CN112235263A - Diagnostic device security authentication method, server, vehicle, and storage medium - Google Patents
Diagnostic device security authentication method, server, vehicle, and storage medium Download PDFInfo
- Publication number
- CN112235263A CN112235263A CN202011031514.5A CN202011031514A CN112235263A CN 112235263 A CN112235263 A CN 112235263A CN 202011031514 A CN202011031514 A CN 202011031514A CN 112235263 A CN112235263 A CN 112235263A
- Authority
- CN
- China
- Prior art keywords
- identification information
- diagnostic
- diagnostic device
- vehicle
- serial number
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0823—Network architectures or network communication protocols for network security for authentication of entities using certificates
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0807—Network architectures or network communication protocols for network security for authentication of entities using tickets, e.g. Kerberos
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L69/00—Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
- H04L69/22—Parsing or analysis of headers
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Mobile Radio Communication Systems (AREA)
- Small-Scale Networks (AREA)
Abstract
The application provides a safety authentication method for diagnostic equipment, a server, a vehicle and a storage medium, relates to the technical field of vehicles, and can improve the safety of a vehicle diagnostic process. The method comprises the following steps: acquiring identification information of diagnostic equipment and certificate data of mobile equipment Ukey matched with the diagnostic equipment; packaging the identification information and the certificate data according to a preset communication protocol to obtain a communication data packet; and sending the communication data packet to a vehicle to indicate the vehicle to analyze the communication data packet, and performing safety certification on the diagnosis equipment according to the identification information and the certificate data obtained by analysis.
Description
Technical Field
The present application relates to the field of vehicle technologies, and in particular, to a method for security authentication of a diagnostic device, a server, a vehicle, and a storage medium.
Background
At present, the vehicle diagnosis interface is basically open, such as an OBD (on Board diagnostics) interface. Therefore, the diagnostic equipment of any manufacturer can communicate with the vehicle through the open vehicle diagnostic interface, and the vehicle cannot judge the accessed diagnostic equipment. Therefore, the unauthorized diagnostic equipment can carry out any diagnosis on the vehicle, and the problems of damage of each system of the vehicle, change of configuration parameters and the like are caused, so that unsafe operation exists in the vehicle diagnosis process.
Disclosure of Invention
The embodiment of the application provides a safety certification method for diagnostic equipment, a server, a vehicle and a storage medium, and can solve the problem of insecurity caused by random diagnosis of the vehicle by the unauthorized diagnostic equipment.
In a first aspect, the present application provides a diagnostic device security authentication method, applied to a server, the method including:
acquiring identification information of diagnostic equipment and certificate data of mobile equipment Ukey matched with the diagnostic equipment;
packaging the identification information and the certificate data according to a preset communication protocol to obtain a communication data packet;
and sending the communication data packet to a vehicle to indicate the vehicle to analyze the communication data packet, and performing safety certification on the diagnosis equipment according to the identification information and the certificate data obtained by analysis.
In an optional implementation manner, the identification information of the diagnostic device includes a first serial number of the diagnostic device;
the method for acquiring the identification information of the diagnostic equipment and the certificate data of the mobile equipment Ukey matched with the diagnostic equipment comprises the following steps:
reading the first serial number of the diagnostic device;
and calling a preset interface function to read the certificate data of the Ukey matched with the diagnostic equipment.
In a second aspect, the present application provides a diagnostic device security authentication method, applied to a vehicle, the method including:
receiving a communication data packet sent by a server, wherein the communication data packet is obtained by encapsulating identification information of a diagnosis device and certificate data of a mobile device Ukey matched with the diagnosis device by the server according to a preset communication protocol;
analyzing the communication data packet to obtain the identification information and the certificate data;
and performing security authentication on the diagnostic equipment according to the identification information and the certificate data.
In an optional implementation manner, the identification information of the diagnostic device includes a first serial number of the diagnostic device;
according to the identification information and the certificate data, performing security authentication on the diagnostic equipment, including:
decrypting the certificate data according to a preset decryption algorithm to obtain a second serial number;
and performing safety certification on the diagnostic equipment according to the second serial number and the first serial number.
In an optional implementation manner, performing security authentication on the diagnostic device according to the second serial number and the first serial number includes:
comparing the second sequence number to the first sequence number;
if the second serial number is corresponding to the first serial number, determining that the diagnostic equipment passes the safety certification;
and if the second serial number is not consistent with the first serial number correspondingly, determining that the safety certification of the diagnostic equipment is not passed.
In a third aspect, the present application provides a server, comprising:
the acquisition module is used for acquiring identification information of the diagnostic equipment and certificate data of the mobile equipment Ukey matched with the diagnostic equipment;
the obtaining module is used for packaging the identification information and the certificate data according to a preset communication protocol to obtain a communication data packet;
and the sending module is used for sending the communication data packet to a vehicle so as to instruct the vehicle to analyze the communication data packet, and performing safety certification on the diagnosis equipment according to the identification information and the certificate data obtained by analysis.
In an optional implementation manner, the identification information of the diagnostic device includes a first serial number of the diagnostic device;
an acquisition module, comprising:
a first reading unit for reading the first serial number of the diagnostic device;
and the second reading unit is used for calling a preset interface function to read the certificate data of the Ukey matched with the diagnostic equipment.
In a fourth aspect, the present application provides a vehicle comprising:
the diagnostic equipment comprises a receiving module, a judging module and a judging module, wherein the receiving module is used for receiving a communication data packet sent by a server, and the communication data packet is obtained by encapsulating identification information of diagnostic equipment and certificate data of mobile equipment Ukey matched with the diagnostic equipment by the server according to a preset communication protocol;
an obtaining module, configured to analyze the communication data packet to obtain the identification information and the certificate data;
and the authentication module is used for carrying out safety authentication on the diagnostic equipment according to the identification information and the certificate data.
In an optional implementation manner, the identification information of the diagnostic device includes a first serial number of the diagnostic device;
an authentication module comprising:
the first obtaining unit is used for decrypting the certificate data according to a preset decryption algorithm to obtain a second serial number;
and the authentication unit is used for carrying out safety authentication on the diagnostic equipment according to the second serial number and the first serial number.
In an optional implementation manner, the authentication unit includes:
a comparison subunit, configured to compare the second sequence number with the first sequence number;
the first determining subunit is used for determining that the diagnostic equipment passes the safety certification if the second serial number is corresponding to the first serial number;
and the second determining subunit is used for determining that the safety certification of the diagnostic equipment is not passed if the second serial number is not consistent with the first serial number.
In a fifth aspect, the present application provides a server, comprising: a memory for storing a diagnostic device security authentication program; a processor, configured to implement the diagnostic device security authentication method according to the first aspect when executing the diagnostic device security authentication program.
In a sixth aspect, the present application provides a vehicle comprising: a memory for storing a diagnostic device security authentication program; a processor, configured to implement the diagnostic device security authentication method according to the second aspect when executing the diagnostic device security authentication program.
In a seventh aspect, the present application provides a computer-readable storage medium storing a computer program, which when executed by a processor implements the diagnostic device security authentication method according to the first aspect, or which when executed by a processor implements the diagnostic device security authentication method according to the second aspect.
In an eighth aspect, an embodiment of the present application provides a computer program product, which, when running on a server, causes the server to execute the diagnostic device security authentication method described in the first aspect.
In a ninth aspect, the present application provides a computer program product, when running on a vehicle, for causing the vehicle to execute the diagnostic device security authentication method described in the second aspect above.
By adopting the diagnostic equipment safety certification method provided by the first aspect of the application, after a communication data packet is obtained by packaging the identification information of the diagnostic equipment and the certificate data of the mobile equipment matched with the diagnostic equipment, the vehicle analyzes the communication data packet, and then the safety certification is carried out on the accessed diagnostic equipment according to the identification information and the certificate data. The method can prevent unauthorized diagnostic equipment from randomly diagnosing the vehicle to cause damage to each system of the vehicle or change of configuration parameters, and improve the safety of the vehicle diagnostic process.
It is understood that the beneficial effects of the second to ninth aspects can be seen from the description of the first aspect, and are not repeated herein.
Drawings
In order to more clearly illustrate the technical solutions in the embodiments of the present application, the following briefly introduces the embodiments or drawings supported by the prior art description, and obviously, the drawings in the following description are only some embodiments of the present application, and for those skilled in the art, other drawings can be obtained according to these drawings without inventive labor.
Fig. 1 is a schematic view of an application scenario of a diagnostic device security authentication method according to a first embodiment of the present application;
fig. 2 is a flowchart of a method for security authentication of a diagnostic device according to a second embodiment of the present application;
fig. 3 is a flowchart of a method for security authentication of a diagnostic device according to a third embodiment of the present application;
FIG. 4 is a schematic diagram of a server provided by a fourth embodiment of the present application;
FIG. 5 is a schematic illustration of a vehicle provided in a fifth embodiment of the present application;
FIG. 6 is a schematic diagram of a server provided in a sixth embodiment of the present application;
fig. 7 is a schematic view of a vehicle according to a seventh embodiment of the present application.
Detailed Description
In the following description, for purposes of explanation and not limitation, specific details are set forth, such as particular system structures, techniques, etc. in order to provide a thorough understanding of the embodiments of the present application. It will be apparent, however, to one skilled in the art that the present application may be practiced in other embodiments that depart from these specific details. In other instances, detailed descriptions of well-known systems, devices, circuits, and methods are omitted so as not to obscure the description of the present application with unnecessary detail. It should be understood that the terms "first," "second," "third," and the like in the description of the present application and in the appended claims, are used for distinguishing between descriptions that are not intended to indicate or imply relative importance.
It should also be appreciated that reference throughout this specification to "one embodiment" or "some embodiments," or the like, means that a particular feature, structure, or characteristic described in connection with the embodiment is included in one or more embodiments of the present application. It should be further noted that, for the convenience of description, only some but not all of the relevant aspects of the present invention are shown in the drawings. Before discussing exemplary embodiments in more detail, it should be noted that some exemplary embodiments are described as processes or methods depicted as flowcharts. Although a flowchart may describe the operations (or steps) as a sequential process, many of the operations can be performed in parallel, concurrently or simultaneously. In addition, the order of the operations may be re-arranged. The process may be terminated when its operations are completed, but may have additional steps not included in the figure. The processes may correspond to methods, functions, procedures, subroutines, and the like.
Before explaining the diagnostic device security authentication method provided by the present application, an application scenario of the diagnostic device security authentication method adopted by the present application is first exemplarily explained with reference to fig. 1.
Fig. 1 is a schematic view of an application scenario of a diagnostic device security authentication method according to a first embodiment of the present application. As can be seen from fig. 1, the diagnostic device security authentication method provided in the embodiment of the present application is applied to a diagnostic device security authentication system 100, where the diagnostic device security authentication system 100 includes a server 101, a diagnostic device 102, a mobile device (also referred to as Ukey)103, and a vehicle 104. The server 101 is a computer device used by a vehicle company to run diagnostic software. The diagnostic device 102 is an external diagnostic device of the vehicle 104, and typically one end of the diagnostic device 102 is connected to the vehicle 104 through a vehicle communication interface (e.g., OBD interface) and the other end is connected to the server 101. The diagnostic device 102 is generally similar in appearance to a cassette and, therefore, is also commonly referred to as a diagnostic cassette.
Since the communication interface of the vehicle 104 can communicate with any brand of the diagnostic device 102, the diagnostic device 102 performs various read/write functions on each controller of the vehicle 104, so that a third party may use the unauthorized diagnostic device 102 to modify the controller of the vehicle 104 or even perform operations such as vehicle key matching without knowing the owner, which causes a security problem. Therefore, the diagnostic device security authentication system 100 provided in the embodiment of the present application further includes a Ukey103, and generally, the Ukey103 and the diagnostic device 102 are devices paired with each other. That is, one diagnostic device 102 corresponds to a Ukey103 associated therewith, and the Ukey103 corresponding to each diagnostic device 102 stores in advance key information corresponding to the identification information of the diagnostic device 102, and key data corresponding to the identification information of the corresponding diagnostic device 102 in the Ukey103 is used as certificate data. In the embodiment of the application, after the diagnostic device 102 establishes communication connection with the server 103 and the vehicle 104, the Ukey103 corresponding to the diagnostic device 102 also establishes communication connection with the server 103, and the server 103 sends the identification information of the diagnostic device 102 and the certificate data of the Ukey103 to the vehicle 104 to instruct the vehicle 104 to perform security authentication on the diagnostic device 102 according to the identification information of the diagnostic device 102 and the certificate data of the Ukey 103. Therefore, the condition that the vehicle 104 is randomly diagnosed by an illegal person by using the diagnosis equipment 102 to damage each system of the vehicle or change configuration parameters is avoided, and the safety of the vehicle diagnosis process is improved.
The following describes an exemplary method for authenticating a diagnostic device according to an embodiment of the present disclosure.
As shown in fig. 2, fig. 2 is a flowchart of a diagnostic device security authentication method according to a second embodiment of the present application. The diagnostic device security authentication method in this embodiment may be executed by a server, and the server may be implemented by hardware and/or software. The diagnostic device security authentication method as shown in fig. 2 may include:
s201, obtaining identification information of the diagnosis device and certificate data of the mobile device Ukey matched with the diagnosis device.
In an embodiment of the present application, the identification information of the diagnostic device includes a first serial number of the diagnostic device; the first serial number may be a unique serial number that can be pre-burned in an internal chip of the diagnostic device, such as a hard disk serial number or a network card serial number of the diagnostic device. It is understood that the diagnostic device can be uniquely identified by its identification information.
The first serial number of the diagnosis equipment matched with the UKey is pre-burned in the UKey of the mobile equipment, and after the mobile equipment Ukey establishes communication connection with the server, namely the Ukey is inserted into the server, key information corresponding to the first serial number is generated in the Ukey, wherein the key information is a random number generated according to a preset encryption algorithm, and the random number is acquired by the server as certificate data of the UKey.
For example, in this embodiment of the present application, the acquiring identification information of a diagnostic device and certificate data of a mobile device Ukey paired with the diagnostic device may include: reading the first serial number of the diagnostic device; and calling a preset interface function to read the certificate data of the Ukey matched with the diagnostic equipment.
It can be understood that the certificate data of the Ukey is a random number randomly generated by a preset encryption algorithm, and the corresponding certificate data may be different each time the Ukey is used.
S202, the identification information and the certificate data are packaged according to a preset communication protocol to obtain a communication data packet.
In the embodiment of the present application, the preset communication protocol may include a vehicle communication protocol, for example, a communication protocol based on a CAN BUS protocol standard. Illustratively, encapsulating the identification information and the certificate data according to a preset communication protocol to obtain a communication data packet may include: and framing the identification information and the certificate data of the diagnostic equipment through a CAN BUS protocol to obtain a communication data packet.
S203, the communication data packet is sent to a vehicle to indicate the vehicle to analyze the communication data packet, and safety certification is carried out on the diagnosis equipment according to the identification information and the certificate data obtained through analysis.
In the embodiment of the application, after the server sends the communication data packet to the vehicle, the vehicle can receive the communication data packet through the gateway, analyze the communication data packet, extract the identification information of the diagnostic equipment and the certificate data of the Ukey, and then decrypt the certificate data by the vehicle according to a preset decryption algorithm. The identification information of the diagnostic equipment is a first serial number of the diagnostic equipment, the vehicle decrypts the certificate data to obtain a second serial number corresponding to the certificate data, and the first serial number is compared with the second serial number to realize the safety certification of the diagnostic equipment.
As can be seen from the above analysis, in the diagnostic device security authentication method provided in the embodiment of the present application, after a communication data packet is obtained by encapsulating the identification information of the diagnostic device and the certificate data of the mobile device paired with the diagnostic device, the vehicle analyzes the communication data packet, and then performs security authentication on the accessed diagnostic device according to the identification information and the certificate data. The method can prevent unauthorized diagnostic equipment from randomly diagnosing the vehicle to cause damage to each system of the vehicle or change of configuration parameters, and improve the safety of the vehicle diagnostic process.
As shown in fig. 3, fig. 3 is a flowchart of a diagnostic device security authentication method according to a third embodiment of the present application. The diagnostic device security authentication method in the present embodiment may be performed by a vehicle, and the vehicle may be implemented by hardware and/or software. The diagnostic device security authentication method as shown in fig. 3 may include:
s301, receiving a communication data packet sent by a server, wherein the communication data packet is obtained by encapsulating identification information of a diagnosis device and certificate data of a mobile device Ukey matched with the diagnosis device by the server according to a preset communication protocol.
In the embodiment of the present application, the preset communication protocol may include a vehicle communication protocol, for example, a communication protocol based on a CAN BUS protocol standard.
S302, the communication data packet is analyzed to obtain the identification information and the certificate data.
Illustratively, the vehicle parses the communication data packet according to a communication protocol, and extracts the identification information and the certificate data.
S303, according to the identification information and the certificate data, carrying out security authentication on the diagnosis equipment.
In an embodiment of the present application, the identification information of the diagnostic device includes a first serial number of the diagnostic device; performing security authentication on the diagnostic device according to the identification information and the certificate data may include: decrypting the certificate data according to a preset decryption algorithm to obtain a second serial number; and performing safety certification on the diagnostic equipment according to the second serial number and the first serial number.
Illustratively, the performing security authentication on the diagnostic device according to the second serial number and the first serial number may include: comparing the second sequence number to the first sequence number; if the second serial number is corresponding to the first serial number, determining that the diagnostic equipment passes the safety certification; and if the second serial number is not consistent with the first serial number correspondingly, determining that the safety certification of the diagnostic equipment is not passed.
As can be seen from the above analysis, in the diagnostic device security authentication method provided in the embodiment of the present application, after a communication data packet is obtained by encapsulating the identification information of the diagnostic device and the certificate data of the mobile device paired with the diagnostic device, the vehicle analyzes the communication data packet, and then performs security authentication on the accessed diagnostic device according to the identification information and the certificate data. The method can prevent unauthorized diagnostic equipment from randomly diagnosing the vehicle to cause damage to each system of the vehicle or change of configuration parameters, and improve the safety of the vehicle diagnostic process. It should be understood that, the sequence numbers of the steps in the foregoing embodiments do not imply an execution sequence, and the execution sequence of each process should be determined by its function and inherent logic, and should not constitute any limitation to the implementation process of the embodiments of the present application.
Based on the method for the safety certification of the diagnostic equipment provided by the embodiment, the embodiment of the invention further provides an embodiment of a device for realizing the embodiment of the method.
As shown in fig. 4, fig. 4 is a schematic diagram of a server provided in a fourth embodiment of the present application. Modules are included for performing the steps in the embodiment of fig. 2. Please refer to the related description of the embodiment in fig. 2. For convenience of explanation, only the portions related to the present embodiment are shown. Referring to fig. 4, the server 400 includes:
the obtaining module 401 is configured to obtain identification information of a diagnostic device and certificate data of a mobile device Ukey paired with the diagnostic device.
A first obtaining module 402, configured to encapsulate the identification information and the certificate data according to a preset communication protocol, so as to obtain a communication data packet.
A sending module 403, configured to send the communication data packet to a vehicle, so as to instruct the vehicle to analyze the communication data packet, and perform security authentication on the diagnostic device according to the identification information and the certificate data obtained through analysis.
In an optional implementation manner, the identification information of the diagnostic device includes a first serial number of the diagnostic device;
the obtaining module 401 includes:
a first reading unit for reading the first serial number of the diagnostic device;
and the second reading unit is used for calling a preset interface function to read the certificate data of the Ukey matched with the diagnostic equipment.
As shown in fig. 5, fig. 5 is a schematic view of a vehicle according to a fifth embodiment of the present application. Modules are included for performing the steps in the embodiment of fig. 3. Please refer to the related description of the embodiment in fig. 3. For convenience of explanation, only the portions related to the present embodiment are shown. Referring to fig. 5, a vehicle 500 includes:
the receiving module 501 is configured to receive a communication data packet sent by a server, where the communication data packet is obtained by encapsulating, by the server, identification information of a diagnostic device and certificate data of a mobile device Ukey paired with the diagnostic device according to a preset communication protocol.
A second obtaining module 502, configured to analyze the communication data packet to obtain the identification information and the certificate data.
And an authentication module 503, configured to perform security authentication on the diagnostic device according to the identification information and the certificate data.
In an optional implementation manner, the identification information of the diagnostic device includes a first serial number of the diagnostic device;
an authentication module 503, comprising:
the first obtaining unit is used for decrypting the certificate data according to a preset decryption algorithm to obtain a second serial number;
and the authentication unit is used for carrying out safety authentication on the diagnostic equipment according to the second serial number and the first serial number.
In an optional implementation manner, the authentication unit includes:
a comparison subunit, configured to compare the second sequence number with the first sequence number;
the first determining subunit is used for determining that the diagnostic equipment passes the safety certification if the second serial number is corresponding to the first serial number;
and the second determining subunit is used for determining that the safety certification of the diagnostic equipment is not passed if the second serial number is not consistent with the first serial number.
It should be noted that, because the contents of information interaction, execution process, and the like between the modules are based on the same concept as that of the embodiment of the method of the present application, specific functions and technical effects thereof may be specifically referred to a part of the embodiment of the method, and details are not described here.
Fig. 6 is a schematic diagram of a server according to a sixth embodiment of the present application. As shown in fig. 6, the server 6 of this embodiment includes: a processor 600, a memory 601, and a computer program 602, such as a diagnostic device security authentication program, stored in the memory 601 and operable on the processor 600. The processor 600 executes the computer program 602 to implement the steps in the above-mentioned various embodiments of the diagnostic device security authentication method, such as the steps 201 to 203 shown in fig. 2. Alternatively, the processor 600 executes the computer program 602 to implement the functions of the modules/units in the above device embodiments, such as the functions of the modules 401 to 403 shown in fig. 4.
Illustratively, the computer program 602 may be partitioned into one or more modules/units that are stored in the memory 601 and executed by the processor 600 to accomplish the present application. The one or more modules/units may be a series of computer program instruction segments capable of performing specific functions, which are used to describe the execution of the computer program 602 in the server 6. For example, the computer program 602 may be divided into an obtaining module, an obtaining module and a sending module, and specific functions of each module are described in the embodiment corresponding to fig. 4, which is not described herein again.
The server 6 may include, but is not limited to, a processor 600, a memory 601. Those skilled in the art will appreciate that fig. 6 is merely an example of a server 6 and does not constitute a limitation of the server 6, and may include more or fewer components than shown, or some components in combination, or different components, e.g., the video processing device may also include input output devices, network access devices, buses, etc.
The Processor 600 may be a Central Processing Unit (CPU), other general purpose Processor, a Digital Signal Processor (DSP), an Application Specific Integrated Circuit (ASIC), an off-the-shelf Programmable Gate Array (FPGA) or other Programmable logic device, discrete Gate or transistor logic, discrete hardware components, etc. A general purpose processor may be a microprocessor or the processor may be any conventional processor or the like.
The storage 601 may be an internal storage unit of the server 6, such as a hard disk or a memory of the server 6. The memory 601 may also be an external storage device of the server 6, such as a plug-in hard disk, a Smart Media Card (SMC), a Secure Digital (SD) Card, a Flash memory Card (Flash Card), and the like, which are provided on the server 6. Further, the memory 601 may also include both an internal storage unit of the server 6 and an external storage device. The memory 601 is used for storing the computer program 602 and other programs and data supported by the server 6. The memory 601 may also be used to temporarily store data that has been output or is to be output.
Fig. 7 is a schematic view of a vehicle according to a seventh embodiment of the present application. As shown in fig. 7, the vehicle 7 of this embodiment includes: a processor 700, a memory 701, and a computer program 702, such as a diagnostic device security authentication program, stored in the memory 701 and operable on the processor 700. The processor 700, when executing the computer program 702, implements the steps in the above-described various diagnostic device security authentication method embodiments, such as the steps 301 to 303 shown in fig. 3. Alternatively, the processor 700, when executing the computer program 702, implements the functions of each module/unit in each device embodiment described above, for example, the functions of the modules 501 to 503 shown in fig. 5.
Illustratively, the computer program 702 may be partitioned into one or more modules/units that are stored in the memory 701 and executed by the processor 700 to accomplish the present application. The one or more modules/units may be a series of computer program instruction segments capable of performing specific functions, which are used to describe the execution of the computer program 702 in the vehicle 7. For example, the computer program 702 may be divided into a receiving module, an obtaining module and an authenticating module, and specific functions of each module are described in the embodiment corresponding to fig. 5, which is not described herein again.
The server 7 may include, but is not limited to, a processor 700, a memory 701. Those skilled in the art will appreciate that fig. 7 is merely an example of a vehicle 7 and is not intended to limit vehicle 7 and may include more or fewer components than shown, or some components in combination, or different components, e.g., the video processing device may also include input output devices, network access devices, buses, etc.
The Processor 700 may be a Central Processing Unit (CPU), other general purpose Processor, a Digital Signal Processor (DSP), an Application Specific Integrated Circuit (ASIC), an off-the-shelf Programmable Gate Array (FPGA) or other Programmable logic device, discrete Gate or transistor logic, discrete hardware components, etc. A general purpose processor may be a microprocessor or the processor may be any conventional processor or the like.
The memory 701 may be an internal storage unit of the vehicle 7, such as a hard disk or a memory of the vehicle 7. The memory 701 may also be an external storage device of the vehicle 7, such as a plug-in hard disk, a Smart Media Card (SMC), a Secure Digital (SD) Card, a Flash memory Card (Flash Card), or the like, provided on the vehicle 7. Further, the memory 701 may also include both an internal storage unit and an external storage device of the vehicle 7. The memory 701 is used to store the computer program 702 and other programs and data supported by the vehicle 7. The memory 701 may also be used to temporarily store data that has been output or is to be output.
It will be apparent to those skilled in the art that, for convenience and brevity of description, only the above-mentioned division of the functional units and modules is illustrated, and in practical applications, the above-mentioned function distribution may be performed by different functional units and modules according to needs, that is, the internal structure of the apparatus is divided into different functional units or modules to perform all or part of the above-mentioned functions. Each functional unit and module in the embodiments may be integrated in one processing unit, or each unit may exist alone physically, or two or more units are integrated in one unit, and the integrated unit may be implemented in a form of hardware, or in a form of software functional unit. In addition, specific names of the functional units and modules are only for convenience of distinguishing from each other, and are not used for limiting the protection scope of the present application. The specific working processes of the units and modules in the system may refer to the corresponding processes in the foregoing method embodiments, and are not described herein again.
In the above embodiments, the descriptions of the respective embodiments have respective emphasis, and reference may be made to the related descriptions of other embodiments for parts that are not described or illustrated in a certain embodiment.
Those of ordinary skill in the art will appreciate that the various illustrative elements and algorithm steps described in connection with the embodiments disclosed herein may be implemented as electronic hardware or combinations of computer software and electronic hardware. Whether such functionality is implemented as hardware or software depends upon the particular application and design constraints imposed on the implementation. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the present application.
The above-mentioned embodiments are only used for illustrating the technical solutions of the present application, and not for limiting the same; although the present application has been described in detail with reference to the foregoing embodiments, it should be understood by those of ordinary skill in the art that: the technical solutions described in the foregoing embodiments may still be modified, or some technical features may be equivalently replaced; such modifications and substitutions do not substantially depart from the spirit and scope of the embodiments of the present application and are intended to be included within the scope of the present application.
Claims (10)
1. A diagnostic device security authentication method is applied to a server, and comprises the following steps:
acquiring identification information of diagnostic equipment and certificate data of mobile equipment Ukey matched with the diagnostic equipment;
packaging the identification information and the certificate data according to a preset communication protocol to obtain a communication data packet;
and sending the communication data packet to a vehicle to indicate the vehicle to analyze the communication data packet, and performing safety certification on the diagnosis equipment according to the identification information and the certificate data obtained by analysis.
2. The method of claim 1, wherein the identification information of the diagnostic device comprises a first serial number of the diagnostic device;
the method for acquiring the identification information of the diagnostic equipment and the certificate data of the mobile equipment Ukey matched with the diagnostic equipment comprises the following steps:
reading the first serial number of the diagnostic device;
and calling a preset interface function to read the certificate data of the Ukey matched with the diagnostic equipment.
3. A diagnostic device security authentication method, applied to a vehicle, the method comprising:
receiving a communication data packet sent by a server, wherein the communication data packet is obtained by encapsulating identification information of a diagnosis device and certificate data of a mobile device Ukey matched with the diagnosis device by the server according to a preset communication protocol;
analyzing the communication data packet to obtain the identification information and the certificate data;
and performing security authentication on the diagnostic equipment according to the identification information and the certificate data.
4. The method of claim 3, wherein the identification information of the diagnostic device comprises a first serial number of the diagnostic device;
according to the identification information and the certificate data, performing security authentication on the diagnostic equipment, including:
decrypting the certificate data according to a preset decryption algorithm to obtain a second serial number;
and performing safety certification on the diagnostic equipment according to the second serial number and the first serial number.
5. The method of claim 4, wherein securely authenticating the diagnostic device based on the second serial number and the first serial number comprises:
comparing the second sequence number to the first sequence number;
if the second serial number is corresponding to the first serial number, determining that the diagnostic equipment passes the safety certification;
and if the second serial number is not consistent with the first serial number correspondingly, determining that the safety certification of the diagnostic equipment is not passed.
6. A server, comprising:
the acquisition module is used for acquiring identification information of the diagnostic equipment and certificate data of the mobile equipment Ukey matched with the diagnostic equipment;
the obtaining module is used for packaging the identification information and the certificate data according to a preset communication protocol to obtain a communication data packet;
and the sending module is used for sending the communication data packet to a vehicle so as to instruct the vehicle to analyze the communication data packet, and performing safety certification on the diagnosis equipment according to the identification information and the certificate data obtained by analysis.
7. A vehicle, characterized by comprising:
the diagnostic equipment comprises a receiving module, a judging module and a judging module, wherein the receiving module is used for receiving a communication data packet sent by a server, and the communication data packet is obtained by encapsulating identification information of diagnostic equipment and certificate data of mobile equipment Ukey matched with the diagnostic equipment by the server according to a preset communication protocol;
an obtaining module, configured to analyze the communication data packet to obtain the identification information and the certificate data;
and the authentication module is used for carrying out safety authentication on the diagnostic equipment according to the identification information and the certificate data.
8. A server, comprising:
a memory for storing a diagnostic device security authentication program;
a processor for implementing the diagnostic device security authentication method as claimed in any one of claims 1 or 2 when executing the diagnostic device security authentication program.
9. A vehicle, characterized by comprising:
a memory for storing a diagnostic device security authentication program;
a processor for implementing the diagnostic device security authentication method as claimed in any one of claims 3 to 5 when executing the diagnostic device security authentication program.
10. A computer-readable storage medium, in which a computer program is stored, which, when being executed by a processor, implements the diagnostic device security authentication method according to claim 1 or 2, or which, when being executed by a processor, implements the diagnostic device security authentication method according to any one of claims 3 to 5.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011031514.5A CN112235263B (en) | 2020-09-27 | 2020-09-27 | Diagnostic device security authentication method, server, vehicle, and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011031514.5A CN112235263B (en) | 2020-09-27 | 2020-09-27 | Diagnostic device security authentication method, server, vehicle, and storage medium |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN112235263A true CN112235263A (en) | 2021-01-15 |
| CN112235263B CN112235263B (en) | 2023-01-24 |
Family
ID=74107835
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202011031514.5A Active CN112235263B (en) | 2020-09-27 | 2020-09-27 | Diagnostic device security authentication method, server, vehicle, and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN112235263B (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113608518A (en) * | 2021-07-23 | 2021-11-05 | 深圳市元征未来汽车技术有限公司 | Data generation method, device, terminal equipment and medium |
| CN114338073A (en) * | 2021-11-09 | 2022-04-12 | 江铃汽车股份有限公司 | Protection method, system, storage medium and equipment for vehicle-mounted network |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106814675A (en) * | 2016-12-31 | 2017-06-09 | 华晨汽车集团控股有限公司 | Safety access method for verifying automotive diagnostic installation legitimacy |
| CN109164791A (en) * | 2018-10-18 | 2019-01-08 | 深圳市轱辘汽车维修技术有限公司 | A kind of Vehicular diagnostic method, vehicle diagnosing apparatus and server |
| CN111181928A (en) * | 2019-12-14 | 2020-05-19 | 深圳市元征科技股份有限公司 | Vehicle diagnosis method, server, and computer-readable storage medium |
| WO2020132978A1 (en) * | 2018-12-26 | 2020-07-02 | 深圳市大疆创新科技有限公司 | Encrypted communication method, apparatus and system, and computer storage medium |
-
2020
- 2020-09-27 CN CN202011031514.5A patent/CN112235263B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106814675A (en) * | 2016-12-31 | 2017-06-09 | 华晨汽车集团控股有限公司 | Safety access method for verifying automotive diagnostic installation legitimacy |
| CN109164791A (en) * | 2018-10-18 | 2019-01-08 | 深圳市轱辘汽车维修技术有限公司 | A kind of Vehicular diagnostic method, vehicle diagnosing apparatus and server |
| WO2020132978A1 (en) * | 2018-12-26 | 2020-07-02 | 深圳市大疆创新科技有限公司 | Encrypted communication method, apparatus and system, and computer storage medium |
| CN111181928A (en) * | 2019-12-14 | 2020-05-19 | 深圳市元征科技股份有限公司 | Vehicle diagnosis method, server, and computer-readable storage medium |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113608518A (en) * | 2021-07-23 | 2021-11-05 | 深圳市元征未来汽车技术有限公司 | Data generation method, device, terminal equipment and medium |
| CN114338073A (en) * | 2021-11-09 | 2022-04-12 | 江铃汽车股份有限公司 | Protection method, system, storage medium and equipment for vehicle-mounted network |
Also Published As
| Publication number | Publication date |
|---|---|
| CN112235263B (en) | 2023-01-24 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN111314274B (en) | Vehicle-mounted terminal and center platform bidirectional authentication method and system | |
| US9325496B2 (en) | Encryption key providing method, semiconductor integrated circuit, and encryption key management device | |
| CN110800249B (en) | Maintenance system and maintenance method | |
| EP2506488B1 (en) | Secure dynamic on-chip key programming | |
| CN111181928B (en) | Vehicle diagnosis method, server, and computer-readable storage medium | |
| US11212080B2 (en) | Communication system, vehicle, server device, communication method, and computer program | |
| US20160035148A1 (en) | Securely providing diagnostic data from a vehicle to a remote server using a diagnostic tool | |
| CN112235263B (en) | Diagnostic device security authentication method, server, vehicle, and storage medium | |
| CN109190362B (en) | Secure communication method and related equipment | |
| CN106550359B (en) | Authentication method and system for terminal and SIM card | |
| CN109690543B (en) | Security authentication method, integrated circuit and system | |
| CN110598429B (en) | Data encryption storage and reading method, terminal equipment and storage medium | |
| CN111538961A (en) | Software activation method, device, equipment and storage medium | |
| CN115527292B (en) | Mobile phone terminal remote vehicle unlocking method of security chip and security chip device | |
| KR20070059891A (en) | Application authentication security system and method thereof | |
| CN107026730A (en) | Data processing method, apparatus and system | |
| CN114095277A (en) | Power distribution network secure communication method, secure access device and readable storage medium | |
| CN112068528A (en) | Diagnostic device verification method, vehicle, device and server | |
| CN115913579A (en) | Registration application method and device of smart card certificate | |
| EP3692698A1 (en) | System and method for validation of authenticity of communication at in-vehicle networks | |
| CN115017529A (en) | Encryption method for automobile diagnosis software | |
| CN114154443A (en) | Chip authorization and verification method and device and electronic equipment | |
| Subke et al. | Measures to prevent unauthorized access to the in-vehicle e/e system, due to the security vulnerability of a remote diagnostic tester | |
| CN101287218A (en) | Method, device and system for modifying confidential data in terminal | |
| CN111224971A (en) | Block chain data encryption and decryption method and encryption and decryption system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |