CN116996328A - New energy automobile network security gateway system - Google Patents
New energy automobile network security gateway system Download PDFInfo
- Publication number
- CN116996328A CN116996328A CN202311248955.4A CN202311248955A CN116996328A CN 116996328 A CN116996328 A CN 116996328A CN 202311248955 A CN202311248955 A CN 202311248955A CN 116996328 A CN116996328 A CN 116996328A
- Authority
- CN
- China
- Prior art keywords
- data
- preset
- address
- vehicle
- verification
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000004891 communication Methods 0.000 claims abstract description 104
- 238000012795 verification Methods 0.000 claims abstract description 35
- 238000013524 data verification Methods 0.000 claims abstract description 15
- 230000010365 information processing Effects 0.000 claims description 8
- 238000004458 analytical method Methods 0.000 claims description 6
- 231100000279 safety data Toxicity 0.000 claims description 4
- 238000007689 inspection Methods 0.000 claims description 3
- 238000012544 monitoring process Methods 0.000 description 7
- FXNSVEQMUYPYJS-UHFFFAOYSA-N 4-(2-aminoethyl)benzenesulfonamide Chemical compound NCCC1=CC=C(S(N)(=O)=O)C=C1 FXNSVEQMUYPYJS-UHFFFAOYSA-N 0.000 description 5
- 102100034112 Alkyldihydroxyacetonephosphate synthase, peroxisomal Human genes 0.000 description 5
- 101000799143 Homo sapiens Alkyldihydroxyacetonephosphate synthase, peroxisomal Proteins 0.000 description 5
- 238000000848 angular dependent Auger electron spectroscopy Methods 0.000 description 5
- 238000010586 diagram Methods 0.000 description 5
- 238000000034 method Methods 0.000 description 5
- 230000005540 biological transmission Effects 0.000 description 4
- 230000009286 beneficial effect Effects 0.000 description 2
- 238000004519 manufacturing process Methods 0.000 description 2
- 238000013461 design Methods 0.000 description 1
- 230000002708 enhancing effect Effects 0.000 description 1
- 239000000446 fuel Substances 0.000 description 1
- 230000002452 interceptive effect Effects 0.000 description 1
- 230000003211 malignant effect Effects 0.000 description 1
- 239000000463 material Substances 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 239000002699 waste material Substances 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/12—Applying verification of the received information
- H04L63/123—Applying verification of the received information received data contents, e.g. message integrity
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L12/00—Data switching networks
- H04L12/28—Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
- H04L12/40—Bus networks
- H04L12/40169—Flexible bus arrangements
- H04L12/40176—Flexible bus arrangements involving redundancy
- H04L12/40189—Flexible bus arrangements involving redundancy by using a plurality of bus systems
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L12/00—Data switching networks
- H04L12/66—Arrangements for connecting between networks having differing types of switching systems, e.g. gateways
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/40—Network security protocols
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L12/00—Data switching networks
- H04L12/28—Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
- H04L12/40—Bus networks
- H04L2012/40208—Bus networks characterized by the use of a particular bus standard
- H04L2012/40215—Controller Area Network CAN
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L12/00—Data switching networks
- H04L12/28—Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
- H04L12/40—Bus networks
- H04L2012/40267—Bus for use in transportation systems
- H04L2012/40273—Bus for use in transportation systems the transportation system being a vehicle
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Small-Scale Networks (AREA)
Abstract
The application provides a new energy automobile network security gateway system, and belongs to the technical field of automobile network security gateways. The system comprises: the main control module is used for acquiring and storing uplink data of the vehicle-mounted electronic equipment; the data uplink supervision module is used for carrying out target address verification and data verification on uplink data according to a preset target address, a data communication protocol, a preset data format and preset data content, sending a data uploading instruction to the wireless communication module after verification is passed, and uploading the uplink data to a corresponding third party platform; the data downlink supervision module is used for carrying out forward address verification and security verification on downlink data according to a preset forward address, a preset data communication protocol, a preset data format and preset data content, sending a data forwarding instruction to the main control module after verification is passed, and forwarding the downlink data to corresponding vehicle-mounted electronic equipment. The application reduces the communication cost of the new energy automobile and improves the safety of data communication.
Description
Technical Field
The application belongs to the technical field of automobile network security gateways, and particularly relates to a new energy automobile network security gateway system.
Background
The existing new energy automobile has a plurality of wireless communication devices, such as a T-BOX, a travel recorder, an ADAS, a fire protection system, an AEBS, a passenger flow instrument and the like. Multiple cell phone cards and multiple wireless communication modules are required. There are two technical drawbacks: a. the plurality of wireless communication devices have equipment waste, increase the complexity of a vehicle system and increase the manufacturing cost of the vehicle; b. the wireless communication equipment of the new energy automobile is provided by different suppliers, and the wireless communication equipment of part of suppliers only sends data to the service platform of the supplier, so that risks of whole automobile data acquisition and theft exist; on the one hand, the wireless communication equipment of the other part of suppliers can send data to the domestic monitoring platform, on the other hand, the wireless communication equipment can also send data to the background server of the wireless communication equipment, and meanwhile, the risks of revealing whole vehicle data and privately using the data are also existed.
Disclosure of Invention
Therefore, the application provides a new energy automobile network security gateway system which is beneficial to solving the problems of higher communication cost and lower data communication security of the existing new energy automobile.
In order to achieve the above purpose, the application adopts the following technical scheme:
the application provides a new energy automobile network security gateway system, which comprises:
the main control module is used for acquiring and storing uplink data of the vehicle-mounted electronic equipment through the bus network;
the data uplink supervision module is used for carrying out target address verification and data verification on uplink data of the vehicle-mounted electronic equipment according to a preset target address, a preset data communication protocol, a preset data format and preset data content, and sending a data uploading instruction to the wireless communication module after the target address verification and the data verification are passed;
the data downlink supervision module is used for carrying out forwarding address verification and security verification on the downlink data according to a preset forwarding address, a preset data communication protocol, a preset data format and preset data content, and sending a data forwarding instruction to the main control module after the forwarding address verification and the security verification pass;
the wireless communication module is used for uploading the uplink data to a third party platform corresponding to a preset target address according to a data uploading instruction, and receiving and downloading downlink data sent by the third party platform;
and the main control module is also used for forwarding the downlink data to the vehicle-mounted electronic equipment corresponding to the preset forwarding address according to the data forwarding instruction.
Further, the system also comprises a data setting module, which is used for binding a preset target address and a preset forwarding address between the vehicle-mounted electronic equipment and the third party platform, and setting a preset data communication protocol, a preset data format and preset data content of uplink data and downlink data between the vehicle-mounted electronic equipment and the third party platform; the preset target address and the preset forwarding address both comprise a physical address and an IP address.
Further, the wireless communication module comprises a main communication module and a standby communication module.
Further, the performing target address verification and data verification on the uplink data of the vehicle-mounted electronic device according to the preset target address, the preset data communication protocol, the preset data format and the preset data content specifically includes:
address analysis is carried out on the uplink data of the vehicle-mounted electronic equipment, and an IP address and a physical address of a third party platform in the uplink data of the vehicle-mounted electronic equipment are obtained;
detecting whether the IP address and the physical address of the third party platform are preset target addresses or not, if so, checking the target addresses, and executing data checking; if the target address is not preset, the target address is not checked, and the data check is not executed;
analyzing the uplink data according to a preset data communication protocol and a preset data format, acquiring internal data in the uplink data, judging whether the internal data is preset data content, and if so, checking the data; if the data content is not preset, the data verification is not passed.
Further, the performing a forwarding address check and a security check on the downlink data according to a preset forwarding address, a preset data communication protocol, a preset data format and a preset data content specifically includes:
address analysis is carried out on downlink data sent by a third party platform, and an IP address and a physical address of the vehicle-mounted electronic equipment corresponding to the downlink data are obtained;
detecting whether the IP address and the physical address of the vehicle-mounted electronic equipment are preset forwarding addresses, if so, checking the forwarding addresses, and executing safety check;
analyzing the downlink data according to a preset data communication protocol and a preset data format to obtain internal data in the downlink data, judging whether the internal data is preset data content, and if so, considering the downlink data as safety data and passing safety inspection; if the data content is not preset, the downlink data is regarded as risk data, and the safety check is failed.
Further, the data downlink supervision module is further configured to send an archiving instruction to the main control module when the downlink data does not pass the security check, and mark and alarm the downlink data.
Further, the system also comprises a remote information processing module, which is used for uploading the uplink data of the vehicle-mounted electronic equipment to a third party platform through movement; the remote information processing module is connected with the main control module through an independent CAN bus.
Further, the bus network comprises a multipath CAN bus, a LIN bus, a USB interface, a LAN network, a UART interface, an RS232 interface and an RS485 interface.
The application adopts the technical proposal and has at least the following beneficial effects:
according to the new energy automobile network security gateway system provided by the application, the system firstly obtains and stores uplink data of the vehicle-mounted electronic equipment through the main control module. And then the uplink data supervision module is used for supervising the uplink and downlink data of the vehicle-mounted electronic equipment which needs to be transmitted and uploaded, carrying out target address verification and data verification on the uplink data of the vehicle-mounted electronic equipment according to a preset target address, a preset data communication protocol, a preset data format and preset data content, and transmitting a data uploading instruction to the wireless communication module after the target address verification and the data verification pass, so as to control the uplink data to be transmitted to a corresponding third party platform. And meanwhile, the data downlink supervision module is utilized to carry out data downlink supervision on the vehicle-mounted electronic equipment needing to download data, forward address verification and security verification are carried out on the downloaded downlink data according to a preset forward address, a preset data communication protocol, a preset data format and preset data content, and after the forward address verification and the security verification pass, a data forwarding instruction is sent to the main control module, and the downlink data is forwarded to the vehicle-mounted electronic equipment corresponding to the preset forward address. According to the application, the data uplink supervision module and the data downlink supervision module are used for carrying out data receiving and dispatching supervision on the vehicle-mounted electronic equipment, so that the data receiving and dispatching address, the data communication protocol, the data format and the data receiving and dispatching information content between the vehicle-mounted electronic equipment and the third party platform are agreed in advance, the occurrence of the condition of random and excessive data dispatching is avoided, the potential safety hazard of the data is avoided, and the risk of controlling the vehicle equipment by the outside is greatly reduced. Meanwhile, the application only adopts one wireless communication module to realize wireless communication of the whole automobile, thereby reducing the manufacturing cost and the operation cost of the automobile.
It is to be understood that both the foregoing general description and the following detailed description are exemplary and explanatory only and are not restrictive of the application as claimed.
Drawings
In order to more clearly illustrate the embodiments of the present application or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below.
FIG. 1 is a diagram of a network security gateway system architecture for a new energy automobile, shown in accordance with an exemplary embodiment;
FIG. 2 is a schematic diagram of a bus network architecture of a new energy passenger car solution, according to an exemplary embodiment;
FIG. 3 is a schematic diagram of a bus network architecture of a new energy commercial vehicle scenario, according to an exemplary embodiment;
FIG. 4 is a schematic diagram of a communication architecture of a gateway system according to an exemplary embodiment;
in the attached figure 1, a 1-main control module, a 2-data uplink supervision module, a 3-data downlink supervision module, a 4-wireless communication module, 5-vehicle-mounted electronic equipment and a 6-third party platform are arranged.
Detailed Description
Reference will now be made in detail to exemplary embodiments, examples of which are illustrated in the accompanying drawings. When the following description refers to the accompanying drawings, the same numbers in different drawings refer to the same or similar elements, unless otherwise indicated. The implementations described in the following exemplary examples do not represent all implementations consistent with the application. Rather, they are merely examples of methods consistent with aspects of the application as detailed in the accompanying claims.
New energy automobiles rapidly develop, and particularly, almost all traditional automobiles are newly energized, and the traditional fuel automobiles gradually exit a history stage. Along with further deepening of the new energy degree, the new energy automobile starts the process of digitalization and big data, and domestic and many enterprises have carried out remote real-time monitoring on the new energy automobile to monitor various parameters such as battery service condition, motor rotation speed, running speed and the like of the new energy automobile. In addition, in order to increase the safety performance, the new energy automobile is further provided with a running recorder, an ADAS, a fire protection system, an AEBS, a passenger flow instrument and other devices, and most of the devices integrate a wireless communication module, so that information CAN be collected and sent to an upper computer appointed by a provider in the CAN network of the new energy automobile, and related information CAN be stored. These devices that access both a wired communication network and a wireless open network (wireless communication network) present two data security concerns: firstly, acquiring data in a wired communication network and sending the data to a platform of the user through a wireless open network, wherein the risk of data theft exists; secondly, the wireless open network command control device sends a command to a wired vehicle control network, so that the risk of vehicle operation is wantonly controlled.
Therefore, the new energy automobile needs to establish a system for uniformly receiving and transmitting wireless data, and the original wireless communication equipment is messy and a plurality of distributed systems are integrated into a centralized system, so that the possibility that the new energy automobile excessively uses the mobile phone wireless communication equipment and the cost of the new energy automobile is greatly increased is avoided. Referring to fig. 1, fig. 1 is a diagram of a network security gateway system of a new energy automobile according to an embodiment of the present application, which is directed to the above problem, and the system includes:
the main control module 1 is used for acquiring and storing uplink data of the vehicle-mounted electronic equipment 5 through a bus network;
the data uplink supervision module 2 is configured to perform target address verification and data verification on uplink data of the vehicle-mounted electronic device 5 according to a preset target address, a preset data communication protocol, a preset data format and preset data content, and send a data uploading instruction to the wireless communication module 4 after the target address verification and the data verification pass;
the data downlink supervision module 3 is configured to perform forwarding address verification and security verification on the downlink data according to a preset forwarding address, a preset data communication protocol, a preset data format and preset data content, and send a data forwarding instruction to the main control module 1 after the forwarding address verification and security verification pass;
the wireless communication module 4 is used for uploading the uplink data to a third party platform 6 corresponding to a preset target address according to a data uploading instruction, and receiving and downloading downlink data sent by the third party platform 6;
the main control module 1 is further configured to forward the downlink data to the vehicle-mounted electronic device 5 corresponding to the preset forwarding address according to the data forwarding instruction. The main control module 1 is connected with the vehicle-mounted electronic equipment 5 through a bus network to form a wired communication network. Meanwhile, the main control module 1 performs wireless communication with the third party platform 6 through the wireless communication module 4 to form a wireless communication network.
Specifically, the main control module 1 may adopt a CAN bus controller, and the wireless communication module 4 may adopt wireless communication devices such as a bluetooth communication module, a WiFi communication module, and an LTE communication module.
Further, the system further comprises a data setting module, which is used for binding a preset target address and a preset forwarding address between the vehicle-mounted electronic equipment 5 and the third party platform 6, and setting a preset data communication protocol, a preset data format and preset data content of uplink data and downlink data between the vehicle-mounted electronic equipment 5 and the third party platform 6; the preset target address and the preset forwarding address both comprise a physical address and an IP address. The preset target address is a physical address and an IP address of the third party platform 6, and the preset forwarding address is a physical address and an IP address of the vehicle-mounted electronic device 5.
Specifically, the physical address or (and) the IP address of the port device, the data communication protocol, the data format and the data content which are sent in advance are pre-agreed by the vehicle-mounted electronic device 5 needing to perform wireless data exchange, so that only the agreed data format and only the agreed data content are sent between the vehicle-mounted electronic device 5 and the third-party platform 6. For example, the tachograph only uploads tachographs to the corresponding third party platform 6 in JSON format, and does not upload other data.
The preset data communication protocol of the application adopts TCP/IP protocol, and the new energy automobile network security gateway system and the data transmission to the outside of the port end are all carried out according to the TCP/IP protocol, so the receiving ends agreed by the third party platform 6 and the vehicle-mounted electronic equipment 5 are also provided with a unique IP address and a physical address, and when the two parties carry out address assignment, the physical address and the IP address of the two parties are mutually bound, and the IP address and the physical address of the two parties are mutually provided for address binding of the other party, so that the subsequent receiving and the transmitting of uplink data and downlink data are conveniently monitored.
In addition, other agreed data communication protocols, such as UDP, may be adopted, and may be specifically selected according to practical situations.
In a specific practical process, the network security gateway system of the new energy automobile and the third party platform 6 send data to the outside of the port according to the TCP/IP protocol, so that the receiving end agreed by the third party platform 6 and the vehicle-mounted electronic equipment 5 also has a unique IP address and a physical address, and when the two parties perform the constraint, the two parties bind the physical address and the IP of the two parties with each other and provide the IP address and the physical address of the two parties with each other to perform the software binding of the other party. Namely, when data is transmitted, whether the IP address in the transmitted TCP/IP data packet is a contracted address is detected, if yes, the data packet is transmitted, and if no, the data packet is not subjected to the outgoing uploading operation;
further, the internal data still contains the second layer of security check, that is, the internal data contains the encrypted physical address of the opposite party, and if the encrypted physical address is confirmed to be "yes" after decryption, the internal data is sent, and if the encrypted physical address is "no", the internal data is discarded and not sent.
Further, the internal data is analyzed through a pre-agreed data communication protocol, if the internal data contains non-agreed content, the internal data is not forwarded, and if the internal data contains agreed data, the internal data is regarded as safe data and is forwarded directly.
Specifically, the preset data formats include json, xml, protobuf, text, binary, thread and other data transmission formats. The preset data format may be specifically selected according to the actual requirement of the gateway system, for example, may be set according to the preset data communication protocol adopted, or may be selected according to the time and speed of data transmission, which is not described herein.
Specifically, the preset data content is data to be uploaded by the vehicle-mounted electronic device 5, such as various parameters including battery usage, motor rotation speed, and running speed of the new energy automobile. And the data sent by the third party platform 6, such as an instruction sent by a background system, the preset data content is specifically set according to the type of the vehicle-mounted electronic equipment of the new energy automobile, the data use requirement and the platform monitoring requirement, and the application is not repeated here.
Further, referring to fig. 4, the wireless communication module 4 of the present application includes a main communication module and a standby communication module. The purpose of the standby communication module is to improve redundancy of the gateway system and ensure stability of communication. The application reduces a plurality of wireless communication devices in the whole vehicle electronic equipment, and adopts the design of one or at least two wireless communication modules, namely, a main communication module and at least one standby communication module are arranged, thereby greatly enhancing the fault tolerance of wireless communication.
Further, in this embodiment, the target address verification and the data verification are performed on the uplink data of the vehicle-mounted electronic device 5 according to the preset target address, the preset data communication protocol, the preset data format and the preset data content, and specifically include:
and (3) carrying out address analysis on the uplink data of the vehicle-mounted electronic equipment 5 to obtain the IP address and the physical address of the third party platform 6 in the uplink data of the vehicle-mounted electronic equipment 5.
Detecting whether the IP address and the physical address of the third party platform 6 are preset target addresses, if so, checking the target addresses, and executing data checking; if the target address is not preset, the target address is not checked, and the data check is not executed.
Analyzing the uplink data according to a preset data communication protocol and a preset data format, acquiring internal data in the uplink data, judging whether the internal data is preset data content, and if so, checking the data; if the data content is not preset, the data verification is not passed.
Specifically, the vehicle-mounted electronic equipment 5 is bound with the third party platform 6 through the data setting module, such as a domestic appointed monitoring platform and an appointed platform of each part provider.
Further, in this embodiment, performing a forwarding address check and a security check on the downlink data according to a preset forwarding address, a preset data communication protocol, a preset data format and a preset data content specifically includes:
address analysis is carried out on the downlink data sent by the third party platform 6, and an IP address and a physical address of the vehicle-mounted electronic equipment 5 corresponding to the downlink data are obtained;
detecting whether the IP address and the physical address of the vehicle-mounted electronic equipment 5 are preset forwarding addresses, if so, checking the forwarding addresses, and executing safety check;
analyzing the downlink data according to a preset data communication protocol and a preset data format to obtain internal data in the downlink data, judging whether the internal data is preset data content, and if so, considering the downlink data as safety data and passing safety inspection; if the data content is not preset, the downlink data is regarded as risk data, and the safety check is failed.
Specifically, the application monitors the downlink data sent by the downloaded third party platform 6 received by the wireless communication module 4 through the data downlink monitoring module 3, does not forward any information of inconsistent equipment functions and inconsistent target addresses in the wired network of the system, avoids any equipment from causing data interference to other vehicle-mounted electronic equipment 5 in the wired communication network of the gateway system by wireless communication data control, and avoids the malignant event of damaging control logic and further causing the vehicle to be controlled by external remote wireless communication equipment.
Further, the data downlink supervision module 3 is further configured to send an archiving instruction to the main control module 1 when the downlink data does not pass the security check, and mark and alarm the downlink data. The main control module 1 locally archives the downlink data downloaded by the wireless communication module 4 after receiving the archiving instruction, so that the downlink data can be checked later, and if no risk is confirmed, the downlink data is forwarded to the corresponding vehicle-mounted electronic equipment 5.
Further, in one embodiment, the gateway system further includes a telematics module, configured to upload uplink data of the vehicle-mounted electronic device 5 to the third party platform 6 through movement; the remote information processing module is connected with the main control module 1 through an independent CAN bus.
Specifically, the remote information processing module, namely the T-BOX, can send data of relevant electronic equipment of the vehicle, such as information of battery SOC, battery temperature, battery fault code, driving motor rotating speed, vehicle speed, driving motor temperature and the like, to a monitoring platform of a third party through the T-BOX. Meanwhile, the T-BOX can also send relevant vehicle-mounted electronic equipment data to the mobile phone APP, the upper computer and the background system, receive instructions from the background system and send back execution results, and then a vehicle owner can remotely control the vehicle through equipment such as the intelligent key or the mobile phone APP.
In a specific practical process, when the telematics module (i.e., the T-BOX) needs to send data to the outside, the physical address and/or the IP address between the vehicle-mounted electronic device 5 and the mobile phone APP, the upper computer or the background system may be pre-agreed with reference to the data transceiving process of the wireless communication module. After the address binding is completed, the uplink data to be uploaded by the vehicle-mounted electronic equipment 5 is subjected to preset target address check sum data check through the data uplink supervision module 2, and after the check is successful, the uplink data is uploaded to the corresponding mobile phone APP, the upper computer or the background system through the remote information processing module.
Similarly, when receiving the instruction or downlink data sent by the background system, the remote information processing module receives and downloads the instruction or downlink data, and then the data downlink supervision module 3 is utilized to perform preset forwarding address verification and security verification on the instruction or downlink data, and after verification, the main control module 1 forwards the instruction or downlink data to the corresponding vehicle-mounted electronic equipment 5.
According to the application, the remote information processing module (T-BOX) is independently arranged in a CAN bus network, the wireless communication function of other vehicle-mounted electronic equipment is canceled, and when the vehicle-mounted electronic equipment with wireless communication capacity is canceled, data is uniformly transmitted and received by a new energy automobile network security gateway system. Therefore, the scheme of independently isolating the T-BOX on hardware is adopted, so that data (including various data related to the whole vehicle) sent to the T-BOX cannot be captured by other CAN bus equipment, and the risk of data theft is reduced.
Further, referring to fig. 4, the bus network of the present application includes multiple paths of CAN buses, LIN buses, USB interfaces, LAN networks, UART interfaces, RS232 interfaces and RS485 interfaces, so that most of current vehicle-mounted electronic devices of new energy automobiles CAN be compatible, and applicability of gateway systems is improved.
Further, referring to fig. 2, the present application integrates a plurality of wireless communication devices (T-BOX, tachograph, ADAS, fire protection system, AEBS, passenger flow meter, etc.) of the original new energy automobile into 1 device (i.e. a new energy automobile network security gateway system) or 2 devices (i.e. T-BOX and a new energy automobile network security gateway system), and when no other wireless communication devices exist in the whole automobile network, the network security gateway issues data. Or when the network security gateway system and the T-BOX exist at the same time, the T-BOX monopolizes one CAN bus, other vehicle-mounted electronic equipment is prevented from embezzling the important data of the whole vehicle and from interfering or controlling the safe running of the whole vehicle by external data at a physical layer, and the data embezzlement and the running potential safety hazard are avoided.
Specifically, the application adds the wireless communication module on the basis of the existing gateway to enable the gateway to have wireless data exchange capability, and simultaneously performs the opposite port information agreement, the data protocol agreement and the data content agreement of the third party platform 6 on the basis of the existing gateway, thereby realizing the receiving and transmitting supervision of all information of the vehicle-mounted electronic equipment.
Further, referring to fig. 3, the technical scheme of the commercial vehicle of the existing new energy automobile is that a CAN bus information network is established through a VCU (i.e. a whole vehicle controller), the VCU plays a role in data forwarding and controlling vehicle running to a great extent, and the VCU has no data supervision and monitoring capability and no data outgoing capability. In order to well solve the problems of data transmission and reception and data supervision, a general device needs to be introduced. For example, the passenger car transfers the data forwarding function to the vehicle-mounted gateway, so that the gateway replaces the VCU to forward the data, but only solves the data receiving and transmitting problem of the wired network, and can not well solve the unified data receiving and transmitting and data supervision problem of the wireless network.
Aiming at the problems existing in the technical scheme of the commercial vehicle, the application adds a network security gateway function (namely data transceiving supervision) outside the existing function of the VCU on the basis of the network architecture of the commercial new energy vehicle taking the VCU as main forwarding equipment, and independently places a T-BOX on a CAN bus at a physical layer, adds a contracted data communication protocol, and the contracted transceiving data uniquely monitors port information (namely physical address and IP address) and contracted data content, monitors all information of the vehicle-mounted electronic equipment, and particularly carries out data transceiving supervision according to the contracted content, and when data inconsistent with the contracted content appears, does not execute data forwarding action; when the running safety data possibly causing the new energy automobile occur, the data, the marking data and the warning are stored. Meanwhile, a wireless communication module is added, so that the commercial new energy automobile network framework has wireless data exchange capability.
The network security gateway system of the new energy automobile can be provided with 2 or more than 2 wireless communication modules, wherein one of the wireless communication modules is a main device, the other one or more than one wireless communication module is a standby device, when the main wireless communication device fails, the system is immediately switched to the standby device to transmit and receive data, and compared with the existing single vehicle-mounted data transmitting device (T-BOX, a driving recorder, an ADAS, a fire protection system, an AEBS, a passenger flow instrument and the like), one or more wireless communication modules are added, and compared with any one device, the system has stronger error redundancy capability. The gateway system is also provided with LAN, CAN (CANFD), COM, LIN and USB interfaces on hardware, is compatible with the equipment (T-BOX, a traveling data recorder, ADAS, a fire protection system, AEBS, a passenger flow instrument and the like), and completely meets the normal operation of all electronic equipment of the new energy automobile, and provides a wired and wireless network data security platform of the new energy automobile.
It is to be understood that the same or similar parts in the above embodiments may be referred to each other, and that in some embodiments, the same or similar parts in other embodiments may be referred to.
In the description of the present specification, a description referring to terms "one embodiment," "some embodiments," "examples," "specific examples," or "some examples," etc., means that a particular feature, structure, material, or characteristic described in connection with the embodiment or example is included in at least one embodiment or example of the present application. While embodiments of the present application have been shown and described above, it will be understood that the above embodiments are illustrative and not to be construed as limiting the application, and that variations, modifications, alternatives and variations may be made to the above embodiments by one of ordinary skill in the art within the scope of the application.
Claims (8)
1. A new energy automobile network security gateway system, characterized by comprising:
the main control module is used for acquiring and storing uplink data of the vehicle-mounted electronic equipment through the bus network;
the data uplink supervision module is used for carrying out target address verification and data verification on uplink data of the vehicle-mounted electronic equipment according to a preset target address, a preset data communication protocol, a preset data format and preset data content, and sending a data uploading instruction to the wireless communication module after the target address verification and the data verification are passed;
the data downlink supervision module is used for carrying out forwarding address verification and security verification on downlink data according to a preset forwarding address, a preset data communication protocol, a preset data format and preset data content, and sending a data forwarding instruction to the main control module after the forwarding address verification and the security verification pass;
the wireless communication module is used for uploading the uplink data to a third party platform corresponding to a preset target address according to a data uploading instruction, and receiving and downloading downlink data sent by the third party platform;
and the main control module is also used for forwarding the downlink data to the vehicle-mounted electronic equipment corresponding to the preset forwarding address according to the data forwarding instruction.
2. The network security gateway system of the new energy automobile according to claim 1, further comprising a data setting module for binding a preset target address and a preset forwarding address between the vehicle-mounted electronic device and the third party platform, and setting a preset data communication protocol, a preset data format and a preset data content of uplink data and downlink data between the vehicle-mounted electronic device and the third party platform; the preset target address and the preset forwarding address both comprise a physical address and an IP address.
3. The network security gateway system of claim 1, wherein the wireless communication module comprises a primary communication module and a backup communication module.
4. The network security gateway system of the new energy automobile according to claim 1, wherein the performing the target address verification and the data verification on the uplink data of the vehicle-mounted electronic device according to the preset target address, the preset data communication protocol, the preset data format and the preset data content specifically comprises:
address analysis is carried out on the uplink data of the vehicle-mounted electronic equipment, and an IP address and a physical address of a third party platform in the uplink data of the vehicle-mounted electronic equipment are obtained;
detecting whether the IP address and the physical address of the third party platform are preset target addresses or not, if so, checking the target addresses, and executing data checking; if the target address is not preset, the target address is not checked, and the data check is not executed;
analyzing the uplink data according to a preset data communication protocol and a preset data format, acquiring internal data in the uplink data, judging whether the internal data is preset data content, and if so, checking the data; if the data content is not preset, the data verification is not passed.
5. The network security gateway system of claim 1, wherein the performing the forwarding address check and the security check on the downlink data according to a preset forwarding address, a preset data communication protocol, a preset data format and a preset data content specifically includes:
address analysis is carried out on downlink data sent by a third party platform, and an IP address and a physical address of the vehicle-mounted electronic equipment corresponding to the downlink data are obtained;
detecting whether the IP address and the physical address of the vehicle-mounted electronic equipment are preset forwarding addresses, if so, checking the forwarding addresses, and executing safety check;
analyzing the downlink data according to a preset data communication protocol and a preset data format to obtain internal data in the downlink data, judging whether the internal data is preset data content, and if so, considering the downlink data as safety data and passing safety inspection; if the data content is not preset, the downlink data is regarded as risk data, and the safety check is failed.
6. The network security gateway system of claim 1, wherein the data downlink supervision module is further configured to send an archiving instruction to the main control module and mark and alert the downlink data when the downlink data fails the security check.
7. The new energy automobile network security gateway system of claim 1, further comprising a telematics module for uploading uplink data of the in-vehicle electronic device to a third party platform by moving; the remote information processing module is connected with the main control module through an independent CAN bus.
8. The new energy automobile network security gateway system of claim 1, wherein the bus network comprises a multiplexed CAN bus, a LIN bus, a USB interface, a LAN network, and UART interface, RS232 interface, and RS485 interface.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202311248955.4A CN116996328B (en) | 2023-09-26 | 2023-09-26 | New energy automobile network security gateway system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202311248955.4A CN116996328B (en) | 2023-09-26 | 2023-09-26 | New energy automobile network security gateway system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN116996328A true CN116996328A (en) | 2023-11-03 |
| CN116996328B CN116996328B (en) | 2023-12-01 |
Family
ID=88530526
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202311248955.4A Active CN116996328B (en) | 2023-09-26 | 2023-09-26 | New energy automobile network security gateway system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN116996328B (en) |
Citations (17)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1785723A (en) * | 2005-09-09 | 2006-06-14 | 中国科学院自动化研究所 | Vehicle imbedding type system |
| CN101417637A (en) * | 2008-03-14 | 2009-04-29 | 北京理工大学 | Communications system for pure electric motor coach power cell management system and management method thereof |
| CN101930629A (en) * | 2010-06-09 | 2010-12-29 | 金龙联合汽车工业(苏州)有限公司 | Remote updating system and method of vehicle information collecting device |
| CN103067340A (en) * | 2011-10-20 | 2013-04-24 | 中兴通讯股份有限公司 | Authentication method for remote control network information domestic appliance, and system and internet domestic gateway |
| US20170171051A1 (en) * | 2015-12-10 | 2017-06-15 | Hyundai Motor Company | Method and apparatus for controlling in-vehicle mass diagnostic communication |
| CN107957585A (en) * | 2017-11-17 | 2018-04-24 | 山东广安车联科技股份有限公司 | Commercial car car networking platform and its method based on the Big Dipper |
| CN109263605A (en) * | 2018-09-20 | 2019-01-25 | 智旅交通科技(深圳)有限公司 | A kind of shared automobile intelligent vehicle-mounted terminal system of new energy |
| US20190079842A1 (en) * | 2017-09-13 | 2019-03-14 | Hyundai Motor Company | Failure diagnosis apparatus and method for in-vehicle control unit |
| CN109532720A (en) * | 2018-12-11 | 2019-03-29 | 安徽江淮汽车集团股份有限公司 | A kind of intelligent automobile of the ethernet gateway with rear configuration feature |
| CN109783123A (en) * | 2019-03-11 | 2019-05-21 | 天津卡达克数据有限公司 | Vehicle-mounted T-BOX terminal and firmware upgrade method |
| CN109802988A (en) * | 2018-11-09 | 2019-05-24 | 青岛大学 | Board information terminal system and its application in intelligent guest flow statistics |
| US20190325666A1 (en) * | 2018-04-18 | 2019-10-24 | Hitachi, Ltd. | Software management system, gateway device, maintenance device, server device, and control method for software management system |
| CN111385191A (en) * | 2018-12-28 | 2020-07-07 | 联合汽车电子有限公司 | Vehicle-mounted interconnected gateway, vehicle OTA upgrading system and method and computer storage medium |
| CN113905461A (en) * | 2021-10-27 | 2022-01-07 | 奇瑞商用车(安徽)有限公司 | Wireless communication module of integrated gateway |
| WO2023051993A1 (en) * | 2021-09-30 | 2023-04-06 | Bayerische Motoren Werke Aktiengesellschaft | Method and system for authentication of charging a vehicle, vehicle and charging pile |
| CN116233192A (en) * | 2023-03-08 | 2023-06-06 | 北京云驰未来科技有限公司 | Safe vehicle-mounted gateway system |
| CN116800531A (en) * | 2023-07-27 | 2023-09-22 | 华研优策(苏州)电子科技有限公司 | Automobile electronic and electric architecture and safety communication method |
-
2023
- 2023-09-26 CN CN202311248955.4A patent/CN116996328B/en active Active
Patent Citations (17)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1785723A (en) * | 2005-09-09 | 2006-06-14 | 中国科学院自动化研究所 | Vehicle imbedding type system |
| CN101417637A (en) * | 2008-03-14 | 2009-04-29 | 北京理工大学 | Communications system for pure electric motor coach power cell management system and management method thereof |
| CN101930629A (en) * | 2010-06-09 | 2010-12-29 | 金龙联合汽车工业(苏州)有限公司 | Remote updating system and method of vehicle information collecting device |
| CN103067340A (en) * | 2011-10-20 | 2013-04-24 | 中兴通讯股份有限公司 | Authentication method for remote control network information domestic appliance, and system and internet domestic gateway |
| US20170171051A1 (en) * | 2015-12-10 | 2017-06-15 | Hyundai Motor Company | Method and apparatus for controlling in-vehicle mass diagnostic communication |
| US20190079842A1 (en) * | 2017-09-13 | 2019-03-14 | Hyundai Motor Company | Failure diagnosis apparatus and method for in-vehicle control unit |
| CN107957585A (en) * | 2017-11-17 | 2018-04-24 | 山东广安车联科技股份有限公司 | Commercial car car networking platform and its method based on the Big Dipper |
| US20190325666A1 (en) * | 2018-04-18 | 2019-10-24 | Hitachi, Ltd. | Software management system, gateway device, maintenance device, server device, and control method for software management system |
| CN109263605A (en) * | 2018-09-20 | 2019-01-25 | 智旅交通科技(深圳)有限公司 | A kind of shared automobile intelligent vehicle-mounted terminal system of new energy |
| CN109802988A (en) * | 2018-11-09 | 2019-05-24 | 青岛大学 | Board information terminal system and its application in intelligent guest flow statistics |
| CN109532720A (en) * | 2018-12-11 | 2019-03-29 | 安徽江淮汽车集团股份有限公司 | A kind of intelligent automobile of the ethernet gateway with rear configuration feature |
| CN111385191A (en) * | 2018-12-28 | 2020-07-07 | 联合汽车电子有限公司 | Vehicle-mounted interconnected gateway, vehicle OTA upgrading system and method and computer storage medium |
| CN109783123A (en) * | 2019-03-11 | 2019-05-21 | 天津卡达克数据有限公司 | Vehicle-mounted T-BOX terminal and firmware upgrade method |
| WO2023051993A1 (en) * | 2021-09-30 | 2023-04-06 | Bayerische Motoren Werke Aktiengesellschaft | Method and system for authentication of charging a vehicle, vehicle and charging pile |
| CN113905461A (en) * | 2021-10-27 | 2022-01-07 | 奇瑞商用车(安徽)有限公司 | Wireless communication module of integrated gateway |
| CN116233192A (en) * | 2023-03-08 | 2023-06-06 | 北京云驰未来科技有限公司 | Safe vehicle-mounted gateway system |
| CN116800531A (en) * | 2023-07-27 | 2023-09-22 | 华研优策(苏州)电子科技有限公司 | Automobile electronic and electric architecture and safety communication method |
Non-Patent Citations (4)
| Title |
|---|
| EKERT DAMJAN ET AL.: "Cybersecurity Verification and Validation Testing in Automotive", 《JOURNAL OF UNIVERSAL COMPUTER SCIENCE》 * |
| 全国信息安全标准化技术委员会: "汽车采集数据处理安全指南", 《全国信息安全标准化技术委员会技术文件》 * |
| 唐良 等: "电动汽车信息安全网关的设计与实现", 《计算机应用与软件》 * |
| 陶蒙华: "汽车网关平台业务应用与功能架构模型研究", 《互联网天地》 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN116996328B (en) | 2023-12-01 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| KR100946991B1 (en) | Vehicle Gateway, Apparatus and Method for Vehicle Network Interface | |
| CN106364424B (en) | A kind of vehicle abnormality information transmission system, method and intelligent vehicle-carried box | |
| CN109388123A (en) | Vehicle communication | |
| US8606217B2 (en) | Communication control system and method for performing a transmission of data | |
| US20140115335A1 (en) | Secure machine-to-machine communication protocol | |
| CN105491084A (en) | IOV (Internet of vehicles) system based on OTA protocol, and control method therefor | |
| CN104394190A (en) | Vehicle-mounted equipment and mobile phone integral system based on Bluetooth transmission | |
| CN110224907A (en) | A kind of updating system of vehicle-mounted ECU, method and terminal | |
| CN204481854U (en) | Based on the car hand set integral system of Bluetooth transmission | |
| WO2021042804A1 (en) | Method and device for storing and transmitting data by means of vehicle key | |
| CN112003784B (en) | Vehicle data transmission method, device, storage medium and device | |
| US8442528B2 (en) | Automating dial attempts to a telematics or cellular device | |
| CN113191652A (en) | Vehicle-mounted information interaction system based on Ethernet | |
| CN105005539A (en) | Authenticating data at a microcontroller using message authentication codes | |
| CN107976691B (en) | Communication method and system between vehicle-mounted terminal, monitoring platform and supervision platform | |
| CN113672478A (en) | Log obtaining method, device, terminal, server and storage medium | |
| CN205044677U (en) | Intelligent vehicle -mounted terminal | |
| CN116996328B (en) | New energy automobile network security gateway system | |
| CN108683691A (en) | Engine end long-range control method, apparatus and system | |
| CN111007839A (en) | Vehicle remote diagnosis method, device, system and storage medium | |
| ES2887731T3 (en) | Procedure for providing data packets from a can bus; control device, as well as system with a can bus | |
| CN104718530B (en) | For vehicle to the communication system of Environment communication | |
| CN113311808A (en) | DTU-based vehicle-mounted networking terminal | |
| CN116709253B (en) | Vehicle-mounted gateway and vehicle | |
| US8817765B2 (en) | Mobile router network operations center with billing reconciliation |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |