CN102662692B - Method and system for updating application program in electronic control unit - Google Patents
Method and system for updating application program in electronic control unit Download PDFInfo
- Publication number
- CN102662692B CN102662692B CN201210071649.3A CN201210071649A CN102662692B CN 102662692 B CN102662692 B CN 102662692B CN 201210071649 A CN201210071649 A CN 201210071649A CN 102662692 B CN102662692 B CN 102662692B
- Authority
- CN
- China
- Prior art keywords
- control unit
- electronic control
- updating file
- reprogrammed
- equipment
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Abstract
The invention provides a method and a system for updating an application program in an electronic control unit. The system comprises a remote server, reprogramming equipment and an electronic control unit network, and the method comprises the steps that the reprogramming equipment sends an identity information request to the electronic control unit; the electronic control unit conducts encryption on the self identity information and sends the encrypted identity information to the reprogramming equipment; the reprogramming equipment sends an update file request to the remote server; the remote server generates an encrypted update file according to the application program, and sends the encrypted update file to the reprogramming equipment, and the reprogramming equipment sends the encrypted update file data to the electronic control unit; and the electronic control unit decrypts the encrypted update file data and writes the data of the application program to a storage. According to the method and the system for updating the application program, encryption processing is conducted to the update file containing the application program, thereby ensuring the security of the update file, namely ensuring the security of the application program.
Description
Technical field
The present invention relates to the renewal technology field of the application program of vehicle control device, particularly relate to update method and the system of application program in a kind of electronic control unit.
Background technology
On the rolling stock multiple electronic control unit is installed usually, in order to perform different functions, usually linked together by In vehicle network bus system such as CAN or LIN system between these Electronic Control, in order to realize co-ordination between them and information sharing.
Electronic control unit generally includes internal processor and external unit, and the application program of electronic control unit deposits in the internal storage of processor, or in the chip external memory of external unit.Due to many reasons, such as, the application program existing defects of electronic control unit, or need to increase new function, need to upgrade to the application program be stored in electronic control unit and revise, in this case just need application programs to carry out reprogrammed, namely the application program of electronic control unit is upgraded.
In prior art, remote server storage has the application program of producer, reprogrammed equipment remote server downloads the application program that producer provides, and by application storage in reprogrammed equipment or external memory device, when upgrading the application program in electronic control unit, reprogrammed equipment application programs is resolved, due in application program with address information, therefore application program is resolved to application program address and application data by reprogrammed equipment, then these information are sent to electronic control unit, the application data of correspondence writes in storer according to application program address by electronic control unit.But, application program address and application data are are likely intercepted and captured by disabled user in the process being sent to electronic control unit by reprogrammed equipment, and carry out decompiling, its content may be cracked, namely, there is security risk in the process of transmission in application program, therefore in prior art, the update method of application program cannot ensure the safety of application program.
Summary of the invention
In view of this, the invention provides update method and the system of application program in a kind of electronic control unit, the problem of the safety of application program in electronic control unit cannot be ensured in order to solve existing update method.Its technical scheme is as follows:
The update method of application program in a kind of electronic control unit, be applied to and include: the renewal system of remote server, reprogrammed equipment and electronic control unit network, described electronic control unit has the first key and the second key, described remote server has the first PKI and the first private key, and described reprogrammed equipment has the second PKI and the second private key;
The method comprises:
A: described reprogrammed equipment sends identity information request information to described electronic control unit;
B: described electronic control unit utilizes the identity information of described first double secret key oneself to be encrypted, then sends to described reprogrammed equipment by the identity information after encryption;
C: described reprogrammed equipment sends updating file request to described remote server;
D: described remote server generates updating file according to application program, then described second key, the second PKI and the first private key is utilized, according to the encryption rule preset, described updating file is encrypted, and the updating file of encryption is sent to described reprogrammed equipment;
E: described reprogrammed equipment receives the updating file of described encryption, according to the first deciphering rule preset, described first PKI and the second private key is utilized to carry out first time deciphering to the updating file of described encryption and the updating file of first time deciphering is sent to described electronic control unit;
F: described electronic control unit receives the updating file of deciphering of described first time and deciphers rule according to preset second, the updating file after first time deciphering described in described second double secret key is utilized to carry out second time deciphering, and by the updating file write storer after deciphering;
G: terminate to upgrade.
Described updating file comprises: updating file head and updating file data, and described updating file data comprise: application program head and application data.
Described second key is the random key that described electronic control unit produces;
Described remote server generates updating file according to application program, then utilizes described second key, the second PKI and the first private key, to be encrypted to be specially according to the encryption rule preset to described updating file:
Described remote server utilizes the second PKI of described reprogrammed equipment to be encrypted described updating file head;
Described remote server utilizes the described random key of described electronic control unit to be encrypted described updating file data;
Described remote server utilizes the finger print information encryption of described first private key of oneself to the updating file head of described encryption and the updating file data of described encryption to generate signature.
Described step e is specially:
Described reprogrammed equipment receives the updating file of described encryption, regular according to the first deciphering preset, to utilize the updating file encrypted described in the first public key decryptions of described remote server signature;
Whether the signature of the updating file after checking deciphering is effective, and if so, then the second private key of described reprogrammed equipment utilization oneself deciphers the file header of the updating file of described encryption, and the updating file data of described encryption are sent to described electronic control unit; If not, then step G is performed;
Described step F is specially:
Described electronic control unit receives the updating file data of described encryption, according to the second deciphering rule preset, utilizes described random key decipher the updating file data of described encryption and write in storer by the application data of correspondence according to the application program head in the updating file data after described deciphering.
Also comprise before described steps A:
H: described reprogrammed equipment sends authentication request information to described electronic control unit;
I: described electronic control unit carries out authentication by secure access service to described reprogrammed equipment, and authentication result is sent to described reprogrammed equipment;
J: described reprogrammed equipment judges that whether described authentication result is effective, if so, then performs steps A, if otherwise perform step G.
Also comprise after described step B, before described step C:
K: the identity information of the described electronic control unit encryption received and the identity information of oneself packing, encryption are formed authentication information by described reprogrammed equipment, then described authentication information are sent to described remote server;
L: described remote server receives described authentication information and verifies that whether it is effective, if so, then generates effective identity authentication result, and effective identity authentication result is sent to described reprogrammed equipment, then perform step C, if not, then perform step G.
Described step K comprises:
K1: the identity information of the described electronic control unit encryption received and the identity information of oneself are packed by described reprogrammed equipment, generate the first information;
K2: described in described reprogrammed equipment utilization, the first PKI of remote server is encrypted the described first information, generates the second information;
K3: described reprogrammed equipment utilization hashing algorithm calculates the finger print information of described second information, then utilizes described second private key to encrypt described finger print information, generates digital signature;
K4: described digital signature is attached to after described second information by described reprogrammed equipment, generates authentication information;
K5: described authentication information is sent to described remote server by described reprogrammed equipment.
Described step L comprises:
L1: described remote server receives described authentication information;
L2: the described digital signature of authentication information described in the second public key decryptions that described remote server utilizes described reprogrammed equipment;
L3: described in described remote server verification, whether digital signature is effective, if, then described remote server utilizes described first private key of oneself to decipher described authentication information, obtains the identity information of described electronic control unit encryption, then performs step L4; If not, then step G is performed;
L4: described remote server utilizes the identity information that described in described first secret key decryption of described electronic control unit, electronic control unit is encrypted;
L5: whether the identity information of the described electronic control unit after described remote server verification deciphering is effective, and if so, then described remote server generates effective identity authentication result, and described effective identity authentication result is sent to described reprogrammed equipment; If not, then step G is performed.
Described electronic control unit is the electronic control unit in homogeneous e control module group, and described second key is the key of described homogeneous e control module group;
Described remote server generates updating file according to application program, then utilizes described second key, the second PKI and the first private key, to be encrypted to be specially according to the encryption rule preset to described updating file:
Described remote server utilizes the second PKI of described reprogrammed equipment to be encrypted described updating file head;
Described remote server utilizes updating file data described in the double secret key of described homogeneous e control module group to be encrypted;
Described remote server utilizes the finger print information encryption of described first private key of oneself to the updating file head of described encryption and the updating file data of described encryption to generate signature.
A renewal system for application program in electronic control unit, comprising: remote server, reprogrammed equipment and electronic control unit network;
Described electronic control unit has the first key and the second key, and described remote server has the first PKI and the first private key, and described reprogrammed equipment has the second PKI and the second private key;
Described reprogrammed equipment, for sending identity information request information to described electronic control unit;
Described electronic control unit, for utilizing described first key to be encrypted by the identity information of oneself, then sends to described reprogrammed equipment by the identity information after encryption;
Described reprogrammed equipment is also for sending updating file request to described remote server;
Described remote server, for generating updating file according to application program, then according to described second PKI, the first private key and the second key, according to the encryption rule preset, described updating file is encrypted, and the updating file of encryption is sent to reprogrammed equipment;
Described reprogrammed equipment, also for receiving the updating file of described encryption, according to the first deciphering rule preset, described first PKI and the second private key is utilized to carry out first time deciphering to the updating file of described encryption and the updating file of first time deciphering is sent to described electronic control unit;
Described electronic control unit, also for receiving the updating file of deciphering of described first time and deciphering rule according to preset second, the updating file after first time deciphering described in described second double secret key is utilized to carry out second time deciphering, and by the updating file write storer after deciphering.
In electronic control unit provided by the invention in the update method of application program and system, owing to having carried out encryption to the updating file including application data, therefore ensure that the safety of updating file in transmitting procedure, namely ensure that the safety of application program in electronic control unit to be updated.In addition, remote server counterweight programming device and electronic control unit carry out authentication and make the security of application program in electronic control unit to be updated higher.
Accompanying drawing explanation
In order to be illustrated more clearly in the embodiment of the present invention or technical scheme of the prior art, be briefly described to the accompanying drawing used required in embodiment or description of the prior art below, apparently, accompanying drawing in the following describes is only embodiments of the invention, for those of ordinary skill in the art, under the prerequisite not paying creative work, other accompanying drawing can also be obtained according to the accompanying drawing provided.
The process flow diagram of the application program update method that Fig. 1 provides for the embodiment of the present invention one;
The structural representation of the updating file that Fig. 2 provides for the embodiment of the present invention one;
The structural representation of the updating file of the encryption that Fig. 3 provides for the embodiment of the present invention one;
The process flow diagram of the update method of the application program that Fig. 4 provides for the embodiment of the present invention two;
The process flow diagram of the update method of the application program that Fig. 5 provides for the embodiment of the present invention three;
The structural representation of the renewal system of the application program that Fig. 6 provides for the embodiment of the present invention four.
Embodiment
Below in conjunction with the accompanying drawing in the embodiment of the present invention, be clearly and completely described the technical scheme in the embodiment of the present invention, obviously, described embodiment is only the present invention's part embodiment, instead of whole embodiments.Based on the embodiment in the present invention, those of ordinary skill in the art, not making the every other embodiment obtained under creative work prerequisite, belong to the scope of protection of the invention.
Embodiment one
The embodiment of the present invention one provides a kind of update method of application program, is applied to and includes: the renewal system of remote server, reprogrammed equipment and electronic control unit network.Electronic control unit has the first key K ey1 and the second key K ey2, wherein, first key K ey1 is solidificated in the internal storage of electronic control unit, reprogrammed equipment and remote server have pair of secret keys separately, suppose that remote server has the first PKI PublicKey1 and the first private key PrivateKey1, reprogrammed equipment has the second PKI PublicKey2 and the second private key PrivateKey2.In the present embodiment, electronic control unit is an electronic control unit in the electronic control unit network of application program update system.The process flow diagram of the method that Fig. 1 provides for the embodiment of the present invention one, the method comprises:
S101: reprogrammed equipment sends authentication request information T101 to electronic control unit.
S102: electronic control unit carries out authentication by secure access service counterweight programming device, and authentication result T102 is sent to reprogrammed equipment.
S103: reprogrammed equipment judges that whether authentication result T102 is effective, and if so, then reprogrammed equipment sends identity information request information T103 to electronic control unit, then performs step S104; If not, then more new technological process is terminated.
S104: electronic control unit utilizes the identity information of the first key K ey1 to oneself to be encrypted, then sends to reprogrammed equipment by the identity information T104 after encryption.
Wherein, the identity information of electronic control unit includes but not limited to: identity ID, random verification code and random key.Random key be electronic control unit receive reprogrammed equipment send identity information request information T103 time produce at random.In the present embodiment, the second key K ey2 is the random key in the identity information of electronic control unit.
S105: reprogrammed equipment sends updating file solicited message T105 to remote server.
S106: remote server generates the updating file T106 of encryption, and the updating file T106 of encryption is sent to reprogrammed equipment.In the present embodiment, remote server generates a updating file for each electronic control unit.
The structural representation of the updating file that Fig. 2 provides for the present embodiment, the updating file in Fig. 2 comprises: updating file head F1 and updating file data F2.Wherein, the information of updating file head F1 comprises: the information such as application version, first piece of application program length, updating file data length, electronic control unit ID mask and School Affairs.Updating file data F2 carries out random division by remote server application programs to form N part, the dividing method of each reprogrammed application programs is different, every part is all made up of application program head F21 and application program F22 data, and application program head F21 describes the address of application data F22, length and School Affairs information.In the present embodiment, in step S106, the updating file T106 that remote server generates encryption is specially:
S1061: remote server utilizes the second PKI PublicKey2 of reprogrammed equipment to be encrypted updating file head F1.
S1062: remote server utilizes the second key K ey2 of electronic control unit to be encrypted updating file data F2.
S1063: remote server utilizes the finger print information of the first private key PrivateKey1 of oneself to the updating file head of encryption and the updating file data of encryption to be encrypted the signature generating updating file.
The updating file that the updating file head of encryption, the updating file data of encryption and signature composition are encrypted, Fig. 3 is the structural representation of the updating file of encryption.
S107: the signature of the updating file T106 of reprogrammed device authentication encryption, then utilizes the updating file head of the second private key PrivateKey2 enabling decryption of encrypted of oneself, finally the updating file data T107 of encryption is sent to electronic control unit.
In the present embodiment, the content of the signature of the updating file T106 of the first PKI PublicKey1 enabling decryption of encrypted of reprogrammed equipment utilization remote server, and whether the signature of authenticating remote server is effective, if signature effectively, the then updating file head of the second private key PrivateKey2 enabling decryption of encrypted of reprogrammed equipment utilization oneself, the updating file data T107 of encryption is sent to electronic control unit, then performs step S108; If the signature of remote server is invalid, then terminate more new technological process.
S108: the updating file data T107 of electronic control unit enabling decryption of encrypted, the application data F22 of correspondence is written in storer by the application program head F21 according to the updating file data after deciphering, and the renewal result T108 of application program is fed back to reprogrammed equipment.In the present embodiment, electronic control unit utilizes the updating file data T107 of the second key K ey2 enabling decryption of encrypted.
In the update method of the application program that the embodiment of the present invention one provides, remote server has carried out encryption to updating file, in the method that the embodiment of the present invention provides, the process of encryption ensure that and the safety in updating file transmitting procedure namely ensure that the safety of application program in electronic control unit to be updated.In addition, the proof procedure of electronic control unit counterweight programming device improves the security of application program update process.
Embodiment two
The embodiment of the present invention two provides a kind of update method of application program, is applied to the renewal system including remote server, reprogrammed equipment and electronic control unit network.Electronic control unit has the first key K ey1 and the second key K ey2, wherein, first key K ey1 is solidificated in the internal storage of electronic control unit, reprogrammed equipment and remote server have pair of secret keys separately, suppose that remote server has the first PKI PublicKey1 and the first private key PrivateKey1, reprogrammed equipment has the second PKI PublicKey2 and the second private key PrivateKey2.In the present embodiment, electronic control unit is an electronic control unit in the electronic control unit network of application program update system.Fig. 4 is the process flow diagram of the method, and the method comprises:
S201: reprogrammed equipment sends authentication request information T201 to electronic control unit.
S202: electronic control unit carries out authentication by secure access service counterweight programming device, and authentication result T202 is sent to reprogrammed equipment.
S203: reprogrammed equipment judges that whether authentication result T202 is effective, and if so, then reprogrammed equipment sends identity information request information T203 to electronic control unit, then performs step S204; If not, then more new technological process is terminated.
S204: electronic control unit utilizes the identity information of the first key K ey1 to oneself to be encrypted, and the identity information T204 after encryption is sent to reprogrammed equipment.
Wherein, the identity information of electronic control unit includes but not limited to: identity ID, random verification code and random key.Random key be electronic control unit receive reprogrammed equipment send identity information request information T203 time produce at random.In the present embodiment, the second key K ey2 is the random key in the identity information of electronic control unit.
S205: the identity information T204 of the electronic control unit encryption received and the identity information of oneself packing, encryption are formed authentication information T205 by reprogrammed equipment, then authentication information T205 are sent to remote server.
In the present embodiment, step S205 specifically comprises:
S2051: the identity information T204 that the electronic control unit received is encrypted by reprogrammed equipment is packaged into first information Information1 with the identity information of oneself.
S2052: the first PKI PublicKey1 of reprogrammed equipment utilization remote server is encrypted the first information Information1 after packing, generates the second information Information2.
S2053: reprogrammed equipment utilization hashing algorithm calculates the finger print information of the second information Information2, then utilizes the second private key PrivateKey2 of oneself to encrypt finger print information, generates digital signature.
S2054: digital signature is attached to after the second information Information2 by reprogrammed equipment, generates authentication information T205.
S2055: authentication information T205 is sent to remote server by reprogrammed equipment.
In the present embodiment, the identity information of reprogrammed equipment includes but not limited to: the identity ID of reprogrammed equipment, version and random verification code.
Whether S206: remote server verification authentication information T205 is effective, if so, then generates effective identity authentication result T206, and effective identity authentication result T206 is sent to reprogrammed equipment, then perform step S207; If not, then more new technological process is terminated.
Step S206 in the present embodiment specifically comprises:
S2061: remote server utilizes the digital signature of the second PKI PublicKey2 decryption identity authentication information T205 of reprogrammed equipment.
S2062: whether remote server verification digital signature is effective, if certifying digital signature is effective, then remote server utilizes the first private key PrivateKey1 decryption identity authentication information T205 of oneself, obtains the identity information T204 of electronic control unit encryption, then performs step S2063; If certifying digital signature is invalid, then terminate more new technological process.
S2063: remote server utilizes the identity information T204 of the first key K ey1 decrypt electronic control module encryption.The identity information of oneself is encrypted corresponding with the electronic control unit in step S204 by being decrypted the identity information T204 of electronic control unit encryption in this step.
S2064: whether the identity information of the electronic control unit after remote server verification deciphering is effective, if the identity information checking of electronic control unit effectively, then remote server generates effective identity authentication result T206, and effective identity authentication result T206 is sent to reprogrammed equipment, then perform step S207; If it is invalid to verify, then terminate more new technological process.
S207: reprogrammed equipment sends updating file solicited message T207 to remote server.
S208: remote server generates the updating file T208 of encryption, and the updating file T208 of encryption is sent to reprogrammed equipment.
Updating file in the present embodiment is identical with the updating file structure in embodiment one, and the updating file of the encryption in the present embodiment is identical with the updating file structure of the encryption in embodiment one, does not repeat at this.
In the present embodiment, step S208 is specially:
S2081: remote server utilizes the second PKI PublicKey2 of reprogrammed equipment to be encrypted updating file head F1.
S2082: remote server utilizes the second key K ey2 of electronic control unit to be encrypted updating file data F2.
S2082: remote server utilizes the finger print information of the first private key PrivateKey1 of oneself to the updating file head of encryption and the updating file data of encryption to be encrypted the signature generating updating file.
S209: the signature of the updating file T208 of reprogrammed device authentication encryption, the then updating file head of the updating file T208 of enabling decryption of encrypted, the updating file data T209 finally just encrypted sends to electronic control unit.
The content of the signature of the updating file T208 of the PKI PublicKey1 enabling decryption of encrypted of reprogrammed equipment utilization remote server, and verify that whether the signature of updating file T208 is effective, if signature effectively, the then updating file head of the private key PrivateKey2 enabling decryption of encrypted of reprogrammed equipment utilization oneself, the updating file data T209 of encryption is sent to electronic control unit, then performs step S210; Invalid if signed, then terminate more new technological process.
S210: the updating file data T209 of electronic control unit enabling decryption of encrypted, the application data F22 of correspondence is written in storer by the application program head F21 according to the updating file data T209 after deciphering, and just the renewal result T210 of application program feeds back to reprogrammed equipment.
In the present embodiment, electronic control unit utilizes the updating file data T209 of the second key K ey2 enabling decryption of encrypted.
In the update method of the application program that the embodiment of the present invention provides, remote server has carried out encryption to updating file, and the process of encryption ensure that and the safety of updating file transmitting procedure namely ensure that the safety of application program in electronic control unit to be updated.In addition, make the security of application program in electronic control unit to be updated higher to the authentication of the authentication of electronic control unit counterweight programming device, remote server counterweight programming device and electronic control unit.
Embodiment three
In actual applications, the situation needing several ten thousand electronic control units that even hundreds of thousands is similar to be carried out to application program update may be there is, if generate an independent updating file to each electronic control unit, so, the load of remote server can increase considerably, and upgrades consuming time longer.
In view of this, the embodiment of the present invention three provides a kind of update method of application program, be applied to the renewal system including remote server, reprogrammed equipment and electronic control unit network, the method is applicable to simultaneously to the renewal that the application program of the electronic control unit of a large amount of same kind is carried out.Electronic control unit has the first key K ey1 and the second key K ey2, reprogrammed equipment and remote server have pair of secret keys separately, suppose that remote server has the first PKI PublicKey1 and the first private key PrivateKey1, reprogrammed equipment has the second PKI PublicKey2 and the second private key PrivateKey2.
In the present embodiment, electronic control unit is an electronic control unit in electronic control unit network in homogeneous e control module group, and the second key K ey2 of electronic control unit is the key of the electronic control unit group of same kind.The process flow diagram of the method that Fig. 5 provides for the embodiment of the present invention three, the method comprises:
S301: reprogrammed equipment sends authentication request information T301 to electronic control unit.
S302: electronic control unit carries out authentication by secure access service counterweight programming device, and authentication result T302 is sent to reprogrammed equipment.
S303: reprogrammed equipment judges that whether authentication result is effective, and if so, then reprogrammed equipment sends identity information request information T303 to electronic control unit, then performs step S304; If not, then more new technological process is terminated.
S304: electronic control unit utilizes the first key K ey1 to be encrypted by the identity information of oneself, and the identity information T304 after encryption is sent to reprogrammed equipment.
In the present embodiment, the first key K ey1 and the second key K ey2 is solidificated in internal storage such as Flash or eeprom of electronic control unit.The identity information of electronic control unit includes but not limited to: identity ID, random verification code.
S305: reprogrammed equipment sends updating file request T305 to remote server.
S306: remote server generates according to the kind of the identity ID of reprogrammed equipment and electronic control unit the updating file T306 encrypted, and sends the updating file T306 of encryption to reprogrammed equipment by network or external memory equipment.
Updating file in the present embodiment is identical with the updating file structure in embodiment one, and the updating file of the encryption in the present embodiment is identical with the updating file structure of the encryption in embodiment one, does not repeat at this.
In the present embodiment, remote server utilizes the PKI PublicKey2 of reprogrammed equipment to be encrypted updating file head F1, the double secret key updating file data F2 of electronic control unit group is utilized to be encrypted, utilize the finger print information of the first private key PrivateKey1 of oneself to the updating file head of encryption and the updating file data of encryption to be encrypted, generate the signature of updating file.
Whether the signature of S307: the updating file T306 of reprogrammed device authentication encryption is effective, and if so, then the updating file head of the updating file T306 of enabling decryption of encrypted, sends to electronic control unit by the updating file data T307 of encryption, then performs step S307; If not, then process ends.
Simultaneously, in order to realize the renewal of application program faster, reprogrammed equipment temporarily preserves the updating file head after deciphering, when the application program of reprogrammed equipment to another electronic control unit of the same type upgrades, can be decrypted, and directly the updating file data T306 of the encryption in the updating file T306 of encryption be sent to electronic control unit.
In the present embodiment, the content of the signature of the updating file T306 of the first PKI PublicKey1 enabling decryption of encrypted of reprogrammed equipment utilization remote server, and whether the signature of authenticating remote server is effective, if signature effectively, the then updating file head of the second private key PrivateKey2 enabling decryption of encrypted of reprogrammed equipment utilization oneself, the updating file data T307 of encryption is sent to electronic control unit, then performs step S308; If not, then process ends.
S308: the updating file data T307 that electronic control unit utilizes the secret key decryption of electronic control unit group to encrypt, the application data F22 of correspondence is written in storer by the application program head F21 according to the updating file data after deciphering, and the renewal result T308 of application program is fed back to reprogrammed equipment.
In the update method of the application program that the embodiment of the present invention three provides, remote server generates a updating file for often kind of electronic control unit, namely carrying out in the process of application program update to all electronic control units in homogeneous e control module group, remote server only sends a updating file to reprogrammed equipment, and this updating file downloads in all similar electronic control units by reprogrammed equipment.Meanwhile, remote server has carried out encryption to updating file, and therefore, the method that the embodiment of the present invention provides both ensure that the safety of application program, alleviated again the pressure of remote server, shortens renewal consuming time simultaneously.
Embodiment four
The embodiment of the present invention four additionally provides the renewal system of application program in a kind of electronic control unit, and Fig. 6 is the structural representation of this system, comprising: remote server 41, reprogrammed equipment 42 and electronic control unit network 43.Wherein, remote server 41 stores application data, also stores the identity information of electronic control unit in reprogrammed equipment 42 and electronic control unit network 43.
Electronic control unit in electronic control unit network 43 has the first key K ey1 and the second key, remote server 41 has the first PKI PublicKey1 and the first private key PrivateKey1, and reprogrammed equipment 42 has the second PKI PublicKey2 and the second private key PrivateKey2.
Reprogrammed equipment 41, for sending identity information request information to electronic control unit.
Electronic control unit in electronic control unit network 43, for utilizing the first key K ey1 to be encrypted by the identity information of oneself, then sends to reprogrammed equipment by the identity information after encryption.
Reprogrammed equipment 42, also for sending updating file request to remote server 41.
Remote server 41, also for generating updating file according to application program, then according to the second PKI PublicKey2, the first private key PrivateKey1 and the second key K ey2, according to the encryption rule preset, updating file is encrypted, and the updating file of encryption is sent to reprogrammed equipment 42.Reprogrammed equipment 42, for receiving the updating file of encryption, according to the first deciphering rule preset, utilize the updating file of the first PKI PublicKey1 and the second private key PrivateKey2 to encryption to carry out first time deciphering and the updating file of first time deciphering is sent to electronic control unit.
Electronic control unit, also for receiving the updating file of first time deciphering and deciphering rule according to preset second, the second key K ey2 is utilized to carry out second time deciphering to the updating file after first time deciphering, and by the updating file write storer after deciphering.
Remote server 41, also carries out authentication for the electronic control unit in counterweight programming device 42 and electronic control unit network 43.
The second key K ey2 in the present embodiment for the random key produced when electronic control unit receives the identity information request information of reprogrammed equipment, can also can be the key of homogeneous e control module group.
In the system that the embodiment of the present invention provides, the authentication process itself that the encryption process that remote server carries out updating file and counterweight programming device and electronic control unit carry out ensure that the safety of application program.
To the above-mentioned explanation of the disclosed embodiments, professional and technical personnel in the field are realized or uses the present invention.To be apparent for those skilled in the art to the multiple amendment of these embodiments, General Principle as defined herein can without departing from the spirit or scope of the present invention, realize in other embodiments.Therefore, the present invention can not be restricted to these embodiments shown in this article, but will meet the widest scope consistent with principle disclosed herein and features of novelty.
Claims (6)
1. the update method of application program in an electronic control unit, it is characterized in that, be applied to and include: the renewal system of remote server, reprogrammed equipment and electronic control unit network, described electronic control unit has the first key and the second key, described remote server has the first PKI and the first private key, and described reprogrammed equipment has the second PKI and the second private key;
The method comprises:
A: described reprogrammed equipment sends identity information request information to described electronic control unit;
B: described electronic control unit utilizes the identity information of described first double secret key oneself to be encrypted, then sends to described reprogrammed equipment by the identity information after encryption;
C: described reprogrammed equipment sends updating file request to described remote server;
D: described remote server generates updating file according to application program, then described second key, the second PKI and the first private key is utilized, according to the encryption rule preset, described updating file is encrypted, and the updating file of encryption is sent to described reprogrammed equipment;
E: described reprogrammed equipment receives the updating file of described encryption, according to the first deciphering rule preset, described first PKI and the second private key is utilized to carry out first time deciphering to the updating file of described encryption and the updating file of first time deciphering is sent to described electronic control unit;
F: described electronic control unit receives the updating file of deciphering of described first time and deciphers rule according to preset second, the updating file after first time deciphering described in described second double secret key is utilized to carry out second time deciphering, and by the updating file write storer after deciphering;
G: terminate to upgrade;
Wherein, described updating file comprises: updating file head and updating file data, and described updating file data comprise: application program head and application data;
Wherein, described electronic control unit is the electronic control unit in homogeneous e control module group, and described second key is the key of described homogeneous e control module group;
Described remote server generates updating file according to application program, then utilizes described second key, the second PKI and the first private key, to be encrypted to be specially according to the encryption rule preset to described updating file:
Described remote server utilizes the second PKI of described reprogrammed equipment to be encrypted described updating file head;
Described remote server utilizes updating file data described in the double secret key of described homogeneous e control module group to be encrypted;
Described remote server utilizes the finger print information encryption of described first private key of oneself to the updating file head of described encryption and the updating file data of described encryption to generate signature;
Described electronic control unit receives the updating file of deciphering of described first time and deciphers rule according to preset second, utilize the updating file after first time deciphering described in described second double secret key to carry out second time deciphering, and be specially in the updating file write storer after deciphering:
Described electronic control unit receives the updating file of deciphering of described first time, utilize the updating file that first time described in the secret key decryption of described homogeneous e control module group deciphers, and according to the application program head of the updating file after deciphering, the application data of correspondence is written in storer.
2. method according to claim 1, is characterized in that, also comprises before described steps A:
H: described reprogrammed equipment sends authentication request information to described electronic control unit;
I: described electronic control unit carries out authentication by secure access service to described reprogrammed equipment, and authentication result is sent to described reprogrammed equipment;
J: described reprogrammed equipment judges that whether described authentication result is effective, if so, then performs steps A, if otherwise perform step G.
3. method according to claim 2, is characterized in that, also comprises after described step B, before described step C:
K: the identity information of the described electronic control unit encryption received and the identity information of oneself packing, encryption are formed authentication information by described reprogrammed equipment, then described authentication information are sent to described remote server;
L: described remote server receives described authentication information and verifies that whether it is effective, if so, then generates effective identity authentication result, and effective identity authentication result is sent to described reprogrammed equipment, then perform step C, if not, then perform step G.
4. method according to claim 3, is characterized in that, described step K comprises:
K1: the identity information of the described electronic control unit encryption received and the identity information of oneself are packed by described reprogrammed equipment, generate the first information;
K2: described in described reprogrammed equipment utilization, the first PKI of remote server is encrypted the described first information, generates the second information;
K3: described reprogrammed equipment utilization hashing algorithm calculates the finger print information of described second information, then utilizes described second private key to encrypt described finger print information, generates digital signature;
K4: described digital signature is attached to after described second information by described reprogrammed equipment, generates authentication information;
K5: described authentication information is sent to described remote server by described reprogrammed equipment.
5. method according to claim 4, is characterized in that, described step L comprises:
L1: described remote server receives described authentication information;
L2: the described digital signature of authentication information described in the second public key decryptions that described remote server utilizes described reprogrammed equipment;
L3: described in described remote server verification, whether digital signature is effective, if, then described remote server utilizes described first private key of oneself to decipher described authentication information, obtains the identity information of described electronic control unit encryption, then performs step L4; If not, then step G is performed;
L4: described remote server utilizes the identity information that described in described first secret key decryption of described electronic control unit, electronic control unit is encrypted;
L5: whether the identity information of the described electronic control unit after described remote server verification deciphering is effective, and if so, then described remote server generates effective identity authentication result, and described effective identity authentication result is sent to described reprogrammed equipment; If not, then step G is performed.
6. the renewal system of application program in an electronic control unit, it is characterized in that, application rights requires the update method of application program in a kind of electronic control unit described in 1, and described renewal system specifically comprises: remote server, reprogrammed equipment and electronic control unit network;
Described electronic control unit has the first key and the second key, and described remote server has the first PKI and the first private key, and described reprogrammed equipment has the second PKI and the second private key;
Described reprogrammed equipment, for sending identity information request information to described electronic control unit;
Described electronic control unit, for utilizing described first key to be encrypted by the identity information of oneself, then sends to described reprogrammed equipment by the identity information after encryption;
Described reprogrammed equipment is also for sending updating file request to described remote server;
Described remote server, for generating updating file according to application program, then according to described second PKI, the first private key and the second key, according to the encryption rule preset, described updating file is encrypted, and the updating file of encryption is sent to reprogrammed equipment;
Described reprogrammed equipment, also for receiving the updating file of described encryption, according to the first deciphering rule preset, described first PKI and the second private key is utilized to carry out first time deciphering to the updating file of described encryption and the updating file of first time deciphering is sent to described electronic control unit;
Described electronic control unit, also for receiving the updating file of deciphering of described first time and deciphering rule according to preset second, the updating file after first time deciphering described in described second double secret key is utilized to carry out second time deciphering, and by the updating file write storer after deciphering.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201210071649.3A CN102662692B (en) | 2012-03-16 | 2012-03-16 | Method and system for updating application program in electronic control unit |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201210071649.3A CN102662692B (en) | 2012-03-16 | 2012-03-16 | Method and system for updating application program in electronic control unit |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN102662692A CN102662692A (en) | 2012-09-12 |
| CN102662692B true CN102662692B (en) | 2015-05-27 |
Family
ID=46772193
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201210071649.3A Active CN102662692B (en) | 2012-03-16 | 2012-03-16 | Method and system for updating application program in electronic control unit |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN102662692B (en) |
Families Citing this family (22)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103067174B (en) * | 2012-12-27 | 2015-06-17 | 飞天诚信科技股份有限公司 | Digital signature method and system completed in mobile operating system |
| US9443359B2 (en) * | 2013-08-29 | 2016-09-13 | GM Global Technology Operations LLC | Vehicle electronic control unit calibration |
| JP5949732B2 (en) * | 2013-11-27 | 2016-07-13 | 株式会社オートネットワーク技術研究所 | Program update system and program update method |
| CN103713932B (en) * | 2014-01-21 | 2017-03-08 | 北京经纬恒润科技有限公司 | The update method of application program and device in a kind of electronic control unit |
| DE102014208838A1 (en) * | 2014-05-12 | 2015-11-12 | Robert Bosch Gmbh | Method for operating a control device |
| JP6618480B2 (en) * | 2014-11-12 | 2019-12-11 | パナソニック インテレクチュアル プロパティ コーポレーション オブ アメリカPanasonic Intellectual Property Corporation of America | Update management method, update management system, and control program |
| JP6197000B2 (en) * | 2015-07-03 | 2017-09-13 | Kddi株式会社 | System, vehicle, and software distribution processing method |
| CN106886424B (en) * | 2015-12-15 | 2021-08-27 | 安波福电子(苏州)有限公司 | Device and method for upgrading automobile software according to intelligent equipment |
| WO2017171749A1 (en) * | 2016-03-30 | 2017-10-05 | Ford Global Technologies, Llc | Vehicle computer update authentication |
| CN106127079B (en) * | 2016-07-15 | 2019-04-12 | 中电长城网际系统应用有限公司 | A kind of data sharing method and device |
| CN106648626A (en) * | 2016-11-29 | 2017-05-10 | 郑州信大捷安信息技术股份有限公司 | Secure remote upgrade system and upgrade method for vehicles |
| CN106843979B (en) * | 2017-01-24 | 2020-11-03 | 北京经纬恒润科技有限公司 | Application program updating method and device |
| DE102017111928A1 (en) * | 2017-05-31 | 2018-12-06 | Endress+Hauser Conducta Gmbh+Co. Kg | Method for authorized updating of a field device of automation technology |
| CN109426512A (en) * | 2017-08-21 | 2019-03-05 | 郑州宇通客车股份有限公司 | Monitor terminal, the monitor supervision platform, system and method for vehicle components program upgrading |
| CN107786404B (en) * | 2017-09-20 | 2020-08-07 | 北京东土科技股份有限公司 | Safety realization method and device for industrial internet field layer broadband bus architecture |
| CN108462567A (en) * | 2017-12-28 | 2018-08-28 | 宁德时代新能源科技股份有限公司 | Vehicle-mounted program file downloading method and device |
| CN108763964B (en) * | 2018-04-04 | 2021-08-24 | 青岛海尔科技有限公司 | Data processing method and device, readable storage medium and equipment |
| CN109560931B (en) * | 2018-11-30 | 2020-11-24 | 江苏恒宝智能系统技术有限公司 | Equipment remote upgrading method based on certificate-free system |
| CN111061251A (en) * | 2019-12-19 | 2020-04-24 | 中国汽车技术研究中心有限公司 | Method for detecting automobile information safety based on diagnostic protocol |
| CN113010893A (en) * | 2019-12-19 | 2021-06-22 | 华为技术有限公司 | Software management method, device and system |
| CN111246480A (en) * | 2020-01-10 | 2020-06-05 | 中移(杭州)信息技术有限公司 | Application communication method, system, equipment and storage medium based on SIM card |
| CN114598464B (en) * | 2022-03-08 | 2024-04-16 | 潍柴动力股份有限公司 | Data updating method and controller |
Citations (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101080693A (en) * | 2004-12-14 | 2007-11-28 | 宝马股份公司 | System for using at least one mobile terminal device in a motor vehicle with an updating device |
Family Cites Families (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US8458689B2 (en) * | 2001-03-30 | 2013-06-04 | Roderick A. Barman | Method and apparatus for reprogramming engine controllers |
| US20040137892A1 (en) * | 2003-01-06 | 2004-07-15 | Jbs Technologies, Llc | Hand-held programmer and remote diagnostic interface device |
| US20040187011A1 (en) * | 2003-03-18 | 2004-09-23 | Lee Long K. | Prevention of unauthorized software distribution |
| US20050187668A1 (en) * | 2004-02-23 | 2005-08-25 | Baumgarte Joseph W. | System or method for loading software onto a vehicle |
| US20090300365A1 (en) * | 2008-05-30 | 2009-12-03 | Robert Karmes | Vehicle Diagnostic System Security with Memory Card |
-
2012
- 2012-03-16 CN CN201210071649.3A patent/CN102662692B/en active Active
Patent Citations (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101080693A (en) * | 2004-12-14 | 2007-11-28 | 宝马股份公司 | System for using at least one mobile terminal device in a motor vehicle with an updating device |
Also Published As
| Publication number | Publication date |
|---|---|
| CN102662692A (en) | 2012-09-12 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN102662692B (en) | Method and system for updating application program in electronic control unit | |
| CN111010410B (en) | Mimicry defense system based on certificate identity authentication and certificate signing and issuing method | |
| CN110784491B (en) | Internet of things safety management system | |
| CN101802833B (en) | Local stores service is provided to the application run in application execution environment | |
| CN102271037B (en) | Based on the key protectors of online key | |
| CN103677891B (en) | method for selective software rollback | |
| CN102138300B (en) | Message authentication code pre-computation with applications to secure memory | |
| CN101944170B (en) | Method, system and device for issuing software version | |
| CN107743067B (en) | Method, system, terminal and storage medium for issuing digital certificate | |
| CN108140093A (en) | Secret is migrated using for the hardware root of trust of equipment | |
| CN103988464A (en) | System and method for key management for issuer security domain using global platform specifications | |
| JP2021513691A (en) | Methods and systems to secure communication between the host system and the data processing accelerator | |
| CN106027503A (en) | Cloud storage data encryption method based on TPM | |
| CN101256607B (en) | Method for remote updating and controlling use of software protection apparatus | |
| CN106936588B (en) | Hosting method, device and system of hardware control lock | |
| US20200178080A1 (en) | Key generation apparatus and key update method | |
| CN105320535A (en) | Checking method of installation package, client side, server and system | |
| CN104680061A (en) | Method and system for verifying code signing during startup of application in Android environment | |
| CN112511309B (en) | Method and device for directionally sharing supervision-oriented information on block chain and electronic equipment | |
| CN111815812B (en) | Third-party unlocking control method and system for electronic lock | |
| CN113378119B (en) | Software authorization method, device, equipment and storage medium | |
| CN104135531B (en) | A kind of upgrade method and device of Web softwares | |
| CN105068824A (en) | Method and device for dividing terminal development mode and product mode | |
| US20120213370A1 (en) | Secure management and personalization of unique code signing keys | |
| CN112311799B (en) | OTA (over the air) security upgrading method for Tbox firmware |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| CP03 | Change of name, title or address | ||
| CP03 | Change of name, title or address |
Address after: 4 / F, building 1, No.14 Jiuxianqiao Road, Chaoyang District, Beijing 100020 Patentee after: Beijing Jingwei Hengrun Technology Co., Ltd Address before: 100101 Beijing city Chaoyang District Anxiang Beili 11 B block 8 layer Patentee before: Beijing Jingwei HiRain Technologies Co.,Ltd. |