CN112087440A

CN112087440A - Message transmission method and device, electronic equipment and storage medium

Info

Publication number: CN112087440A
Application number: CN202010910514.6A
Authority: CN
Inventors: 秦晨; 金川; 尹恒; 彭小波; 周林; 周昌申
Original assignee: Shanghai Yingheng Electronic Co ltd
Current assignee: Shanghai Yingheng Electronic Co ltd
Priority date: 2020-09-02
Filing date: 2020-09-02
Publication date: 2020-12-15

Abstract

The embodiment of the invention discloses a message transmission method, a device, electronic equipment and a storage medium, wherein the method is applied to a CAN node driver which is in communication connection with a gateway controller, the gateway controller is also in communication connection with at least one Ethernet node, and the method comprises the following steps: when a message to be sent is received, determining whether the identifier of the message to be sent belongs to a preset white list; and if the identifier of the message to be sent belongs to a preset white list, sending the message to be sent, otherwise, preventing the message to be sent from being sent. The technical scheme of the embodiment of the invention improves the safety of message transmission.

Description

Message transmission method and device, electronic equipment and storage medium

Technical Field

The embodiment of the invention relates to the technical field of automotive electronics, in particular to a message transmission method and device, electronic equipment and a storage medium.

Background

The traditional automobile is taken as an independent functional individual, and the internal network of the traditional automobile mostly adopts a closed distributed network. In particular, CAN \ LIN bus is taken as a representative. However, with the continuous development of network technology, information technology, and controller technology, automobiles increasingly emphasize intelligence and interconnectivity. In recent years, with the rise and development of V2X (vehicle to outside information exchange) technology, a vehicle-mounted ethernet is becoming more and more popular as the core of the whole network, accompanied by a conventional CAN distributed network.

In the prior art, because the CAN bus network is an internal closed network, the security of the CAN bus network is not considered, and all nodes fixedly send own messages according to a provided CAN matrix table. However, the addition of the vehicle-mounted ethernet makes it possible for the CAN bus to be exposed in the public network, and there is a risk of remote intrusion. However, the security problem of the existing ethernet often prevents an untrusted network from accessing through a network firewall of an operating system. However, since most of network nodes in the vehicle are embedded devices, the operating system with powerful functions cannot be mounted, and the traditional network firewall cannot be directly borrowed.

Therefore, a method is needed to solve the above-mentioned problem of secure transmission of the in-vehicle network in the in-vehicle embedded environment.

Disclosure of Invention

The embodiment of the invention provides a message transmission method, a message transmission device, electronic equipment and a storage medium, and improves the security of message transmission.

In a first aspect, an embodiment of the present invention provides a packet transmission method, which is applied to a CAN node driver communicatively connected to a gateway controller, where the gateway controller is further communicatively connected to at least one ethernet node, and the method includes:

when a message to be sent is received, determining whether the identifier of the message to be sent belongs to a preset white list;

and if the identifier of the message to be sent belongs to a preset white list, sending the message to be sent, otherwise, preventing the message to be sent from being sent.

Further, the method further comprises:

configuring the preset white list for the CAN node driver through a gateway controller.

In a second aspect, an embodiment of the present invention further provides a packet transmission method, which is applied to a gateway controller, where the gateway controller is communicatively connected to at least one CAN node driver and at least one ethernet node respectively, and the method includes:

when a message sent by a first Ethernet node to a second Ethernet node is received, determining whether the message carries encrypted data;

if the message carries encrypted data, decrypting the encrypted data based on a first secret key appointed by the first Ethernet node to obtain decrypted data;

encrypting the decrypted data based on a second key agreed with the second Ethernet node to obtain a ciphertext;

and replacing the encrypted data carried by the message by using the ciphertext, and sending the replaced message to the second Ethernet node.

Further, before receiving the packet sent by the first ethernet node to the second ethernet node, the method further includes:

and authenticating the first Ethernet node and the second Ethernet node respectively to determine a first key agreed with the first Ethernet node and a second key agreed with the second Ethernet node.

Further, authenticating the first ethernet node includes:

sending a set of random numbers and an authentication algorithm to the first Ethernet node, so that the first Ethernet node encrypts the set of random data based on the authentication algorithm to obtain first data;

receiving the first data sent by the first Ethernet node within a set time;

encrypting the set of random numbers based on the authentication algorithm to obtain second data;

and if the first data is the same as the second data, sending the first key to the first Ethernet node.

Further, after the authenticating the first ethernet node and the second ethernet node respectively, the method further includes:

respectively timing idle time of the first Ethernet node and idle time of the second Ethernet node;

if the idle time of the first Ethernet node or the second Ethernet node exceeds a set threshold, canceling the authentication state of the first Ethernet node or the second Ethernet node, and disconnecting the communication connection with the first Ethernet node or the second Ethernet node.

Further, after the disconnecting the communication connection with the first ethernet node or the second ethernet node, the method further includes:

if the connection request of the first Ethernet node or the second Ethernet node is received again, re-authentication is carried out on the first Ethernet node or the second Ethernet node so as to determine a new key agreed with the first Ethernet node or the second Ethernet node.

In a third aspect, an embodiment of the present invention further provides a packet transmission apparatus, which is integrated in a CAN node driver communicatively connected to a gateway controller, where the gateway controller is further communicatively connected to at least one ethernet node, and the apparatus includes:

the determining module is used for determining whether the identifier of the message to be sent belongs to a preset white list or not when the message to be sent is received;

and the sending module is used for sending the message to be sent if the identifier of the message to be sent belongs to a preset white list, and otherwise, preventing the message to be sent from being sent.

Further, the apparatus further comprises: and the configuration module is used for configuring the preset white list for the CAN node driver through a gateway controller.

In a fourth aspect, an embodiment of the present invention further provides a packet transmission apparatus, which is integrated in a gateway controller, where the gateway controller is communicatively connected to at least one CAN node driver and at least one ethernet node, respectively, and the apparatus includes:

the determining module is used for determining whether the message carries encrypted data or not when receiving the message sent by the first Ethernet node to the second Ethernet node;

the decryption module is used for decrypting the encrypted data based on a first secret key appointed with the first Ethernet node if the message carries the encrypted data to obtain decrypted data;

the encryption module is used for encrypting the decrypted data based on a second key appointed by the second Ethernet node to obtain a ciphertext;

and the sending module is used for replacing the encrypted data carried by the message by using the ciphertext and sending the replaced message to the second Ethernet node.

Further, the apparatus further comprises: and the authentication module is used for respectively authenticating the first Ethernet node and the second Ethernet node before receiving the message sent by the first Ethernet node to the second Ethernet node so as to determine a first key appointed with the first Ethernet node and a second key appointed with the second Ethernet node.

Further, the authentication module includes:

a first sending unit, configured to send a set of random numbers and an authentication algorithm to the first ethernet node, so that the first ethernet node encrypts the set of random data based on the authentication algorithm to obtain first data;

a receiving unit, configured to receive the first data sent by the first ethernet node within a set time;

an encryption unit configured to encrypt the set of random numbers based on the authentication algorithm to obtain second data;

a second sending unit, configured to send the first key to the first ethernet node if the first data is the same as the second data.

Further, the apparatus further comprises: an authentication management module, configured to time idle time of the first ethernet node and idle time of the second ethernet node after the first ethernet node and the second ethernet node are authenticated respectively; if the idle time of the first Ethernet node or the second Ethernet node exceeds a set threshold, canceling the authentication state of the first Ethernet node or the second Ethernet node, and disconnecting the communication connection with the first Ethernet node or the second Ethernet node.

Further, the apparatus further comprises: a re-authentication module, configured to re-authenticate the first ethernet node or the second ethernet node to determine a new key agreed with the first ethernet node or the second ethernet node when a connection request of the first ethernet node or the second ethernet node is received again after the communication connection with the first ethernet node or the second ethernet node is disconnected.

In a fifth aspect, an embodiment of the present invention further provides an electronic device, where the electronic device includes:

the gateway controller is in communication connection with at least one CAN node driver and at least one Ethernet node respectively;

a storage device for storing one or more programs,

when the one or more programs are executed by the CAN node driver or gateway controller, causing the CAN node driver or gateway controller to implement the message transmission method of any of claims 1-2 or 3-7.

In a sixth aspect, the present invention further provides a storage medium containing computer-executable instructions, which when executed by a computer processor, are configured to perform the message transmission method according to any one of the embodiments of the present invention.

A technical solution of an embodiment of the present invention is applied to a CAN node driver communicatively connected to a gateway controller, where the gateway controller is further communicatively connected to at least one ethernet node, and includes: when a message to be sent is received, determining whether the identifier of the message to be sent belongs to a preset white list; if the identifier of the message to be sent belongs to a preset white list, the message to be sent is sent, otherwise, the message to be sent is prevented from being sent, and the purpose of ensuring the message transmission safety in the application of the traditional CAN distributed network with the Ethernet as the core of the whole network is achieved.

Drawings

The above and other features, advantages and aspects of various embodiments of the present invention will become more apparent by referring to the following detailed description when taken in conjunction with the accompanying drawings. Throughout the drawings, the same or similar reference numbers refer to the same or similar elements. It should be understood that the drawings are schematic and that elements and features are not necessarily drawn to scale.

Fig. 1 is a schematic flow chart of a message transmission method according to an embodiment of the present invention;

fig. 2 is a schematic diagram of a topology of a vehicle-mounted network connected to a gateway controller according to an embodiment of the present invention;

fig. 3 is a flowchart of a method for configuring the preset white list for the CAN node driver according to an embodiment of the present invention;

fig. 4 is a schematic flow chart of a message transmission method according to a second embodiment of the present invention;

fig. 5 is a schematic flowchart illustrating authentication performed on an ethernet node according to a second embodiment of the present invention;

fig. 6 is a schematic diagram of a message output flow according to a second embodiment of the present invention;

fig. 7 is a schematic diagram illustrating an authentication management flow of a network node according to a second embodiment of the present invention;

fig. 8 is a schematic structural diagram of a message transmission apparatus according to a third embodiment of the present invention;

fig. 9 is a schematic structural diagram of a message transmission apparatus according to a fourth embodiment of the present invention;

fig. 10 is a schematic structural diagram of an electronic device according to a fifth embodiment of the present invention.

Detailed Description

Embodiments of the present invention will be described in more detail below with reference to the accompanying drawings. While certain embodiments of the present invention are shown in the drawings, it should be understood that the present invention may be embodied in various forms and should not be construed as limited to the embodiments set forth herein, but rather are provided for a more thorough and complete understanding of the present invention. It should be understood that the drawings and the embodiments of the present invention are illustrative only and are not intended to limit the scope of the present invention.

It should be understood that the various steps recited in the method embodiments of the present invention may be performed in a different order and/or performed in parallel. Moreover, method embodiments may include additional steps and/or omit performing the illustrated steps. The scope of the invention is not limited in this respect.

The term "include" and variations thereof as used herein are open-ended, i.e., "including but not limited to". The term "based on" is "based, at least in part, on". The term "one embodiment" means "at least one embodiment"; the term "another embodiment" means "at least one additional embodiment"; the term "some embodiments" means "at least some embodiments". Relevant definitions for other terms will be given in the following description.

It should be noted that the terms "first", "second", and the like in the present invention are only used for distinguishing different devices, modules or units, and are not used for limiting the order or interdependence relationship of the functions performed by the devices, modules or units.

It is noted that references to "a", "an", and "the" modifications in the present invention are intended to be illustrative rather than limiting, and that those skilled in the art will recognize that reference to "one or more" unless the context clearly dictates otherwise.

Example one

Fig. 1 is a schematic flow chart of a message transmission method according to an embodiment of the present invention, which is applicable to a vehicle-mounted network, specifically, a vehicle-mounted network application in which an ethernet is used as a core of a whole network and a conventional CAN distributed network is used, and the method aims to improve the security of message transmission. Since most network nodes in the vehicle are embedded devices and cannot mount a powerful operating system, the security of the network cannot be ensured by directly using a traditional network firewall, and the technical scheme of the embodiment of the invention is provided. The method may be performed by a message transmission device, which may be implemented in software and/or hardware. The message transmission method provided by this embodiment is applied to a CAN node driver in communication connection with a gateway controller, and the gateway controller is also in communication connection with at least one ethernet node. Correspondingly, referring to the schematic diagram of the topology of the vehicle-mounted network connected to the gateway controller shown in fig. 2, the network nodes communicatively connected to the gateway controller 210 include at least one CAN node 220 and at least one ethernet node 230, where each CAN node 220 corresponds to a CAN node driver (e.g., driver chip TJA1153), and the CAN node drivers are used to implement receiving and sending of messages.

As shown in fig. 1, the message transmission method provided in this embodiment includes the following steps:

step 110, receiving a message to be sent.

Step 120, determining whether the identifier of the message to be sent belongs to a preset white list, if the identifier of the message to be sent belongs to the preset white list, executing step 130 to send the message to be sent, otherwise executing step 140 to prevent the message to be sent from being sent.

The method comprises the steps that a message identifier which CAN be sent by a current CAN node driver is recorded in a preset white list, when a message to be sent is received, the identifier of the message to be sent is matched with each message identifier recorded in the preset white list, if the identifier of the message to be sent is recorded in the preset white list, the current CAN node driver CAN send the message to be sent, and if not, the message to be sent is not sent, or an error frame is sent to prevent the message to be sent from being sent. Therefore, important CAN messages CAN only be sent from a specified CAN node driver, the CAN messages CAN only be sent through correct CAN nodes, the invasion of external nodes or the sending of error messages by some unexpected nodes CAN be prevented, and the safety of CAN network data of the whole vehicle CAN be ensured.

And step 130, sending the message to be sent.

And 140, preventing the message to be sent from being sent.

The central idea of the technical solution of this embodiment is to configure a black and white list for each CAN node, and all CAN nodes with security attribute need to select a dedicated CAN driver chip (e.g., TJA 1153). And when designing the CAN matrix table, distributing independent configuration IDs for each CAN node driver with the safety attribute, and writing the configuration IDs into the CAN driver chips in advance according to the method of the CAN driver chips. By configuring the ID, the gateway controller CAN allocate a black and white list to each CAN node driver, so that the CAN node driver is only allowed to send messages of the white list, and after receiving the messages of the black list, the CAN driver CAN directly send error frames to prevent the messages from being sent.

Correspondingly, the method further comprises the following steps: configuring the preset white list for the CAN node driver through a gateway controller. The white list can be specifically set according to the security level of the message data. Referring to a flowchart of a method for configuring the preset white list for the CAN node driver shown in fig. 3, the method specifically includes: designing a CAN matrix table by combining an application scene, and distributing a white list and a black list for each CAN node participating in the activity, wherein the process is called distributing configuration ID and rules for each CAN node participating in the activity; writing the CAN matrix table and a white list and a black list of each CAN node participating in activity into a gateway controller, after receiving an instruction for configuring a CAN network, the gateway controller sends a CAN message based on the white list, and writes the white list and the black list into corresponding CAN node drivers; and the CAN node driver receives and stores the white list and the black list of the CAN node driver.

According to the technical scheme of the embodiment of the invention, the black and white list is configured for each CAN node in advance, and each CAN node CAN only send the message in the white list of the CAN node and CAN not send other messages, so that the message of the CAN network CAN be ensured to be sent only by the CAN node specified by the CAN matrix table, the possible external nodes CAN be prevented from invading the CAN network, and the safety of the CAN network and the safety of message transmission CAN be ensured.

Example two

Fig. 4 is a flowchart illustrating a message transmission method according to a second embodiment of the present invention. On the basis of the foregoing embodiments, the method provided in this embodiment is applied to the gateway controller, and the gateway controller is in communication connection with at least one CAN node driver and at least one ethernet node, respectively, so as to improve the security of a packet transmitted through the ethernet node.

As shown in fig. 4, the method comprises the steps of:

step 410, when receiving a packet sent by a first ethernet node to a second ethernet node, determining whether the packet carries encrypted data.

Step 420, if the packet carries encrypted data, decrypting the encrypted data based on a first key agreed with the first ethernet node to obtain decrypted data.

And 430, encrypting the decrypted data based on a second key agreed with the second Ethernet node to obtain a ciphertext.

Step 440, replacing the encrypted data carried in the packet with the ciphertext, and sending the replaced packet to the second ethernet node.

Illustratively, authenticating the first ethernet node comprises:

receiving the first data sent by the first Ethernet node within a set time;

The security of the message is transmitted by adopting an authentication process and an important data ciphertext transmission mode. When the active Ethernet node accesses the network, the authentication process is initiated by the gateway controller to verify the validity of the node participating in the network, and after the node is successfully verified, the gateway controller allocates a key to the node, and the node can encrypt and transmit important data. The gateway controller can judge a routing target node of data to be transmitted, decrypt the received data to be routed, re-encrypt the data by using a key appointed with the target node, and transmit the data to the target node, so that the important data are always encrypted and transmitted by using a dynamic key, and the safety of Ethernet data transmission is ensured.

The central idea of the technical scheme of the embodiment is that when the Ethernet node participates in network activities, the validity of the Ethernet node is verified, the gateway controller can keep the traditional network firewall function, and an additional authentication and ciphertext transmission strategy is designed for other embedded Ethernet nodes. The key is obtained dynamically after each authentication is passed. The gateway controller cancels the authentication state after judging that a certain Ethernet node stops the activity for more than a certain time or the Ethernet node actively quits the network activity. After the gateway controller cancels the authentication state, if the node needs to join the network again, the node needs to be verified again and a secret key needs to be obtained. The unauthenticated node, the gateway controller will stop providing routing services to it and attempt to authenticate with it each time it joins the campaign.

Specifically, after the authenticating the first ethernet node and the second ethernet node respectively, the method further includes:

After the communication connection with the first ethernet node or the second ethernet node is disconnected, the method further includes:

Correspondingly, referring to a schematic flowchart of the process for authenticating the ethernet node shown in fig. 5, specifically includes: the gateway controller judges whether the nodes participating in the network activity are authenticated, if not, an authentication flow is started; the gateway controller establishes TCP/IP or UDP connection with the node and starts authentication; the gateway controller sends a set of random numbers and authentication method descriptions to the node; the node encrypts the random number by a predetermined authentication method and transmits the encrypted content back to the gateway controller within a specified time; the gateway controller encrypts the random number in the same way, then judges whether the encrypted data are the same, and if the encrypted data are the same, the gateway controller sends a key to the node. The gateway controller and the node both save the key and the authentication process ends.

A corresponding message output flow diagram shown in fig. 6 includes: a first Ethernet node (also called a source node) participating in the activity sends an Ethernet data message; after receiving the message, the gateway controller judges whether the message carries encrypted data, and if the message carries the encrypted data, the gateway controller decrypts the encrypted data by using a secret key appointed with the first Ethernet node; judging a target node (namely the second Ethernet node) corresponding to the message, and re-encrypting and decrypting the obtained plaintext data according to a secret key appointed with the target node to obtain a ciphertext; and replacing the effective data load of the message by using the ciphertext and sending the effective data load to the target node.

Correspondingly, referring to fig. 7, an authentication management flow diagram of a network node specifically includes: after the active network node is successfully authenticated, the gateway controller starts a timer to time the active network node, and resets the timer when the active network node participates in network activity; when the count value of the timer exceeds the preset overtime time T0 or receives a quit network activity message sent by an active network node, the gateway controller cancels the authentication state of the active network node; when the active network node is connected to the access network again, the authentication process needs to be started again to obtain the key again.

According to the technical scheme of the embodiment of the invention, the message security is transmitted by adopting an authentication process and an important data ciphertext transmission mode. When the active Ethernet node accesses the network, the authentication process is initiated by the gateway controller to verify the validity of the node participating in the network, and after the node is successfully verified, the gateway controller allocates a key to the node, and the node can encrypt and transmit important data. The gateway controller can judge a routing target node of data to be transmitted, decrypt the received data to be routed, re-encrypt the data by using a key appointed with the target node, and transmit the data to the target node, so that the important data are always encrypted and transmitted by using a dynamic key, and the safety of Ethernet data transmission is ensured.

EXAMPLE III

Fig. 8 is a message transmission apparatus according to a third embodiment of the present invention, where the apparatus is integrated in a CAN node driver communicatively connected to a gateway controller, and the gateway controller is further communicatively connected to at least one ethernet node. As shown in fig. 8, the apparatus includes: a determination module 810 and a sending module 820.

The determining module 810 is configured to determine, when a message to be sent is received, whether an identifier of the message to be sent belongs to a preset white list; a sending module 820, configured to send the message to be sent if the identifier of the message to be sent belongs to a preset white list, or prevent the message to be sent from being sent.

The message transmission device provided by the embodiment of the invention can execute the message transmission method provided by the embodiment of the invention, and has the corresponding functional modules and beneficial effects of the execution method.

Example four

Fig. 9 is a message transmission apparatus integrated in a gateway controller, where the gateway controller is communicatively connected to at least one CAN node driver and at least one ethernet node respectively. As shown in fig. 9, the apparatus includes: a determination module 910, a decryption module 920, an encryption module 930, and a transmission module 940.

The determining module 910 is configured to determine, when a packet sent by a first ethernet node to a second ethernet node is received, whether the packet carries encrypted data; a decryption module 920, configured to decrypt, if the packet carries encrypted data, the encrypted data based on a first key agreed with the first ethernet node, so as to obtain decrypted data; an encrypting module 930, configured to encrypt the decrypted data based on a second key agreed with the second ethernet node, so as to obtain a ciphertext; a sending module 940, configured to replace the encrypted data carried in the packet with the ciphertext, and send the replaced packet to the second ethernet node.

Further, the authentication module includes:

The message transmission device provided by the embodiment of the invention can execute the message transmission method provided by the second embodiment of the invention, and has the corresponding functional modules and beneficial effects of the execution method.

It should be noted that, the units and modules included in the apparatus are merely divided according to functional logic, but are not limited to the above division as long as the corresponding functions can be implemented; in addition, specific names of the functional units are only for convenience of distinguishing from each other, and are not used for limiting the protection scope of the embodiment of the invention.

EXAMPLE five

Referring now to fig. 10, a schematic diagram of an electronic device (e.g., the terminal device or server of fig. 10) 400 suitable for implementing embodiments of the present invention is shown. The terminal device in the embodiments of the present invention may include, but is not limited to, a mobile terminal such as a mobile phone, a notebook computer, a digital broadcast receiver, a PDA (personal digital assistant), a PAD (tablet computer), a PMP (portable multimedia player), a vehicle terminal (e.g., a car navigation terminal), and the like, and a fixed terminal such as a digital TV, a desktop computer, and the like. The electronic device shown in fig. 10 is only an example, and should not bring any limitation to the functions and the scope of use of the embodiments of the present invention.

As shown in fig. 10, the electronic device 400 may include a processing means (e.g., a central processing unit, a graphics processor, etc.) 401 that may perform various appropriate actions and processes in accordance with a program stored in a Read Only Memory (ROM)402 or a program loaded from a storage device 406 into a Random Access Memory (RAM) 403. In the RAM 403, various programs and data necessary for the operation of the electronic apparatus 400 are also stored. The processing device 401, the ROM 402, and the RAM 403 are connected to each other via a bus 404. An input/output (I/O) interface 405 is also connected to bus 404.

Generally, the following devices may be connected to the I/O interface 405: input devices 406 including, for example, a touch screen, touch pad, keyboard, mouse, camera, microphone, accelerometer, gyroscope, etc.; an output device 407 including, for example, a Liquid Crystal Display (LCD), a speaker, a vibrator, and the like; storage devices 406 including, for example, magnetic tape, hard disk, etc.; and a communication device 409. The communication means 409 may allow the electronic device 400 to communicate wirelessly or by wire with other devices to exchange data. While fig. 10 illustrates an electronic device 400 having various means, it is to be understood that not all illustrated means are required to be implemented or provided. More or fewer devices may alternatively be implemented or provided.

In particular, according to an embodiment of the present invention, the processes described above with reference to the flowcharts may be implemented as computer software programs. For example, an embodiment of the invention includes a computer program product comprising a computer program carried on a non-transitory computer readable medium, the computer program containing program code for performing the method illustrated by the flow chart. In such an embodiment, the computer program may be downloaded and installed from a network via the communication means 409, or from the storage means 406, or from the ROM 402. The computer program performs the above-described functions defined in the methods of embodiments of the invention when executed by the processing apparatus 401.

The terminal provided by the embodiment of the present invention and the message transmission method provided by the above embodiment belong to the same inventive concept, and technical details that are not described in detail in the embodiment of the present invention may be referred to the above embodiment, and the embodiment of the present invention has the same beneficial effects as the above embodiment.

EXAMPLE six

An embodiment of the present invention provides a computer storage medium, on which a computer program is stored, where the computer program, when executed by a processor, implements the message transmission method provided in the foregoing embodiment.

It should be noted that the computer readable medium of the present invention can be a computer readable signal medium or a computer readable storage medium or any combination of the two. A computer readable storage medium may be, for example, but not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or any combination of the foregoing. More specific examples of the computer readable storage medium may include, but are not limited to: an electrical connection having one or more wires, a portable computer diskette, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), an optical fiber, a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing. In the present invention, a computer readable storage medium may be any tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device. In the present invention, however, a computer readable signal medium may include a propagated data signal with computer readable program code embodied therein, either in baseband or as part of a carrier wave. Such a propagated data signal may take many forms, including, but not limited to, electro-magnetic, optical, or any suitable combination thereof. A computer readable signal medium may also be any computer readable medium that is not a computer readable storage medium and that can communicate, propagate, or transport a program for use by or in connection with an instruction execution system, apparatus, or device. Program code embodied on a computer readable medium may be transmitted using any appropriate medium, including but not limited to: electrical wires, optical cables, RF (radio frequency), etc., or any suitable combination of the foregoing.

In some embodiments, the clients, servers may communicate using any currently known or future developed network Protocol, such as HTTP (HyperText Transfer Protocol), and may interconnect with any form or medium of digital data communication (e.g., a communications network). Examples of communication networks include a local area network ("LAN"), a wide area network ("WAN"), the Internet (e.g., the Internet), and peer-to-peer networks (e.g., ad hoc peer-to-peer networks), as well as any currently known or future developed network.

The computer readable medium may be embodied in the electronic device; or may exist separately without being assembled into the electronic device.

The computer readable medium carries one or more programs which, when executed by the electronic device, cause the electronic device to:

Or when a message sent by a first Ethernet node to a second Ethernet node is received, determining whether the message carries encrypted data;

Computer program code for carrying out operations for aspects of the present invention may be written in any combination of one or more programming languages, including but not limited to an object oriented programming language such as Java, Smalltalk, C + +, and conventional procedural programming languages, such as the "C" programming language or similar programming languages. The program code may execute entirely on the user's computer, partly on the user's computer, as a stand-alone software package, partly on the user's computer and partly on a remote computer or entirely on the remote computer or server. In the case of a remote computer, the remote computer may be connected to the user's computer through any type of network, including a Local Area Network (LAN) or a Wide Area Network (WAN), or the connection may be made to an external computer (for example, through the Internet using an Internet service provider).

The flowchart and block diagrams in the figures illustrate the architecture, functionality, and operation of possible implementations of systems, methods and computer program products according to various embodiments of the present invention. In this regard, each block in the flowchart or block diagrams may represent a module, segment, or portion of code, which comprises one or more executable instructions for implementing the specified logical function(s). It should also be noted that, in some alternative implementations, the functions noted in the block may occur out of the order noted in the figures. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved. It will also be noted that each block of the block diagrams and/or flowchart illustration, and combinations of blocks in the block diagrams and/or flowchart illustration, can be implemented by special purpose hardware-based systems which perform the specified functions or acts, or combinations of special purpose hardware and computer instructions.

The units described in the embodiments of the present invention may be implemented by software or hardware. Where the name of a cell does not in some cases constitute a limitation on the cell itself, for example, an editable content display cell may also be described as an "editing cell".

The functions described herein above may be performed, at least in part, by one or more hardware logic components. For example, without limitation, exemplary types of hardware logic components that may be used include: field Programmable Gate Arrays (FPGAs), Application Specific Integrated Circuits (ASICs), Application Specific Standard Products (ASSPs), systems on a chip (SOCs), Complex Programmable Logic Devices (CPLDs), and the like.

In the context of the present invention, a machine-readable medium may be a tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device. The machine-readable medium may be a machine-readable signal medium or a machine-readable storage medium. A machine-readable medium may include, but is not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or any suitable combination of the foregoing. More specific examples of a machine-readable storage medium would include an electrical connection based on one or more wires, a portable computer diskette, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), an optical fiber, a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing.

The foregoing description is only exemplary of the preferred embodiments of the invention and is illustrative of the principles of the technology employed. It will be appreciated by those skilled in the art that the scope of the disclosure herein is not limited to the particular combination of features described above, but also encompasses other embodiments in which any combination of the features described above or their equivalents is encompassed without departing from the spirit of the disclosure. For example, the above features and (but not limited to) features having similar functions disclosed in the present invention are mutually replaced to form the technical solution.

Further, while operations are depicted in a particular order, this should not be understood as requiring that such operations be performed in the particular order shown or in sequential order. Under certain circumstances, multitasking and parallel processing may be advantageous. Likewise, while several specific implementation details are included in the above discussion, these should not be construed as limitations on the scope of the invention. Certain features that are described in the context of separate embodiments can also be implemented in combination in a single embodiment. Conversely, various features that are described in the context of a single embodiment can also be implemented in multiple embodiments separately or in any suitable subcombination.

Although the subject matter has been described in language specific to structural features and/or methodological acts, it is to be understood that the subject matter defined in the appended claims is not necessarily limited to the specific features or acts described above. Rather, the specific features and acts described above are disclosed as example forms of implementing the claims.

Claims

1. A message transmission method is applied to a CAN node driver which is in communication connection with a gateway controller, the gateway controller is also in communication connection with at least one Ethernet node, and the message transmission method is characterized by comprising the following steps:

2. The method of claim 1, further comprising:

3. A message transmission method is applied to a gateway controller, and the gateway controller is respectively in communication connection with at least one CAN node driver and at least one Ethernet node, and is characterized by comprising the following steps:

4. The method according to claim 3, wherein before receiving the packet sent from the first ethernet node to the second ethernet node, the method further comprises:

5. The method of claim 4, wherein authenticating the first Ethernet node comprises:

receiving the first data sent by the first Ethernet node within a set time;

6. The method of claim 4, wherein after authenticating the first Ethernet node and the second Ethernet node, respectively, further comprising:

7. The method of claim 6, wherein after disconnecting the communication connection with the first Ethernet node or the second Ethernet node, further comprising:

8. A packet transfer device integrated with a CAN node driver communicatively coupled to a gateway controller, said gateway controller also communicatively coupled to at least one ethernet node, comprising:

9. A packet forwarding device integrated in a gateway controller, the gateway controller being communicatively coupled to at least one CAN node driver and at least one ethernet node, respectively, comprising:

10. An electronic device, characterized in that the electronic device comprises: the gateway controller is in communication connection with at least one CAN node driver and at least one Ethernet node respectively;

a storage device for storing one or more programs,