CN208956085U - In-vehicle networking security certification system and vehicle - Google Patents
In-vehicle networking security certification system and vehicle Download PDFInfo
- Publication number
- CN208956085U CN208956085U CN201821381724.5U CN201821381724U CN208956085U CN 208956085 U CN208956085 U CN 208956085U CN 201821381724 U CN201821381724 U CN 201821381724U CN 208956085 U CN208956085 U CN 208956085U
- Authority
- CN
- China
- Prior art keywords
- vehicle
- communication unit
- vehicular communication
- authentication device
- mounted authentication
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Landscapes
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
Abstract
This disclosure relates to a kind of In-vehicle networking security certification system and vehicle, the system includes: vehicle-mounted authentication device, the first vehicular communication unit and the second vehicular communication unit connecting respectively with the vehicle-mounted authentication device, first vehicular communication unit are connected with second vehicular communication unit;Wherein, the vehicle-mounted authentication device is for authenticating whether first vehicular communication unit and second vehicular communication unit are authorization device;The vehicle-mounted authentication device is when authenticating first vehicular communication unit and second vehicular communication unit is the authorization device, authentication pass information is sent to first vehicular communication unit and second vehicular communication unit respectively, so that first vehicular communication unit is communicated with second vehicular communication unit.
Description
Technical field
This disclosure relates to network safety filed, and in particular, to a kind of In-vehicle networking security certification system and vehicle.
Background technique
With the popularization and application of vehicle-mounted Ethernet bus inside the vehicle, have the tendency that gradually replacing other buses greatly.Vehicle
Ethernet is carried while offering convenience, many security risks is also introduced into, needs that corresponding scheme is taken to be protected, it is existing
In technical solution, the certification in vehicle T-BOX module and cloud is only realized, is not implemented and the safety of interior each controller is recognized
Card, when ((Advanced Driver Assistance Systems, advanced auxiliary drive system to such as ADAS to vehicular communication unit
System), IVI (In-Vehicle Infotainment, vehicle-mounted information and entertainment system), OBD (On-Board Diagnostic, vehicle
Carry diagnostic system) etc. devices) access In-vehicle networking when, vehicle can not identify whether the vehicular communication unit is that depot issues or awards
The device of power is unfavorable for the communication security of In-vehicle networking.
Utility model content
To solve problems of the prior art, the disclosure provides a kind of In-vehicle networking security certification system and vehicle.
According to the first aspect of the embodiments of the present disclosure, a kind of In-vehicle networking security certification system is provided, the system comprises
Vehicle-mounted authentication device, the first vehicular communication unit being connect respectively with the vehicle-mounted authentication device and the second vehicle-carrying communication dress
It sets, first vehicular communication unit is connected with second vehicular communication unit;Wherein, the vehicle-mounted authentication device is for recognizing
Demonstrate,prove whether first vehicular communication unit and second vehicular communication unit are authorization device;The vehicle-mounted authentication device
When authenticating first vehicular communication unit and second vehicular communication unit is the authorization device, respectively to described
First vehicular communication unit and second vehicular communication unit send authentication pass information, so as to first vehicle-carrying communication
Device is communicated with second vehicular communication unit.
Optionally, the vehicle-mounted authentication device includes information exchange component and the vehicle that connect with the information exchange component
Certified component is carried, the vehicle-mounted certified component includes micro-control unit MCU and the hardware security module that connect with the MCU
HSM;First vehicular communication unit includes MCU and the HSM that connect with the MCU;The second vehicular communication unit packet
The HSM for including MCU and being connect with the MCU.
Optionally, the vehicle-mounted authentication device is also used to as first vehicular communication unit and described second vehicle-mounted logical
T unit signs and issues digital certificate.
Optionally, the vehicle-mounted authentication device is used to determine whether the digital certificate of vehicular communication unit vehicle-mounted to be recognized by described
Card device is signed and issued;When determining that the digital certificate is signed and issued by the vehicle-mounted authentication device, determine that the digital certificate is corresponding
Vehicular communication unit is the authorization device.
Optionally, the vehicle-mounted authentication device includes on-vehicle safety gateway.
Optionally, the information exchange component includes Ethernet switching chip.
According to the second aspect of an embodiment of the present disclosure, a kind of vehicle is provided, including vehicle-mounted described in disclosure first aspect
Network security authentication system.
Through the above technical solutions, the vehicular communication unit in the In-vehicle networking security certification system accesses In-vehicle networking
When, it can identify whether the vehicular communication unit is the device authorized by the vehicle-mounted authentication device in the system, to have
Effect contains that uncommitted illegal communication device accesses the In-vehicle networking, improves the communication security of In-vehicle networking.
Other feature and advantage of the disclosure will the following detailed description will be given in the detailed implementation section.
Detailed description of the invention
Attached drawing is and to constitute part of specification for providing further understanding of the disclosure, with following tool
Body embodiment is used to explain the disclosure together, but does not constitute the limitation to the disclosure.In the accompanying drawings:
Fig. 1 is the structural block diagram of the first In-vehicle networking security certification system shown according to an exemplary embodiment;
Fig. 2 is the structural block diagram of second of In-vehicle networking security certification system shown according to an exemplary embodiment.
Specific embodiment
It is described in detail below in conjunction with specific embodiment of the attached drawing to the disclosure.It should be understood that this place is retouched
The specific embodiment stated is only used for describing and explaining the disclosure, is not limited to the disclosure.
To solve the problems, such as to exist in the prior art, the disclosure provides a kind of In-vehicle networking security certification system and vehicle,
When vehicular communication unit in the In-vehicle networking security certification system accesses In-vehicle networking, it can be recognized by vehicle-mounted in the system
Card device identifies whether the vehicular communication unit is the device authorized, to effectively contain uncommitted illegal communication device
The In-vehicle networking is accessed, the communication security of In-vehicle networking is improved.
The disclosure is described in detail below by specific embodiment.
Fig. 1 is a kind of structural block diagram of In-vehicle networking security certification system shown according to an exemplary embodiment, such as Fig. 1
Shown, which includes: vehicle-mounted authentication device 101, is connected respectively with the vehicle-mounted authentication device 101
The first vehicular communication unit 102 and the second vehicular communication unit 103 connect, first vehicular communication unit 102 and this second
Vehicular communication unit 103 is connected;Wherein, the vehicle-mounted authentication device 101 is for authenticating first vehicular communication unit 102 and being somebody's turn to do
Whether the second vehicular communication unit 102 is authorization device;The vehicle-mounted authentication device 101 is authenticating first vehicular communication unit
102 and second vehicular communication unit 103 be the authorization device when, respectively to first vehicular communication unit 102 and should
Second vehicular communication unit 103 sends authentication pass information, so as to first vehicular communication unit 102 and second vehicle-carrying communication
Device 103 is communicated.
Wherein, which can
To include in the car-mounted devices such as advanced DAS (Driver Assistant System) ADAS, vehicle-mounted information and entertainment system IVI, onboard diagnostic system OBD
Any one device, first vehicular communication unit may include the device for initiating communication request, second vehicular communication unit
It may include the device for responding the communication request, for example, when ADAS sends communication request to IVI, first vehicle-carrying communication dress
It sets as ADAS, which is IVI.
Optionally, Fig. 2 is a kind of structural frames of In-vehicle networking security certification system shown according to an exemplary embodiment
Figure, as shown in Fig. 2, the vehicle-mounted authentication device 101 includes information exchange component 1011 and connects with the information exchange component 1011
The vehicle-mounted certified component 1012 connect, the vehicle-mounted certified component 1012 include MCU (Micro Controller Unit, microcontroller list
Member) the 10121 and HSM (Hardware Security Modules, hardware security module) that is connect with the MCU10121
10122;First vehicular communication unit 102 includes the MCU1021 and HSM1022 connecting with the MCU1021;This is second vehicle-mounted
Communication device 103 includes the MCU1031 and HSM1032 connecting with the MCU1031.
Wherein, the HSM in the In-vehicle networking security certification system can safely manage, handle and save communication key,
Protection is provided to execute important code safely.
Optionally, which can be also used for as first vehicular communication unit 102 and second vehicle
Carried communication device 103 signs and issues digital certificate.
Since digital certificate is the network security certification mode for ensureing that one kind of communication security is more common, in one kind
In preferred embodiment, the legitimacy of the vehicular communication unit is verified by verifying the digital certificate of vehicular communication unit,
That is, the vehicular communication unit will be oneself one digital certificate of application, specifically, the vehicle before being communicated
Whether carried communication device is authorization device in certification first vehicular communication unit 102 and second vehicular communication unit 103
Before, it is determined whether receive certificate issuance request;It, can be according to the certificate label when determining that receiving the certificate issuance requests
Hair request signs and issues the digital certificate to the vehicular communication unit for sending certificate issuance request according to default certificate issuing policy.
Wherein, certificate issuance request may include identification information (such as vehicular communication unit of the vehicular communication unit
MAC code, the information such as VIN code), which may include: by the mark letter in certificate issuance request
Breath is sent to certificate server, so that whether verify the identification information effective for the certificate server;It is verified in the certificate server
When the identification information is effective, the certificate issuance instruction of certificate server transmission is received;It is instructed according to the certificate issuance to transmission
The vehicular communication unit of certificate issuance request signs and issues the digital certificate.
Illustratively, by first vehicular communication unit 102 to being said for the vehicle-mounted authentication device application digital certificate
Bright, which sends certificate issuance request to the vehicle-mounted authentication device, and certificate issuance request can wrap
The public key information for including the identification information of first vehicular communication unit 102 and being generated by first vehicular communication unit 102, should
The identification information in certificate issuance request is sent to certificate server by vehicle-mounted authentication device, which is connecing
When receiving the certificate issuance that the certificate server is sent according to the identification information and instructing, in certificate issuance request this first
The public key information of vehicular communication unit 102 is signed, and to generate certificate, and it is first vehicle-mounted logical that the certificate of generation is sent to this
T unit 102, to complete the certificate issuance to first vehicular communication unit 102, above-mentioned example is merely illustrative, this public affairs
It opens and this is not construed as limiting.
Optionally, whether which can be also used for determining the digital certificate of vehicular communication unit by this
Vehicle-mounted authentication device 101 is signed and issued;When determining that the digital certificate is signed and issued by the vehicle-mounted authentication device 101, the digital certificate is determined
Corresponding vehicular communication unit is the authorization device.
Specifically, it can receive the first authentication information of first vehicular communication unit 102 transmission and this be second vehicle-mounted
The second authentication information that communication device 103 is sent, then according to first authentication information according to default certification policy authenticate this
Whether one vehicular communication unit 102 is authorization device, and presetting certification policy certification according to this according to second authentication information should
Whether the second vehicular communication unit 103 is authorization device, wherein the certification message (first authentication information or this second recognize
Card information) may include the vehicular communication unit digital certificate certificate information, which can be the vehicle-carrying communication
Identification information, public key information of device etc., due to including certificate holder, certificate issuance mechanism, public key, signature in digital certificate
The information such as algorithm, therefore, in a preferred embodiment, which may include: can be according to the number
Certificate information in certificate determines whether the corresponding digital certificate of authentication information is signed and issued by the vehicle-mounted authentication device;Determining the number
When word certificate is signed and issued by the vehicle-mounted authentication device, determine that the corresponding vehicular communication unit of the digital certificate is authorization device.
It should be noted that the vehicle-mounted authentication device 101 can also realize the function of In-vehicle networking firewall, specifically,
It, can be based on level-one digital certificate (level-one of the vehicle-mounted authentication device before outside vehicle network accesses the In-vehicle networking
Digital certificate can be signed and issued by cloud authentication center) realize two-way authentication between cloud server, and safety chain is established,
To realize the security isolation of vehicle outer net and in-vehicle network, the communication security of In-vehicle networking has further been ensured.
Optionally, which may include on-vehicle safety gateway.
Optionally, which may include Ethernet switching chip.
The disclosure also provides a kind of vehicle, the In-vehicle networking security certification system provided including the disclosure.
Using above-mentioned In-vehicle networking security certification system, when vehicular communication unit within the system accesses In-vehicle networking,
It can identify whether the vehicular communication unit is the device authorized by the vehicle-mounted authentication device in the system, to effectively hold back
It makes uncommitted illegal communication device and accesses the In-vehicle networking, improve the communication security of In-vehicle networking.
The preferred embodiment of the disclosure is described in detail in conjunction with attached drawing above, still, the disclosure is not limited to above-mentioned reality
The detail in mode is applied, in the range of the technology design of the disclosure, a variety of letters can be carried out to the technical solution of the disclosure
Monotropic type, these simple variants belong to the protection scope of the disclosure.
It is further to note that specific technical features described in the above specific embodiments, in not lance
In the case where shield, can be combined in any appropriate way, in order to avoid unnecessary repetition, the disclosure to it is various can
No further explanation will be given for the combination of energy.
In addition, any combination can also be carried out between a variety of different embodiments of the disclosure, as long as it is without prejudice to originally
Disclosed thought equally should be considered as disclosure disclosure of that.
Claims (7)
1. a kind of In-vehicle networking security certification system, which is characterized in that the system comprises vehicle-mounted authentication devices, respectively with institute
State the first vehicular communication unit and the second vehicular communication unit of vehicle-mounted authentication device connection, first vehicular communication unit
It is connected with second vehicular communication unit;
Wherein, the vehicle-mounted authentication device is for authenticating first vehicular communication unit and second vehicular communication unit
It whether is authorization device;
The vehicle-mounted authentication device is described in certification first vehicular communication unit and second vehicular communication unit
When authorization device, certification is sent to first vehicular communication unit and second vehicular communication unit respectively and passes through letter
Breath, so that first vehicular communication unit is communicated with second vehicular communication unit.
2. system according to claim 1, which is characterized in that the vehicle-mounted authentication device include information exchange component and
The vehicle-mounted certified component being connect with the information exchange component, the vehicle-mounted certified component include micro-control unit MCU and with
The hardware security module HSM of the MCU connection;
First vehicular communication unit includes MCU and the HSM that connect with the MCU;
Second vehicular communication unit includes MCU and the HSM that connect with the MCU.
3. system according to claim 2, which is characterized in that the vehicle-mounted authentication device is also used to vehicle-mounted for described first
Communication device and second vehicular communication unit sign and issue digital certificate.
4. system according to claim 3, which is characterized in that the vehicle-mounted authentication device is for determining vehicular communication unit
Digital certificate whether signed and issued by the vehicle-mounted authentication device;Determining that the digital certificate signed and issued by the vehicle-mounted authentication device
When, determine that the corresponding vehicular communication unit of the digital certificate is the authorization device.
5. system according to claim 4, which is characterized in that the vehicle-mounted authentication device includes on-vehicle safety gateway.
6. system according to claim 2, which is characterized in that the information exchange component includes Ethernet switching chip.
7. a kind of vehicle, which is characterized in that including In-vehicle networking security certification system described in any one of claims 1 to 6.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201821381724.5U CN208956085U (en) | 2018-08-24 | 2018-08-24 | In-vehicle networking security certification system and vehicle |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201821381724.5U CN208956085U (en) | 2018-08-24 | 2018-08-24 | In-vehicle networking security certification system and vehicle |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN208956085U true CN208956085U (en) | 2019-06-07 |
Family
ID=66735850
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201821381724.5U Active CN208956085U (en) | 2018-08-24 | 2018-08-24 | In-vehicle networking security certification system and vehicle |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN208956085U (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110427784A (en) * | 2019-07-29 | 2019-11-08 | 浙江吉利新能源商用车集团有限公司 | A kind of security gateway device and safety communicating method of vehicle |
| WO2021129511A1 (en) * | 2019-12-23 | 2021-07-01 | 华为技术有限公司 | Communication method, and related product |
-
2018
- 2018-08-24 CN CN201821381724.5U patent/CN208956085U/en active Active
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110427784A (en) * | 2019-07-29 | 2019-11-08 | 浙江吉利新能源商用车集团有限公司 | A kind of security gateway device and safety communicating method of vehicle |
| WO2021129511A1 (en) * | 2019-12-23 | 2021-07-01 | 华为技术有限公司 | Communication method, and related product |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN109040285A (en) | Method, apparatus, storage medium and the vehicle of In-vehicle networking safety certification | |
| CN106101111B (en) | Vehicle electronics safe communication system and communication means | |
| CN105480192B (en) | Vehicle right to use sharing means, control device and intelligent automobile | |
| CN109347946A (en) | A kind of new-energy automobile communication network structure | |
| CN106713264A (en) | Method for vehicle safety remote control and diagnosis and system thereof | |
| US20170150361A1 (en) | Secure vehicle network architecture | |
| CN109428716A (en) | The encryption key distribution of car group | |
| CN104717071B (en) | Road train data authentication method for authenticating and car-mounted terminal | |
| CN107085870A (en) | Accessed using encryption method regulation vehicle | |
| CN109842862A (en) | Secure short range wireless communication connection is established in the car | |
| CN209030252U (en) | A kind of new-energy automobile communication network structure | |
| CN109830018A (en) | Vehicle based on bluetooth key borrows system | |
| WO2014121708A2 (en) | Message certification application method, device, and system | |
| CN208956085U (en) | In-vehicle networking security certification system and vehicle | |
| CN109688146A (en) | A kind of data access method, gateway controller and automobile | |
| CN108989059A (en) | Car-mounted terminal awakening method and system, server, computer readable storage medium | |
| CN111968256A (en) | Electronic tag anti-dismounting method and device, vehicle and storage medium | |
| CN109890009A (en) | A kind of vehicle communication system | |
| CN202141943U (en) | Vehicle-mounted diagnosis safety verification system | |
| CN110341616B (en) | Electronic and electrical architecture and data management method for intelligent electric automobile | |
| CN112422392B (en) | Whole-vehicle network system of hydrogen energy automobile | |
| CN113268046B (en) | Diagnosis networking safety unlocking implementation system under AUTOSAR framework | |
| CN113954681A (en) | Plug-and-charge function authentication system and control method for electric vehicle | |
| CN113448299B (en) | Vehicle gateway controller, information processing method and vehicle | |
| CN109147097A (en) | Automobile no-key Verification System |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| GR01 | Patent grant | ||
| GR01 | Patent grant |