CN109714171A - Safety protecting method, device, equipment and medium - Google Patents
Safety protecting method, device, equipment and medium Download PDFInfo
- Publication number
- CN109714171A CN109714171A CN201811614183.0A CN201811614183A CN109714171A CN 109714171 A CN109714171 A CN 109714171A CN 201811614183 A CN201811614183 A CN 201811614183A CN 109714171 A CN109714171 A CN 109714171A
- Authority
- CN
- China
- Prior art keywords
- vehicle
- authentication
- certification
- key
- access equipment
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Landscapes
- Lock And Its Accessories (AREA)
Abstract
The embodiment of the invention discloses a kind of safety protecting method, device, equipment and media, are related to automotive field.The described method includes: obtaining vehicles identifications and authentication seeds from vehicle;The certification request of the device identification including the vehicles identifications, the authentication seeds and vehicle access equipment is sent to server, by server according to the vehicles identifications, the device identification of the authentication seeds and vehicle access equipment, the vehicle access equipment is unlocked to the access authority of the vehicle.The embodiment of the invention provides a kind of safety protecting method, device, equipment and medium, the security protection to vehicle internal network information is realized.
Description
Technical field
The present embodiments relate to automotive field more particularly to a kind of safety protecting method, device, equipment and media.
Background technique
Onboard diagnostic system (On-Board Diagnostic, OBD) interface of automobile, is exposed, and connects vehicle
The interface of internal controller local area network (Controller Area Network, CAN) bus.The original design intention of OBD interface is to use
To do the fault diagnosis of vehicle.The error code of automobile is read by OBD interface, quickly positions the failure of automobile.
The OBD interface of major part vehicle is directly connected to interior CAN bus now.OBD interface is as one in CAN bus
Node can not only monitor the message in bus, but also can forge message (such as sensor information or control instruction)
Cheat electronic control unit (Electronic Control Unit, ECU), so that ECU is allowed to execute the movements of some danger,
Vehicle is set to change current state.
For example, hacker is connected to wireless device (such as the head-up largely sold currently on the market of OBD interface by attack
Display (Head Up Display, HUD)), it can remotely (for example be forced to the control vehicle instruction that the wireless device sends malice
Allow in instructions such as flame-out, the malice steering wheel rotations of vehicle motor run at high speed), to achieve the purpose that car crash.
Summary of the invention
The embodiment of the present invention provides a kind of safety protecting method, device, equipment and medium, to realize to vehicle internal network
The security protection of information.
In a first aspect, being applied to vehicle access equipment, the side the embodiment of the invention provides a kind of safety protecting method
Method includes:
Vehicles identifications and authentication seeds are obtained from vehicle;
Send to server includes that the device identifications of the vehicles identifications, the authentication seeds and vehicle access equipment is recognized
Card request, instruction server execute as follows: carrying out legitimacy certification to vehicle access equipment according to the device identification;If certification
Success is then identified according to vehicles identifications inquiry with the associated authentication key of the vehicles identifications and certification;Using inquiry
The authentication seeds are decrypted in authentication key, the certification mark decrypted;According to the certification mark and inquiry of decryption
The comparing result of certification mark unlocks the vehicle access equipment to the access authority of the vehicle.
Second aspect, the embodiment of the invention also provides a kind of safety protecting methods, are applied to server, the method packet
It includes:
The certification including vehicles identifications, authentication seeds and vehicle access equipment mark that vehicle access equipment is sent is received to ask
It asks;
Legitimacy is carried out to the vehicle access equipment based on the vehicle access equipment mark for including in the certification request
Certification;
If authenticating successfully, the authentication key of the vehicle is inquired according to the vehicles identifications and certification identifies;
The authentication seeds are decrypted according to the authentication key, the certification mark decrypted;
The certification mark of certification mark and decryption that comparison inquiry obtains unlocks the vehicle access according to comparing result and sets
The standby access authority to the vehicle.
The third aspect, the embodiment of the invention also provides a kind of safety protecting methods, are applied to vehicle, the method packet
It includes:
The access request of vehicle access equipment is responded, the vehicles identifications and authentication seeds for sending local vehicle are to the vehicle
Received vehicles identifications, authentication seeds and vehicle access equipment mark are sent to by access equipment by the vehicle access equipment
Server executes as follows for server: carrying out legitimacy certification to vehicle access equipment according to the device identification;If certification at
Function is then identified according to vehicles identifications inquiry with the associated authentication key of the vehicles identifications and certification;Using recognizing for inquiry
Authentication seeds described in card key pair are decrypted, the certification mark decrypted;According to the certification mark of decryption and recognizing for inquiry
The comparing result of card mark generates access instruction;
According to the access instruction, the vehicle access equipment is unlocked to the access authority of local vehicle.
Fourth aspect, the embodiment of the invention also provides a kind of safety protecting methods, are applied to key injection device, described
Method includes:
Send to vehicle includes that vehicles identifications and the key of certification mark inject request;
The vehicles identifications and certification mark returned according to vehicle generate authentication key;
Key is write based on authentication key transmission to instruct to vehicle, and behaviour is write to the authentication key for vehicle execution
Make.
5th aspect, the embodiment of the invention also provides a kind of safety device, which includes:
Data obtaining module, for obtaining vehicles identifications and authentication seeds from vehicle;
Certification request module includes the vehicles identifications, the authentication seeds and vehicle access for sending to server
The certification request of the device identification of equipment, instruction server execute it is as follows: according to the device identification to vehicle access equipment into
The certification of row legitimacy;If authenticate successfully, according to the vehicles identifications inquiry with the associated authentication key of the vehicles identifications and
Certification mark;The authentication seeds are decrypted using the authentication key of inquiry, the certification mark decrypted;According to decryption
Certification mark with inquiry certification mark comparing result unlock the vehicle access equipment to the access authority of the vehicle.
6th aspect, the embodiment of the invention also provides a kind of safety devices, comprising:
Certification request receiving module includes vehicles identifications, authentication seeds and vehicle for receive the transmission of vehicle access equipment
The certification request of access equipment mark;
Authentication module, for being set based on the vehicle access equipment mark for including in the certification request to vehicle access
It is standby to carry out legitimacy certification;Enquiry module, if inquiring the certification of the vehicle according to the vehicles identifications for authenticating successfully
Key and certification mark;
Certification mark deciphering module is decrypted for the authentication seeds to be decrypted according to the authentication key
Certification mark;
Permission unlocked state, for comparing the certification mark of certification mark and decryption that inquiry obtains, according to comparing result
The vehicle access equipment is unlocked to the access authority of the vehicle.
7th aspect, the embodiment of the invention also provides a kind of safety devices, comprising:
Access request module is responded, for responding the access request of vehicle access equipment, sends the vehicle mark of local vehicle
Know and authentication seeds give the vehicle access equipment, by the vehicle access equipment by received vehicles identifications, authentication seeds and
Vehicle access equipment mark is sent to server, executes for server as follows: according to the device identification to vehicle access equipment
Carry out legitimacy certification;If authenticating successfully, according to vehicles identifications inquiry and the associated authentication key of the vehicles identifications
It is identified with certification;The authentication seeds are decrypted using the authentication key of inquiry, the certification mark decrypted;According to solution
The comparing result of close certification mark and the certification mark of inquiry, Xiang Suoshu vehicle access equipment send access instruction;
Access authority unlocked state, the access instruction for being sent according to vehicle access equipment unlock the vehicle access
Access authority of the equipment to local vehicle.
Eighth aspect, the embodiment of the invention also provides a kind of safety devices, comprising:
Key injection module includes that vehicles identifications and the key of certification mark inject request for sending to vehicle;
Authentication key generation module, vehicles identifications and certification mark for being returned according to vehicle generate authentication key;
Authentication key writing module is instructed to vehicle for writing key based on authentication key transmission, is executed for vehicle
To the write operation of the authentication key.
9th aspect, the embodiment of the invention also provides a kind of equipment, the equipment includes:
One or more processors;
Storage device, for storing one or more programs,
When one or more of programs are executed by one or more of processors, so that one or more of processing
Device realizes the safety protecting method as described in the embodiment of the present invention is any.
Tenth aspect, the embodiment of the invention also provides a kind of computer readable storage mediums, are stored thereon with computer
Program realizes the safety protecting method as described in any in the embodiment of the present invention when program is executed by processor.
The embodiment of the present invention is by being first carried out following content when vehicle access equipment accesses to vehicle: vehicle is visited
Ask that equipment obtains vehicles identifications and authentication seeds from vehicle;
It includes the vehicles identifications, the authentication seeds and vehicle access equipment that vehicle access equipment is sent to server
The certification request of device identification, instruction server execute as follows: it is legal to be carried out according to the device identification to vehicle access equipment
Property certification, if authenticate successfully, according to the vehicles identifications inquiry with the associated authentication key of the vehicles identifications and authenticate mark
Know, the authentication seeds are decrypted using the authentication key of inquiry, the certification mark decrypted;According to the certification of decryption
The comparing result of mark and the certification mark of inquiry unlocks the vehicle access equipment to the access authority of the vehicle.
Above-mentioned execution content is realized based on the device identification of vehicle access equipment recognizes the legitimacy of vehicle access equipment
Card;And based on the comparison of certification mark, prevent certification mark in vehicle from illegally being distorted, to realize to access vehicle
Safety verification.
In addition, in above-mentioned access verification process by by authentication key storage in the server, then vehicle access equipment
Carrying out data interaction with server reduces the biography of authentication key without authentication key is handed down to vehicle access equipment
It is defeated, improve the safety of authentication key.
Detailed description of the invention
Fig. 1 is vehicle network topology structure schematic diagram in the prior art;
Fig. 2 is the flow chart for the safety protecting method that the embodiment of the present invention one provides;
Fig. 3 is a kind of vehicle network topology structure schematic diagram that the embodiment of the present invention one provides;
Fig. 4 is a kind of flow chart of safety protecting method provided by Embodiment 2 of the present invention;
Fig. 5 is a kind of flow chart for safety protecting method that the embodiment of the present invention three provides;
Fig. 6 is a kind of flow chart for safety protecting method that the embodiment of the present invention four provides;
Fig. 7 is the signaling diagram of a kind of key injection device and vehicle gateway that the embodiment of the present invention five provides;
Fig. 8 is the signaling diagram of a kind of vehicle access equipment and vehicle gateway that the embodiment of the present invention five provides;
Fig. 9 is a kind of structural schematic diagram for safety device that the embodiment of the present invention six provides;
Figure 10 is a kind of structural schematic diagram for safety device that the embodiment of the present invention seven provides;
Figure 11 is a kind of structural schematic diagram for safety device that the embodiment of the present invention eight provides
Figure 12 is a kind of structural schematic diagram for safety device that the embodiment of the present invention nine provides;
Figure 13 is a kind of structural schematic diagram for equipment that the embodiment of the present invention ten provides.
Specific embodiment
The present invention is described in further detail with reference to the accompanying drawings and examples.It is understood that this place is retouched
The specific embodiment stated is used only for explaining the present invention rather than limiting the invention.It also should be noted that in order to just
Only the parts related to the present invention are shown in description, attached drawing rather than entire infrastructure.
Referring to Fig. 1, the vehicle network topology knot according to present automobile is it is found that OBD interface is direct-connected with interior CAN network
, and vehicle gateway (Gateway, GW) is the electronic control unit (Electronic for connecting each various functions of network segment
Control Unit, ECU) node.
Embodiment one
Fig. 2 is the flow chart for the safety protecting method that the embodiment of the present invention one provides.The present embodiment is applicable in vehicle
When access equipment accesses to vehicle, legitimate verification is carried out to vehicle access equipment, and to access vehicle safety verifying
The case where.This method can be executed by a kind of safety device, which can be real by the mode of software and/or hardware
It is existing.Typically, which can be vehicle access equipment, and wherein vehicle access equipment can be random access vehicle internal networks
The equipment of information, specifically can be vehicle diagnostic device.Participation is shown in that Fig. 2, safety protecting method provided in this embodiment include:
S110, vehicles identifications and authentication seeds are obtained from vehicle.
Specifically, the authentication seeds are the certification mark encryptions by the vehicle according to the authentication key of vehicle to vehicle
It obtains.
Vehicles identifications can be the information of any unique identification vehicle, specifically can be vehicle identification number or cycle serial number
(Vehicle Identification Number, VIN), is also possible to the gateway identification of unique identification vehicle gateway.
Certification mark can be an identification number or cycle serial number, be also possible to the gateway mark of unique identification vehicle gateway
Know.But vehicles identifications are different with certification mark content, if certification mark is vehicle identification number, vehicles identifications are exactly gateway
Mark;If certification mark is gateway identification, vehicles identifications are exactly vehicle identification number.
Specifically, vehicles identifications and authentication seeds can be obtained from the electronic control unit of vehicle.Namely security protection side
Method is deployed in the electronic control unit of vehicle.
However, inventor has found in the implementation of the present invention, if safety protecting method is deployed in electronic control
In unit, then needing to carry out each electronic control unit the deployment of safety protecting method, and because have in vehicle each
The electronic control unit of function is more, so as to cause the larger workload of security protection.
To solve this problem, OBD interface can be connect with Gateway referring to Fig. 3, by the means of defence portion of OBD interface
Administration is on Gateway, and the message that Gateway enters OBD interface is forwarded to different network segments, to will not influence OBD interface
Normal Diagnosis function.
On the basis of the means of defence of OBD interface is deployed on Gateway, it is described from vehicle obtain vehicles identifications and
Authentication seeds, comprising:
Vehicles identifications and authentication seeds are obtained from the vehicle gateway in vehicle, wherein the authentication seeds are by the vehicle net
It closes and the certification mark encryption of vehicle is obtained according to the authentication key of vehicle.
On the basis of OBD interface is connect with Gateway, the means of defence of OBD interface is deployed on Gateway, it can
To realize the verifying at Gateway to the equipment for carrying out vehicle data access based on OBD interface, unauthorized access equipment is intercepted,
And then realize the security protection of the electronic control unit to each network segment of Gateway connection.
In usual vehicle vehicle gateway only one, it is far small in the workload that a vehicle gateway carries out security protection deployment
In the workload for carrying out security protection deployment in each electronic control unit.And it equally realizes to electronic control unit each in vehicle
Security protection.
S120, the equipment mark including the vehicles identifications, the authentication seeds and vehicle access equipment is sent to server
The certification request of knowledge, instruction server execute as follows: carrying out legitimacy certification to vehicle access equipment according to the device identification;
If authenticating successfully, identified according to vehicles identifications inquiry with the associated authentication key of the vehicles identifications and certification;Using
The authentication seeds are decrypted in the authentication key of inquiry, the certification mark decrypted;According to the certification of decryption mark with
The comparing result of the certification mark of inquiry unlocks the vehicle access equipment to the access authority of the vehicle.
Specifically, vehicle access equipment can be vehicle access equipment.Vehicles identifications and authentication seeds are being obtained from vehicle
Afterwards, it includes the vehicles identifications, the authentication seeds and vehicle access that the safety device of the present embodiment is sent to server
The certification request of the device identification of equipment, request server carry out legitimacy certification to the safety device of the present embodiment, with
And verifying is recognized to the safety of access vehicle.
Optionally, server can be generated according to the comparing result of the certification mark of the certification mark and inquiry of decryption and be accessed
Instruction.Access instruction directly can be sent to vehicle by server, can also be transmitted to vehicle by vehicle access equipment.
Wherein, the access instruction can be permission access instruction, be also possible to forbid access instruction, can also be including
Solve the instruction of confidential information.
When the access instruction that server generates is transmitted to vehicle by vehicle access equipment, to prevent vehicle access equipment pair
Access instruction is distorted, and be can use setting Encryption Algorithm after server generates access instruction and is encrypted to access instruction;
Then the access instruction of encryption is sent to vehicle access equipment, the access instruction of encryption is sent to vehicle by vehicle access equipment
, it is decrypted for vehicle based on access instruction of the above-mentioned Encryption Algorithm to encryption;Institute is unlocked according to the access instruction after decryption
Vehicle access equipment is stated to the access authority of the vehicle.
The technical solution of the embodiment of the present invention is as follows by being first carried out when vehicle access equipment accesses to vehicle
Content: vehicle access equipment obtains vehicles identifications and authentication seeds from vehicle;
It includes the vehicles identifications, the authentication seeds and vehicle access equipment that vehicle access equipment is sent to server
The certification request of device identification, instruction server execute as follows: it is legal to be carried out according to the device identification to vehicle access equipment
Property certification;If authenticating successfully, marked according to vehicles identifications inquiry with the associated authentication key of the vehicles identifications and certification
Know;The authentication seeds are decrypted using the authentication key of inquiry, the certification mark decrypted;According to the certification of decryption
The comparing result of mark and the certification mark of inquiry unlocks the vehicle access equipment to the access authority of the vehicle.
Above-mentioned execution content is realized based on the device identification of vehicle access equipment recognizes the legitimacy of vehicle access equipment
Card;And based on the comparison of certification mark, prevent certification mark in vehicle from illegally being distorted, to realize to access vehicle
Safety verification.
In addition, in above-mentioned access verification process by by authentication key storage in the server, then vehicle access equipment
Carrying out data interaction with server reduces the biography of authentication key without authentication key is handed down to vehicle access equipment
It is defeated, improve the safety of authentication key.
To prevent illegality equipment to the interception of authentication seeds, a large amount of authentication seeds of interception are then based on to authentication key
It cracks.The authentication seeds are obtained according to the authentication key of vehicle to the certification mark and random number encryption of vehicle by the vehicle
It arrives.
It further, in the authentication seeds is identified according to the authentication key of vehicle to the certification of vehicle by the vehicle
On the basis of being obtained with random number encryption, accessed based on received access instruction to the vehicle, comprising:
The random number that the decryption for including by access instruction obtains is sent to vehicle, by vehicle according to the generation authentication seeds
Random number and the obtained comparing result of random number of decryption, unlock vehicle access equipment to the access authority of the vehicle,
Middle obtained random number of decrypting is decrypted to obtain according to the authentication key of inquiry by server to the authentication seeds.
It is described to authenticate the gateway identification for being identified as the vehicle for the safety for determining vehicle gateway.
Wherein, the comparison of the gateway identification of the gateway identification and inquiry of decryption can verify whether vehicle gateway is tampered,
So that it is determined that the safety of vehicle gateway.
Embodiment two
Fig. 4 is a kind of flow chart of safety protecting method provided by Embodiment 2 of the present invention.This method can be by a kind of peace
Full protection device executes, which can be realized by the mode of software and/or hardware.Typically, which can be vehicle enterprise
Server.Referring to fig. 4, safety protecting method provided in this embodiment includes:
What S210, reception vehicle access equipment were sent includes vehicles identifications, authentication seeds and vehicle access equipment mark
Certification request.
Wherein, vehicle access equipment mark is the device identification of vehicle access equipment.
S220, the vehicle access equipment is closed based on the vehicle access equipment mark for including in the certification request
Method certification.
Specifically, by the vehicle access equipment for including in certification request mark and the associated legal vehicle of above-mentioned vehicles identifications
Access equipment mark is matched;If matching is consistent, it is determined that the vehicle access equipment is legal.
Wherein, it is stored in the safety device of the present embodiment and is accessed with the associated legal vehicle of above-mentioned vehicles identifications
Device identification.
If S230, authenticating successfully, the authentication key of the vehicle is inquired according to the vehicles identifications and certification identifies.
Wherein, be stored with vehicles identifications in the safety device of the present embodiment, and with vehicles identifications associated storage
Authentication key and certification mark.
S240, the authentication seeds are decrypted according to the authentication key, the certification mark decrypted.
Wherein, authentication seeds obtain certification mark encryption according to authentication key.
The certification mark of S250, the certification mark that comparison inquiry obtains and decryption, unlock the vehicle according to comparing result
Access authority of the access equipment to the vehicle.
Wherein, the certification mark inquired is that step S230 is obtained.The certification mark of decryption is that step S240 is obtained
's.
Specifically, unlock the vehicle access equipment according to comparing result includes: to the access authority of the vehicle
If comparison is consistent, the vehicle access equipment is unlocked to the access authority of the vehicle.
The technical solution of the embodiment of the present invention, by being carried out based on vehicle access equipment mark to the vehicle access equipment
Legitimacy certification, and the certification mark for identifying and decrypting according to the certification that inquiry obtains carries out safety verification to vehicle.To
Realize the two-way authentication to vehicle access equipment and access vehicle.
For the workload for reducing safety protecting method deployment, the vehicle mark for receiving vehicle access equipment and being obtained from vehicle
Knowledge and authentication seeds, comprising:
Receive the vehicles identifications that obtain from vehicle gateway of vehicle access equipment and authentication seeds, wherein the authentication seeds by
Vehicle gateway obtains the certification mark encryption of the vehicle according to the authentication key of vehicle.
To avoid cracking authentication key based on authentication seeds, it is described according to the authentication key to the authentication seeds
It is decrypted, the certification mark decrypted, comprising:
The authentication seeds are decrypted according to the authentication key, the certification decrypted is identified and decrypted random
Number.
Further, the authentication seeds are decrypted in the authentication key, the certification mark reconciliation decrypted
On the basis of close random number, the certification mark of certification mark and decryption that the comparison inquiry obtains, according to comparing result solution
The vehicle access equipment is locked to the access authority of the vehicle, comprising:
The certification mark of certification mark and decryption that comparison inquiry obtains sends the random number of decryption according to comparing result
To the vehicle access equipment, the access authority of the vehicle is unlocked for the vehicle access equipment.
It is described to authenticate the gateway identification for being identified as the vehicle to realize the verifying to vehicle gateway.
The concept of noun identical with title involved in above-described embodiment involved in the present embodiment is identical, such as vehicle
Mark and authentication seeds etc..The present embodiment is not repeated restriction to the noun repeated.
Embodiment three
Fig. 5 is a kind of flow chart for safety protecting method that the embodiment of the present invention three provides.This method can be by a kind of peace
Full protection device executes, which can be realized by the mode of software and/or hardware.Typically, which can be vehicle.
Referring to Fig. 5, safety protecting method provided in this embodiment includes:
S310, the access request for responding vehicle access equipment, the vehicles identifications for sending local vehicle and authentication seeds are to institute
State vehicle access equipment.
Specifically, the authentication seeds are the certification mark encryptions by local vehicle according to the authentication key of vehicle to vehicle
It obtains.Local vehicle is vehicle to be visited.
Received vehicles identifications, authentication seeds and vehicle access equipment mark are sent to clothes by the vehicle access equipment
Business device executes as follows for server: carrying out legitimacy certification to vehicle access equipment according to the device identification;If certification at
Function is then identified according to vehicles identifications inquiry with the associated authentication key of the vehicles identifications and certification;Using recognizing for inquiry
Authentication seeds described in card key pair are decrypted, the certification mark decrypted;According to the certification mark of decryption and recognizing for inquiry
The comparing result of mark is demonstrate,proved, Xiang Suoshu vehicle access equipment sends access instruction.
It is described to authenticate the gateway identification for being identified as local vehicle to realize the verifying to vehicle gateway.
Optionally, the authentication seeds can be by the vehicle gateway of local vehicle according to the authentication key of vehicle to vehicle
Certification mark encryption obtain;The authentication seeds are also possible to the vehicle gateway by local vehicle according to the authentication key of vehicle
The certification mark and random number encryption of vehicle are obtained.
S320, according to the access instruction, unlock the vehicle access equipment to the access authority of local vehicle.
Specifically, described according to the access instruction, unlock the vehicle access equipment to the access authority of local vehicle,
Include:
If the access instruction is to allow to access, the vehicle access equipment is unlocked to the access authority of local vehicle.
In the certification mark that the authentication seeds are by the vehicle gateway of local vehicle according to the authentication key of vehicle to vehicle
Know on the basis of being obtained with random number encryption, it is described according to the access instruction, the vehicle access equipment is unlocked to local vehicle
Access authority, comprising:
If the random number that the decryption that the access instruction includes obtains is consistent with the random number for generating the authentication seeds,
The vehicle access equipment is unlocked to the access authority of local vehicle.
The technical solution of the embodiment of the present invention sends local vehicle by responding the access request of vehicle access equipment
Vehicles identifications and authentication seeds give the vehicle access equipment;Then it according to the access instruction, unlocks the vehicle access and sets
The standby access authority to local vehicle.To realize the limitation accessed local vehicle, the peace of vehicle internal networks information is improved
Entirely.
Further, the access request of the response vehicle access equipment sends vehicles identifications and the certification of local vehicle
Seed is given before the vehicle access equipment, further includes:
The key of response key injection device injects request, sends vehicles identifications and certification mark gives key injection device,
Authentication key is generated according to the vehicles identifications and certification mark by key injection device;
Store the authentication key.
For the plaintext transmission for avoiding authentication key, before the storage authentication key, further includes:
The cryptographic key factor that key injection device is sent is received, wherein the cryptographic key factor is by key injection device according to certification
Key and setting specification generate;
According to the specification and received cryptographic key factor, the authentication key is generated.
Specifically, the specification can be secure hardware extension specification.
It is successfully verified to realize to inject authentication key, after the storage authentication key, further includes:
The checking request including encryption data that response key injection device is sent, using the authentication key of storage to described
Encryption data is decrypted, and gives the random number back after decryption to key injection device, is compared and is decrypted by key injection device
The random number of random number and the generation encryption data afterwards, carries out key according to comparing result and injects good authentication, wherein institute
It states encryption data and encrypts to obtain based on the authentication key by key injection device.
The concept of noun identical with title involved in above-described embodiment involved in the present embodiment is identical, such as vehicle
Mark and authentication seeds etc..The present embodiment is not repeated restriction to the noun repeated.
Example IV
Fig. 6 is a kind of flow chart for safety protecting method that the embodiment of the present invention four provides.This method can be by a kind of peace
Full protection device executes, which can be realized by the mode of software and/or hardware.Typically, which can be key
Injection device, specifically key injection device can be PC.Referring to Fig. 6, safety protecting method provided in this embodiment
Include:
S410, the key injection request including vehicles identifications and certification mark is sent to vehicle.
S420, the vehicles identifications returned according to vehicle and certification mark generate authentication key.
Wherein, the safety device of the present embodiment generates authentication key according to the vehicles identifications and certification mark, makes
Obtaining each vehicle has unique authentication key.Even if the authentication key of a vehicle is cracked, but invader still can not
Obtain the authentication key of other vehicles.
Specifically, the vehicles identifications and certification mark returned according to vehicle generate authentication key include: by vehicles identifications and
The setting operation result of mark is authenticated as authentication key;Alternatively,
Vehicles identifications, certification mark and the generating random number authentication key returned according to vehicle.
S430, it key is write based on authentication key transmission instructs to vehicle, execute for vehicle to the authentication key
Write operation.
It is close to generate certification by the vehicles identifications and certification mark that return according to vehicle for the technical solution of the embodiment of the present invention
Key.Because vehicles identifications are the unique identifications of vehicle, so that each vehicle has unique authentication key.Even if to one
The authentication key of a vehicle is cracked, but invader can not still obtain the authentication key of other vehicles.
For the plaintext transmission bring security risk for avoiding authentication key, the vehicles identifications returned according to vehicle and recognize
Card mark generates after authentication key, further includes:
Cryptographic key factor is generated according to the authentication key of generation and setting specification;
It is correspondingly, described to write key based on authentication key transmission and instruct to vehicle, comprising:
Cryptographic key factor transmission based on generation is write key and is instructed to vehicle, is based on the specification for vehicle and cryptographic key factor is raw
At the authentication key, and store.
Specifically, the specification can be secure hardware extension specification.
It is described that key instruction is write based on authentication key transmission to realize the verifying for being successfully written vehicle to authentication key
To vehicle, after executing for vehicle to the write operation of the authentication key, further includes:
Random number is encrypted according to the authentication key, generates encryption data;
The checking request including the encryption data is sent to vehicle, is added using the authentication key of storage to described by vehicle
Ciphertext data is decrypted;
The random number of random number and the generation encryption data after comparison decryption, carries out key injection according to comparing result
Good authentication.
The concept of noun identical with title involved in above-described embodiment involved in the present embodiment is identical, such as vehicle
Mark and authentication seeds etc..The present embodiment is not repeated restriction to the noun repeated.
Embodiment five
Fig. 7 is the signaling diagram of a kind of key injection device and vehicle gateway that the embodiment of the present invention five provides;Fig. 8 is this hair
The signaling diagram of a kind of vehicle access equipment and vehicle gateway that bright embodiment five provides.The present embodiment is the base in above-described embodiment
A kind of optinal plan proposed on plinth.Referring to figs. 7 and 8, safety protecting method provided in this embodiment includes:
Vehicle production is complete, and key injection device passes through the OBD interface of vehicle when offline, requests vehicle to Gateway
VIN and Gateway gateway identification.
The VIN and gateway identification of Gateway response vehicle.
Gateway identification of the key injection device according to vehicle VIN and Gateway, the certification for generating the OBD interface of vehicle are close
Key, then generates cryptographic key factor according to authentication key, and transmission writes key instruction and cryptographic key factor to Gateway.
Specifically, cryptographic key factor is five parameters, with the hardware encryption module suitable for Gateway.
Gateway receives cryptographic key factor, and cryptographic key factor is passed to hardware encryption module, generated as hardware encryption module described in
Authentication key simultaneously saves, and response key injection device key is written successfully.
Key injection device generates random number, and according to authentication key encrypted random number, sends key authentication instruction and add
Close random number is to Gateway.
After Gateway receives the random number of key authentication instruction and encryption, with the authentication key of storage decryption encryption with
Machine number, and the random number returned after decryption gives key injection device.
Key injection device receives the random number after decryption, compared with the random number that itself is generated, if unanimously, it is determined that
The authentication key of Gateway is written successfully;Then by the VIN of vehicle, the gateway identification and authentication key of Gateway are uploaded
To the private services device of depot.
When vehicle access equipment accesses interior CAN network by vehicle OBD interface, access authentication is carried out, detailed process is such as
Under:
Vehicle access equipment accesses Gateway by vehicle OBD interface, passes through unified diagnostic service agreement request vehicle
VIN。
Gateway is based on unified diagnostic service agreement, the VIN of response vehicle.
Vehicle access equipment requests the authentication seeds of Gateway, wherein the authentication seeds are based on gateway mark by Gateway
Know and random number encrypts to obtain using authentication key.
Gateway response authentication seed.
After vehicle access equipment receives authentication seeds, the VIN of vehicle, authentication seeds and vehicle access equipment itself are marked
Know the private services device for being sent collectively to vehicle enterprise.
After private services device receives VIN, authentication seeds and the vehicle access equipment self identification of vehicle, pass through VIN
Inquire the gateway identification and authentication key of associated storage in database;Then authentication key decrypted authentication seed is used, is obtained in plain text
Gateway identification and a random number;The gateway identification of decryption and the gateway identification of inquiry are compared, if unanimously, returning to solution
Random number after close gives vehicle access equipment;
The random number that vehicle access equipment sends decryption is authenticated to Gateway.
Gateway compares the random number of the decryption received and the random number itself generated;If comparison is consistent, recognize
It demonstrate,proves successfully, access authority of the unlock vehicle access equipment to vehicle.Vehicle access equipment can be accessed interior by OBD interface
CAN network.
The technical solution of the embodiment of the present invention, by adding Security mechanism in Gateway, so as to prevent hacker
The data that interior CAN network is listened to by OBD interface crack CAN bus control protocol;Prevent illegality equipment from passing through OBD interface
The illegal secure access algorithm for diagnosing and cracking in safe UDS agreement is carried out, modifies the important parameter of electronic control unit, or give
Electronic control unit brush enters rogue program;Prevent hacker by the OBD wireless device in rear dress market, long-range attack vehicle.
By the way that safety protecting method to be deployed on Gateway, i.e., the normal function of Gateway is not influenced, cost free yet
Increase.And the normal function of interior electronic control unit is not influenced, does not change the code of electronic control unit yet.
Vehicle VIN is read by OBD interface in addition, not influencing vehicle administration office.
It should be noted that by the technical teaching of the present embodiment, those skilled in the art have motivation by above-described embodiment
Described in any embodiment carry out the combination of scheme, it is right to realize when vehicle access equipment accesses to vehicle
Vehicle access equipment carries out legitimate verification, and carries out safety verification to access vehicle.
Embodiment six
Fig. 9 is a kind of structural schematic diagram for safety device that the embodiment of the present invention six provides.Referring to Fig. 9, this implementation
A kind of safety device that example provides includes: data obtaining module 101 and certification request module 102.
Wherein, data obtaining module 101, for obtaining vehicles identifications and authentication seeds from vehicle, wherein the certification is believed
Breath is obtained according to the authentication key of vehicle to the certification mark encryption of vehicle by the vehicle;
Certification request module 102 includes that the vehicles identifications, the authentication seeds and vehicle are visited for sending to server
Ask the certification request of the device identification of equipment, instruction server executes as follows: according to the device identification to vehicle access equipment
Carry out legitimacy certification;If authenticating successfully, according to vehicles identifications inquiry and the associated authentication key of the vehicles identifications
It is identified with certification;The authentication seeds are decrypted using the authentication key of inquiry, the certification mark decrypted;According to solution
The comparing result of close certification mark and the certification mark of inquiry unlocks the vehicle access equipment to the access right of the vehicle
Limit.
The technical solution of the embodiment of the present invention is as follows by being first carried out when vehicle access equipment accesses to vehicle
Content: vehicle access equipment obtains vehicles identifications and authentication seeds from vehicle;
It includes the vehicles identifications, the authentication seeds and vehicle access equipment that vehicle access equipment is sent to server
The certification request of device identification, instruction server execute as follows: it is legal to be carried out according to the device identification to vehicle access equipment
Property certification;If authenticating successfully, marked according to vehicles identifications inquiry with the associated authentication key of the vehicles identifications and certification
Know;The authentication seeds are decrypted using the authentication key of inquiry, the certification mark decrypted;According to the certification of decryption
The comparing result of mark and the certification mark of inquiry unlocks the vehicle access equipment to the access authority of the vehicle.
Above-mentioned execution content is realized based on the device identification of vehicle access equipment recognizes the legitimacy of vehicle access equipment
Card;And based on the comparison of certification mark, prevent certification mark in vehicle from illegally being distorted, to realize to access vehicle
Safety verification.
In addition, in above-mentioned access verification process by by authentication key storage in the server, then vehicle access equipment
Carrying out data interaction with server reduces the biography of authentication key without authentication key is handed down to vehicle access equipment
It is defeated, improve the safety of authentication key.
Further, the data obtaining module, comprising: information acquisition unit.
The information acquisition unit, for obtaining vehicles identifications and authentication seeds from the vehicle gateway in vehicle, wherein institute
It states authentication seeds and the certification mark encryption of vehicle is obtained according to the authentication key of vehicle by the vehicle gateway.
Further, the authentication seeds be by the vehicle according to the authentication key of vehicle to the certification mark of vehicle and
Random number encryption obtains;
Correspondingly, described device further include:
Deciphering module includes the vehicles identifications, the authentication seeds and vehicle access equipment for sending to server
Device identification certification request after, the obtained random number of decryption that server returns is sent to vehicle, by vehicle according to
The comparing result for the random number that the random number and decryption for generating the authentication seeds obtain unlocks vehicle access equipment to the vehicle
Access authority, wherein the random number decrypted carries out the authentication seeds according to the authentication key of inquiry by server
Decryption obtains.
Further, described to authenticate the gateway identification for being identified as the vehicle.
Embodiment seven
Figure 10 is a kind of structural schematic diagram for safety device that the embodiment of the present invention seven provides.Referring to Figure 10, this reality
The safety device for applying example offer includes: certification request receiving module 201, authentication module 202, certification mark deciphering module
203 and permission unlocked state 204.
Wherein, certification request receiving module 201 includes vehicles identifications, certification for receive the transmission of vehicle access equipment
The certification request of seed and vehicle access equipment mark;
Authentication module 202, for being visited based on the vehicle access equipment mark for including in the certification request the vehicle
Ask that equipment carries out legitimacy certification;Enquiry module, if inquiring the vehicle according to the vehicles identifications for authenticating successfully
Authentication key and certification mark;
Certification mark deciphering module 203 is solved for the authentication seeds to be decrypted according to the authentication key
Close certification mark;
Permission unlocked state 204 is tied for comparing the certification mark of certification mark and decryption that inquiry obtains according to comparison
Fruit unlocks the vehicle access equipment to the access authority of the vehicle.
The technical solution of the embodiment of the present invention, by being carried out based on vehicle access equipment mark to the vehicle access equipment
Legitimacy certification, and the certification mark for identifying and decrypting according to the certification that inquiry obtains carries out safety verification to vehicle.To
Realize the two-way authentication to vehicle access equipment and access vehicle.
Further, the certification request receiving module, comprising: certification request receiving module unit.
Certification request receiving module unit, for receiving the vehicles identifications and recognize that vehicle access equipment is obtained from vehicle gateway
Seed is demonstrate,proved, wherein the authentication seeds encrypt the certification mark of the vehicle according to the authentication key of vehicle by vehicle gateway
It arrives.
Further, the certification identifies deciphering module, comprising: certification mark decryption unit.
Wherein, certification mark decryption unit is obtained for the authentication seeds to be decrypted according to the authentication key
The random number of the certification mark and decryption of decryption.
Correspondingly, permission unlocked state, comprising: permission unlocking unit.
Wherein, permission unlocking unit, for comparing the certification mark of certification mark and decryption that inquiry obtains, according to comparison
As a result the random number of decryption is sent to the vehicle access equipment, the access of the vehicle is unlocked for the vehicle access equipment
Permission.
Further, described to authenticate the gateway identification for being identified as the vehicle.
Embodiment eight
Figure 11 is a kind of structural schematic diagram for safety device that the embodiment of the present invention eight provides.Referring to Figure 11, this hair
The safety device that bright embodiment provides includes: response access request module 301 and access authority unlocked state 302.
Wherein, access request module 301 is responded, for responding the access request of vehicle access equipment, sends local vehicle
Vehicles identifications and authentication seeds give the vehicle access equipment, by the vehicle access equipment by received vehicles identifications, recognize
Card seed and vehicle access equipment mark are sent to server, execute for server as follows: according to the device identification to vehicle
Access equipment carries out legitimacy certification;If authenticating successfully, inquired according to the vehicles identifications associated with the vehicles identifications
Authentication key and certification mark;The authentication seeds are decrypted using the authentication key of inquiry, the certification mark decrypted
Know;According to the comparing result of the certification mark of decryption and the certification mark of inquiry, Xiang Suoshu vehicle access equipment sends access and refers to
It enables;
Access authority unlocked state 302, the access instruction for being sent according to vehicle access equipment unlock the vehicle and visit
Ask equipment to the access authority of local vehicle.
The technical solution of the embodiment of the present invention sends local vehicle by responding the access request of vehicle access equipment
Vehicles identifications and authentication seeds give the vehicle access equipment;Then it according to the access instruction, unlocks the vehicle access and sets
The standby access authority to local vehicle.To realize the limitation accessed local vehicle, the peace of vehicle internal networks information is improved
Entirely.
Further, the authentication seeds are according to the authentication key of vehicle by the vehicle gateway of local vehicle to vehicle
Certification mark and random number encryption obtain.
Further, described to authenticate the gateway identification for being identified as local vehicle.
Further, the authentication seeds are according to the authentication key of vehicle by the vehicle gateway of local vehicle to vehicle
Certification mark and random number encryption obtain;
Correspondingly, the access authority unlocked state, comprising:
Access authority unlocking unit, if recognizing described in the random number and generation that are obtained for the decryption that the access instruction includes
The random number for demonstrate,proving seed is consistent, then unlocks the vehicle access equipment to the access authority of local vehicle.
Further, described device further include:
Response key injection module sends the vehicle of local vehicle for the access request of the response vehicle access equipment
To before the vehicle access equipment, the key of response key injection device injects request, sends vehicle for mark and authentication seeds
Mark and certification mark give key injection device, by key injection device according to the vehicles identifications and certification mark generate recognize
Demonstrate,prove key;
Cipher key storage block, for storing the authentication key.
Further, described device further include: cryptographic key factor receiving module and cipher key decryption block.
Wherein, cryptographic key factor receiving module receives key injection device hair before the storage authentication key
The cryptographic key factor sent, wherein the cryptographic key factor is generated by key injection device according to authentication key and setting specification;
Cipher key decryption block, for generating the authentication key according to the specification and received cryptographic key factor.
Embodiment nine
Figure 12 is a kind of structural schematic diagram for safety device that the embodiment of the present invention nine provides.Referring to Figure 12, this reality
The safety device for applying example offer includes: key injection module 401, authentication key generation module 402 and authentication key write-in
Module 403.
Wherein, key injection module 401 includes that vehicles identifications and the key injection of certification mark are asked for sending to vehicle
It asks;
Authentication key generation module 402, vehicles identifications and certification mark for being returned according to vehicle generate authentication key;
Authentication key writing module 403 is instructed to vehicle for writing key based on authentication key transmission, is held for vehicle
Write operation of the row to the authentication key.
It is close to generate certification by the vehicles identifications and certification mark that return according to vehicle for the technical solution of the embodiment of the present invention
Key.Because vehicles identifications are the unique identifications of vehicle, so that each vehicle has unique authentication key.Even if to one
The authentication key of a vehicle is cracked, but invader can not still obtain the authentication key of other vehicles.
Further, described device further include: cryptographic key factor generation module.
Wherein, cryptographic key factor generation module generates and recognizes for the vehicles identifications returned according to vehicle and certification mark
After demonstrate,proving key, cryptographic key factor is generated according to the authentication key of generation and setting specification;
Correspondingly, the authentication key writing module, comprising: authentication key writing unit.
Wherein, authentication key writing unit is write key for the cryptographic key factor transmission based on generation and is instructed to vehicle, for vehicle
The authentication key is generated based on the specification and cryptographic key factor, and stored.
It is anti-that safety provided by any embodiment of the invention can be performed in safety device provided by the embodiment of the present invention
Maintaining method has the corresponding functional module of execution method and beneficial effect.
Embodiment ten
Figure 13 is a kind of structural schematic diagram for equipment that the embodiment of the present invention ten provides.Figure 13, which is shown, to be suitable for being used to realizing
The block diagram of the example devices 12 of embodiment of the present invention.The equipment 12 that Figure 13 is shown is only an example, should not be to this hair
The function and use scope of bright embodiment bring any restrictions.
As shown in figure 13, equipment 12 is showed in the form of universal computing device.The component of equipment 12 may include but unlimited
In one or more processor or processing unit 16, system storage 28, connecting different system components, (including system is deposited
Reservoir 28 and processing unit 16) bus 18.
Bus 18 indicates one of a few class bus structures or a variety of, including memory bus or Memory Controller,
Peripheral bus, graphics acceleration port, processor or the local bus using any bus structures in a variety of bus structures.It lifts
For example, these architectures include but is not limited to industry standard architecture (ISA) bus, microchannel architecture (MAC)
Bus, enhanced isa bus, Video Electronics Standards Association (VESA) local bus and peripheral component interconnection (PCI) bus.
Equipment 12 typically comprises a variety of computer system readable media.These media can be it is any can be by equipment 12
The usable medium of access, including volatile and non-volatile media, moveable and immovable medium.
System storage 28 may include the computer system readable media of form of volatile memory, such as arbitrary access
Memory (RAM) 30 and/or cache memory 32.Equipment 12 may further include it is other it is removable/nonremovable,
Volatile/non-volatile computer system storage medium.Only as an example, storage system 34 can be used for reading and writing irremovable
, non-volatile magnetic media (Figure 13 do not show, commonly referred to as " hard disk drive ").Although being not shown in Figure 13, can provide
Disc driver for being read and write to removable non-volatile magnetic disk (such as " floppy disk "), and to removable anonvolatile optical disk
The CD drive of (such as CD-ROM, DVD-ROM or other optical mediums) read-write.In these cases, each driver can
To be connected by one or more data media interfaces with bus 18.Memory 28 may include at least one program product,
The program product has one group of (for example, at least one) program module, these program modules are configured to perform each implementation of the invention
The function of example.
Program/utility 40 with one group of (at least one) program module 42 can store in such as memory 28
In, such program module 42 include but is not limited to operating system, one or more application program, other program modules and
It may include the realization of network environment in program data, each of these examples or certain combination.Program module 42 is usual
Execute the function and/or method in embodiment described in the invention.
Equipment 12 can also be communicated with one or more external equipments 14 (such as keyboard, sensing equipment, display 24 etc.),
Can also be enabled a user to one or more equipment interacted with the equipment 12 communication, and/or with enable the equipment 12 with
One or more of the other any equipment (such as network interface card, modem etc.) communication for calculating equipment and being communicated.It is this logical
Letter can be carried out by input/output (I/O) interface 22.Also, equipment 12 can also by network adapter 20 and one or
The multiple networks of person (such as local area network (LAN), wide area network (WAN) and/or public network, such as internet) communication.As shown,
Network adapter 20 is communicated by bus 18 with other modules of equipment 12.It should be understood that although not shown in the drawings, can combine
Equipment 12 use other hardware and/or software module, including but not limited to: microcode, device driver, redundant processing unit,
External disk drive array, RAID system, tape drive and data backup storage system etc..
Processing unit 16 by the program that is stored in system storage 28 of operation, thereby executing various function application and
Data processing, such as realize safety protecting method provided by the embodiment of the present invention.
Embodiment 11
The embodiment of the present invention 11 additionally provides a kind of computer readable storage medium, is stored thereon with computer program,
The safety protecting method as described in any in the embodiment of the present invention is realized when the program is executed by processor.
The computer storage medium of the embodiment of the present invention, can be using any of one or more computer-readable media
Combination.Computer-readable medium can be computer-readable signal media or computer readable storage medium.It is computer-readable
Storage medium for example may be-but not limited to-the system of electricity, magnetic, optical, electromagnetic, infrared ray or semiconductor, device or
Device, or any above combination.The more specific example (non exhaustive list) of computer readable storage medium includes: tool
There are electrical connection, the portable computer diskette, hard disk, random access memory (RAM), read-only memory of one or more conducting wires
(ROM), erasable programmable read only memory (EPROM or flash memory), optical fiber, portable compact disc read-only memory (CD-
ROM), light storage device, magnetic memory device or above-mentioned any appropriate combination.In this document, computer-readable storage
Medium can be any tangible medium for including or store program, which can be commanded execution system, device or device
Using or it is in connection.
Computer-readable signal media may include in a base band or as carrier wave a part propagate data-signal,
Wherein carry computer-readable program code.The data-signal of this propagation can take various forms, including but unlimited
In electromagnetic signal, optical signal or above-mentioned any appropriate combination.Computer-readable signal media can also be that computer can
Any computer-readable medium other than storage medium is read, which can send, propagates or transmit and be used for
By the use of instruction execution system, device or device or program in connection.
The program code for including on computer-readable medium can transmit with any suitable medium, including --- but it is unlimited
In wireless, electric wire, optical cable, RF etc. or above-mentioned any appropriate combination.
The computer for executing operation of the present invention can be write with one or more programming languages or combinations thereof
Program code, described program design language include object oriented program language-such as Java, Smalltalk, C++,
Further include conventional procedural programming language-such as " C " language or similar programming language.Program code can be with
It fully executes, partly execute on the user computer on the user computer, being executed as an independent software package, portion
Divide and partially executes or executed on a remote computer or server completely on the remote computer on the user computer.?
Be related in the situation of remote computer, remote computer can pass through the network of any kind --- including local area network (LAN) or
Wide area network (WAN)-be connected to subscriber computer, or, it may be connected to outer computer (such as mentioned using Internet service
It is connected for quotient by internet).
Note that the above is only a better embodiment of the present invention and the applied technical principle.It will be appreciated by those skilled in the art that
The invention is not limited to the specific embodiments described herein, be able to carry out for a person skilled in the art it is various it is apparent variation,
It readjusts and substitutes without departing from protection scope of the present invention.Therefore, although being carried out by above embodiments to the present invention
It is described in further detail, but the present invention is not limited to the above embodiments only, without departing from the inventive concept, also
It may include more other equivalent embodiments, and the scope of the invention is determined by the scope of the appended claims.
Claims (25)
1. a kind of safety protecting method is applied to vehicle access equipment, which is characterized in that the described method includes:
Vehicles identifications and authentication seeds are obtained from vehicle;
The certification that the device identification including the vehicles identifications, the authentication seeds and vehicle access equipment is sent to server is asked
It asks, instruction server executes as follows: legitimacy certification is carried out to vehicle access equipment according to the device identification;If certification at
Function is then identified according to vehicles identifications inquiry with the associated authentication key of the vehicles identifications and certification;Using recognizing for inquiry
Authentication seeds described in card key pair are decrypted, the certification mark decrypted;According to the certification mark of decryption and recognizing for inquiry
The comparing result of card mark unlocks the vehicle access equipment to the access authority of the vehicle.
2. the method according to claim 1, wherein described obtain vehicles identifications and authentication seeds, packet from vehicle
It includes:
Vehicles identifications and authentication seeds are obtained from the vehicle gateway in vehicle, wherein the authentication seeds are by the vehicle gateway root
The certification mark encryption of vehicle is obtained according to the authentication key of vehicle.
3. the method according to claim 1, wherein the authentication seeds are recognizing according to vehicle by the vehicle
The certification mark and random number encryption for demonstrate,proving key pair vehicle obtain;
Correspondingly, described that the equipment including the vehicles identifications, the authentication seeds and vehicle access equipment is sent to server
After the certification request of mark, further includes: the obtained random number of decryption that server returns is sent to vehicle, by vehicle according to
The comparing result for the random number that the random number and decryption for generating the authentication seeds obtain unlocks vehicle access equipment to the vehicle
Access authority, wherein the random number decrypted carries out the authentication seeds according to the authentication key of inquiry by server
Decryption obtains.
4. the method according to claim 1, wherein described authenticate the gateway identification for being identified as the vehicle.
5. a kind of safety protecting method is applied to server, which is characterized in that the described method includes:
Receive the certification request including vehicles identifications, authentication seeds and vehicle access equipment mark that vehicle access equipment is sent;
Legitimacy certification is carried out to the vehicle access equipment based on the vehicle access equipment mark for including in the certification request;
If authenticating successfully, the authentication key of the vehicle is inquired according to the vehicles identifications and certification identifies;
The authentication seeds are decrypted according to the authentication key, the certification mark decrypted;
The certification mark of certification mark and decryption that comparison inquiry obtains, unlocks the vehicle access equipment pair according to comparing result
The access authority of the vehicle.
6. according to the method described in claim 5, it is characterized in that, the vehicle for receiving vehicle access equipment and being obtained from vehicle
Mark and authentication seeds, comprising:
The vehicles identifications and authentication seeds that vehicle access equipment is obtained from vehicle gateway are received, wherein the authentication seeds are by vehicle
Gateway obtains the certification mark encryption of the vehicle according to the authentication key of vehicle.
7. according to the method described in claim 5, it is characterized in that, it is described according to the authentication key to the authentication seeds into
Row decryption, the certification mark decrypted, comprising:
The authentication seeds are decrypted according to the authentication key, the random number of the certification mark and decryption decrypted;
Correspondingly, the certification mark of comparison inquiry obtains certification mark and decryption, unlocks the vehicle according to comparing result and visits
Ask equipment to the access authority of the vehicle, comprising:
The certification mark of certification mark and decryption that comparison inquiry obtains, is sent to institute for the random number of decryption according to comparing result
Vehicle access equipment is stated, the access authority of the vehicle is unlocked for the vehicle access equipment.
8. according to the method described in claim 5, it is characterized in that, described authenticate the gateway identification for being identified as the vehicle.
9. a kind of safety protecting method is applied to vehicle, which is characterized in that the described method includes:
The access request of vehicle access equipment is responded, the vehicles identifications and authentication seeds for sending local vehicle are accessed to the vehicle
Received vehicles identifications, authentication seeds and vehicle access equipment mark are sent to service by the vehicle access equipment by equipment
Device executes as follows for server: carrying out legitimacy certification to vehicle access equipment according to the device identification;If authenticating successfully,
Then identified according to vehicles identifications inquiry with the associated authentication key of the vehicles identifications and certification;It is close using the certification of inquiry
The authentication seeds are decrypted in key, the certification mark decrypted;According to the certification mark of the certification mark and inquiry of decryption
The comparing result of knowledge generates access instruction;
According to the access instruction, the vehicle access equipment is unlocked to the access authority of local vehicle.
10. according to the method described in claim 9, it is characterized in that, the authentication seeds are the vehicle gateways by local vehicle
The certification mark encryption of vehicle is obtained according to the authentication key of vehicle.
11. according to the method described in claim 9, it is characterized in that, the authentication seeds are the vehicle gateways by local vehicle
It is obtained according to certification mark and random number encryption of the authentication key of vehicle to vehicle;
Correspondingly, described according to the access instruction, the vehicle access equipment is unlocked to the access authority of local vehicle, packet
It includes:
If the random number that the decryption that the access instruction includes obtains is consistent with the random number for generating the authentication seeds, unlock
Access authority of the vehicle access equipment to local vehicle.
12. according to the method described in claim 9, it is characterized in that, described authenticate the gateway identification for being identified as local vehicle.
13. according to the method described in claim 9, it is characterized in that, the access request of the response vehicle access equipment, sends
The vehicles identifications and authentication seeds of local vehicle are given before the vehicle access equipment, further includes:
The key of response key injection device injects request, sends vehicles identifications and certification mark gives key injection device, by close
Key injection device generates authentication key according to the vehicles identifications and certification mark;
Store the authentication key.
14. according to the method for claim 13, which is characterized in that before the storage authentication key, further includes:
The cryptographic key factor that key injection device is sent is received, wherein the cryptographic key factor is by key injection device according to authentication key
It is generated with setting specification;
According to the specification and received cryptographic key factor, the authentication key is generated.
15. a kind of safety protecting method is applied to key injection device, which is characterized in that the described method includes:
Send to vehicle includes that vehicles identifications and the key of certification mark inject request;
The vehicles identifications and certification mark returned according to vehicle generate authentication key;
Key is write based on authentication key transmission to instruct to vehicle, executes the write operation to the authentication key for vehicle.
16. according to the method for claim 15, which is characterized in that the vehicles identifications returned according to vehicle and certification are marked
Know after generating authentication key, further includes:
Cryptographic key factor is generated according to the authentication key of generation and setting specification;
It is correspondingly, described to write key based on authentication key transmission and instruct to vehicle, comprising:
Cryptographic key factor transmission based on generation is write key and is instructed to vehicle, is based on the specification for vehicle and cryptographic key factor generates institute
Authentication key is stated, and is stored.
17. a kind of safety device characterized by comprising
Data obtaining module, for obtaining vehicles identifications and authentication seeds from vehicle;
Certification request module includes the vehicles identifications, the authentication seeds and vehicle access equipment for sending to server
Device identification certification request, instruction server execute it is as follows: vehicle access equipment is closed according to the device identification
Method certification;If authenticating successfully, according to vehicles identifications inquiry and the associated authentication key of the vehicles identifications and certification
Mark;The authentication seeds are decrypted using the authentication key of inquiry, the certification mark decrypted;According to recognizing for decryption
Card mark and the comparing result of the certification mark of inquiry unlock the vehicle access equipment to the access authority of the vehicle.
18. device according to claim 17, which is characterized in that the authentication seeds are by the vehicle according to vehicle
Authentication key obtains the certification mark and random number encryption of vehicle;
Correspondingly, described device further include:
Deciphering module includes setting for the vehicles identifications, the authentication seeds and vehicle access equipment for sending to server
After the certification request of standby mark, the random number that the decryption that server returns obtains is sent to vehicle, by vehicle according to generation
The comparing result for the random number that the random number of the authentication seeds and decryption obtain unlocks vehicle access equipment to the vehicle
Access authority, wherein the random number decrypted is decrypted the authentication seeds according to the authentication key of inquiry by server
It obtains.
19. a kind of safety device characterized by comprising
Certification request receiving module includes that vehicles identifications, authentication seeds and vehicle are visited for receive the transmission of vehicle access equipment
Ask the certification request of device identification;
Authentication module, for based on include in the certification request vehicle access equipment mark to the vehicle access equipment into
The certification of row legitimacy;Enquiry module, if inquiring the authentication key of the vehicle according to the vehicles identifications for authenticating successfully
It is identified with certification;
Certification mark deciphering module, for the authentication seeds to be decrypted according to the authentication key, that is decrypted recognizes
Card mark;
Permission unlocked state is unlocked for comparing the certification mark of certification mark and decryption that inquiry obtains according to comparing result
Access authority of the vehicle access equipment to the vehicle.
20. according to the method for claim 19, which is characterized in that the certification identifies deciphering module, comprising:
Certification mark decryption unit, for the authentication seeds to be decrypted according to the authentication key, that is decrypted recognizes
The random number of card mark and decryption;
Correspondingly, permission unlocked state, comprising:
Permission unlocking unit will be solved for comparing the certification mark of certification mark and decryption that inquiry obtains according to comparing result
Close random number is sent to the vehicle access equipment, and the access authority of the vehicle is unlocked for the vehicle access equipment.
21. a kind of safety device characterized by comprising
Respond access request module, for responding the access request of vehicle access equipment, send local vehicle vehicles identifications and
Authentication seeds give the vehicle access equipment, by the vehicle access equipment by received vehicles identifications, authentication seeds and vehicle
Access equipment mark is sent to server, executes for server as follows: being carried out according to the device identification to vehicle access equipment
Legitimacy certification;If authenticate successfully, according to vehicles identifications inquiry with the associated authentication key of the vehicles identifications and recognize
Card mark;The authentication seeds are decrypted using the authentication key of inquiry, the certification mark decrypted;According to decryption
The comparing result of certification mark and the certification mark of inquiry, Xiang Suoshu vehicle access equipment send access instruction;
Access authority unlocked state, the access instruction for being sent according to vehicle access equipment unlock the vehicle access equipment
To the access authority of local vehicle.
22. a kind of safety device characterized by comprising
Key injection module includes that vehicles identifications and the key of certification mark inject request for sending to vehicle;
Authentication key generation module, vehicles identifications and certification mark for being returned according to vehicle generate authentication key;
Authentication key writing module is instructed to vehicle for writing key based on authentication key transmission, is executed for vehicle to institute
State the write operation of authentication key.
23. device according to claim 22, which is characterized in that further include:
Cryptographic key factor generation module, for it is described according to vehicle return vehicles identifications and certification mark generate authentication key it
Afterwards, cryptographic key factor is generated according to the authentication key of generation and setting specification;
Correspondingly, the authentication key writing module, comprising:
Authentication key writing unit is write key for the cryptographic key factor transmission based on generation and is instructed to vehicle, is based on institute for vehicle
It states specification and cryptographic key factor generates the authentication key, and store.
24. a kind of equipment, which is characterized in that the equipment includes:
One or more processors;
Storage device, for storing one or more programs,
When one or more of programs are executed by one or more of processors, so that one or more of processors are real
The now safety protecting method as described in any in claim 1-4,5-8,9-14 or 15-16.
25. a kind of computer readable storage medium, is stored thereon with computer program, which is characterized in that the program is by processor
The safety protecting method as described in any in claim 1-4,5-8,9-14 or 15-16 is realized when execution.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201811614183.0A CN109714171B (en) | 2018-12-27 | 2018-12-27 | Safety protection method, device, equipment and medium |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201811614183.0A CN109714171B (en) | 2018-12-27 | 2018-12-27 | Safety protection method, device, equipment and medium |
Publications (2)
Publication Number | Publication Date |
---|---|
CN109714171A true CN109714171A (en) | 2019-05-03 |
CN109714171B CN109714171B (en) | 2022-09-23 |
Family
ID=66258704
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201811614183.0A Active CN109714171B (en) | 2018-12-27 | 2018-12-27 | Safety protection method, device, equipment and medium |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN109714171B (en) |
Cited By (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110752917A (en) * | 2019-09-25 | 2020-02-04 | 中国第一汽车股份有限公司 | Vehicle access control method, device and system |
CN110908357A (en) * | 2019-10-23 | 2020-03-24 | 深圳开源互联网安全技术有限公司 | Security vulnerability detection method and device, storage medium and intelligent device |
CN111813078A (en) * | 2020-06-24 | 2020-10-23 | 北京天融信网络安全技术有限公司 | Safety diagnosis method, device, equipment and medium for vehicle |
CN113138591A (en) * | 2020-01-20 | 2021-07-20 | 北京新能源汽车股份有限公司 | Control method and device of vehicle safety factor, control equipment and automobile |
CN113347133A (en) * | 2020-02-18 | 2021-09-03 | 华为技术有限公司 | Authentication method and device for vehicle-mounted equipment |
Citations (10)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP2015023307A (en) * | 2013-07-16 | 2015-02-02 | 株式会社デンソー | Authentication device and authentication system |
CN104753962A (en) * | 2015-04-23 | 2015-07-01 | 厦门雅迅网络股份有限公司 | OBD (On-board diagnostics) safety management method and system |
CN105763403A (en) * | 2014-12-15 | 2016-07-13 | 中华汽车工业股份有限公司 | Vehicle-mounted control area network system |
CN106155043A (en) * | 2016-07-28 | 2016-11-23 | 北京新能源汽车股份有限公司 | Vehicle data acquisition methods, device and equipment |
CN106575454A (en) * | 2014-06-11 | 2017-04-19 | 威尔蒂姆Ip公司 | System and method for facilitating user access to vehicles based on biometric information |
US20170338961A1 (en) * | 2016-05-17 | 2017-11-23 | Hyundai Motor Company | Method of providing security for controller using ecryption and apparatus therefor |
CN107925568A (en) * | 2015-08-05 | 2018-04-17 | Kddi株式会社 | Managing device, management system, key generating device, key generation system, key management system, vehicle, management method, key generation method and computer program |
CN107953850A (en) * | 2017-11-29 | 2018-04-24 | 东南(福建)汽车工业有限公司 | A kind of vehicle safety strategy of the legitimacy certification based on T-BOX |
JP2018093477A (en) * | 2017-09-25 | 2018-06-14 | Kddi株式会社 | Distribution system, key generation device, on-vehicle computer, data security device, distribution method, and computer program |
CN109039654A (en) * | 2018-08-30 | 2018-12-18 | 深圳市元征科技股份有限公司 | TBOX identity identifying method and terminal device |
-
2018
- 2018-12-27 CN CN201811614183.0A patent/CN109714171B/en active Active
Patent Citations (10)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP2015023307A (en) * | 2013-07-16 | 2015-02-02 | 株式会社デンソー | Authentication device and authentication system |
CN106575454A (en) * | 2014-06-11 | 2017-04-19 | 威尔蒂姆Ip公司 | System and method for facilitating user access to vehicles based on biometric information |
CN105763403A (en) * | 2014-12-15 | 2016-07-13 | 中华汽车工业股份有限公司 | Vehicle-mounted control area network system |
CN104753962A (en) * | 2015-04-23 | 2015-07-01 | 厦门雅迅网络股份有限公司 | OBD (On-board diagnostics) safety management method and system |
CN107925568A (en) * | 2015-08-05 | 2018-04-17 | Kddi株式会社 | Managing device, management system, key generating device, key generation system, key management system, vehicle, management method, key generation method and computer program |
US20170338961A1 (en) * | 2016-05-17 | 2017-11-23 | Hyundai Motor Company | Method of providing security for controller using ecryption and apparatus therefor |
CN106155043A (en) * | 2016-07-28 | 2016-11-23 | 北京新能源汽车股份有限公司 | Vehicle data acquisition methods, device and equipment |
JP2018093477A (en) * | 2017-09-25 | 2018-06-14 | Kddi株式会社 | Distribution system, key generation device, on-vehicle computer, data security device, distribution method, and computer program |
CN107953850A (en) * | 2017-11-29 | 2018-04-24 | 东南(福建)汽车工业有限公司 | A kind of vehicle safety strategy of the legitimacy certification based on T-BOX |
CN109039654A (en) * | 2018-08-30 | 2018-12-18 | 深圳市元征科技股份有限公司 | TBOX identity identifying method and terminal device |
Non-Patent Citations (1)
Title |
---|
鲍健: "《用于汽车故障诊断仪的ECU模拟器的研制》", 《中国优秀硕士学位论文全文数据库》 * |
Cited By (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110752917A (en) * | 2019-09-25 | 2020-02-04 | 中国第一汽车股份有限公司 | Vehicle access control method, device and system |
CN110908357A (en) * | 2019-10-23 | 2020-03-24 | 深圳开源互联网安全技术有限公司 | Security vulnerability detection method and device, storage medium and intelligent device |
CN110908357B (en) * | 2019-10-23 | 2020-12-15 | 深圳开源互联网安全技术有限公司 | Security vulnerability detection method and device, storage medium and intelligent device |
CN113138591A (en) * | 2020-01-20 | 2021-07-20 | 北京新能源汽车股份有限公司 | Control method and device of vehicle safety factor, control equipment and automobile |
CN113347133A (en) * | 2020-02-18 | 2021-09-03 | 华为技术有限公司 | Authentication method and device for vehicle-mounted equipment |
CN111813078A (en) * | 2020-06-24 | 2020-10-23 | 北京天融信网络安全技术有限公司 | Safety diagnosis method, device, equipment and medium for vehicle |
CN111813078B (en) * | 2020-06-24 | 2021-04-06 | 北京天融信网络安全技术有限公司 | Safety diagnosis method, device, equipment and medium for vehicle |
Also Published As
Publication number | Publication date |
---|---|
CN109714171B (en) | 2022-09-23 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN109714171A (en) | Safety protecting method, device, equipment and medium | |
CN111131313B (en) | Safety guarantee method and system for replacing ECU (electronic control Unit) of intelligent networked automobile | |
JP6731887B2 (en) | Maintenance system and maintenance method | |
US9992178B2 (en) | Method, apparatus and system for dynamically controlling secure vehicle communication based on ignition | |
CN110708388B (en) | Vehicle body safety anchor node device, method and network system for providing safety service | |
US9923722B2 (en) | Message authentication library | |
CN109150907A (en) | Vehicle-mounted industrial personal computer login method, device, system, computer equipment and medium | |
JP6190443B2 (en) | In-vehicle computer system, vehicle, management method, and computer program | |
CN106341392B (en) | II interface security communication protection device of electric car OBD, system and method | |
CN112396735B (en) | Internet automobile digital key safety authentication method and device | |
CN107743067A (en) | Awarding method, system, terminal and the storage medium of digital certificate | |
CN111651748A (en) | Safety access processing system and method for ECU in vehicle | |
CN109314644A (en) | Data providing system, data protecting device, data offering method and computer program | |
CN111082941B (en) | Internet of things data sharing method and system based on block chain technology | |
Ammar et al. | Securing the on-board diagnostics port (obd-ii) in vehicles | |
CN105578464B (en) | A kind of WLAN certificate identification method, the apparatus and system of enhancing | |
CN109474431A (en) | Client certificate method and computer readable storage medium | |
CN116456336A (en) | External equipment access security authentication method, system, automobile, equipment and storage medium | |
CN113872986B (en) | Power distribution terminal authentication method and device and computer equipment | |
CN111092734B (en) | Product activation authentication method based on ad hoc network communication | |
CN111200807B (en) | Bluetooth-based information interaction method and device | |
Lauser et al. | Formal Security Analysis of Vehicle Diagnostic Protocols | |
WO2024000402A1 (en) | Diagnostic method and apparatus | |
Khan | ADvanced Encryption STAndard (ADESTA) for diagnostics over CAN | |
JP2017208731A (en) | Management system, management device, on-vehicle computer, management method, and computer program |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
TA01 | Transfer of patent application right | ||
TA01 | Transfer of patent application right |
Effective date of registration: 20211018 Address after: 100176 101, floor 1, building 1, yard 7, Ruihe West 2nd Road, Beijing Economic and Technological Development Zone, Daxing District, Beijing Applicant after: Apollo Zhilian (Beijing) Technology Co.,Ltd. Address before: 100085 Baidu Building, 10 Shangdi Tenth Street, Haidian District, Beijing Applicant before: BAIDU ONLINE NETWORK TECHNOLOGY (BEIJING) Co.,Ltd. |
|
GR01 | Patent grant | ||
GR01 | Patent grant |