CN109714171A

CN109714171A - Safety protecting method, device, equipment and medium

Info

Publication number: CN109714171A
Application number: CN201811614183.0A
Authority: CN
Inventors: 乔旭
Original assignee: Beijing Baidu Netcom Science and Technology Co Ltd
Current assignee: Apollo Zhilian Beijing Technology Co Ltd
Priority date: 2018-12-27
Filing date: 2018-12-27
Publication date: 2019-05-03
Anticipated expiration: 2038-12-27
Also published as: CN109714171B

Abstract

The embodiment of the invention discloses a kind of safety protecting method, device, equipment and media, are related to automotive field.The described method includes: obtaining vehicles identifications and authentication seeds from vehicle；The certification request of the device identification including the vehicles identifications, the authentication seeds and vehicle access equipment is sent to server, by server according to the vehicles identifications, the device identification of the authentication seeds and vehicle access equipment, the vehicle access equipment is unlocked to the access authority of the vehicle.The embodiment of the invention provides a kind of safety protecting method, device, equipment and medium, the security protection to vehicle internal network information is realized.

Description

Safety protecting method, device, equipment and medium

Technical field

The present embodiments relate to automotive field more particularly to a kind of safety protecting method, device, equipment and media.

Background technique

Onboard diagnostic system (On-Board Diagnostic, OBD) interface of automobile, is exposed, and connects vehicle The interface of internal controller local area network (Controller Area Network, CAN) bus.The original design intention of OBD interface is to use To do the fault diagnosis of vehicle.The error code of automobile is read by OBD interface, quickly positions the failure of automobile.

The OBD interface of major part vehicle is directly connected to interior CAN bus now.OBD interface is as one in CAN bus Node can not only monitor the message in bus, but also can forge message (such as sensor information or control instruction) Cheat electronic control unit (Electronic Control Unit, ECU), so that ECU is allowed to execute the movements of some danger, Vehicle is set to change current state.

For example, hacker is connected to wireless device (such as the head-up largely sold currently on the market of OBD interface by attack Display (Head Up Display, HUD)), it can remotely (for example be forced to the control vehicle instruction that the wireless device sends malice Allow in instructions such as flame-out, the malice steering wheel rotations of vehicle motor run at high speed), to achieve the purpose that car crash.

Summary of the invention

The embodiment of the present invention provides a kind of safety protecting method, device, equipment and medium, to realize to vehicle internal network The security protection of information.

In a first aspect, being applied to vehicle access equipment, the side the embodiment of the invention provides a kind of safety protecting method Method includes:

Vehicles identifications and authentication seeds are obtained from vehicle；

Send to server includes that the device identifications of the vehicles identifications, the authentication seeds and vehicle access equipment is recognized Card request, instruction server execute as follows: carrying out legitimacy certification to vehicle access equipment according to the device identification；If certification Success is then identified according to vehicles identifications inquiry with the associated authentication key of the vehicles identifications and certification；Using inquiry The authentication seeds are decrypted in authentication key, the certification mark decrypted；According to the certification mark and inquiry of decryption The comparing result of certification mark unlocks the vehicle access equipment to the access authority of the vehicle.

Second aspect, the embodiment of the invention also provides a kind of safety protecting methods, are applied to server, the method packet It includes:

The certification including vehicles identifications, authentication seeds and vehicle access equipment mark that vehicle access equipment is sent is received to ask It asks；

Legitimacy is carried out to the vehicle access equipment based on the vehicle access equipment mark for including in the certification request Certification；

If authenticating successfully, the authentication key of the vehicle is inquired according to the vehicles identifications and certification identifies；

The authentication seeds are decrypted according to the authentication key, the certification mark decrypted；

The certification mark of certification mark and decryption that comparison inquiry obtains unlocks the vehicle access according to comparing result and sets The standby access authority to the vehicle.

The third aspect, the embodiment of the invention also provides a kind of safety protecting methods, are applied to vehicle, the method packet It includes:

The access request of vehicle access equipment is responded, the vehicles identifications and authentication seeds for sending local vehicle are to the vehicle Received vehicles identifications, authentication seeds and vehicle access equipment mark are sent to by access equipment by the vehicle access equipment Server executes as follows for server: carrying out legitimacy certification to vehicle access equipment according to the device identification；If certification at Function is then identified according to vehicles identifications inquiry with the associated authentication key of the vehicles identifications and certification；Using recognizing for inquiry Authentication seeds described in card key pair are decrypted, the certification mark decrypted；According to the certification mark of decryption and recognizing for inquiry The comparing result of card mark generates access instruction；

According to the access instruction, the vehicle access equipment is unlocked to the access authority of local vehicle.

Fourth aspect, the embodiment of the invention also provides a kind of safety protecting methods, are applied to key injection device, described Method includes:

Send to vehicle includes that vehicles identifications and the key of certification mark inject request；

The vehicles identifications and certification mark returned according to vehicle generate authentication key；

Key is write based on authentication key transmission to instruct to vehicle, and behaviour is write to the authentication key for vehicle execution Make.

5th aspect, the embodiment of the invention also provides a kind of safety device, which includes:

Data obtaining module, for obtaining vehicles identifications and authentication seeds from vehicle；

Certification request module includes the vehicles identifications, the authentication seeds and vehicle access for sending to server The certification request of the device identification of equipment, instruction server execute it is as follows: according to the device identification to vehicle access equipment into The certification of row legitimacy；If authenticate successfully, according to the vehicles identifications inquiry with the associated authentication key of the vehicles identifications and Certification mark；The authentication seeds are decrypted using the authentication key of inquiry, the certification mark decrypted；According to decryption Certification mark with inquiry certification mark comparing result unlock the vehicle access equipment to the access authority of the vehicle.

6th aspect, the embodiment of the invention also provides a kind of safety devices, comprising:

Certification request receiving module includes vehicles identifications, authentication seeds and vehicle for receive the transmission of vehicle access equipment The certification request of access equipment mark；

Authentication module, for being set based on the vehicle access equipment mark for including in the certification request to vehicle access It is standby to carry out legitimacy certification；Enquiry module, if inquiring the certification of the vehicle according to the vehicles identifications for authenticating successfully Key and certification mark；

Certification mark deciphering module is decrypted for the authentication seeds to be decrypted according to the authentication key Certification mark；

Permission unlocked state, for comparing the certification mark of certification mark and decryption that inquiry obtains, according to comparing result The vehicle access equipment is unlocked to the access authority of the vehicle.

7th aspect, the embodiment of the invention also provides a kind of safety devices, comprising:

Access request module is responded, for responding the access request of vehicle access equipment, sends the vehicle mark of local vehicle Know and authentication seeds give the vehicle access equipment, by the vehicle access equipment by received vehicles identifications, authentication seeds and Vehicle access equipment mark is sent to server, executes for server as follows: according to the device identification to vehicle access equipment Carry out legitimacy certification；If authenticating successfully, according to vehicles identifications inquiry and the associated authentication key of the vehicles identifications It is identified with certification；The authentication seeds are decrypted using the authentication key of inquiry, the certification mark decrypted；According to solution The comparing result of close certification mark and the certification mark of inquiry, Xiang Suoshu vehicle access equipment send access instruction；

Access authority unlocked state, the access instruction for being sent according to vehicle access equipment unlock the vehicle access Access authority of the equipment to local vehicle.

Eighth aspect, the embodiment of the invention also provides a kind of safety devices, comprising:

Key injection module includes that vehicles identifications and the key of certification mark inject request for sending to vehicle；

Authentication key generation module, vehicles identifications and certification mark for being returned according to vehicle generate authentication key；

Authentication key writing module is instructed to vehicle for writing key based on authentication key transmission, is executed for vehicle To the write operation of the authentication key.

9th aspect, the embodiment of the invention also provides a kind of equipment, the equipment includes:

One or more processors；

Storage device, for storing one or more programs,

When one or more of programs are executed by one or more of processors, so that one or more of processing Device realizes the safety protecting method as described in the embodiment of the present invention is any.

Tenth aspect, the embodiment of the invention also provides a kind of computer readable storage mediums, are stored thereon with computer Program realizes the safety protecting method as described in any in the embodiment of the present invention when program is executed by processor.

The embodiment of the present invention is by being first carried out following content when vehicle access equipment accesses to vehicle: vehicle is visited Ask that equipment obtains vehicles identifications and authentication seeds from vehicle；

It includes the vehicles identifications, the authentication seeds and vehicle access equipment that vehicle access equipment is sent to server The certification request of device identification, instruction server execute as follows: it is legal to be carried out according to the device identification to vehicle access equipment Property certification, if authenticate successfully, according to the vehicles identifications inquiry with the associated authentication key of the vehicles identifications and authenticate mark Know, the authentication seeds are decrypted using the authentication key of inquiry, the certification mark decrypted；According to the certification of decryption The comparing result of mark and the certification mark of inquiry unlocks the vehicle access equipment to the access authority of the vehicle.

Above-mentioned execution content is realized based on the device identification of vehicle access equipment recognizes the legitimacy of vehicle access equipment Card；And based on the comparison of certification mark, prevent certification mark in vehicle from illegally being distorted, to realize to access vehicle Safety verification.

In addition, in above-mentioned access verification process by by authentication key storage in the server, then vehicle access equipment Carrying out data interaction with server reduces the biography of authentication key without authentication key is handed down to vehicle access equipment It is defeated, improve the safety of authentication key.

Detailed description of the invention

Fig. 1 is vehicle network topology structure schematic diagram in the prior art；

Fig. 2 is the flow chart for the safety protecting method that the embodiment of the present invention one provides；

Fig. 3 is a kind of vehicle network topology structure schematic diagram that the embodiment of the present invention one provides；

Fig. 4 is a kind of flow chart of safety protecting method provided by Embodiment 2 of the present invention；

Fig. 5 is a kind of flow chart for safety protecting method that the embodiment of the present invention three provides；

Fig. 6 is a kind of flow chart for safety protecting method that the embodiment of the present invention four provides；

Fig. 7 is the signaling diagram of a kind of key injection device and vehicle gateway that the embodiment of the present invention five provides；

Fig. 8 is the signaling diagram of a kind of vehicle access equipment and vehicle gateway that the embodiment of the present invention five provides；

Fig. 9 is a kind of structural schematic diagram for safety device that the embodiment of the present invention six provides；

Figure 10 is a kind of structural schematic diagram for safety device that the embodiment of the present invention seven provides；

Figure 11 is a kind of structural schematic diagram for safety device that the embodiment of the present invention eight provides

Figure 12 is a kind of structural schematic diagram for safety device that the embodiment of the present invention nine provides；

Figure 13 is a kind of structural schematic diagram for equipment that the embodiment of the present invention ten provides.

Specific embodiment

The present invention is described in further detail with reference to the accompanying drawings and examples.It is understood that this place is retouched The specific embodiment stated is used only for explaining the present invention rather than limiting the invention.It also should be noted that in order to just Only the parts related to the present invention are shown in description, attached drawing rather than entire infrastructure.

Referring to Fig. 1, the vehicle network topology knot according to present automobile is it is found that OBD interface is direct-connected with interior CAN network , and vehicle gateway (Gateway, GW) is the electronic control unit (Electronic for connecting each various functions of network segment Control Unit, ECU) node.

Embodiment one

Fig. 2 is the flow chart for the safety protecting method that the embodiment of the present invention one provides.The present embodiment is applicable in vehicle When access equipment accesses to vehicle, legitimate verification is carried out to vehicle access equipment, and to access vehicle safety verifying The case where.This method can be executed by a kind of safety device, which can be real by the mode of software and/or hardware It is existing.Typically, which can be vehicle access equipment, and wherein vehicle access equipment can be random access vehicle internal networks The equipment of information, specifically can be vehicle diagnostic device.Participation is shown in that Fig. 2, safety protecting method provided in this embodiment include:

S110, vehicles identifications and authentication seeds are obtained from vehicle.

Specifically, the authentication seeds are the certification mark encryptions by the vehicle according to the authentication key of vehicle to vehicle It obtains.

Vehicles identifications can be the information of any unique identification vehicle, specifically can be vehicle identification number or cycle serial number (Vehicle Identification Number, VIN), is also possible to the gateway identification of unique identification vehicle gateway.

Certification mark can be an identification number or cycle serial number, be also possible to the gateway mark of unique identification vehicle gateway Know.But vehicles identifications are different with certification mark content, if certification mark is vehicle identification number, vehicles identifications are exactly gateway Mark；If certification mark is gateway identification, vehicles identifications are exactly vehicle identification number.

Specifically, vehicles identifications and authentication seeds can be obtained from the electronic control unit of vehicle.Namely security protection side Method is deployed in the electronic control unit of vehicle.

However, inventor has found in the implementation of the present invention, if safety protecting method is deployed in electronic control In unit, then needing to carry out each electronic control unit the deployment of safety protecting method, and because have in vehicle each The electronic control unit of function is more, so as to cause the larger workload of security protection.

To solve this problem, OBD interface can be connect with Gateway referring to Fig. 3, by the means of defence portion of OBD interface Administration is on Gateway, and the message that Gateway enters OBD interface is forwarded to different network segments, to will not influence OBD interface Normal Diagnosis function.

On the basis of the means of defence of OBD interface is deployed on Gateway, it is described from vehicle obtain vehicles identifications and Authentication seeds, comprising:

Vehicles identifications and authentication seeds are obtained from the vehicle gateway in vehicle, wherein the authentication seeds are by the vehicle net It closes and the certification mark encryption of vehicle is obtained according to the authentication key of vehicle.

On the basis of OBD interface is connect with Gateway, the means of defence of OBD interface is deployed on Gateway, it can To realize the verifying at Gateway to the equipment for carrying out vehicle data access based on OBD interface, unauthorized access equipment is intercepted, And then realize the security protection of the electronic control unit to each network segment of Gateway connection.

In usual vehicle vehicle gateway only one, it is far small in the workload that a vehicle gateway carries out security protection deployment In the workload for carrying out security protection deployment in each electronic control unit.And it equally realizes to electronic control unit each in vehicle Security protection.

S120, the equipment mark including the vehicles identifications, the authentication seeds and vehicle access equipment is sent to server The certification request of knowledge, instruction server execute as follows: carrying out legitimacy certification to vehicle access equipment according to the device identification； If authenticating successfully, identified according to vehicles identifications inquiry with the associated authentication key of the vehicles identifications and certification；Using The authentication seeds are decrypted in the authentication key of inquiry, the certification mark decrypted；According to the certification of decryption mark with The comparing result of the certification mark of inquiry unlocks the vehicle access equipment to the access authority of the vehicle.

Specifically, vehicle access equipment can be vehicle access equipment.Vehicles identifications and authentication seeds are being obtained from vehicle Afterwards, it includes the vehicles identifications, the authentication seeds and vehicle access that the safety device of the present embodiment is sent to server The certification request of the device identification of equipment, request server carry out legitimacy certification to the safety device of the present embodiment, with And verifying is recognized to the safety of access vehicle.

Optionally, server can be generated according to the comparing result of the certification mark of the certification mark and inquiry of decryption and be accessed Instruction.Access instruction directly can be sent to vehicle by server, can also be transmitted to vehicle by vehicle access equipment.

Wherein, the access instruction can be permission access instruction, be also possible to forbid access instruction, can also be including Solve the instruction of confidential information.

When the access instruction that server generates is transmitted to vehicle by vehicle access equipment, to prevent vehicle access equipment pair Access instruction is distorted, and be can use setting Encryption Algorithm after server generates access instruction and is encrypted to access instruction； Then the access instruction of encryption is sent to vehicle access equipment, the access instruction of encryption is sent to vehicle by vehicle access equipment , it is decrypted for vehicle based on access instruction of the above-mentioned Encryption Algorithm to encryption；Institute is unlocked according to the access instruction after decryption Vehicle access equipment is stated to the access authority of the vehicle.

The technical solution of the embodiment of the present invention is as follows by being first carried out when vehicle access equipment accesses to vehicle Content: vehicle access equipment obtains vehicles identifications and authentication seeds from vehicle；

It includes the vehicles identifications, the authentication seeds and vehicle access equipment that vehicle access equipment is sent to server The certification request of device identification, instruction server execute as follows: it is legal to be carried out according to the device identification to vehicle access equipment Property certification；If authenticating successfully, marked according to vehicles identifications inquiry with the associated authentication key of the vehicles identifications and certification Know；The authentication seeds are decrypted using the authentication key of inquiry, the certification mark decrypted；According to the certification of decryption The comparing result of mark and the certification mark of inquiry unlocks the vehicle access equipment to the access authority of the vehicle.

To prevent illegality equipment to the interception of authentication seeds, a large amount of authentication seeds of interception are then based on to authentication key It cracks.The authentication seeds are obtained according to the authentication key of vehicle to the certification mark and random number encryption of vehicle by the vehicle It arrives.

It further, in the authentication seeds is identified according to the authentication key of vehicle to the certification of vehicle by the vehicle On the basis of being obtained with random number encryption, accessed based on received access instruction to the vehicle, comprising:

The random number that the decryption for including by access instruction obtains is sent to vehicle, by vehicle according to the generation authentication seeds Random number and the obtained comparing result of random number of decryption, unlock vehicle access equipment to the access authority of the vehicle, Middle obtained random number of decrypting is decrypted to obtain according to the authentication key of inquiry by server to the authentication seeds.

It is described to authenticate the gateway identification for being identified as the vehicle for the safety for determining vehicle gateway.

Wherein, the comparison of the gateway identification of the gateway identification and inquiry of decryption can verify whether vehicle gateway is tampered, So that it is determined that the safety of vehicle gateway.

Embodiment two

Fig. 4 is a kind of flow chart of safety protecting method provided by Embodiment 2 of the present invention.This method can be by a kind of peace Full protection device executes, which can be realized by the mode of software and/or hardware.Typically, which can be vehicle enterprise Server.Referring to fig. 4, safety protecting method provided in this embodiment includes:

What S210, reception vehicle access equipment were sent includes vehicles identifications, authentication seeds and vehicle access equipment mark Certification request.

Wherein, vehicle access equipment mark is the device identification of vehicle access equipment.

S220, the vehicle access equipment is closed based on the vehicle access equipment mark for including in the certification request Method certification.

Specifically, by the vehicle access equipment for including in certification request mark and the associated legal vehicle of above-mentioned vehicles identifications Access equipment mark is matched；If matching is consistent, it is determined that the vehicle access equipment is legal.

Wherein, it is stored in the safety device of the present embodiment and is accessed with the associated legal vehicle of above-mentioned vehicles identifications Device identification.

If S230, authenticating successfully, the authentication key of the vehicle is inquired according to the vehicles identifications and certification identifies.

Wherein, be stored with vehicles identifications in the safety device of the present embodiment, and with vehicles identifications associated storage Authentication key and certification mark.

S240, the authentication seeds are decrypted according to the authentication key, the certification mark decrypted.

Wherein, authentication seeds obtain certification mark encryption according to authentication key.

The certification mark of S250, the certification mark that comparison inquiry obtains and decryption, unlock the vehicle according to comparing result Access authority of the access equipment to the vehicle.

Wherein, the certification mark inquired is that step S230 is obtained.The certification mark of decryption is that step S240 is obtained 's.

Specifically, unlock the vehicle access equipment according to comparing result includes: to the access authority of the vehicle

If comparison is consistent, the vehicle access equipment is unlocked to the access authority of the vehicle.

The technical solution of the embodiment of the present invention, by being carried out based on vehicle access equipment mark to the vehicle access equipment Legitimacy certification, and the certification mark for identifying and decrypting according to the certification that inquiry obtains carries out safety verification to vehicle.To Realize the two-way authentication to vehicle access equipment and access vehicle.

For the workload for reducing safety protecting method deployment, the vehicle mark for receiving vehicle access equipment and being obtained from vehicle Knowledge and authentication seeds, comprising:

Receive the vehicles identifications that obtain from vehicle gateway of vehicle access equipment and authentication seeds, wherein the authentication seeds by Vehicle gateway obtains the certification mark encryption of the vehicle according to the authentication key of vehicle.

To avoid cracking authentication key based on authentication seeds, it is described according to the authentication key to the authentication seeds It is decrypted, the certification mark decrypted, comprising:

The authentication seeds are decrypted according to the authentication key, the certification decrypted is identified and decrypted random Number.

Further, the authentication seeds are decrypted in the authentication key, the certification mark reconciliation decrypted On the basis of close random number, the certification mark of certification mark and decryption that the comparison inquiry obtains, according to comparing result solution The vehicle access equipment is locked to the access authority of the vehicle, comprising:

The certification mark of certification mark and decryption that comparison inquiry obtains sends the random number of decryption according to comparing result To the vehicle access equipment, the access authority of the vehicle is unlocked for the vehicle access equipment.

It is described to authenticate the gateway identification for being identified as the vehicle to realize the verifying to vehicle gateway.

The concept of noun identical with title involved in above-described embodiment involved in the present embodiment is identical, such as vehicle Mark and authentication seeds etc..The present embodiment is not repeated restriction to the noun repeated.

Embodiment three

Fig. 5 is a kind of flow chart for safety protecting method that the embodiment of the present invention three provides.This method can be by a kind of peace Full protection device executes, which can be realized by the mode of software and/or hardware.Typically, which can be vehicle. Referring to Fig. 5, safety protecting method provided in this embodiment includes:

S310, the access request for responding vehicle access equipment, the vehicles identifications for sending local vehicle and authentication seeds are to institute State vehicle access equipment.

Specifically, the authentication seeds are the certification mark encryptions by local vehicle according to the authentication key of vehicle to vehicle It obtains.Local vehicle is vehicle to be visited.

Received vehicles identifications, authentication seeds and vehicle access equipment mark are sent to clothes by the vehicle access equipment Business device executes as follows for server: carrying out legitimacy certification to vehicle access equipment according to the device identification；If certification at Function is then identified according to vehicles identifications inquiry with the associated authentication key of the vehicles identifications and certification；Using recognizing for inquiry Authentication seeds described in card key pair are decrypted, the certification mark decrypted；According to the certification mark of decryption and recognizing for inquiry The comparing result of mark is demonstrate,proved, Xiang Suoshu vehicle access equipment sends access instruction.

It is described to authenticate the gateway identification for being identified as local vehicle to realize the verifying to vehicle gateway.

Optionally, the authentication seeds can be by the vehicle gateway of local vehicle according to the authentication key of vehicle to vehicle Certification mark encryption obtain；The authentication seeds are also possible to the vehicle gateway by local vehicle according to the authentication key of vehicle The certification mark and random number encryption of vehicle are obtained.

S320, according to the access instruction, unlock the vehicle access equipment to the access authority of local vehicle.

Specifically, described according to the access instruction, unlock the vehicle access equipment to the access authority of local vehicle, Include:

If the access instruction is to allow to access, the vehicle access equipment is unlocked to the access authority of local vehicle.

In the certification mark that the authentication seeds are by the vehicle gateway of local vehicle according to the authentication key of vehicle to vehicle Know on the basis of being obtained with random number encryption, it is described according to the access instruction, the vehicle access equipment is unlocked to local vehicle Access authority, comprising:

If the random number that the decryption that the access instruction includes obtains is consistent with the random number for generating the authentication seeds, The vehicle access equipment is unlocked to the access authority of local vehicle.

The technical solution of the embodiment of the present invention sends local vehicle by responding the access request of vehicle access equipment Vehicles identifications and authentication seeds give the vehicle access equipment；Then it according to the access instruction, unlocks the vehicle access and sets The standby access authority to local vehicle.To realize the limitation accessed local vehicle, the peace of vehicle internal networks information is improved Entirely.

Further, the access request of the response vehicle access equipment sends vehicles identifications and the certification of local vehicle Seed is given before the vehicle access equipment, further includes:

The key of response key injection device injects request, sends vehicles identifications and certification mark gives key injection device, Authentication key is generated according to the vehicles identifications and certification mark by key injection device；

Store the authentication key.

For the plaintext transmission for avoiding authentication key, before the storage authentication key, further includes:

The cryptographic key factor that key injection device is sent is received, wherein the cryptographic key factor is by key injection device according to certification Key and setting specification generate；

According to the specification and received cryptographic key factor, the authentication key is generated.

Specifically, the specification can be secure hardware extension specification.

It is successfully verified to realize to inject authentication key, after the storage authentication key, further includes:

The checking request including encryption data that response key injection device is sent, using the authentication key of storage to described Encryption data is decrypted, and gives the random number back after decryption to key injection device, is compared and is decrypted by key injection device The random number of random number and the generation encryption data afterwards, carries out key according to comparing result and injects good authentication, wherein institute It states encryption data and encrypts to obtain based on the authentication key by key injection device.

Example IV

Fig. 6 is a kind of flow chart for safety protecting method that the embodiment of the present invention four provides.This method can be by a kind of peace Full protection device executes, which can be realized by the mode of software and/or hardware.Typically, which can be key Injection device, specifically key injection device can be PC.Referring to Fig. 6, safety protecting method provided in this embodiment Include:

S410, the key injection request including vehicles identifications and certification mark is sent to vehicle.

S420, the vehicles identifications returned according to vehicle and certification mark generate authentication key.

Wherein, the safety device of the present embodiment generates authentication key according to the vehicles identifications and certification mark, makes Obtaining each vehicle has unique authentication key.Even if the authentication key of a vehicle is cracked, but invader still can not Obtain the authentication key of other vehicles.

Specifically, the vehicles identifications and certification mark returned according to vehicle generate authentication key include: by vehicles identifications and The setting operation result of mark is authenticated as authentication key；Alternatively,

Vehicles identifications, certification mark and the generating random number authentication key returned according to vehicle.

S430, it key is write based on authentication key transmission instructs to vehicle, execute for vehicle to the authentication key Write operation.

It is close to generate certification by the vehicles identifications and certification mark that return according to vehicle for the technical solution of the embodiment of the present invention Key.Because vehicles identifications are the unique identifications of vehicle, so that each vehicle has unique authentication key.Even if to one The authentication key of a vehicle is cracked, but invader can not still obtain the authentication key of other vehicles.

For the plaintext transmission bring security risk for avoiding authentication key, the vehicles identifications returned according to vehicle and recognize Card mark generates after authentication key, further includes:

Cryptographic key factor is generated according to the authentication key of generation and setting specification；

It is correspondingly, described to write key based on authentication key transmission and instruct to vehicle, comprising:

Cryptographic key factor transmission based on generation is write key and is instructed to vehicle, is based on the specification for vehicle and cryptographic key factor is raw At the authentication key, and store.

Specifically, the specification can be secure hardware extension specification.

It is described that key instruction is write based on authentication key transmission to realize the verifying for being successfully written vehicle to authentication key To vehicle, after executing for vehicle to the write operation of the authentication key, further includes:

Random number is encrypted according to the authentication key, generates encryption data；

The checking request including the encryption data is sent to vehicle, is added using the authentication key of storage to described by vehicle Ciphertext data is decrypted；

The random number of random number and the generation encryption data after comparison decryption, carries out key injection according to comparing result Good authentication.

Embodiment five

Fig. 7 is the signaling diagram of a kind of key injection device and vehicle gateway that the embodiment of the present invention five provides；Fig. 8 is this hair The signaling diagram of a kind of vehicle access equipment and vehicle gateway that bright embodiment five provides.The present embodiment is the base in above-described embodiment A kind of optinal plan proposed on plinth.Referring to figs. 7 and 8, safety protecting method provided in this embodiment includes:

Vehicle production is complete, and key injection device passes through the OBD interface of vehicle when offline, requests vehicle to Gateway VIN and Gateway gateway identification.

The VIN and gateway identification of Gateway response vehicle.

Gateway identification of the key injection device according to vehicle VIN and Gateway, the certification for generating the OBD interface of vehicle are close Key, then generates cryptographic key factor according to authentication key, and transmission writes key instruction and cryptographic key factor to Gateway.

Specifically, cryptographic key factor is five parameters, with the hardware encryption module suitable for Gateway.

Gateway receives cryptographic key factor, and cryptographic key factor is passed to hardware encryption module, generated as hardware encryption module described in Authentication key simultaneously saves, and response key injection device key is written successfully.

Key injection device generates random number, and according to authentication key encrypted random number, sends key authentication instruction and add Close random number is to Gateway.

After Gateway receives the random number of key authentication instruction and encryption, with the authentication key of storage decryption encryption with Machine number, and the random number returned after decryption gives key injection device.

Key injection device receives the random number after decryption, compared with the random number that itself is generated, if unanimously, it is determined that The authentication key of Gateway is written successfully；Then by the VIN of vehicle, the gateway identification and authentication key of Gateway are uploaded To the private services device of depot.

When vehicle access equipment accesses interior CAN network by vehicle OBD interface, access authentication is carried out, detailed process is such as Under:

Vehicle access equipment accesses Gateway by vehicle OBD interface, passes through unified diagnostic service agreement request vehicle VIN。

Gateway is based on unified diagnostic service agreement, the VIN of response vehicle.

Vehicle access equipment requests the authentication seeds of Gateway, wherein the authentication seeds are based on gateway mark by Gateway Know and random number encrypts to obtain using authentication key.

Gateway response authentication seed.

After vehicle access equipment receives authentication seeds, the VIN of vehicle, authentication seeds and vehicle access equipment itself are marked Know the private services device for being sent collectively to vehicle enterprise.

After private services device receives VIN, authentication seeds and the vehicle access equipment self identification of vehicle, pass through VIN Inquire the gateway identification and authentication key of associated storage in database；Then authentication key decrypted authentication seed is used, is obtained in plain text Gateway identification and a random number；The gateway identification of decryption and the gateway identification of inquiry are compared, if unanimously, returning to solution Random number after close gives vehicle access equipment；

The random number that vehicle access equipment sends decryption is authenticated to Gateway.

Gateway compares the random number of the decryption received and the random number itself generated；If comparison is consistent, recognize It demonstrate,proves successfully, access authority of the unlock vehicle access equipment to vehicle.Vehicle access equipment can be accessed interior by OBD interface CAN network.

The technical solution of the embodiment of the present invention, by adding Security mechanism in Gateway, so as to prevent hacker The data that interior CAN network is listened to by OBD interface crack CAN bus control protocol；Prevent illegality equipment from passing through OBD interface The illegal secure access algorithm for diagnosing and cracking in safe UDS agreement is carried out, modifies the important parameter of electronic control unit, or give Electronic control unit brush enters rogue program；Prevent hacker by the OBD wireless device in rear dress market, long-range attack vehicle.

By the way that safety protecting method to be deployed on Gateway, i.e., the normal function of Gateway is not influenced, cost free yet Increase.And the normal function of interior electronic control unit is not influenced, does not change the code of electronic control unit yet.

Vehicle VIN is read by OBD interface in addition, not influencing vehicle administration office.

It should be noted that by the technical teaching of the present embodiment, those skilled in the art have motivation by above-described embodiment Described in any embodiment carry out the combination of scheme, it is right to realize when vehicle access equipment accesses to vehicle Vehicle access equipment carries out legitimate verification, and carries out safety verification to access vehicle.

Embodiment six

Fig. 9 is a kind of structural schematic diagram for safety device that the embodiment of the present invention six provides.Referring to Fig. 9, this implementation A kind of safety device that example provides includes: data obtaining module 101 and certification request module 102.

Wherein, data obtaining module 101, for obtaining vehicles identifications and authentication seeds from vehicle, wherein the certification is believed Breath is obtained according to the authentication key of vehicle to the certification mark encryption of vehicle by the vehicle；

Certification request module 102 includes that the vehicles identifications, the authentication seeds and vehicle are visited for sending to server Ask the certification request of the device identification of equipment, instruction server executes as follows: according to the device identification to vehicle access equipment Carry out legitimacy certification；If authenticating successfully, according to vehicles identifications inquiry and the associated authentication key of the vehicles identifications It is identified with certification；The authentication seeds are decrypted using the authentication key of inquiry, the certification mark decrypted；According to solution The comparing result of close certification mark and the certification mark of inquiry unlocks the vehicle access equipment to the access right of the vehicle Limit.

Further, the data obtaining module, comprising: information acquisition unit.

The information acquisition unit, for obtaining vehicles identifications and authentication seeds from the vehicle gateway in vehicle, wherein institute It states authentication seeds and the certification mark encryption of vehicle is obtained according to the authentication key of vehicle by the vehicle gateway.

Further, the authentication seeds be by the vehicle according to the authentication key of vehicle to the certification mark of vehicle and Random number encryption obtains；

Correspondingly, described device further include:

Deciphering module includes the vehicles identifications, the authentication seeds and vehicle access equipment for sending to server Device identification certification request after, the obtained random number of decryption that server returns is sent to vehicle, by vehicle according to The comparing result for the random number that the random number and decryption for generating the authentication seeds obtain unlocks vehicle access equipment to the vehicle Access authority, wherein the random number decrypted carries out the authentication seeds according to the authentication key of inquiry by server Decryption obtains.

Further, described to authenticate the gateway identification for being identified as the vehicle.

Embodiment seven

Figure 10 is a kind of structural schematic diagram for safety device that the embodiment of the present invention seven provides.Referring to Figure 10, this reality The safety device for applying example offer includes: certification request receiving module 201, authentication module 202, certification mark deciphering module 203 and permission unlocked state 204.

Wherein, certification request receiving module 201 includes vehicles identifications, certification for receive the transmission of vehicle access equipment The certification request of seed and vehicle access equipment mark；

Authentication module 202, for being visited based on the vehicle access equipment mark for including in the certification request the vehicle Ask that equipment carries out legitimacy certification；Enquiry module, if inquiring the vehicle according to the vehicles identifications for authenticating successfully Authentication key and certification mark；

Certification mark deciphering module 203 is solved for the authentication seeds to be decrypted according to the authentication key Close certification mark；

Permission unlocked state 204 is tied for comparing the certification mark of certification mark and decryption that inquiry obtains according to comparison Fruit unlocks the vehicle access equipment to the access authority of the vehicle.

Further, the certification request receiving module, comprising: certification request receiving module unit.

Certification request receiving module unit, for receiving the vehicles identifications and recognize that vehicle access equipment is obtained from vehicle gateway Seed is demonstrate,proved, wherein the authentication seeds encrypt the certification mark of the vehicle according to the authentication key of vehicle by vehicle gateway It arrives.

Further, the certification identifies deciphering module, comprising: certification mark decryption unit.

Wherein, certification mark decryption unit is obtained for the authentication seeds to be decrypted according to the authentication key The random number of the certification mark and decryption of decryption.

Correspondingly, permission unlocked state, comprising: permission unlocking unit.

Wherein, permission unlocking unit, for comparing the certification mark of certification mark and decryption that inquiry obtains, according to comparison As a result the random number of decryption is sent to the vehicle access equipment, the access of the vehicle is unlocked for the vehicle access equipment Permission.

Embodiment eight

Figure 11 is a kind of structural schematic diagram for safety device that the embodiment of the present invention eight provides.Referring to Figure 11, this hair The safety device that bright embodiment provides includes: response access request module 301 and access authority unlocked state 302.

Wherein, access request module 301 is responded, for responding the access request of vehicle access equipment, sends local vehicle Vehicles identifications and authentication seeds give the vehicle access equipment, by the vehicle access equipment by received vehicles identifications, recognize Card seed and vehicle access equipment mark are sent to server, execute for server as follows: according to the device identification to vehicle Access equipment carries out legitimacy certification；If authenticating successfully, inquired according to the vehicles identifications associated with the vehicles identifications Authentication key and certification mark；The authentication seeds are decrypted using the authentication key of inquiry, the certification mark decrypted Know；According to the comparing result of the certification mark of decryption and the certification mark of inquiry, Xiang Suoshu vehicle access equipment sends access and refers to It enables；

Access authority unlocked state 302, the access instruction for being sent according to vehicle access equipment unlock the vehicle and visit Ask equipment to the access authority of local vehicle.

Further, the authentication seeds are according to the authentication key of vehicle by the vehicle gateway of local vehicle to vehicle Certification mark and random number encryption obtain.

Further, described to authenticate the gateway identification for being identified as local vehicle.

Further, the authentication seeds are according to the authentication key of vehicle by the vehicle gateway of local vehicle to vehicle Certification mark and random number encryption obtain；

Correspondingly, the access authority unlocked state, comprising:

Access authority unlocking unit, if recognizing described in the random number and generation that are obtained for the decryption that the access instruction includes The random number for demonstrate,proving seed is consistent, then unlocks the vehicle access equipment to the access authority of local vehicle.

Further, described device further include:

Response key injection module sends the vehicle of local vehicle for the access request of the response vehicle access equipment To before the vehicle access equipment, the key of response key injection device injects request, sends vehicle for mark and authentication seeds Mark and certification mark give key injection device, by key injection device according to the vehicles identifications and certification mark generate recognize Demonstrate,prove key；

Cipher key storage block, for storing the authentication key.

Further, described device further include: cryptographic key factor receiving module and cipher key decryption block.

Wherein, cryptographic key factor receiving module receives key injection device hair before the storage authentication key The cryptographic key factor sent, wherein the cryptographic key factor is generated by key injection device according to authentication key and setting specification；

Cipher key decryption block, for generating the authentication key according to the specification and received cryptographic key factor.

Embodiment nine

Figure 12 is a kind of structural schematic diagram for safety device that the embodiment of the present invention nine provides.Referring to Figure 12, this reality The safety device for applying example offer includes: key injection module 401, authentication key generation module 402 and authentication key write-in Module 403.

Wherein, key injection module 401 includes that vehicles identifications and the key injection of certification mark are asked for sending to vehicle It asks；

Authentication key generation module 402, vehicles identifications and certification mark for being returned according to vehicle generate authentication key；

Authentication key writing module 403 is instructed to vehicle for writing key based on authentication key transmission, is held for vehicle Write operation of the row to the authentication key.

Further, described device further include: cryptographic key factor generation module.

Wherein, cryptographic key factor generation module generates and recognizes for the vehicles identifications returned according to vehicle and certification mark After demonstrate,proving key, cryptographic key factor is generated according to the authentication key of generation and setting specification；

Correspondingly, the authentication key writing module, comprising: authentication key writing unit.

Wherein, authentication key writing unit is write key for the cryptographic key factor transmission based on generation and is instructed to vehicle, for vehicle The authentication key is generated based on the specification and cryptographic key factor, and stored.

It is anti-that safety provided by any embodiment of the invention can be performed in safety device provided by the embodiment of the present invention Maintaining method has the corresponding functional module of execution method and beneficial effect.

Embodiment ten

Figure 13 is a kind of structural schematic diagram for equipment that the embodiment of the present invention ten provides.Figure 13, which is shown, to be suitable for being used to realizing The block diagram of the example devices 12 of embodiment of the present invention.The equipment 12 that Figure 13 is shown is only an example, should not be to this hair The function and use scope of bright embodiment bring any restrictions.

As shown in figure 13, equipment 12 is showed in the form of universal computing device.The component of equipment 12 may include but unlimited In one or more processor or processing unit 16, system storage 28, connecting different system components, (including system is deposited Reservoir 28 and processing unit 16) bus 18.

Bus 18 indicates one of a few class bus structures or a variety of, including memory bus or Memory Controller, Peripheral bus, graphics acceleration port, processor or the local bus using any bus structures in a variety of bus structures.It lifts For example, these architectures include but is not limited to industry standard architecture (ISA) bus, microchannel architecture (MAC) Bus, enhanced isa bus, Video Electronics Standards Association (VESA) local bus and peripheral component interconnection (PCI) bus.

Equipment 12 typically comprises a variety of computer system readable media.These media can be it is any can be by equipment 12 The usable medium of access, including volatile and non-volatile media, moveable and immovable medium.

System storage 28 may include the computer system readable media of form of volatile memory, such as arbitrary access Memory (RAM) 30 and/or cache memory 32.Equipment 12 may further include it is other it is removable/nonremovable, Volatile/non-volatile computer system storage medium.Only as an example, storage system 34 can be used for reading and writing irremovable , non-volatile magnetic media (Figure 13 do not show, commonly referred to as " hard disk drive ").Although being not shown in Figure 13, can provide Disc driver for being read and write to removable non-volatile magnetic disk (such as " floppy disk "), and to removable anonvolatile optical disk The CD drive of (such as CD-ROM, DVD-ROM or other optical mediums) read-write.In these cases, each driver can To be connected by one or more data media interfaces with bus 18.Memory 28 may include at least one program product, The program product has one group of (for example, at least one) program module, these program modules are configured to perform each implementation of the invention The function of example.

Program/utility 40 with one group of (at least one) program module 42 can store in such as memory 28 In, such program module 42 include but is not limited to operating system, one or more application program, other program modules and It may include the realization of network environment in program data, each of these examples or certain combination.Program module 42 is usual Execute the function and/or method in embodiment described in the invention.

Equipment 12 can also be communicated with one or more external equipments 14 (such as keyboard, sensing equipment, display 24 etc.), Can also be enabled a user to one or more equipment interacted with the equipment 12 communication, and/or with enable the equipment 12 with One or more of the other any equipment (such as network interface card, modem etc.) communication for calculating equipment and being communicated.It is this logical Letter can be carried out by input/output (I/O) interface 22.Also, equipment 12 can also by network adapter 20 and one or The multiple networks of person (such as local area network (LAN), wide area network (WAN) and/or public network, such as internet) communication.As shown, Network adapter 20 is communicated by bus 18 with other modules of equipment 12.It should be understood that although not shown in the drawings, can combine Equipment 12 use other hardware and/or software module, including but not limited to: microcode, device driver, redundant processing unit, External disk drive array, RAID system, tape drive and data backup storage system etc..

Processing unit 16 by the program that is stored in system storage 28 of operation, thereby executing various function application and Data processing, such as realize safety protecting method provided by the embodiment of the present invention.

Embodiment 11

The embodiment of the present invention 11 additionally provides a kind of computer readable storage medium, is stored thereon with computer program, The safety protecting method as described in any in the embodiment of the present invention is realized when the program is executed by processor.

The computer storage medium of the embodiment of the present invention, can be using any of one or more computer-readable media Combination.Computer-readable medium can be computer-readable signal media or computer readable storage medium.It is computer-readable Storage medium for example may be-but not limited to-the system of electricity, magnetic, optical, electromagnetic, infrared ray or semiconductor, device or Device, or any above combination.The more specific example (non exhaustive list) of computer readable storage medium includes: tool There are electrical connection, the portable computer diskette, hard disk, random access memory (RAM), read-only memory of one or more conducting wires (ROM), erasable programmable read only memory (EPROM or flash memory), optical fiber, portable compact disc read-only memory (CD- ROM), light storage device, magnetic memory device or above-mentioned any appropriate combination.In this document, computer-readable storage Medium can be any tangible medium for including or store program, which can be commanded execution system, device or device Using or it is in connection.

Computer-readable signal media may include in a base band or as carrier wave a part propagate data-signal, Wherein carry computer-readable program code.The data-signal of this propagation can take various forms, including but unlimited In electromagnetic signal, optical signal or above-mentioned any appropriate combination.Computer-readable signal media can also be that computer can Any computer-readable medium other than storage medium is read, which can send, propagates or transmit and be used for By the use of instruction execution system, device or device or program in connection.

The program code for including on computer-readable medium can transmit with any suitable medium, including --- but it is unlimited In wireless, electric wire, optical cable, RF etc. or above-mentioned any appropriate combination.

The computer for executing operation of the present invention can be write with one or more programming languages or combinations thereof Program code, described program design language include object oriented program language-such as Java, Smalltalk, C++, Further include conventional procedural programming language-such as " C " language or similar programming language.Program code can be with It fully executes, partly execute on the user computer on the user computer, being executed as an independent software package, portion Divide and partially executes or executed on a remote computer or server completely on the remote computer on the user computer.? Be related in the situation of remote computer, remote computer can pass through the network of any kind --- including local area network (LAN) or Wide area network (WAN)-be connected to subscriber computer, or, it may be connected to outer computer (such as mentioned using Internet service It is connected for quotient by internet).

Note that the above is only a better embodiment of the present invention and the applied technical principle.It will be appreciated by those skilled in the art that The invention is not limited to the specific embodiments described herein, be able to carry out for a person skilled in the art it is various it is apparent variation, It readjusts and substitutes without departing from protection scope of the present invention.Therefore, although being carried out by above embodiments to the present invention It is described in further detail, but the present invention is not limited to the above embodiments only, without departing from the inventive concept, also It may include more other equivalent embodiments, and the scope of the invention is determined by the scope of the appended claims.

Claims

1. a kind of safety protecting method is applied to vehicle access equipment, which is characterized in that the described method includes:

Vehicles identifications and authentication seeds are obtained from vehicle；

The certification that the device identification including the vehicles identifications, the authentication seeds and vehicle access equipment is sent to server is asked It asks, instruction server executes as follows: legitimacy certification is carried out to vehicle access equipment according to the device identification；If certification at Function is then identified according to vehicles identifications inquiry with the associated authentication key of the vehicles identifications and certification；Using recognizing for inquiry Authentication seeds described in card key pair are decrypted, the certification mark decrypted；According to the certification mark of decryption and recognizing for inquiry The comparing result of card mark unlocks the vehicle access equipment to the access authority of the vehicle.

2. the method according to claim 1, wherein described obtain vehicles identifications and authentication seeds, packet from vehicle It includes:

Vehicles identifications and authentication seeds are obtained from the vehicle gateway in vehicle, wherein the authentication seeds are by the vehicle gateway root The certification mark encryption of vehicle is obtained according to the authentication key of vehicle.

3. the method according to claim 1, wherein the authentication seeds are recognizing according to vehicle by the vehicle The certification mark and random number encryption for demonstrate,proving key pair vehicle obtain；

Correspondingly, described that the equipment including the vehicles identifications, the authentication seeds and vehicle access equipment is sent to server After the certification request of mark, further includes: the obtained random number of decryption that server returns is sent to vehicle, by vehicle according to The comparing result for the random number that the random number and decryption for generating the authentication seeds obtain unlocks vehicle access equipment to the vehicle Access authority, wherein the random number decrypted carries out the authentication seeds according to the authentication key of inquiry by server Decryption obtains.

4. the method according to claim 1, wherein described authenticate the gateway identification for being identified as the vehicle.

5. a kind of safety protecting method is applied to server, which is characterized in that the described method includes:

Receive the certification request including vehicles identifications, authentication seeds and vehicle access equipment mark that vehicle access equipment is sent；

Legitimacy certification is carried out to the vehicle access equipment based on the vehicle access equipment mark for including in the certification request；

The certification mark of certification mark and decryption that comparison inquiry obtains, unlocks the vehicle access equipment pair according to comparing result The access authority of the vehicle.

6. according to the method described in claim 5, it is characterized in that, the vehicle for receiving vehicle access equipment and being obtained from vehicle Mark and authentication seeds, comprising:

The vehicles identifications and authentication seeds that vehicle access equipment is obtained from vehicle gateway are received, wherein the authentication seeds are by vehicle Gateway obtains the certification mark encryption of the vehicle according to the authentication key of vehicle.

7. according to the method described in claim 5, it is characterized in that, it is described according to the authentication key to the authentication seeds into Row decryption, the certification mark decrypted, comprising:

The authentication seeds are decrypted according to the authentication key, the random number of the certification mark and decryption decrypted；

Correspondingly, the certification mark of comparison inquiry obtains certification mark and decryption, unlocks the vehicle according to comparing result and visits Ask equipment to the access authority of the vehicle, comprising:

The certification mark of certification mark and decryption that comparison inquiry obtains, is sent to institute for the random number of decryption according to comparing result Vehicle access equipment is stated, the access authority of the vehicle is unlocked for the vehicle access equipment.

8. according to the method described in claim 5, it is characterized in that, described authenticate the gateway identification for being identified as the vehicle.

9. a kind of safety protecting method is applied to vehicle, which is characterized in that the described method includes:

The access request of vehicle access equipment is responded, the vehicles identifications and authentication seeds for sending local vehicle are accessed to the vehicle Received vehicles identifications, authentication seeds and vehicle access equipment mark are sent to service by the vehicle access equipment by equipment Device executes as follows for server: carrying out legitimacy certification to vehicle access equipment according to the device identification；If authenticating successfully, Then identified according to vehicles identifications inquiry with the associated authentication key of the vehicles identifications and certification；It is close using the certification of inquiry The authentication seeds are decrypted in key, the certification mark decrypted；According to the certification mark of the certification mark and inquiry of decryption The comparing result of knowledge generates access instruction；

10. according to the method described in claim 9, it is characterized in that, the authentication seeds are the vehicle gateways by local vehicle The certification mark encryption of vehicle is obtained according to the authentication key of vehicle.

11. according to the method described in claim 9, it is characterized in that, the authentication seeds are the vehicle gateways by local vehicle It is obtained according to certification mark and random number encryption of the authentication key of vehicle to vehicle；

Correspondingly, described according to the access instruction, the vehicle access equipment is unlocked to the access authority of local vehicle, packet It includes:

If the random number that the decryption that the access instruction includes obtains is consistent with the random number for generating the authentication seeds, unlock Access authority of the vehicle access equipment to local vehicle.

12. according to the method described in claim 9, it is characterized in that, described authenticate the gateway identification for being identified as local vehicle.

13. according to the method described in claim 9, it is characterized in that, the access request of the response vehicle access equipment, sends The vehicles identifications and authentication seeds of local vehicle are given before the vehicle access equipment, further includes:

The key of response key injection device injects request, sends vehicles identifications and certification mark gives key injection device, by close Key injection device generates authentication key according to the vehicles identifications and certification mark；

Store the authentication key.

14. according to the method for claim 13, which is characterized in that before the storage authentication key, further includes:

The cryptographic key factor that key injection device is sent is received, wherein the cryptographic key factor is by key injection device according to authentication key It is generated with setting specification；

15. a kind of safety protecting method is applied to key injection device, which is characterized in that the described method includes:

Key is write based on authentication key transmission to instruct to vehicle, executes the write operation to the authentication key for vehicle.

16. according to the method for claim 15, which is characterized in that the vehicles identifications returned according to vehicle and certification are marked Know after generating authentication key, further includes:

Cryptographic key factor transmission based on generation is write key and is instructed to vehicle, is based on the specification for vehicle and cryptographic key factor generates institute Authentication key is stated, and is stored.

17. a kind of safety device characterized by comprising

Certification request module includes the vehicles identifications, the authentication seeds and vehicle access equipment for sending to server Device identification certification request, instruction server execute it is as follows: vehicle access equipment is closed according to the device identification Method certification；If authenticating successfully, according to vehicles identifications inquiry and the associated authentication key of the vehicles identifications and certification Mark；The authentication seeds are decrypted using the authentication key of inquiry, the certification mark decrypted；According to recognizing for decryption Card mark and the comparing result of the certification mark of inquiry unlock the vehicle access equipment to the access authority of the vehicle.

18. device according to claim 17, which is characterized in that the authentication seeds are by the vehicle according to vehicle Authentication key obtains the certification mark and random number encryption of vehicle；

Correspondingly, described device further include:

Deciphering module includes setting for the vehicles identifications, the authentication seeds and vehicle access equipment for sending to server After the certification request of standby mark, the random number that the decryption that server returns obtains is sent to vehicle, by vehicle according to generation The comparing result for the random number that the random number of the authentication seeds and decryption obtain unlocks vehicle access equipment to the vehicle Access authority, wherein the random number decrypted is decrypted the authentication seeds according to the authentication key of inquiry by server It obtains.

19. a kind of safety device characterized by comprising

Certification request receiving module includes that vehicles identifications, authentication seeds and vehicle are visited for receive the transmission of vehicle access equipment Ask the certification request of device identification；

Authentication module, for based on include in the certification request vehicle access equipment mark to the vehicle access equipment into The certification of row legitimacy；Enquiry module, if inquiring the authentication key of the vehicle according to the vehicles identifications for authenticating successfully It is identified with certification；

Certification mark deciphering module, for the authentication seeds to be decrypted according to the authentication key, that is decrypted recognizes Card mark；

Permission unlocked state is unlocked for comparing the certification mark of certification mark and decryption that inquiry obtains according to comparing result Access authority of the vehicle access equipment to the vehicle.

20. according to the method for claim 19, which is characterized in that the certification identifies deciphering module, comprising:

Certification mark decryption unit, for the authentication seeds to be decrypted according to the authentication key, that is decrypted recognizes The random number of card mark and decryption；

Correspondingly, permission unlocked state, comprising:

Permission unlocking unit will be solved for comparing the certification mark of certification mark and decryption that inquiry obtains according to comparing result Close random number is sent to the vehicle access equipment, and the access authority of the vehicle is unlocked for the vehicle access equipment.

21. a kind of safety device characterized by comprising

Respond access request module, for responding the access request of vehicle access equipment, send local vehicle vehicles identifications and Authentication seeds give the vehicle access equipment, by the vehicle access equipment by received vehicles identifications, authentication seeds and vehicle Access equipment mark is sent to server, executes for server as follows: being carried out according to the device identification to vehicle access equipment Legitimacy certification；If authenticate successfully, according to vehicles identifications inquiry with the associated authentication key of the vehicles identifications and recognize Card mark；The authentication seeds are decrypted using the authentication key of inquiry, the certification mark decrypted；According to decryption The comparing result of certification mark and the certification mark of inquiry, Xiang Suoshu vehicle access equipment send access instruction；

Access authority unlocked state, the access instruction for being sent according to vehicle access equipment unlock the vehicle access equipment To the access authority of local vehicle.

22. a kind of safety device characterized by comprising

Authentication key writing module is instructed to vehicle for writing key based on authentication key transmission, is executed for vehicle to institute State the write operation of authentication key.

23. device according to claim 22, which is characterized in that further include:

Cryptographic key factor generation module, for it is described according to vehicle return vehicles identifications and certification mark generate authentication key it Afterwards, cryptographic key factor is generated according to the authentication key of generation and setting specification；

Correspondingly, the authentication key writing module, comprising:

Authentication key writing unit is write key for the cryptographic key factor transmission based on generation and is instructed to vehicle, is based on institute for vehicle It states specification and cryptographic key factor generates the authentication key, and store.

24. a kind of equipment, which is characterized in that the equipment includes:

One or more processors；

Storage device, for storing one or more programs,

When one or more of programs are executed by one or more of processors, so that one or more of processors are real The now safety protecting method as described in any in claim 1-4,5-8,9-14 or 15-16.

25. a kind of computer readable storage medium, is stored thereon with computer program, which is characterized in that the program is by processor The safety protecting method as described in any in claim 1-4,5-8,9-14 or 15-16 is realized when execution.