CN117254904A - Communication key injection method, device, equipment, system and storage medium - Google Patents
Communication key injection method, device, equipment, system and storage medium Download PDFInfo
- Publication number
- CN117254904A CN117254904A CN202311140867.2A CN202311140867A CN117254904A CN 117254904 A CN117254904 A CN 117254904A CN 202311140867 A CN202311140867 A CN 202311140867A CN 117254904 A CN117254904 A CN 117254904A
- Authority
- CN
- China
- Prior art keywords
- random number
- communication key
- key
- ecu
- check code
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000004891 communication Methods 0.000 title claims abstract description 235
- 238000002347 injection Methods 0.000 title claims abstract description 94
- 239000007924 injection Substances 0.000 title claims abstract description 94
- 238000000034 method Methods 0.000 title claims abstract description 50
- 238000003745 diagnosis Methods 0.000 claims description 32
- 238000012795 verification Methods 0.000 claims description 26
- 238000004590 computer program Methods 0.000 claims description 24
- 238000004422 calculation algorithm Methods 0.000 description 6
- 230000006870 function Effects 0.000 description 6
- 101100059544 Arabidopsis thaliana CDC5 gene Proteins 0.000 description 4
- 101100244969 Arabidopsis thaliana PRL1 gene Proteins 0.000 description 4
- 102100039558 Galectin-3 Human genes 0.000 description 4
- 101100454448 Homo sapiens LGALS3 gene Proteins 0.000 description 4
- 101150115300 MAC1 gene Proteins 0.000 description 4
- 101150051246 MAC2 gene Proteins 0.000 description 4
- 230000006872 improvement Effects 0.000 description 4
- 230000008569 process Effects 0.000 description 4
- 239000000243 solution Substances 0.000 description 4
- 238000010586 diagram Methods 0.000 description 3
- 238000004364 calculation method Methods 0.000 description 2
- 230000009977 dual effect Effects 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 238000012545 processing Methods 0.000 description 2
- 230000004044 response Effects 0.000 description 2
- 238000003491 array Methods 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0819—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
- H04L9/0822—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using key encryption key
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/12—Applying verification of the received information
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/06—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
- H04L9/0618—Block ciphers, i.e. encrypting groups of characters of a plain text message using fixed encryption transformation
- H04L9/0631—Substitution permutation network [SPN], i.e. cipher composed of a number of stages or rounds each involving linear and nonlinear transformations, e.g. AES algorithms
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0819—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
- H04L9/0825—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using asymmetric-key encryption or public key infrastructure [PKI], e.g. key signature or public key certificates
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
- H04L9/0869—Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/40—Network security protocols
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2209/00—Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
- H04L2209/08—Randomization, e.g. dummy operations or using noise
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2209/00—Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
- H04L2209/84—Vehicles
Abstract
The invention discloses a communication key injection method, a device, equipment, a system and a storage medium. The embodiment of the invention can ensure the consistency of the communication key learned by the ECU, prevent an attacker from maliciously acquiring or tampering with the key, and realize the safe injection of the communication key.
Description
Technical Field
The present invention relates to the field of key technologies, and in particular, to a method, an apparatus, a system, and a storage medium for injecting a communication key.
Background
In SECOC communication, a transmitting node and a receiving node encrypt and check a communication message respectively, so as to realize the protection of message integrity and authenticity. In order to realize safe and effective verification of the message, the sending node and the receiving node need to inject and store keys, namely communication keys, required by communication encryption in advance.
However, the existing SECOC communication key issuing scheme cannot give consideration to the secure issuing of the communication key.
Disclosure of Invention
The invention provides a communication key injection method, a device, equipment, a system and a storage medium, which can realize the safe injection of a communication key.
In order to achieve the above object, an embodiment of the present invention provides a communication key injection method applied to a slave ECU, the communication key injection method including:
receiving and analyzing a second diagnosis instruction to obtain a second original key carried in the second diagnosis instruction;
under the condition that the first original key is the same as the second original key, encrypting the first random number by using the second original key to obtain a second communication key, and encrypting the second random number by using the second communication key to obtain a second check code;
transmitting the preset bit of the second check code and the second random number to a main ECU;
receiving a message that the main ECU successfully injects the sent communication key when the first communication key is judged to be the same as the second communication key by utilizing the preset bit of the second check code and the second random number;
the first original key is an original key carried in a first diagnosis instruction received by the master ECU, the first random number is randomly generated and sent by the master ECU, the first communication key is obtained by encrypting the first random number by the master ECU through the first original key, and the second random number is randomly generated by the slave ECU.
As an improvement of the above solution, in the case that the first original key is the same as the second original key, encrypting the first random number with the second original key to obtain a second communication key, and encrypting the second random number with the second communication key to obtain a second check code, the method includes:
receiving a preset bit of a first check code and the first random number sent by the main ECU; the first check code is obtained by encrypting the first random number by the main ECU through the first original key;
and verifying the preset bit of the first check code by using the second original key and the first random number, encrypting the first random number by using the second original key after verification is passed to obtain a second communication key, and encrypting the second random number by using the second communication key to obtain a second check code.
As an improvement of the above solution, the receiving the message that the master ECU has successfully injected the sent communication key when it is determined that the first communication key is the same as the second communication key by using the preset bit of the second check code and the second random number includes:
and receiving a message that the master ECU verifies the preset bit of the second check code by using the first communication key and the second random number, and successfully injects the communication key after the verification is passed.
In order to achieve the above object, an embodiment of the present invention further provides a communication key injection method, which is applied to a main ECU, where the communication key injection method includes:
receiving and analyzing a first diagnosis instruction to obtain a first original key carried in the first diagnosis instruction;
randomly generating a first random number, and encrypting the first random number by using the first original key to obtain a first communication key;
transmitting the first random number to a slave ECU;
receiving the preset bit and the second random number of the second check code sent from the ECU; the second random number is randomly generated by the slave ECU, the second check code is obtained by encrypting the second random number by the slave ECU through a second communication key, and the second communication key is obtained by encrypting the first random number by the second original key when the slave ECU judges that the first original key is the same as the second original key;
and sending a message of successful communication key injection to the slave ECU when the first communication key is judged to be the same as the second communication key by using the preset bit of the second check code and the second random number.
As an improvement of the above solution, the communication key injection method further includes:
encrypting the first random number by using the first original key to obtain a first check code;
transmitting preset bits of the first check code to the slave ECU;
the second communication key is obtained by encrypting the first random number by using the second original key when the slave ECU determines that the first original key and the second original key are the same, and includes:
the second communication key is obtained by the secondary ECU verifying the preset bit of the first check code by using the second original key and the first random number, and encrypting the first random number by using the second original key after the verification is passed.
As an improvement of the above-described aspect, the sending, to the slave ECU, a message that the communication key injection is successful in a case where it is determined that the first communication key is the same as the second communication key using the preset bit of the second check code and the second random number, includes:
and verifying the preset bit of the second check code by using the first communication key and the second random number, and sending a message of successful communication key injection to the slave ECU after verification is passed.
In order to achieve the above object, the embodiment of the present invention further provides a communication key injection device, including a master ECU and at least one slave ECU;
the slave ECU is used for receiving and analyzing a second diagnosis instruction to obtain a second original key carried in the second diagnosis instruction;
the ECU is used for receiving and analyzing a first diagnosis instruction to obtain a first original key carried in the first diagnosis instruction;
the ECU is used for generating a first random number and sending the first random number to the slave ECU;
the slave ECU is configured to receive the first random number, encrypt the first random number with the second original key to obtain a second communication key, encrypt the second random number randomly generated by the slave ECU with the second communication key to obtain a second check code, and send preset bits of the second check code and the second random number to the master ECU when it is determined that the first original key is the same as the second original key;
the master ECU is configured to receive the preset bit of the second check code and the second random number, and send a message that the communication key is successfully injected to the slave ECU when the first communication key is determined to be the same as the second communication key by using the preset bit of the second check code and the second random number;
and the slave ECU is used for receiving the message of successful communication key injection.
To achieve the above object, an embodiment of the present invention further provides a communication key injection apparatus, including a processor, a memory, and a computer program stored in the memory and configured to be executed by the processor, where the processor implements the communication key injection method as described above when executing the computer program.
In order to achieve the above object, an embodiment of the present invention further provides a communication key injection system, which includes a master ECU and at least one slave ECU, wherein the slave ECU performs a communication key injection method applied to the slave ECU, and the master ECU performs a communication key injection method applied to the master ECU.
To achieve the above object, embodiments of the present invention also provide a computer-readable storage medium including a stored computer program; wherein the computer program, when executed, controls a device in which the computer readable storage medium is located to perform the communication key injection method as described above.
Compared with the prior art, the communication key injection method, device, equipment, system and storage medium provided by the embodiment of the invention can ensure the consistency of the communication key obtained by learning from the ECU by adopting the authentication mode of the random number and the check code, prevent an attacker from maliciously acquiring or tampering the key and realize the safe injection of the communication key. In addition, the embodiment of the invention combines the PKI (Public Key Infrastructure ) issuing key and the diagnosis injection key, and uses the encryption algorithm to realize the safe injection of the communication key, thereby having short calculation time, flexibility and convenience.
Drawings
Fig. 1 is a flowchart of a communication key injection method according to an embodiment of the present invention;
FIG. 2 is a flow chart of a master ECU interacting with a slave ECU provided by an embodiment of the present invention;
FIG. 3 is a flow chart of a method for injecting a communication key according to an embodiment of the present invention;
fig. 4 is a block diagram of a communication key injection device according to an embodiment of the present invention.
Detailed Description
The following description of the embodiments of the present invention will be made clearly and completely with reference to the accompanying drawings, in which it is apparent that the embodiments described are only some embodiments of the present invention, but not all embodiments. All other embodiments, which can be made by those skilled in the art based on the embodiments of the invention without making any inventive effort, are intended to be within the scope of the invention.
Referring to fig. 1, fig. 1 is a flowchart of a communication key injection method according to an embodiment of the present invention, where the communication key injection method is applied to a slave ECU, and the communication key injection method includes:
s11, receiving and analyzing a second diagnosis instruction to obtain a second original key carried in the second diagnosis instruction;
s12, under the condition that the first original key is the same as the second original key, encrypting the first random number by using the second original key to obtain a second communication key, and encrypting the second random number by using the second communication key to obtain a second check code;
s13, sending the preset bit of the second check code and the second random number to a main ECU;
s14, receiving a message that the transmitted communication key is successfully injected when the main ECU judges that the first communication key is the same as the second communication key by utilizing the preset bit of the second check code and the second random number;
the first original key is an original key carried in a first diagnosis instruction received by the master ECU, the first random number is randomly generated and sent by the master ECU, the first communication key is obtained by encrypting the first random number by the master ECU through the first original key, and the second random number is randomly generated by the slave ECU.
It will be appreciated that the diagnostic device transmits an extended session command to both the master ECU and the slave ECU, which both enter an extended session mode and pass secure access in response to the extended session command, at which point the master ECU and the slave ECU may receive the diagnostic command transmitted by the diagnostic device.
Since the response of the master ECU is extremely fast, the diagnostic device first sends a second diagnostic instruction to the slave ECU to write the original key, called the second original key, to the slave ECU; after the slave ECU feeds back the success of writing to the diagnostic device, a diagnostic instruction is sent to the master ECU to write an original key, which is referred to as a first original key, to the master ECU.
The main ECU encrypts a first random number generated randomly by using a first original key to obtain a first communication key, and preferably, the first communication key is encrypted by adopting an AES-128 algorithm;
the communication key is learned by the ECU through the second original key, specifically, the second communication key is obtained by encrypting the first random number through the second original key under the condition that the first original key is the same as the second original key, and preferably, the encryption is carried out through an AES-128 algorithm; encrypting the second random number with the second communication key to obtain a second check code, preferably by using an AES-128-CMAC algorithm; transmitting the second check code and the second random number to a main ECU;
and the master ECU judges whether the first communication key is identical to the second communication key by using the second check code and the second random number, if so, the master ECU indicates that the key learning is successful, namely the communication key injection is successful, and sends a message of successful communication key injection to the slave ECU, and if not, the master ECU indicates that the key learning is failed, namely the communication key injection is failed, and sends a message of failed communication key injection to the slave ECU.
A message is received from the ECU that the communication key injection was successful or that the communication key injection failed.
In an alternative embodiment, in the case that the first original key is the same as the second original key, encrypting the first random number with the second original key to obtain a second communication key, and encrypting the second random number with the second communication key to obtain a second check code, including:
receiving a preset bit of a first check code and the first random number sent by the main ECU; the first check code is obtained by encrypting the first random number by the main ECU through the first original key;
and verifying the preset bit of the first check code by using the second original key and the first random number, encrypting the first random number by using the second original key after verification is passed to obtain a second communication key, and encrypting the second random number by using the second communication key to obtain a second check code.
Specifically, the verifying the preset bit of the first check code by using the second original key and the first random number, encrypting the first random number by using the second original key to obtain a second communication key, and encrypting the second random number by using the second communication key to obtain a second check code after the verification is passed, including:
encrypting the main random by using the second original key to obtain a third check code;
and under the condition that the third check code is the same as the preset bit of the first check code, encrypting the first random number by using the second original key to obtain a second communication key, and encrypting the second random number by using the second communication key to obtain a second check code.
In the embodiment of the invention, the main ECU also encrypts the first random number by using the first original key to obtain a first check code, and preferably, an AES-128-CMAC algorithm is adopted here; transmitting the first check code and the first random number to a slave ECU;
and receiving the first check code and the first random number from the ECU, verifying the first check code by using a second original key, and if verification passes, indicating that the first original key is the same as the second original key, and generating a second communication key by using the second original key to finish the injection of the second communication key.
The embodiment of the invention adopts an authentication mode of the dual random numbers of the master ECU and the slave ECU and the MAC, further ensures the consistency of the original secret key written by the master ECU and the slave ECU and the consistency of the communication secret key obtained by learning, and prevents an attacker from maliciously acquiring or tampering with the secret key;
in an alternative embodiment, the receiving the message that the master ECU determines that the first communication key is the same as the second communication key by using the preset bit of the second check code and the second random number, includes:
and receiving a message that the master ECU verifies the preset bit of the second check code by using the first communication key and the second random number, and successfully injects the communication key after the verification is passed.
Specifically, the receiving the message that the master ECU verifies the preset bit of the second check code by using the first communication key and the second random number, and after the verification passes, the message that the communication key injection is successful is sent later includes:
and receiving a message that the transmitted communication key is successfully injected when a fourth check code obtained by encrypting the second random number by the main ECU by using the first communication key is the same as the preset bit of the second check code.
In the embodiment of the invention, the main ECU uses the first communication key to verify the second check code, and the verification indicates that the first communication key is the same as the second communication key, namely the key learning is successful, and the successful injection of the communication key is completed.
In an alternative embodiment, the communication key injection method further includes:
feeding back a key learning result to the diagnostic device, the key learning result comprising: the key learning result of the whole vehicle, the key learning result of the slave ECU and the state of the slave ECU.
In the embodiment of the invention, the result feedback is the whole vehicle learning result, the ECU learning result and the ECU state, so that the problem fault can be accurately positioned and checked conveniently according to the result feedback.
For a better understanding of the embodiments of the present invention, it is shown in fig. 2:
firstly, a diagnosis device Tester sends diagnosis instructions to a slave ECU and a master ECU, and the diagnosis instructions are stored in an original key MK;
the master ECU generates a random number RA1, encrypts the random number RA1 by using an original key stored in the master ECU to generate a check code MAC1, encrypts the random number RA1 by using the original key stored in the master ECU to generate a communication key CK1 of the master ECU, and encrypts the random number RA1 and the MAC1 with the length of 4 bytes MSB (MSB is the most significant bit, most significant bit) to the slave ECU;
receipt of random numbers RA1 and MAC1 from an ECU MSB Verification of MAC1 with stored original key from ECU MSB ;
After verification, the slave ECU also encrypts the random number RA1 by using the original key MK stored in the slave ECU to generate a communication key CK2 of the slave ECU;
random number RA2 is generated from ECU, check code MAC2 is generated by encrypting random number RA2 by communication key CK2, and random number RA2 and MAC2 with 4byte length are generated MSB Send to the main ECU;
the main ECU receives random numbers RA2 and MAC2 MSB Checking MAC2 with communication key CK1 MSB ;
The verification is successful through key learning, and the learning result is fed back to the diagnostic equipment Tester through the diagnostic instruction.
Therefore, the random number in the embodiment of the invention can be obtained through the diagnosis instruction after entering the extended session and being accessed safely, and the communication key can be obtained through calculation after inquiring the original key by combining with the cloud, so that the security of the key obtaining environment is ensured, and the flexibility of key obtaining is ensured; the AES-128+AES-128-CMAC algorithm is adopted, and the authentication mode of the dual random number+MAC of the master ECU and the slave ECU ensures the consistency of the original secret key written in by the master ECU and the slave ECU and the consistency of the communication secret key obtained by learning, thereby preventing an attacker from maliciously acquiring or tampering the secret key; the result feedback is the whole vehicle learning result, the ECU learning result and the ECU state, so that the problem fault can be accurately positioned and checked conveniently according to the result feedback.
Referring to fig. 3, fig. 3 is a further flowchart of a communication key injection method according to an embodiment of the present invention, where the communication key injection method is applied to a main ECU, and the communication key injection method includes:
s21, receiving and analyzing a first diagnosis instruction to obtain a first original key carried in the first diagnosis instruction;
s22, randomly generating a first random number, and encrypting the first random number by using the first original key to obtain a first communication key;
s23, the first random number is sent to a slave ECU;
s24, receiving the preset bit and the second random number of the second check code sent from the ECU; the second random number is randomly generated by the slave ECU, the second check code is obtained by encrypting the second random number by the slave ECU through a second communication key, and the second communication key is obtained by encrypting the first random number by the second original key when the slave ECU judges that the first original key is the same as the second original key;
and S25, sending a message of successful communication key injection to the slave ECU when the first communication key is judged to be the same as the second communication key by utilizing the preset bit of the second check code and the second random number.
In an alternative embodiment, the communication key injection method further includes:
encrypting the first random number by using the first original key to obtain a first check code;
transmitting preset bits of the first check code to the slave ECU;
the second communication key is obtained by encrypting the first random number by using the second original key when the slave ECU determines that the first original key and the second original key are the same, and includes:
the second communication key is obtained by the secondary ECU verifying the preset bit of the first check code by using the second original key and the first random number, and encrypting the first random number by using the second original key after the verification is passed.
Specifically, the second communication key is obtained by the slave ECU verifying the preset bit of the first check code by using the second original key and the first random number, and after the verification is passed, encrypting the first random number by using the second original key, and includes:
the second communication key is a third check code obtained by encrypting the main random by using the second original key, and the second communication key is obtained by encrypting the first random number by using the second original key under the condition that the third check code is the same as the preset bit of the first check code.
In an alternative embodiment, the sending a message to the slave ECU that the communication key injection is successful in a case that the first communication key is determined to be the same as the second communication key using the preset bit of the second check code and the second random number includes:
and verifying the preset bit of the second check code by using the first communication key and the second random number, and sending a message of successful communication key injection to the slave ECU after verification is passed.
Specifically, the verifying the preset bit of the second check code by using the first communication key and the second random number, and after the verification is passed, sending a message that the communication key injection is successful to the slave ECU, including:
and sending a message of successful communication key injection to the slave ECU under the condition that a fourth check code obtained by encrypting the second random number by using the first communication key is the same as the preset bit of the second check code.
It should be noted that, the working process of the communication key injection method according to the embodiment of the present invention may refer to the working process of the communication key injection method according to the foregoing embodiment, which is not described herein again.
The embodiment of the invention also provides a communication key injection device, which comprises a master ECU and at least one slave ECU;
the slave ECU is used for receiving and analyzing a second diagnosis instruction to obtain a second original key carried in the second diagnosis instruction;
the ECU is used for receiving and analyzing a first diagnosis instruction to obtain a first original key carried in the first diagnosis instruction;
the ECU is used for generating a first random number and sending the first random number to the slave ECU;
the slave ECU is configured to receive the first random number, encrypt the first random number with the second original key to obtain a second communication key, encrypt the second random number randomly generated by the slave ECU with the second communication key to obtain a second check code, and send preset bits of the second check code and the second random number to the master ECU when it is determined that the first original key is the same as the second original key;
the master ECU is configured to receive the preset bit of the second check code and the second random number, and send a message that the communication key is successfully injected to the slave ECU when the first communication key is determined to be the same as the second communication key by using the preset bit of the second check code and the second random number;
and the slave ECU is used for receiving the message of successful communication key injection.
Optionally, the ECU is further configured to encrypt the first random number with the first original key to obtain a first check code, and send preset bits of the first check code to the slave ECU;
the slave ECU is further configured to receive a preset bit of the first check code, verify the preset bit of the first check code by using the second original key and the first random number, encrypt the first random number by using the second original key after verification is passed to obtain a second communication key, and encrypt the second random number by using the second communication key to obtain a second check code.
Optionally, the verifying the preset bit of the first check code by using the second original key and the first random number, after the verification is passed, encrypting the first random number by using the second original key to obtain a second communication key, and encrypting the second random number by using the second communication key to obtain a second check code, including:
encrypting the main random by using the second original key to obtain a third check code;
and under the condition that the third check code is the same as the preset bit of the first check code, encrypting the first random number by using the second original key to obtain a second communication key, and encrypting the second random number by using the second communication key to obtain a second check code.
Optionally, the sending, to the slave ECU, a message that the communication key injection is successful when it is determined that the first communication key is the same as the second communication key by using the preset bit of the second check code and the second random number, includes:
and verifying the preset bit of the second check code by using the first communication key and the second random number, and sending a message of successful communication key injection to the slave ECU after verification is passed.
Specifically, the verifying the preset bit of the second check code by using the first communication key and the second random number, and after the verification is passed, sending a message that the communication key injection is successful to the slave ECU, including:
and sending a message of successful communication key injection to the slave ECU under the condition that a fourth check code obtained by encrypting the second random number by using the first communication key is the same as the preset bit of the second check code.
It should be noted that, the working process of each module in the communication key injection device according to the embodiment of the present invention may refer to the working process of the communication key injection method according to the foregoing embodiment, which is not described herein.
The embodiment of the invention also provides a communication key injection system which comprises a master ECU and at least one slave ECU, wherein the slave ECU executes a communication key injection method applied to the slave ECU, and the master ECU executes a communication key injection method applied to the master ECU.
The embodiment of the invention also provides a computer readable storage medium, which comprises a stored computer program; wherein the computer program, when executed, controls a device in which the computer readable storage medium is located to perform the communication key injection method according to any one of the embodiments.
Referring to fig. 4, fig. 4 is a block diagram illustrating a communication key injection device 20 according to an embodiment of the present invention, where the communication key injection device 20 includes: a processor 21, a memory 22 and a computer program stored in said memory 22 and executable on said processor 21. The steps of the above-described embodiments of the communication key injection method are implemented when the processor 21 executes the computer program. Alternatively, the processor 21 may implement the functions of the modules/units in the above-described device embodiments when executing the computer program.
Illustratively, the computer program may be partitioned into one or more modules/units that are stored in the memory 22 and executed by the processor 21 to complete the present invention. The one or more modules/units may be a series of computer program instruction segments capable of performing specific functions for describing the execution of the computer program in the communication key injection device 20.
The communication key injection device 20 may include, but is not limited to, a processor 21, a memory 22. It will be appreciated by those skilled in the art that the schematic diagram is merely an example of the communication key injection device 20 and is not meant to be limiting of the communication key injection device 20, and may include more or less components than illustrated, or may combine certain components, or different components, e.g., the communication key injection device 20 may also include input and output devices, network access devices, buses, etc.
The processor 21 may be a central processing unit (Central Processing Unit, CPU), but may also be other general purpose processors, digital signal processors (Digital Signal Processor, DSP), application specific integrated circuits (Application Specific Integrated Circuit, ASIC), field-programmable gate arrays (Field-Programmable Gate Array, FPGA) or other programmable logic devices, discrete gate or transistor logic devices, discrete hardware components, or the like. The general purpose processor may be a microprocessor or the processor may be any conventional processor or the like, and the processor 21 is a control center of the communication key injection device 20, and connects the respective parts of the entire communication key injection device 20 using various interfaces and lines.
The memory 22 may be used to store the computer program and/or module, and the processor 21 may implement various functions of the communication key injection device 20 by executing or executing the computer program and/or module stored in the memory 22 and invoking data stored in the memory 22. The memory 22 may mainly include a storage program area and a storage data area, wherein the storage program area may store an operating system, an application program (such as a sound playing function, an image playing function, etc.) required for at least one function, and the like; the storage data area may store data (such as audio data, phonebook, etc.) created according to the use of the handset, etc. In addition, the memory 22 may include high-speed random access memory, and may also include non-volatile memory, such as a hard disk, memory, plug-in hard disk, smart Media Card (SMC), secure Digital (SD) Card, flash Card (Flash Card), at least one disk storage device, flash memory device, or other volatile solid-state storage device.
Wherein the modules/units integrated by the communication key injection device 20 may be stored in a computer readable storage medium if implemented in the form of software functional units and sold or used as a stand alone product. Based on such understanding, the present invention may implement all or part of the flow of the method of the above embodiment, or may be implemented by a computer program to instruct related hardware, where the computer program may be stored in a computer readable storage medium, and the computer program may implement the steps of each of the method embodiments described above when executed by the processor 21. Wherein the computer program comprises computer program code which may be in source code form, object code form, executable file or some intermediate form etc. The computer readable medium may include: any entity or device capable of carrying the computer program code, a recording medium, a U disk, a removable hard disk, a magnetic disk, an optical disk, a computer Memory, a Read-Only Memory (ROM), a random access Memory (RAM, random Access Memory), an electrical carrier signal, a telecommunications signal, a software distribution medium, and so forth.
It should be noted that the above-described apparatus embodiments are merely illustrative, and the units described as separate units may or may not be physically separate, and units shown as units may or may not be physical units, may be located in one place, or may be distributed over a plurality of network units. Some or all of the modules may be selected according to actual needs to achieve the purpose of the solution of this embodiment. In addition, in the drawings of the embodiment of the device provided by the invention, the connection relation between the modules represents that the modules have communication connection, and can be specifically implemented as one or more communication buses or signal lines. Those of ordinary skill in the art will understand and implement the present invention without undue burden.
While the foregoing is directed to the preferred embodiments of the present invention, it will be appreciated by those skilled in the art that changes and modifications may be made without departing from the principles of the invention, such changes and modifications are also intended to be within the scope of the invention.
Claims (10)
1. A communication key injection method, which is applied to a slave ECU, comprising:
receiving and analyzing a second diagnosis instruction to obtain a second original key carried in the second diagnosis instruction;
under the condition that the first original key is the same as the second original key, encrypting the first random number by using the second original key to obtain a second communication key, and encrypting the second random number by using the second communication key to obtain a second check code;
transmitting the preset bit of the second check code and the second random number to a main ECU;
receiving a message that the main ECU successfully injects the sent communication key when the first communication key is judged to be the same as the second communication key by utilizing the preset bit of the second check code and the second random number;
the first original key is an original key carried in a first diagnosis instruction received by the master ECU, the first random number is randomly generated and sent by the master ECU, the first communication key is obtained by encrypting the first random number by the master ECU through the first original key, and the second random number is randomly generated by the slave ECU.
2. The communication key injection method according to claim 1, wherein, in the case that the first original key is the same as the second original key, encrypting the first random number with the second original key to obtain the second communication key, and encrypting the second random number with the second communication key to obtain the second check code, includes:
receiving a preset bit of a first check code and the first random number sent by the main ECU; the first check code is obtained by encrypting the first random number by the main ECU through the first original key;
and verifying the preset bit of the first check code by using the second original key and the first random number, encrypting the first random number by using the second original key after verification is passed to obtain a second communication key, and encrypting the second random number by using the second communication key to obtain a second check code.
3. The communication key injection method according to claim 1, wherein said receiving a message that the master ECU has successfully injected the transmitted communication key when it is determined that the first communication key is identical to the second communication key using the preset bit of the second check code and the second random number, comprises:
and receiving a message that the master ECU verifies the preset bit of the second check code by using the first communication key and the second random number, and successfully injects the communication key after the verification is passed.
4. A communication key injection method, which is applied to a main ECU, the communication key injection method comprising:
receiving and analyzing a first diagnosis instruction to obtain a first original key carried in the first diagnosis instruction;
randomly generating a first random number, and encrypting the first random number by using the first original key to obtain a first communication key;
transmitting the first random number to a slave ECU;
receiving the preset bit and the second random number of the second check code sent from the ECU; the second random number is randomly generated by the slave ECU, the second check code is obtained by encrypting the second random number by the slave ECU through a second communication key, and the second communication key is obtained by encrypting the first random number by the second original key when the slave ECU judges that the first original key is the same as the second original key;
and sending a message of successful communication key injection to the slave ECU when the first communication key is judged to be the same as the second communication key by using the preset bit of the second check code and the second random number.
5. The communication key injection method of claim 4, further comprising:
encrypting the first random number by using the first original key to obtain a first check code;
transmitting preset bits of the first check code to the slave ECU;
the second communication key is obtained by encrypting the first random number by using the second original key when the slave ECU determines that the first original key and the second original key are the same, and includes:
the second communication key is obtained by the secondary ECU verifying the preset bit of the first check code by using the second original key and the first random number, and encrypting the first random number by using the second original key after the verification is passed.
6. The communication key injection method according to claim 4, wherein the transmitting a message of successful communication key injection to the slave ECU in the case that it is determined that the first communication key is identical to the second communication key using the preset bit of the second check code and the second random number, comprises:
and verifying the preset bit of the second check code by using the first communication key and the second random number, and sending a message of successful communication key injection to the slave ECU after verification is passed.
7. The communication key injection device is characterized by comprising a master ECU and at least one slave ECU;
the slave ECU is used for receiving and analyzing a second diagnosis instruction to obtain a second original key carried in the second diagnosis instruction;
the ECU is used for receiving and analyzing a first diagnosis instruction to obtain a first original key carried in the first diagnosis instruction;
the ECU is used for generating a first random number and sending the first random number to the slave ECU;
the slave ECU is configured to receive the first random number, encrypt the first random number with the second original key to obtain a second communication key, encrypt the second random number randomly generated by the slave ECU with the second communication key to obtain a second check code, and send preset bits of the second check code and the second random number to the master ECU when it is determined that the first original key is the same as the second original key;
the master ECU is configured to receive the preset bit of the second check code and the second random number, and send a message that the communication key is successfully injected to the slave ECU when the first communication key is determined to be the same as the second communication key by using the preset bit of the second check code and the second random number;
and the slave ECU is used for receiving the message of successful communication key injection.
8. A communication key injection device comprising a processor, a memory and a computer program stored in the memory and configured to be executed by the processor, the processor implementing the communication key injection method according to any one of claims 1 to 7 when the computer program is executed.
9. A communication key injection system comprising a master ECU and at least one slave ECU, the slave ECU performing the communication key injection method according to any one of claims 1 to 3, the master ECU performing the communication key injection method according to any one of claims 4 to 6.
10. A computer readable storage medium, wherein the computer readable storage medium comprises a stored computer program; wherein the computer program, when run, controls a device in which the computer readable storage medium is located to perform the communication key injection method according to any one of claims 1 to 7.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202311140867.2A CN117254904A (en) | 2023-09-05 | 2023-09-05 | Communication key injection method, device, equipment, system and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202311140867.2A CN117254904A (en) | 2023-09-05 | 2023-09-05 | Communication key injection method, device, equipment, system and storage medium |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN117254904A true CN117254904A (en) | 2023-12-19 |
Family
ID=89127255
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202311140867.2A Pending CN117254904A (en) | 2023-09-05 | 2023-09-05 | Communication key injection method, device, equipment, system and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN117254904A (en) |
-
2023
- 2023-09-05 CN CN202311140867.2A patent/CN117254904A/en active Pending
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US10708062B2 (en) | In-vehicle information communication system and authentication method | |
| CN110519260B (en) | Information processing method and information processing device | |
| US10419220B2 (en) | Management device, key generating device, vehicle, maintenance tool, management system, management method, and computer program | |
| KR101066063B1 (en) | System, apparatus and method for replacing a cryptographic key | |
| US8396218B2 (en) | Cryptographic module distribution system, apparatus, and program | |
| CN112187544B (en) | Firmware upgrading method, device, computer equipment and storage medium | |
| CN109981562B (en) | Software development kit authorization method and device | |
| US20110264911A1 (en) | Memory device, host device, and memory system | |
| DE102014204713A1 (en) | Generation of keys using secure hardware | |
| CN109818747B (en) | Digital signature method and device | |
| CN104902138B (en) | Encryption/deciphering system and its control method | |
| DE102016112552A1 (en) | Data ciphering and decryption based on device and data authentication | |
| CN106295373B (en) | A kind of data transmission encryption device realized based on M-PHY interface | |
| CN112311718A (en) | Method, device and equipment for detecting hardware and storage medium | |
| CN113438205A (en) | Block chain data access control method, node and system | |
| Pfeiffer | Implementing scalable can security with cancrypt | |
| KR102569893B1 (en) | Method of providing secure in-vehicle network communication and appratus for implementing the same | |
| WO2020000491A1 (en) | File storage method and apparatus, and storage medium | |
| CN111901109B (en) | White-box-based communication method, device, equipment and storage medium | |
| CN117435226A (en) | Data refreshing method, device and storage medium of vehicle-mounted electronic control unit | |
| CN106295372B (en) | A kind of encryption Hub device realized based on EMMC interface | |
| CN116527301A (en) | Anti-counterfeiting method, device, vehicle and system for controller | |
| CN116821918A (en) | Online upgrading method, chip device, computer terminal and storage medium | |
| CN117254904A (en) | Communication key injection method, device, equipment, system and storage medium | |
| CN114338091B (en) | Data transmission method, device, electronic equipment and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |