the upper computer is in communication connection with the server, provides the selection instruction and the random number to the server, and feeds back the second authentication value to the lower computer.
In some embodiments, when the diagnostic module rejects the establishment of the communication link n according to the second signal output by the comparison unit;
under the control of the upper computer, the diagnostic module updates the function to be executed to establish a communication link m;
the authentication module re-authenticates the equipment based on the updated function to be executed; m and N are different positive integers, and the value range of m is between 1 and N.
Compared with the prior art, the authentication method provided by the embodiment of the invention is completed by using the server positioned at the network end, and a hardware chip is not required to be additionally arranged on hardware, so that the product cost is favorably reduced. Moreover, the server at the network end has no limitation of a built-in hardware chip, and can have strong performance, so that the authentication method can be expanded to obtain very good flexibility and higher security.
[ description of the drawings ]
One or more embodiments are illustrated by way of example in the accompanying drawings, which correspond to the figures in which like reference numerals refer to similar elements and which are not to scale unless otherwise specified.
FIG. 1 is a schematic diagram of an application scenario of an automotive communication interface device according to an embodiment of the present invention;
FIG. 2 is a schematic structural diagram of an automotive communication interface device according to an embodiment of the present invention;
fig. 3 is a schematic view of an application scenario of a lower computer of an automobile communication interface device according to an embodiment of the present invention;
FIG. 4 is a flowchart of a method of authentication according to one embodiment of the present invention;
FIG. 5 is a flowchart of a method of authentication according to another embodiment of the present invention;
FIG. 6 is a flow chart of the authentication method shown in FIG. 5 when establishing a communication link;
fig. 7 is a flowchart of the authentication method shown in fig. 5 when upgrading firmware.
[ detailed description ] embodiments
In order to facilitate an understanding of the invention, the invention is described in more detail below with reference to the accompanying drawings and specific examples. It will be understood that when an element is referred to as being "secured to" another element, it can be directly on the other element or intervening elements may also be present. When an element is referred to as being "connected" to another element, it can be directly connected to the other element or intervening elements may be present. As used in this specification, the terms "upper," "lower," "inner," "outer," "bottom," and the like are used in the orientation or positional relationship indicated in the drawings for convenience in describing the invention and simplicity in description, and do not indicate or imply that the referenced device or element must have a particular orientation, be constructed and operated in a particular orientation, and are not to be considered limiting of the invention. Furthermore, the terms "first," "second," "third," and the like are used for descriptive purposes only and are not to be construed as indicating or implying relative importance.
Unless defined otherwise, all technical and scientific terms used herein have the same meaning as commonly understood by one of ordinary skill in the art to which this invention belongs. The terminology used in the description of the invention herein is for the purpose of describing particular embodiments only and is not intended to be limiting of the invention. As used herein, the term "and/or" includes any and all combinations of one or more of the associated listed items.
Furthermore, the technical features mentioned in the different embodiments of the invention described below can be combined with each other as long as they do not conflict with each other.
The device authentication can be used for ensuring that the automobile diagnosis product can be normally used and ensuring the safety of related automobile data, and is a necessary process before the automobile communication interface device executes a certain function to be executed. Fig. 1 is a schematic view of an application scenario of an automobile communication interface device according to an embodiment of the present invention.
As shown in fig. 1, an automobile 10 and an automobile communication interface device 20 connected to the automobile are included in the entire application scenario.
The vehicle 10 may be, among other things, any type of motor vehicle, such as a truck, a car, etc. It has a complete electronic control system for coordinating and controlling the vehicle in accordance with the operator's instructions and the like, and for monitoring one or more vehicle parameters in real time to ensure reliable operation of the vehicle 10.
Generally, for the convenience of daily service and maintenance, the automobile 10 may further have at least one hardware communication interface (e.g., an OBD interface) for establishing a communication connection with an external device, performing data interaction, and the like.
The automotive communication interface device 20 may be applied to any type of vehicle diagnostic product for interfacing with an electronic control system to read one or more items of data information. The communication interface may be wired or wireless, and may be connected to a hardware communication interface of the automobile 10 to establish a physical communication connection.
Of course, in addition to establishing a physical communication connection with the vehicle 10, an appropriate or paired protocol configuration needs to be loaded to correctly access the corresponding functional system of the vehicle and read data. Therefore, in order to meet different requirements, a plurality of different vehicle diagnostic protocols (e.g., J1708 protocol, J1939 protocol, ISO15765 protocol) are generally integrated on the vehicle communication interface device 20 to establish a communication link corresponding to the vehicle diagnostic protocols, so as to obtain the relevant data information of the vehicle 10.
In the actual usage process, after the user operates the automotive communication interface device 20 and selects one of the automotive diagnostic protocols to request the establishment of the corresponding communication link, the automotive communication interface device 20 first performs the following device authentication process:
1) a set of random numbers is generated in the system and provided to a built-in authentication chip.
2) The authentication chip calculates the input random number according to an authentication algorithm built in the authentication chip, generates second authentication information and returns the authentication information to the diagnostic equipment.
3) The system also calls an authentication algorithm stored in the system, and the operation is carried out on the basis of the random number to obtain first authentication information.
4) Comparing whether the first authentication information and the second authentication information are the same. If the authentication is the same, determining that the equipment authentication is successful; and when not identical, determining that the equipment authentication is unsuccessful. And the automobile communication interface equipment can normally execute the function only after the equipment authentication is successful.
It can be seen from the above description that the device authentication process is completed completely depending on an additional chip dedicated to device authentication. The applicant finds that such a verification architecture may bring many negative effects to the automotive communication interface device, for example, an additional chip may cause a cost increase, an authentication algorithm recorded in the authentication chip may not be changed after being known, data security is not good, a storage space of the authentication chip is limited, a sufficient authentication algorithm may not be provided for different functions, and flexibility of an authentication process is not good.
To avoid such negative effects, embodiments of the present invention provide an automotive communication interface device that utilizes a server for device authentication. The authentication chip is provided with a suitable communication unit, and communication connection is established between the authentication chip and a server located at a network end (namely, a cloud end), and the authentication chip is replaced by the server. Referring to fig. 1, in the present embodiment, the scenario further includes a server 30 and a communication network 40.
The server 30 is a device remotely deployed in the cloud. It may be a specific entity or a part of the functional units of the large-scale cluster server, as long as the required storage space and computation capability can be allocated for the authentication function of the automobile communication.
The communication network 40 is a network for establishing a communication connection between the server 30 and the car communication interface device 20, and may specifically be bluetooth, WiFi, a mobile cellular network, or a dedicated local area network, as long as the server 30 and the car communication interface device 20 are allowed to serve as network nodes to realize data interaction therebetween.
Fig. 2 is a schematic structural diagram of an automotive communication interface device according to an embodiment of the present invention. As shown in fig. 2, the car communication interface apparatus may include a diagnosis module 21 and an authentication module 22.
The diagnosis module 21 is used for executing at least one function to be executed. The authentication module 22 is configured to authenticate the device to determine whether the device can normally execute the function before the diagnostic module executes the function to be executed.
Conventionally, the diagnostic module may be integrated with a number of different functions, such as upgrading firmware and establishing communication links based on different diagnostic protocols. Here, the "communication link n" may be used to denote communication links established based on different diagnostic protocols. N is a positive integer from 1 to N, each value corresponding to a diagnostic protocol. For example, when the diagnostic module is integrated with the J1708 protocol, the J1939 protocol, and the ISO15765 protocol, n may have three values of 1 to 3, which correspond to the three protocols.
The diagnosis module 21 determines whether to be able to normally execute the functions to be executed or to refuse to execute the functions to be executed based on the authentication result of the authentication module 22.
Referring to fig. 2, the authentication module 22 may include an authentication input unit 221, an authentication calculation unit 222, a comparison unit 223, and a communication unit 224.
Wherein the authentication input unit 221 is configured to determine at least one authentication element. The authentication calculation unit 222 is connected to the authentication input unit 221, and calculates and obtains a corresponding first authentication value.
Authentication is performed on the assumption that "the same input must be able to obtain the same output under the same calculation rule". Here, the term "authentication element" is used to mean one or more variables that are required as input at the time of authentication. The specific authentication element may be determined according to actual conditions, such as a set of random numbers.
In some embodiments, the authentication elements determined according to specific needs include a random number and an authentication algorithm, and the authentication input unit 221 may be composed of a random number generator 2211 and an authentication algorithm selector 2212.
The random number generator 2211 is a unit for generating one or more random numbers. Which may be embodied in chips or electronic devices using any suitable methodology or principle. The authentication algorithm selector 2212 is a selection unit for determining a corresponding authentication algorithm according to a function to be executed.
The function to be executed refers to the function that the diagnosis module determines to be executed, and is determined by the user's selection or the actual situation as required in a plurality of different functions that the diagnosis module can execute or implement.
The authentication algorithm may be any suitable function from which unique output variables can be computationally determined.
In a preferred embodiment, corresponding to the functions integrated with the diagnostic module 21, the vehicle communication interface device may also be configured with a plurality of different authentication algorithms for authentication of different functions, so as to improve the flexibility of the authentication method.
The communication unit 224 is a unit for establishing a communication connection with a server. The authentication element may be uploaded to the server and receive a second authentication value from the server based on the communication channel provided by the communication unit 224.
The second authentication value is an output value calculated by the server based on the authentication element. Here, "first" and "second" of the first authentication value and the second authentication value are used only for distinguishing that the subjects of calculating the obtained authentication values are not the same, and are not used for defining the two authentication values themselves. The output value may be of any suitable type, without limitation, a numeric value, such as a floating point numeric value, an integer numeric value, or a particular string.
With continued reference to fig. 2, the comparing unit 223 has two inputs and one output. Wherein two input terminals are connected to the communication unit 224 and the authentication calculation unit 222, respectively, for receiving the first authentication value and the second authentication value.
And the output end outputs a first signal that the automobile communication interface equipment is successfully authenticated when the first authentication value is matched with the second authentication value or outputs a second signal that the automobile communication interface equipment is unsuccessfully authenticated when the first authentication value is not matched with the second authentication value according to the matching result of the first authentication value and the second authentication value. The diagnosis module 21 may determine an authentication result of the function currently to be executed based on the signal output from the output terminal. That is, the function to be executed is executed when the comparison unit outputs the first signal, and the function to be executed is rejected when the comparison unit outputs the second signal.
The specific structure of the comparing unit 223 can be determined according to the matching rule and mode set in practice, and can be implemented by a hardware circuit, a software program, and/or a combination of hardware and software. It is well known to those skilled in the art and will not be described herein.
In some embodiments, the vehicle communication interface device may be a lower computer that cooperates with a corresponding upper computer to perform a device authentication process. Fig. 3 is a schematic view of an application scenario of a lower computer of an automobile communication interface device according to an embodiment of the present invention. As shown in fig. 3, the application scenario includes: the automobile communication interface equipment comprises a lower computer 41, an upper computer 42 and a server 43.
Communication channels are established between the lower computer 41 and the upper computer 42 of the automobile communication interface equipment, and between the upper computer 42 and the server 43, so that bidirectional data transmission can be realized. The communication channel may specifically be any type of wired or wireless communication. The two communication channels may also adopt the same or different communication modes, for example, a cable connection is adopted between the lower computer 41 and the upper computer 42 of the automobile communication interface device, and a wireless cellular network connection is used between the upper computer 42 and the server 43.
The upper computer 42 is a computer device that can directly issue a control command. The device is positioned at the uppermost layer of user interaction, and can display various feedback information (such as changes of various signals) to a user on a screen and collect instructions of the user through an input device so as to send corresponding control instructions.
In particular, the upper computer 42 may also optionally use any other type of computer device, such as a personal computer, a tablet computer, a mobile phone, or other intelligent electronic device capable of establishing a connection with a server.
The lower computer 41 of the automobile communication interface device is a computer for directly controlling the device to obtain the automobile condition or related parameters. The control device is generally used for receiving a control command sent by an upper computer, interpreting the control command into a corresponding time sequence signal and directly controlling the automobile, or is used for reading state data (generally analog quantity) of the automobile, converting the state data into a digital signal and feeding the digital signal back to the upper computer to be displayed for a user.
Specifically, the lower computer 41 of the automobile communication interface device may be implemented by a PLC, a single chip, a microprocessor, or some other low-level processor device.
In the actual use process, on one hand, the lower computer 41 of the automobile communication interface device receives a selection instruction from the upper computer through the communication unit. And then analyzing the received selection instruction, and determining the current function to be executed according to the received selection instruction. And finally, calculating according to the generated random number and an authentication algorithm corresponding to the function to be executed to obtain a first authentication value.
On the other hand, the upper computer 42 also provides the server with the selection instruction and the random number from the lower computer 41 of the vehicle communication interface device by using its own communication module so that the server can calculate a second authentication value accordingly. The second authentication value calculated by the server is provided to the lower computer 41 of the automobile communication interface equipment through the upper computer 42 to complete the equipment authentication process.
In other embodiments, if the diagnostic module fails to establish the communication link n due to authentication failure, the upper computer 42 may further provide assistance to issue an instruction to update the function to be executed, so as to establish the communication link m based on another diagnostic protocol.
Then, the authentication module of the lower computer 41 of the vehicle communication interface device performs the device authentication again based on the updated function to be executed to attempt to establish a communication link with the vehicle.
And m and N are different positive integers, and the value range of m is between 1 and N, so as to indicate that the communication link m is a communication link based on a different diagnostic protocol than the communication link N with the unsuccessful authentication.
It should be noted that, for convenience of presentation, the data information flow between the lower computer 41, the upper computer 42 and the server 43 of the automobile communication interface device is exemplarily disclosed in fig. 3. However, those skilled in the art can adjust the functional steps to be executed by the vehicle communication interface device to the upper computer 42 or the lower computer 41 according to the needs of the actual situation (for example, the upper computer 42 generates a random number). All such variations and modifications are intended to be within the scope of the present invention.
It will be further appreciated by those skilled in the art that the functional units described in the embodiments of the present invention (such as the authentication input unit, the authentication calculation unit, the comparison unit, and the communication unit) can be implemented in electronic hardware, computer software, or a combination of both, and in the above description the steps performed by the exemplary circuits have been generally described in terms of their functionality for the purpose of clearly illustrating the interchangeability of hardware and software. Whether such functionality is implemented as hardware or software depends upon the particular application and design constraints imposed on the implementation.
Those skilled in the art may implement the described functions of the various functional units using different approaches for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the present invention. The computer software may be stored in a computer readable storage medium, and when executed, may include the processes of the embodiments of the methods described above. The storage medium may be a magnetic disk, an optical disk, a read-only memory or a random access memory.
Based on a series of functional steps executed by the automobile communication interface device disclosed in the above embodiment, the embodiment of the present invention further provides a server-based authentication method. Fig. 4 is a flowchart of an authentication method according to an embodiment of the present invention. As shown in fig. 4, the method performed by the automotive communication interface device includes at least the steps of:
410. at least one authentication element associated with a function to be performed in the automotive communication interface device is determined and uploaded to the server.
The authentication element used in particular may be selected according to the actual situation, in relation to the function to be performed. Such as a set of random numbers or an authentication algorithm. These authentication elements may be provided to the server in any suitable format and transmission, for example adding suitable check bits to ensure the reliability of the data transmission.
420. And calculating to obtain a corresponding first authentication value according to the authentication element.
The first authentication value is an output value calculated by the vehicle communication interface device calling a preset calculation rule from a program according to the determined authentication element.
430. Receiving a second authentication value calculated by the server according to the authentication element.
The second authentication value is an output value obtained by the server through calculation according to the authentication element uploaded by the automobile communication interface equipment.
440. And judging whether the first authentication value is matched with the second authentication value. If yes, go to step 450; if not, go to step 460.
Matching means that the first authentication value and the second authentication value are consistent, and the assumption that the above-mentioned authentication can be satisfied — that "the same output is provided". Specifically, any suitable metric or alignment method may be used to accomplish the matching
450. And determining that the authentication of the automobile communication interface equipment is successful, and executing the function to be executed. The successful authentication serves as a mark indicating that the vehicle communication interface device can normally execute the function.
460. Determining that the automobile communication interface device fails to authenticate. And the authentication failure indicates that the automobile communication interface equipment cannot normally operate, and the situation of mismatching may exist.
Based on the matching result obtained in step 440, the vehicle communication interface device executes the function to be executed only when the vehicle communication interface device is successfully authenticated. And when the authentication of the automobile communication interface equipment fails, the system of the automobile communication interface equipment refuses to execute the function to be executed.
The server has nearly unlimited storage space and computing power relative to the built-in authentication chip. Therefore, in a preferred embodiment, the authentication method can combine a plurality of different authentication algorithms to satisfy the requirement of increasingly rich integrated functions of the automobile communication interface device, and different authentication algorithms are allocated to different functions of the automobile communication interface device, so that the flexibility of device authentication is effectively improved.
As shown in fig. 5, the authentication elements of the authentication method include a random number and an authentication algorithm. It may comprise the steps of:
510. a set of random numbers is generated. The random number may be generated by the vehicle communication interface device according to a suitable generation principle. The size and number of the random numbers can be determined according to actual conditions.
520. And determining a corresponding authentication algorithm according to the function to be executed.
The function to be executed refers to a function that the automobile communication interface device needs to execute currently. In this embodiment, different authentication algorithms correspond to different functions and have a mapping relationship. Thus, after the function to be executed is determined, the authentication algorithm to be used can be uniquely determined.
In some embodiments, the function to be performed may include upgrading firmware or establishing a communication link n. The firmware upgrading refers to version updating of a firmware program in the automobile communication interface equipment. And establishing a communication link n refers to establishing a communication link based on a particular diagnostic protocol.
Here, N ranges from 1 to N. N is the total number of protocols that may be selected for use, integrated in the automotive communication interface device. As such, communication links corresponding to different protocols may be represented by communication link n.
530. And calculating to obtain a corresponding first authentication value through the corresponding authentication algorithm on the basis of the random number.
540. And receiving a second authentication value from the server, comparing the second authentication value with the first authentication value, and determining the current authentication result. The authentication result comprises the successful authentication or the failed authentication of the automobile communication interface equipment.
And when calculating the second authentication value, the server uses the same random number and calls an authentication algorithm corresponding to the function to be executed.
In some embodiments, the vehicle communication interface device may only take the role of a lower computer, and indirectly establish a communication connection with the server through an additional upper computer. For example, a random number generated at a lower computer may be uploaded to the server through the upper computer.
The upper computer is used as an upper layer which directly interacts with the user, can execute one or more functions, and is matched with the lower computer to complete the complete authentication process. For example, the upper computer may provide selection instructions to the lower computer and the server, respectively, to determine the function to be executed. The selection instruction is a user control instruction which is acquired by the upper computer and requests the automobile communication interface equipment to execute a certain function.
In other embodiments, when the authentication of the vehicle communication interface device fails and the communication link n cannot be established, the upper computer may further provide a new control instruction to select the communication link m for establishing another diagnostic protocol, and update the function to be executed to "establish the communication link m".
The server and the lower computer can authenticate the function of establishing the communication link m again according to the control instruction so as to hopefully enable the automobile communication interface equipment to be successfully connected with the automobile.
The authentication method provided by the embodiment of the invention is realized based on the server without using a special authentication chip, thereby reducing the hardware cost of the equipment. Moreover, the authentication algorithm is set to be various, and high safety can be provided by multiple authentications. Even if the authentication algorithm is leaked or cracked carelessly, the safety of the automobile diagnosis product can be recovered in a very simple mode of updating the authentication algorithm, and the limitation that a built-in authentication chip is inconvenient to modify is avoided.
Fig. 6 and 7 are specific examples of the authentication method shown in fig. 5 for authenticating different functions to be executed, respectively. As shown in fig. 6, when the user selects to communicate with the automobile using the diagnostic protocol 1, the upper computer may provide a selection instruction 1 corresponding to the diagnostic protocol 1 to the server and the lower computer, respectively (S610).
The lower computer and the server each perform an operation using the same random number and the authentication algorithm 1 corresponding to the selection instruction 1, obtain the first authentication value and the second authentication value, respectively, and determine whether the authentication is successful based on the first authentication value and the second authentication value (S620).
When the authentication is successful, the lower computer normally executes the function, and establishes a communication link based on the diagnostic protocol 1 (S630). The upper computer normally communicates with an electronic control system of the automobile through the communication link to complete the work task of automobile diagnosis (S640).
When the authentication fails, the lower computer cannot perform the function of establishing the communication link 1 (S650). The upper computer cannot normally communicate with the electronic control system of the automobile through the communication link 1 (S660).
As shown in fig. 7, when the user selects to use the function of upgrading the firmware, the upper computer may provide a selection instruction 2 corresponding to the upgraded firmware to the server and the lower computer, respectively (S710).
The lower computer and the server each perform an operation using the same random number and the authentication algorithm 2 corresponding to the selection instruction 2, obtain the first authentication value and the second authentication value, respectively, and determine whether the authentication is successful based on the first authentication value and the second authentication value (S720).
And when the authentication is successful, the upper computer upgrades the firmware program of the lower computer (S730). When the authentication fails, the upper computer cannot upgrade the firmware program of the lower computer (S740).
Finally, it should be noted that: the above examples are only intended to illustrate the technical solution of the present invention, but not to limit it; within the idea of the invention, also technical features in the above embodiments or in different embodiments may be combined, steps may be implemented in any order, and there are many other variations of the different aspects of the invention as described above, which are not provided in detail for the sake of brevity; although the present invention has been described in detail with reference to the foregoing embodiments, it will be understood by those of ordinary skill in the art that: the technical solutions described in the foregoing embodiments may still be modified, or some technical features may be equivalently replaced; and the modifications or the substitutions do not make the essence of the corresponding technical solutions depart from the scope of the technical solutions of the embodiments of the present invention.

Claims (10)

1. An authentication method of an automotive communication interface device, comprising:
determining at least one authentication element related to a function to be executed in the automobile communication interface equipment and uploading the authentication element to a server;
calculating to obtain a corresponding first authentication value according to the authentication element;
receiving a second authentication value calculated by the server according to the authentication element;
judging whether the first authentication value is matched with the second authentication value;
if so, determining that the authentication of the automobile communication interface equipment is successful, and executing the function to be executed;
if not, determining that the authentication of the automobile communication interface equipment fails;
the authentication element includes: a random number and an authentication algorithm; the calculating to obtain the corresponding first authentication value according to the authentication element includes:
determining a corresponding authentication algorithm according to the function to be executed;
and calculating to obtain a corresponding first authentication value through the corresponding authentication algorithm on the basis of the random number.
2. The authentication method according to claim 1, wherein the function to be executed comprises upgrading firmware or establishing a communication link N, N being a positive integer from 1 to N, N being the total number of usable protocols, each protocol corresponding to one communication link.
3. The authentication method of claim 2, further comprising:
receiving a selection instruction from an upper computer,
and determining the function to be executed according to the selection instruction.
4. The authentication method of claim 3, wherein said determining and uploading at least one authentication element to a server comprises:
and generating a random number and uploading the random number to the server through the upper computer, wherein the server is also used for receiving the selection instruction from the upper computer so as to determine the function to be executed.
5. The authentication method according to claim 3 or 4, wherein when the function to be executed is establishing a communication link n, the method further comprises:
refusing to establish a communication link n when the authentication of the automobile communication interface equipment fails;
updating the function to be executed to establish a communication link m according to the control instruction of the upper computer;
re-authenticating the automotive communication interface device based on the updated function to be executed; m and N are different positive integers, and the value range of m is between 1 and N.
6. An automotive communication interface device comprising a diagnostic module for performing at least one function to be performed and an authentication module for performing device authentication before said diagnostic module performs said function to be performed,
the authentication module comprises an authentication input unit, an authentication calculation unit, a comparison unit and a communication unit;
wherein the authentication input unit is used for determining at least one authentication element related to a function to be executed in the automobile communication interface device; the authentication calculation unit is connected with the authentication input unit and calculates to obtain a corresponding first authentication value;
the communication unit is configured to upload the authentication element to a server and receive a second authentication value from the server; the second authentication value is obtained by the server through calculation according to the authentication element;
the comparison unit is respectively connected with the communication unit and the authentication calculation unit and is used for judging whether the first authentication value is matched with the second authentication value;
when the first authentication value is matched with the second authentication value, outputting a first signal that the automobile communication interface equipment is successfully authenticated;
when the first authentication value is not matched with the second authentication value, outputting a second signal that the automobile communication interface equipment fails to authenticate;
the diagnosis module is connected with the comparison unit, executes the function to be executed when the comparison unit outputs a first signal, and refuses to execute the function to be executed when the comparison unit outputs a second signal;
the authentication element includes: a random number and an authentication algorithm, the authentication input unit including: a random number generator and an authentication algorithm selector;
the random number generator is used for generating one or more random numbers; the authentication algorithm selector is used for determining a corresponding authentication algorithm according to the function to be executed.
7. The vehicle communication interface device according to claim 6, wherein the function to be performed includes upgrading firmware or establishing a communication link N, N being a positive integer from 1 to N, N being the total number of available protocols, each protocol corresponding to one communication link.
8. The automotive communication interface device of claim 7, wherein the automotive communication interface device is a lower computer;
the lower computer establishes communication connection with the upper computer through the communication unit, receives a selection instruction from the upper computer and determines the function to be executed according to the selection instruction.
9. The vehicle communication interface device according to claim 8, wherein the upper computer is communicatively connected to the server, provides the selection instruction and the random number to the server, and feeds back the second authentication value to the lower computer.
10. The automotive communication interface apparatus according to claim 8 or 9, characterized in that when the diagnostic module rejects the establishment of the communication link n according to the second signal output by the comparison unit;
under the control of the upper computer, the diagnostic module updates the function to be executed to establish a communication link m;
the authentication module re-authenticates the equipment based on the updated function to be executed; m and N are different positive integers, and the value range of m is between 1 and N.
CN201811639103.7A 2018-12-29 2018-12-29 Automobile communication interface equipment and authentication method thereof Active CN109450954B (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
CN201811639103.7A CN109450954B (en) 2018-12-29 2018-12-29 Automobile communication interface equipment and authentication method thereof
PCT/CN2019/129774 WO2020135855A1 (en) 2018-12-29 2019-12-30 Vehicle communication interface device and authentication method therefor

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201811639103.7A CN109450954B (en) 2018-12-29 2018-12-29 Automobile communication interface equipment and authentication method thereof

Publications (2)

Publication Number Publication Date
CN109450954A CN109450954A (en) 2019-03-08
CN109450954B true CN109450954B (en) 2021-01-15

Family

ID=65539780

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201811639103.7A Active CN109450954B (en) 2018-12-29 2018-12-29 Automobile communication interface equipment and authentication method thereof

Country Status (2)

Country Link
CN (1) CN109450954B (en)
WO (1) WO2020135855A1 (en)

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109450954B (en) * 2018-12-29 2021-01-15 深圳市道通科技股份有限公司 Automobile communication interface equipment and authentication method thereof
CN111400118B (en) * 2020-03-16 2023-09-26 杭州涂鸦信息技术有限公司 Method and system for creating serial port command for online function file

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105743854A (en) * 2014-12-11 2016-07-06 深圳富泰宏精密工业有限公司 Security authentication system and method
CN107086996A (en) * 2017-04-14 2017-08-22 重庆邮电大学 Car networking safety certification device and method

Family Cites Families (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
AT507032B1 (en) * 2008-06-05 2011-07-15 Efkon Ag METHOD AND SYSTEM FOR CREATING MOTOR VEHICLE REMOTE DIAGNOSES
CN102183945B (en) * 2011-01-17 2012-11-14 武汉理工大学 Multifunctional remote fault diagnosis system for electric control automobile
KR20130049006A (en) * 2011-11-03 2013-05-13 주식회사 타오스 Vehicle management system using smart device and threeof method
CN104333576B (en) * 2014-10-21 2019-03-19 普华基础软件股份有限公司 A kind of ECU update device and method
CN104890623A (en) * 2015-05-21 2015-09-09 深圳市德艾卡科技有限公司 Vehicle-mounted intelligent terminal control system and control method
US9865110B2 (en) * 2015-05-22 2018-01-09 M2MD Technologies, Inc. Method and system for securely and automatically obtaining services from a machine device services server
CN105235639A (en) * 2015-09-02 2016-01-13 钱英 Electric vehicle antitheft method
CN105790953B (en) * 2016-03-02 2019-05-10 飞天诚信科技股份有限公司 Double nip authenticating device and its working method
CN106814675A (en) * 2016-12-31 2017-06-09 华晨汽车集团控股有限公司 Safety access method for verifying automotive diagnostic installation legitimacy
CN108600224B (en) * 2018-04-25 2022-02-22 深圳市道通科技股份有限公司 Diagnostic device and method for secure access to a diagnostic device
CN109450954B (en) * 2018-12-29 2021-01-15 深圳市道通科技股份有限公司 Automobile communication interface equipment and authentication method thereof

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105743854A (en) * 2014-12-11 2016-07-06 深圳富泰宏精密工业有限公司 Security authentication system and method
CN107086996A (en) * 2017-04-14 2017-08-22 重庆邮电大学 Car networking safety certification device and method

Also Published As

Publication number Publication date
CN109450954A (en) 2019-03-08
WO2020135855A1 (en) 2020-07-02

Similar Documents

Publication Publication Date Title
US9973485B2 (en) Apparatus and method to securely receive a key
US20140282467A1 (en) Method and Apparatus for Multiple Vehicle Software Module Reflash
US10320608B2 (en) System for providing telematic services and corresponding method
US20170249791A1 (en) Car control method of electronic apparatus and electronic appparatus thereof
CN102255887B (en) Method and system for providing online services corresponding to multiple mobile devices
US10002467B2 (en) Apparatus and method of error monitoring with a diagnostic module
CN109450954B (en) Automobile communication interface equipment and authentication method thereof
CN104423305A (en) Method and Apparatus for an OnBoard Diagnostic Interface Tool
CN113595961A (en) Protocol conversion method and system, and gateway device
CN102195965A (en) Method and system for providing online services corresponding to multiple mobile device, server and mobile device
KR102122376B1 (en) Connected gateway for vehicle
CN113508609A (en) User-friendly vehicle-mounted Bluetooth pairing scheme
EP3514093B1 (en) Mechanical system service tool
US10165611B2 (en) Bluetooth pairing system and operating method thereof
CN112230948B (en) Vehicle CAN communication system, software upgrading method, equipment and system and vehicle
US20150025733A1 (en) Vehicle control device and method
CN102723971A (en) Bluetooth device and Bluetooth pairing method thereof
CN112261642B (en) Method for transferring subscription and electronic device for supporting the same
CN113016172A (en) Information processing apparatus and communication system
CN113301167A (en) Cross-specification sharing method, device and equipment of digital key
US20220324395A1 (en) Apparatus for diagnostics communication error of vehicle, system having the same, and method thereof
CN104731253A (en) Electronic product
EP4124120A1 (en) Communication system, communication process device, and device addition method
US20200391695A1 (en) Electronic device for managing application relating to key of external electronic device, and operating method of electronic device
CN112578750B (en) Communication method and system of industrial data acquisition controller

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant