CN104765357A - Authorization system and method for vehicle remote diagnosis - Google Patents

Authorization system and method for vehicle remote diagnosis Download PDF

Info

Publication number
CN104765357A
CN104765357A CN201510106587.9A CN201510106587A CN104765357A CN 104765357 A CN104765357 A CN 104765357A CN 201510106587 A CN201510106587 A CN 201510106587A CN 104765357 A CN104765357 A CN 104765357A
Authority
CN
China
Prior art keywords
diagnosis
vehicle
bill
assembly
information
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201510106587.9A
Other languages
Chinese (zh)
Inventor
马建峰
孙聪
焦政达
习宁
卢笛
张帅
马勇
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Xidian University
Original Assignee
Xidian University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Xidian University filed Critical Xidian University
Priority to CN201510106587.9A priority Critical patent/CN104765357A/en
Publication of CN104765357A publication Critical patent/CN104765357A/en
Pending legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G05CONTROLLING; REGULATING
    • G05BCONTROL OR REGULATING SYSTEMS IN GENERAL; FUNCTIONAL ELEMENTS OF SUCH SYSTEMS; MONITORING OR TESTING ARRANGEMENTS FOR SUCH SYSTEMS OR ELEMENTS
    • G05B23/00Testing or monitoring of control systems or parts thereof
    • G05B23/02Electric testing or monitoring
    • G05B23/0205Electric testing or monitoring by means of a monitoring system capable of detecting and responding to faults
    • G05B23/0208Electric testing or monitoring by means of a monitoring system capable of detecting and responding to faults characterized by the configuration of the monitoring system
    • G05B23/0213Modular or universal configuration of the monitoring system, e.g. monitoring system having modules that may be combined to build monitoring program; monitoring system that can be applied to legacy systems; adaptable monitoring system; using different communication protocols
    • GPHYSICS
    • G05CONTROLLING; REGULATING
    • G05BCONTROL OR REGULATING SYSTEMS IN GENERAL; FUNCTIONAL ELEMENTS OF SUCH SYSTEMS; MONITORING OR TESTING ARRANGEMENTS FOR SUCH SYSTEMS OR ELEMENTS
    • G05B23/00Testing or monitoring of control systems or parts thereof
    • G05B23/02Electric testing or monitoring
    • G05B23/0205Electric testing or monitoring by means of a monitoring system capable of detecting and responding to faults
    • G05B23/0208Electric testing or monitoring by means of a monitoring system capable of detecting and responding to faults characterized by the configuration of the monitoring system
    • G05B23/0216Human interface functionality, e.g. monitoring system providing help to the user in the selection of tests or in its configuration

Abstract

The invention discloses an authorization system and method for vehicle remote diagnosis. The system comprises a diagnosis equipment module, a diagnosed vehicle module and a bill server module, wherein the diagnosis equipment module, the diagnosed vehicle module and the bill server module are correlated with one another and included in a state storage assembly, and through a state table in the storage assembly, remote authorized diagnosis for a diagnosed vehicle is displayed. The method includes the steps that an authorization bill is requested for, bill and diagnosis strategy generation is performed, the bill is issued and received, and authorization is completed. The bill server is introduced for performing validity verification on the identities of participants of a diagnosis conversation and performing authorization, and under a non-symmetric cipher mechanism, a system frame based on the bill server is used for achieving mutual authentication for the identities of the diagnosis bodies, freshness, privacy, completeness and non-repudiation of the authorized bill and a management mechanism for a diagnosis instruction, improving security of the vehicle remote diagnosis conversation and guaranteeing that the bill is effectively issued in time.

Description

A kind of vehicle remote diagnosis authoring system and method
Technical field
The present invention relates to the remote Diagnosis Technology field of vehicle, be specifically related to a kind of vehicle remote diagnosis authoring system and method.
Background technology
Vehicle remote fault diagnosis, as the part ensured traffic safety in intelligent transportation, is the developing direction in automobile diagnosis technique future.Traditional vehicle diagnostics refers under the prerequisite not disassembling vehicle (or only unloading individual part), and passage is deployed in the diagnostic equipment of vehicle maintenance side to determine technical condition of vehicle, finds out trouble location and failure cause.These diagnosis include vehicle hardware, as the Detection and diagnosis of motor car engine, and the Detection and diagnosis of automobile chassis and to the configuration parameter correction of vehicle-mounted software or version updating.
Remote vehicle diagnostics refers to that diagnostic device knows the failure message of automobile by vehicle wireless communication network, and diagnostic trouble code is uploaded to data processing centre (DPC).Data processing centre (DPC) is usually had by the production firm of vehicle and safeguards, wherein houses the parameter information needed for diagnosis, the configuration parameter of such as vehicle or vehicle-mounted software version.Determining that post-failure diagnostics equipment sends diagnostic command by the electronic control unit different in car of vehicle communication control module and carries out remote failure elimination.The fault that cannot eliminate sends to car owner with short message mode or other modes, makes car owner know the failure message that vehicle exists in advance, takes precautions against in possible trouble.Simultaneously the application platform in 4S shop also can show the failure message of vehicle in time, and timely contact customer is arranged the time maintenance vehicle.
The remote Diagnosis Technology of vehicle has become the inexorable trend of vehicle maintenance and development, and also become a ring important in intelligent transportation system, this field receives increasing concern in recent years.In document [1], Jheng-Syu Jhou etc. propose to monitor in real time vehicle and the method for fault diagnosis by integrating second generation onboard diagnostic system (on board diagnostics-II, OBD-II), 3.5G wireless network and cloud computing technology.In document [2], He Jiner etc. design and the data acquisition made based on GPS/GPRS and pre-service mounted remote diagnostic system.The design of diagnostic system is all devoted in above-mentioned research work.In the safety research of communication information, a kind of classification and authoring system of automobile failure diagnosis function is proposed in patent [3], carried out the rights management of diagnostic function by the information exchange platform of diagnosis terminal, and complete the checking of identity by service background and authorize.In document [4], Idrees etc. propose and realize the secure communication of vehicle diagnostics by storing communication key in hardware security module (Hardware Security Modules, HSM).
The proposition of these technical methods and use substantially increase the real time security of vehicle on the one hand, decrease the traffic hazard incidence because vehicle trouble causes, have ensured the security of the lives and property of car owner.Also improve the diagnosis efficiency to vehicle trouble on the other hand, decrease vehicle this locality and diagnose the unnecessary expense brought, saved the quality time of car owner.
In current proposed vehicle remote diagnosis scheme, need the most important safety problems solved to be the checking legitimacy of communication party identity and management diagnosis order.Otherwise vehicle may receive the diagnostic command that illegal diagnostic device sends, and according to illegal command amendment inherent parameters, diagnostic device also can cause diagnosing unsuccessfully because carrying out checking to the identity of vehicle.Above behavior can produce potential safety hazard to vehicle and car owner.For this problem, need to provide a kind of vehicle remote diagnosis authoring system introducing ticket server under public-key cryptosystem, by carrying out legitimate verification to the identity of diagnostic session participant and authorize, improve the security of vehicle remote diagnosis session.
Number of patent application: 201020570746.3, discloses a kind of classification and authoring system of automobile failure diagnosis function, put forward system and be made up of the diagnosis terminal being installed in auto repair service station and service background two parts of being installed in automaker.Diagnosis terminal includes diagnostic device and information exchange platform, and the former is for deagnostic communication, and the latter is responsible for user, background service mutual.Service background is used for authentication and mandate.The method that this patent is carried is for user is by information exchange platform selection vehicle diagnostics function, arbitration functions authority also sends function code and diagnosis terminal ID verifies to service background, after service background receives solicited message, by data storage device identity verification also examination & verification diagnosis authority, to diagnosis terminal return authorization code.Diagnosis terminal is succeeded after authorization code, opens diagnostic session.
This system has been carried out classifying to diagnostic function and has been proposed the thought of mandate, but its auth method proposed is only limitted to retrieve diagnosis terminal ID and diagnostic function code in service background, and reckon without the safety issue existed in communication process, simultaneously also not to how the stability on maintenance service backstage consider, as resisting abnegation service aggression.
Vehicle remote diagnosis technology has huge economic benefit and social benefit, and it has the advantage such as high efficiency, real-time simultaneously, and the status of this technology shared by automotive operation field is improved day by day, and becomes the mainstream development trend of Shape Of Things To Come diagnosis.In current proposed remote vehicle diagnostics system, need the major issue considered be the legitimacy of checking diagnosis subject identity under the prerequisite of safe and reliable communication and authorize, while mandate, diagnostic command is effectively managed.
Otherwise vehicle may receive the illegal diagnostic command that assailant sends, and according to illegal command amendment inherent parameters.Meanwhile, diagnostic device also can cause diagnosing unsuccessfully because carrying out checking to the identity of vehicle.On the other hand, after ticket server suffers Denial of Service attack, diagnostic device cannot carry out fault diagnosis timely to vehicle, thus produce potential safety hazard to driving vehicle and car owner.
List of references (as patent/paper/standard)
1.JHENG-SYU JHOU,SHI-HUANG CHEN;The Implementation of OBD-II VehicleDiagnosis System Integrated with Cloud ComputationTechnology[J];Intelligent Data analysis and its Applications,VolumeI Advances in Intelligent Systems and Computing Volume 297,2014,pp413-420
2. what golden youngster, Zhu Shouzheng, Zhang Changwei; A kind of Design and implementation [J] of new vehicle remote diagnosis system; Computer utility and software, the 2012,29th volume the 9th phase, 95-97 page; HE J R, ZHU S Z, ZHANG C W; Design and implementation of a new car remote diagnosticsystem [J]; Computer Applications and Software, 2012, vol.9, no.9, pp95-97
3. patent: the classification of automobile failure diagnosis function and authoring system application number: 201020570746.3 Authorization Notice No. CN 201965482 U
4.MUHAMMAD SABIR IDREES,HENDRIK SCHWEPPE,YVES ROUDIER,MARKOWOLF,DIRK SCHEUERMANN,OLAF HENNIGER.Secure AutomotiveOn-Board Protocols:A Case of Over-the-Air Firmware Updates.[J]Nets4Trains/Nets4Cars 2011.LNCS,pp.224–238.
5.Internet X.509Public Key Infrastructure Certificate and CertificateRevocation List(CRL)Profile.RFC5280.May 2008.
Summary of the invention
The object of the present invention is to provide a kind of vehicle remote diagnosis authoring system and method, a kind of vehicle remote diagnosis authoring system introducing ticket server under public-key cryptosystem, by carrying out legitimate verification to the identity of diagnostic session participant and authorize, improve the security of vehicle remote diagnosis session.
The object of the invention is to be realized by following technical proposals.
A kind of vehicle remote diagnosis authoring system, comprising:
Diagnostic device module, authorizes bill, reception resolve bill and perform diagnosis for asking;
By diagnosis vehicle modules, for verifying diagnostic device identity and sending one-level ticket requests information, solve client-puzzle problem and send secondary ticket requests information, parsing mandate bill, store Diagnostic Strategy and forward eventually to diagnostic device and authorize bill;
Ticket server module, set up self-defense strategy for ticket requests information, legitimate verification is carried out to the identity of ticket requester, generate the billing information through signature, this packets of information contains requestor and carries out the Diagnostic Strategy of shared key needed for diagnostic session and management diagnosis order and provide and authorize bill;
Described diagnostic device module, by diagnosis vehicle modules and ticket server module three interrelated and comprise state storage elements, verify by the current information in state storage elements the correctness that diagnostic process performs.
In described system, diagnostic device module comprises further:
Certificate storage assembly, for the digital certificate needed for storage resource request bill;
General purpose module, for being carried out by the digital certificate in certificate storage assembly verifying, preserves key information and communicates with provisional parameter and with being diagnosed vehicle modules;
Described general purpose module is connected with certificate storage assembly.
In described system, comprised further by diagnosis vehicle modules:
Solver, for solving the client-puzzle obtained;
Order decision-making device, for analyzing the Diagnostic Strategy in the mandate bill received, carries out delineation of power to diagnostic command, performs or ignore the diagnostic command that diagnostic device sends in diagnostic session afterwards;
General purpose module, the message for the diagnostic device received module and ticketing services module being sent carries out verifying, preserving key information and provisional parameter;
Described general purpose module is connected with order decision-making device with solver respectively.
In described system, ticket server module comprises further:
Data-carrier store, for storing basic information of vehicles and diagnostic device information; Described information is diagnosed rights manager component to be used for vehicle for specifying and diagnostic device generates Diagnostic Strategy;
Defence policies assembly, for setting up the client-puzzle defense mechanism of reasonable difficulty according to the performance parameter of vehicle obtained in data-carrier store and Nash Equilibrium Theory;
Diagnosis rights manager component, for generating the Diagnostic Strategy to being sent by diagnosis vehicle modules;
General purpose module, the message for the diagnostic device received module being sent carries out verifying, preserving key information and provisional parameter;
Described general purpose module is connected with defence policies assembly with diagnosis rights manager component, data-carrier store successively and forms loop.
In described system, general purpose module comprises:
Communications component, for setting up the mutual of intermodule information on a wireless network;
Cryptography assembly, for encryption and decryption operation, generating random number, secret generating, Hash operation, certifying signature;
Cipher key storage component, for preserving key information;
Status register, for preserving required provisional parameter when authoring system runs, for challenge response mechanism, especially, in ticketing services module, simultaneously also for verification of correctness that client-puzzle solves;
Described communications component is connected with status register with cryptography assembly, cipher key storage component respectively, and cryptography assembly is connected with cipher key storage component with status register respectively.
In described system, key information comprises self public private key pair, the PKI at CA center, the PKI of communication party and finally for the symmetric key of deagnostic communication.
Correspondingly, the present invention gives vehicle remote diagnosis authorization method, comprises the steps:
Step one, bill is authorized in request:
1) diagnostic device module obtains self digital certificate DigCert by certificate storage assembly aDE, and the digital certificate DigCert of ticket server module tS, after successful inquiring, generate random number nonce by cryptography assembly aDEbe stored in status register, identity during for receiving bill and novelty verification;
2) above-mentioned information M1 is sent to by diagnosis vehicle modules as connectivity request message;
3) received solicited message cryptography assembly by diagnosis vehicle modules and parsing checking is carried out to certificate;
4), after being verified, the random number nonce received preserved by using state storer aDEand the identify label ADE of diagnostic device;
5) sent two-stage ticket requests information by diagnosis vehicle modules to ticket server module, one-level resists strategy request information M2 for the client-puzzle setting up ticket server; Secondary: for ticket requests information;
6), after the communications component of ticket server module receives one-level ticket requests information M2, it is verified;
7) after being proved to be successful more than, the vehicle parameter information of inquiry is sent to defence policies assembly, the client-puzzle problem that this assembly generates based on Hash function increases the cost initiating ticket requester, reply DoS attack;
8) the communications component information generated M3 of ticket server module is sent to by diagnosis vehicle modules, is transferred to cryptography assembly carry out two step cards by diagnosis vehicle modules;
9) the Puzzle field of cryptography component intercepts message is handed to solver and is solved this client-puzzle problem;
10) solve successfully, sent secondary ticket requests information M4 by diagnosis vehicle modules to ticket server module; The own public key read in cipher key storage component by cryptography assembly generates after rsa encryption;
11) communications component of ticket server module receives solicited message M4, carries out verification operation;
1. verify the solution of client-puzzle, namely whether comparison reception Solution value is equal with oneself state memory value Solution ';
2. the ADE value of acquisition is searched from the diagnostic device message unit of data-carrier store;
3. the assembly that accesses to your password extracts own private key from cipher key storage component, deciphering { VIN, nonce v2pkV;
Step 2, bill and Diagnostic Strategy generate:
1) rights manager component is diagnosed to obtain to the vehicle VIN of data-carrier store request and diagnostic device ADE information, then according to these information nucleus formations in the Diagnostic Strategy of vehicle;
2) cryptography assembly completes last mandate bill generation, authorizes bill to be divided into by diagnosis vehicle bill Ticket vwith diagnostic device bill Ticket aDE;
Step 3, bill granting receives:
1) bill is encrypted by the cryptography assembly of ticket server module, information generated M5, is sent to by diagnosis vehicle modules;
2) by the communications component receipt message M5 of diagnosis vehicle modules, verified by cryptography assembly;
3) cryptography assembly is by bill Ticket vin K aDE, Vbe saved to cipher key storage component, V policybe saved to order decision-making device;
4) billing information M6 is sent to diagnostic device module;
5) communications component of diagnostic device module receives by the billing information M6 of diagnosis vehicle modules and verifies;
6) after being proved to be successful, by the K in bill aDE, Vbe saved in the cipher key storage component of diagnostic device, for later deagnostic communication;
Step 4, completes mandate:
Namely complete Authorized operation, empty the value of status register in each module.
The application introduces the vehicle remote diagnosis authoring system of ticket server under public-key cryptosystem, and this system is carried out legitimate verification to the identity of diagnostic session participant and authorized, and improves the security of vehicle remote diagnosis session.Ticket server as trusted third party, by send authorize bill break the wall of mistrust relation and diagnostic command management.Ticket server is held by Vehicle manufacturers, maintenance provider or the department by certain organizational empowerment, saves the diagnosis information needed such as the hardware configuration parameter of vehicle, vehicle-mounted software version, vehicle performance in its database.Under this framework, the communication agent of remote diagnosis system comprises diagnostic device, by diagnosis vehicle, ticket server and the cordless communication network connecting them, wherein diagnostic device with diagnosed vehicle for diagnose main body, the bill of granting makes legal diagnosis main body in diagnostic session, hold effective shared key.Meanwhile, system introduces a kind of client-puzzle defense mechanism based on mixed strategy Nash Equilibrium and deals with Denial of Service attack for ticket server.This defense mechanism reasonably increases the calculation cost of request initiator by returning a cryptography problem to ticket requester, and verifies that cost is quite easy, thus mandate bill is normally provided, and is providing safeguard in time of diagnostic session afterwards.
Native system is introduced and is authorized ticket server in order to provide the management of effective authentication and diagnostic command.Under asymmetric cryptosystem, use the system framework based on ticket server to achieve following 4 Security Targets:
1, the mutual certification of identity between main body is diagnosed.This function is realized by digital certificate and challenge-response mechanism.
2, the freshness of bill, confidentiality, integrality and non-repudiation is authorized.This function is realized by asymmetric encryption and decryption and challenge-response mechanism.
3, to the administrative mechanism of diagnostic command.Diagnosis vehicle two, according to the Diagnostic Strategy of authorizing in billing information, operates diagnostic command, as performed or ignoring.
4, backed bill timely, effectively provide.Ticket server passes through retrieval by diagnosis vehicle performance and according to Nash Equilibrium strategy generating client-puzzle defense mechanism.
Accompanying drawing explanation
Fig. 1 is present system structured flowchart.
Fig. 2 is present system execute phase figure.
Fig. 3 is defence policies process flow diagram of the present invention.
Fig. 4 is solver workflow diagram of the present invention.
Fig. 5 is bill generation phase schematic diagram of the present invention.
Embodiment
Below in conjunction with drawings and Examples, the present invention will be further described.
As shown in Figure 1, it includes diagnostic device to this vehicle remote diagnosis authoring system structure, by diagnosis vehicle, the large module of ticket server three, diagnostic device module and ticket server module are connected with diagnosing vehicle respectively.
The function of diagnostic device module includes request and authorizes bill, reception resolve bill and perform diagnosis.
Assembly contained by this module has certificate storage assembly, communications component, cryptography assembly, cipher key storage component and status register.Certificate storage assembly is used for the digital certificate needed for storage resource request bill.Communications component is used for setting up the mutual of intermodule information on a wireless network.Cryptography assembly is used for the function relevant with cryptography such as encryption and decryption operation, generating random number, secret generating, Hash operation, certifying signature.Cipher key storage component is for preserving key information, and these information comprise self public private key pair, the PKI at CA center, the PKI of communication party and finally for the symmetric key of deagnostic communication.Status register is for preserving provisional parameter required when authoring system runs, as random number challenge etc., machine-processed for challenge response.
Included checking diagnostic device identity by the function of diagnosis vehicle modules and send one-level ticket requests information, solve client-puzzle problem and send secondary ticket requests information, parsing mandate bill, storing Diagnostic Strategy and forward eventually to diagnostic device and authorize bill.
Assembly contained by this module has solver, order decision-making device, communications component, cryptography assembly, cipher key storage component and status register.Solver is used for solving the client-puzzle obtained.Order decision-making device is used for analyzing the Diagnostic Strategy in the mandate bill received, and carries out delineation of power to diagnostic command, performs or ignore the diagnostic command that diagnostic device sends in diagnostic session afterwards.Communications component is used for setting up the mutual of intermodule information on a wireless network.Cryptography assembly is used for the function relevant with cryptography such as encryption and decryption operation, generating random number, secret generating, Hash operation, certifying signature.Cipher key storage component is for preserving key information, and these information comprise self public private key pair, the PKI at CA center, the PKI of communication party and finally for the symmetric key of deagnostic communication.Status register is for preserving provisional parameter required when authoring system runs, as random number challenge etc., machine-processed for challenge response.
The function of ticket server module comprises sets up self-defense strategy for ticket requests information, carries out legitimate verification to the identity of ticket requester, generate the billing information through signature, this packets of information contains requestor and carries out the Diagnostic Strategy of shared key needed for diagnostic session and management diagnosis order and provide and authorize bill.
Assembly contained by this module has diagnosis rights manager component, defence policies assembly, data-carrier store, communications component, cryptography assembly, cipher key storage component and status register.Data-carrier store stores basic information of vehicles and diagnostic device information.These information are diagnosed rights manager component to be used for vehicle for specifying and diagnostic device generates Diagnostic Strategy.Meanwhile, the client-puzzle defense mechanism of reasonable difficulty set up by defence policies assembly according to the performance parameter of the vehicle obtained in data-carrier store and Nash Equilibrium Theory.Communications component is used for setting up the mutual of intermodule information on a wireless network.Cryptography assembly is used for the function relevant with cryptography such as encryption and decryption operation, generating random number, secret generating, Hash operation, certifying signature.Cipher key storage component is for preserving key information, and these information comprise self public private key pair, the PKI at CA center, the PKI of communication party and finally for the symmetric key of deagnostic communication.Status register is for preserving provisional parameter required when authoring system runs, as random number challenge etc., machine-processed for challenge response.
In the state storage elements that above-mentioned module all comprises, a state table need be safeguarded when system performs.This table content is as follows:
Table 1 state storage list
2.2.2 system flow introduction
Communication agent digital certificate involved by native system uses X.509V3 [6] standard, is issued by CA center; In cryptography module, the asymmetric enciphering and deciphering algorithm of message uses RSA, and key length is 128 bytes; The hash algorithm of message adopts MD5; The symmetric encipherment algorithm of message adopts DES, and key length is 8 bytes.
The execution of system is divided into four-stage, is request mandate, bill generation, bill granting and end execution respectively.Succinct for describing, following system perform flow process introduction by diagnostic device module, by diagnosis vehicle modules and ticket server module referred to as module 1, module 2 and module 3.System information mutual and relate to module as shown in Figure 2.
In flow process introduction, cryptography behaviour used is as shown in the table:
Table 2 system flow symbol implication table
The implementation of vehicle remote diagnosis authoring system can be divided into 4 stages, is that the generation of bill, bill and Diagnostic Strategy is authorized in request, bill granting receives and completes mandate respectively.
2.2.3 the stage one performs flow process
First system carries out the stage one.Module 1 obtains self digital certificate DigCert by certificate storage assembly aDE, and the digital certificate DigCert of module 3 tS, after successful inquiring, generate random number nonce by cryptography assembly aDEbe stored in status register, identity during for receiving bill and novelty verification.Finally using above-mentioned information as M1, send to module 2 as connectivity request message M1.Nonce in this message aDEbe 4 bytes, digital certificate adopts X.509V3 form, is issued by CA center, wherein contains the information such as the PKI of certificate holder, identity information, cryptographic algorithm used.
Module 2 receipt message M1, cryptography assembly carries out parsing checking to certificate, i.e. Verf (DigCert tS)=true & & Verf (DgCert aDE)=true.Be verified rear using state storer and preserve the random number nonce received aDEand the identify label ADE of diagnostic device.
After aforesaid operations success, this module sends ticket requests information to module 3.Solicited message is divided into two-stage, and one-level resists strategy for the client-puzzle setting up ticket server, and secondary is used for ticket requests.One-level ticket requests information M2 needs 38 bytes altogether.Wherein nonce vaccount for 4 bytes, cryptography assembly generates and is stored in status register; Vehicles identifications VIN accounts for 17 bytes, and this mark follows SAE (Society of AutomotiveEngineers) standard that tissue is put forward, and is numbered ISO 3779-2009; REQ_MSG accounts for 16 bytes, represents by cryptography assembly information nonce vthe result after Hash operation is carried out with VIN.
After the communications component reception one-level ticket requests information of module 3, M2 is verified.This operation is divided into two steps.
1) cryptography assembly is verified message integrity, namely meets Hash (nonce v, VIN) and=REQ_MSG.
2) in data storage component, transmitting side marking VIN is inquired about to confirm identity.
After being more than proved to be successful, the vehicle parameter information of inquiry is sent to defence policies assembly.The client-puzzle problem that this assembly generates based on Hash function increases the cost initiating ticket requester, reply DoS attack.Particular problem can be described as: ticket server generates the binary bits value m<1 that a length is L, L>, and use Hash operation to produce λ=Hash (TTP, m<1, L>).By the high L-k position of λ and m, i.e. m<k+1, L>, send to by diagnosis vehicle modules V as client-puzzle, solve low k position m ' <1, k> after making to be diagnosed vehicle modules V to obtain client-puzzle problem thus meet following formula:
Hash(m<1,k>,m’<k+1,L>)=λ
In formula, λ is Hash operation result, and k is the lower bit number of binary bits value m, i.e. the difficulty of defence policies;
Meanwhile, defence policies assembly uses and selects based on the k value of game theoretic mixing Nash Equilibrium strategy to client-puzzle, thus control problem difficulty.K value is set to 4,8,12,16 by this assembly, and in order to represent the client-puzzle problem that difficulty increases progressively, selection strategy represents chooses probabilistic combination to different value of K.The workflow of this assembly is shown in Fig. 3.
Concrete probability selection method is:
1, read vehicle performance factor, calculate the specifically consuming time of vehicle and the behavior of ticket server cryptography.These time overhead a_c (i, j) comprising illegal request consuming time, reply expense s_c (i, j) of ticket server.Wherein i represents different illegal request strategies, be divided into and do not calculate puzzle problem, send a request message after directly obtaining Solution at random M3 and calculate puzzle value and send regular request, but no longer perform follow-up system action (as cryptographic operation).J represents the k value of the puzzle problem obtained.Therefore obtain following data, symbol implication wherein illustrates in table 3:
A_c (1, j)=Hash_time (j=is any)
a_c(2,j)=Hash_time+Puzzle(p)+Enc_time (j=p)
S_c (1, j)=Hash_time (j=is any)
s_c(2,j)=Hash_time+Verf_time+Dec_time+2*Hash_time
+ 2*Sgn_time+2*Enc_time (j=is any)
Table 3 cryptographic algorithm implication table
2, set up Payoff (i, j) gain matrix, wherein Payoff (i, j) is the income sending illegal request in 1s, meets Payoff (i, j)=s_c (i, j) * 1s/a_c (i, j).Gain matrix is as shown in table 4, and wherein the probability of choosing of different value of K is (x1, x2, x2, x4), is denoted as P*.Gain matrix is as shown in the table:
Table 4 gain matrix table
3, defence policies is calculated.According to gain matrix, obtain formula (1) (2) (3):
Payoff(1,4)*x1+Payoff(1,8)*x2+Payoff(1,12)*x3+Payoff(1,16)*x4
=Payoff(2,4)*x1+Payoff(2,8)*x2+Payoff(2,12)*x3+Payoff(2,16)*x4 (1)
X1+x2+x3+x4=1 and x1,2,3,4>=0 (2)
min(Payoff(i,4)*x1+Payoff(i,8)*x2+Payoff(i,12)*x3+Payoff(i,16)*x4) (3)
Defence policies assembly through type (1) (2) (3), use linear programming computing method, draw final Selection Strategy P*=(x1, x2, x3, x4).
4, defence policies assembly provides the client-puzzle problem of a certain difficulty according to probability P to by diagnosis vehicle.Meanwhile, defence policies assembly, by the solution of problem, is namely worth m<1, and L> deducts value m<k+1, and L> is designated as solution ', deposits in status register.
Next, executive system the 1st stage Part II.
The communications component generating messages M3 of module 3 is sent to module 2.This message is totally 44 bytes, wherein nonce vgenerated by cryptography assembly and deposit in status register, accounting for 4 bytes.TS is module 3 identify label, accounts for 4 bytes.Puzzle problem accounts for 20 bytes.ANS_MSG generates after carrying out Hash operation by cryptography assembly to above information, accounts for 16 bytes.
Transferred to cryptography assembly after the request cost information M3 of the communications component receiver module 3 of module 2.This assembly carries out two step cards:
1) nonce of reading state storer v, and the nonce received vproving correctness after comparison;
2) Hash (nonce is verified v, TS, Puzzle) and=ANS_MSG.
After aforesaid operations success, the Puzzle field of cryptography component intercepts message hands to solver.Solver solves this client-puzzle problem.Because Hash function is unidirectional, therefore this problem can only be solved by violence test.Therefore, the job step of solver is:
1) initialization a ' <1, k>=00...00 (length is the Bit String of k);
2) verify hash value, if success, perform the 4th) step, otherwise perform the 3rd) step;
3) a ' <1, k>=a ' <1, k>+1, if a ' is <1, k> unequal to 11..111 (length is the Bit String of k) turns the 2nd) step, otherwise turn the 5th) step;
4) solve and successfully terminate, note answer is Solution, delivers to communications component;
5) solve failure, system stops performing.
Its process flow diagram is as shown in Figure 4:
Solve successfully, module 2 sends secondary ticket requests information M4 to module 3.The overall byte-sized of M4 is depending on encryption situation, and what wherein Solution was solver is solved, and accounts for 4 bytes; DE is module 2 identify label, accounts for 4 bytes; { VIN, nonce v2pkV is ciphertext, the own public key read in cipher key storage component by cryptography assembly generates after rsa encryption.
The communications component receipt message M4 of module 3, carries out verification operation.This operation is divided into 3 steps:
1) verify the solution of client-puzzle, namely whether comparison reception Solution value is equal with oneself state memory value Solution ';
2) the ADE value of acquisition is searched from the diagnostic device message unit of data-carrier store;
3) assembly that accesses to your password extracts own private key from cipher key storage component, deciphering { VIN, nonce v2pkV.
2.2.4 the stage two performs flow process
System performs and enters subordinate phase.Stage two schematic diagram is as shown in Figure 5:
Diagnosis rights manager component obtains to the vehicle VIN of data-carrier store request and diagnostic device ADE information.Again according to these information nucleus formations in the Diagnostic Strategy of vehicle, be designated as V policy.V policyvehicle is diagnosed to select to receive which diagnostic command, i.e. rights management function in follow-up deagnostic communication in order to inform.V policybe made up of the information of one group of 3 byte, the malfunction coding standard OBD-II that this information reference SAE (Society of Automotive Engineers) tissue proposes, its form is as shown in table 5 below:
Vpolicy, by providing the diagnostic trouble code of selection, makes vehicle shield corresponding diagnostic command.As ### represents all diagnostic commands of shielding; P0# represents all general fault diagnosis of shielding; P03, P04 represent the diagnosis shielded firing system and off gas control system.
Cryptography assembly completes last mandate bill and generates.Bill is authorized to be divided into by diagnosis vehicle bill Ticket vwith diagnostic device bill Ticket aDE.Wherein, Ticket aDEcontent contain vehicle and the 8 byte DES key Ks of diagnostic device for communicating aDE, Vand be used for the VIN of identifying and diagnosing vehicle, and contain the information { K through ticket server private key private key signature aDE, V, VIN}SignTS is used for verification; Ticket vcontain vehicle and the 8 byte DES key Ks of diagnostic device for communicating aDE, Vand Diagnostic Strategy V policy.Also contains the information { K through trusted third party's private key signature simultaneously aDE, V, V policysignTS be used for verification.Above Hash, signature operation complete by the cryptography assembly of ticket server, and needed for signature operation, private key comes from cipher key storage component.Bill is authorized to neglect greatly actual Password Operations and determine.
2.2.5 the stage three performs flow process
Bill generates complete, the system execute phase three, i.e. the granting of bill and reception.Bill is encrypted by the cryptography assembly of module 3, and generating messages M5 is sent to module 2.The byte-sized of M5 is depending on cryptographic operation result, wherein { Ticket v, nonce v2pkV use module 2 PKI to carry out rsa encryption after cipher-text information, this PKI reads from cipher key storage component; { Ticket aDEpkADE use module 1 PKI to carry out rsa encryption after cipher-text information, this PKI reads from cipher key storage component.
The communications component of module 2 receives information M5, is verified by cryptography assembly.Checking is divided into 3 steps: 1, intercept { the Ticket in billing information v, nonce v2pkV is passed to cryptography assembly.This assembly reads own private key and performs decryption oprerations from cipher key storage component, obtains Ticket vand nonce v2.2, the nonce obtained will be deciphered v2with the nonce preserved in oneself state storer v2carry out value comparison.3, to deciphering the Ticket obtained vthe ticket server PKI in cipher key storage component is used to carry out signature verification, i.e. Hash (K aDE, V, V policy)=DecTS ({ Hash (K aDE, V, V policy) SignTS).
After more than having operated, cryptography assembly is by bill Ticket vin K aDE, Vbe saved to cipher key storage component, V policybe saved to order decision-making device.Message M6 is sent to module 1.Shared by this message, byte-sized is depending on cryptographic operation result.Wherein { Ticket aDEpkADE is the latter half of intercepts messages M5; { nonce aDE, ADE}K aDE, Vfor using the K in bill aDE, Vcarry out des encryption ciphertext, encrypted nonce aDEread from status register with ADE.
Finally, the communications component receiver module 2 of module 1 billing information M6 and verify.Verification step is divided into 3 steps:
1, { the Ticket in billing information is intercepted aDEpkADE is passed to cryptography assembly.This assembly is decrypted operation, obtains Ticket aDE.
2, to deciphering the Ticket obtained aDEcarry out signature verification, i.e. Hash (K aDE, V, VIN) and=DecTS ({ Hash (K aDE, V, VIN) } SignTS).
3, Ticket is used aDEin shared key K aDE, Vdeciphering K aDE, V(nonce aDE, ADE), will the nonce obtained be deciphered aDEwith the nonce preserved in oneself state storer aDEcarry out value comparison.
After being proved to be successful, by the K in bill aDE, Vbe saved in the cipher key storage component of diagnostic device, for later deagnostic communication.
2.2.6 the stage four performs flow process
The system execute phase four, namely complete Authorized operation, empty the value of status register in each module.

Claims (10)

1. a vehicle remote diagnosis authoring system, is characterized in that, comprising:
Diagnostic device module, authorizes bill, reception resolve bill and perform diagnosis for asking;
By diagnosis vehicle modules, for verifying diagnostic device identity and sending one-level ticket requests information, solve client-puzzle problem and send secondary ticket requests information, parsing mandate bill, store Diagnostic Strategy and forward eventually to diagnostic device and authorize bill;
Ticket server module, set up self-defense strategy for ticket requests information, legitimate verification is carried out to the identity of ticket requester, generate the billing information through signature, this packets of information contains requestor and carries out the Diagnostic Strategy of shared key needed for diagnostic session and management diagnosis order and provide and authorize bill;
Described diagnostic device module, by diagnosis vehicle modules and ticket server module three interrelated and comprise state storage elements, verify by the current information in state storage elements the correctness that diagnostic process performs.
2. vehicle remote diagnosis authoring system according to claim 1, is characterized in that, described diagnostic device module comprises further:
Certificate storage assembly, for the digital certificate needed for storage resource request bill;
General purpose module, verifies for being carried out by the digital certificate in certificate storage assembly, preserves key information, provisional parameter and communicated with diagnosing vehicle modules;
Described general purpose module is connected with certificate storage assembly.
3. vehicle remote diagnosis authoring system according to claim 1, is characterized in that, described by diagnosis vehicle modules comprise further:
Solver, for solving the client-puzzle obtained;
Order decision-making device, for analyzing the Diagnostic Strategy in the mandate bill received, carries out delineation of power to diagnostic command, performs or ignore the diagnostic command that diagnostic device sends in diagnostic session afterwards;
General purpose module, the message for the diagnostic device received module and ticketing services module being sent carries out verifying, preserving key information and provisional parameter;
Described general purpose module is connected with order decision-making device with solver respectively.
4. vehicle remote diagnosis authoring system according to claim 1, is characterized in that, described ticket server module comprises further:
Data-carrier store, for storing basic information of vehicles and diagnostic device information; Described information is diagnosed rights manager component to be used for vehicle for specifying and diagnostic device generates Diagnostic Strategy;
Defence policies assembly, for setting up the client-puzzle defense mechanism of reasonable difficulty according to the performance parameter of vehicle obtained in data-carrier store and Nash Equilibrium Theory;
Diagnosis rights manager component, for generating the Diagnostic Strategy to being sent by diagnosis vehicle modules;
General purpose module, for by receive the message that sends by diagnosis vehicle modules carry out verifying, preserving key information and provisional parameter;
Described general purpose module is connected with defence policies assembly with diagnosis rights manager component, data-carrier store successively and forms loop.
5. the vehicle remote diagnosis authoring system according to any one of claim 2-4, is characterized in that, described general purpose module comprises:
Communications component, for setting up the mutual of intermodule information on a wireless network;
Cryptography assembly, for encryption and decryption operation, generating random number, secret generating, Hash operation, certifying signature;
Cipher key storage component, for preserving key information;
Status register, for preserving required provisional parameter when authoring system runs, for challenge response mechanism, especially, in ticketing services module, simultaneously also for verification of correctness that client-puzzle solves;
Described communications component is connected with status register with cryptography assembly, cipher key storage component respectively, and cryptography assembly is connected with cipher key storage component with status register respectively.
6. vehicle remote diagnosis authoring system according to claim 5, is characterized in that, described key information comprises self public private key pair, the PKI at CA center, the PKI of communication party and finally for the symmetric key of deagnostic communication.
7. a vehicle remote diagnosis authorization method, is characterized in that, comprises the steps:
Step one, bill is authorized in request:
1) diagnostic device module obtains self digital certificate DigCert by certificate storage assembly aDE, and the digital certificate DigCert of ticket server module tS, after successful inquiring, generate random number nonce by cryptography assembly aDEbe stored in status register, identity during for receiving bill and novelty verification;
2) above-mentioned information M1 is sent to by diagnosis vehicle modules as connectivity request message;
3) received solicited message cryptography assembly by diagnosis vehicle modules and parsing checking is carried out to certificate;
4), after being verified, the random number nonce received preserved by using state storer aDEand the identify label ADE of diagnostic device;
5) sent two-stage ticket requests information by diagnosis vehicle modules to ticket server module, one-level resists strategy request information M2 for the client-puzzle setting up ticket server; Secondary: for ticket requests information;
6), after the communications component of ticket server module receives one-level ticket requests information M2, it is verified;
7) after being proved to be successful more than, the vehicle parameter information of inquiry is sent to defence policies assembly, the client-puzzle problem that this assembly generates based on Hash function increases the cost initiating ticket requester, reply DoS attack;
8) the communications component information generated M3 of ticket server module is sent to by diagnosis vehicle modules, is transferred to cryptography assembly carry out two step cards by diagnosis vehicle modules;
9) the Puzzle field of cryptography component intercepts message is handed to solver and is solved this client-puzzle problem;
10) solve successfully, sent secondary ticket requests information M4 by diagnosis vehicle modules to ticket server module; The own public key read in cipher key storage component by cryptography assembly generates after rsa encryption;
11) communications component of ticket server module receives solicited message M4, carries out verification operation;
1. verify the solution of client-puzzle, namely whether comparison reception Solution value is equal with oneself state memory value Solution ';
2. the ADE value of acquisition is searched from the diagnostic device message unit of data-carrier store;
3. the assembly that accesses to your password extracts own private key from cipher key storage component, deciphering { VIN, nonce v2pkV;
Step 2, bill and Diagnostic Strategy generate:
1) rights manager component is diagnosed to obtain to the vehicle VIN of data-carrier store request and diagnostic device ADE information, then according to these information nucleus formations in the Diagnostic Strategy of vehicle;
2) cryptography assembly completes last mandate bill generation, authorizes bill to be divided into by diagnosis vehicle bill Ticket vwith diagnostic device bill Ticket aDE;
Step 3, bill granting receives:
1) bill is encrypted by the cryptography assembly of ticket server module, information generated M5, is sent to by diagnosis vehicle modules;
2) by the communications component receipt message M5 of diagnosis vehicle modules, verified by cryptography assembly;
3) cryptography assembly is by bill Ticket vin K aDE, Vbe saved to cipher key storage component, V policybe saved to order decision-making device;
4) billing information M6 is sent to diagnostic device module;
5) communications component of diagnostic device module receives by the billing information M6 of diagnosis vehicle modules and verifies;
6) after being proved to be successful, by the K in bill aDE, Vbe saved in the cipher key storage component of diagnostic device, for later deagnostic communication;
Step 4, completes mandate:
Namely complete Authorized operation, empty the value of status register in each module.
8. vehicle remote diagnosis authorization method according to claim 7, is characterized in that, described step one the 6th) in step, carry out checking and be divided into two steps:
The first step: cryptography assembly is verified message integrity, namely meets Hash (nonce v, VIN) and=REQ_MSG;
Second step: inquire about transmitting side marking VIN to confirm identity in data storage component.
9. vehicle remote diagnosis authorization method according to claim 7, is characterized in that, described step one the 7th) step, defence policies assembly generates the client-puzzle defense mechanism based on Hash function, is realized by following step:
1. ticket server generates the binary bits value m (1, L) that a length is L, and uses Hash operation to produce λ=Hash (TTP, m (1, L);
2. by the high L-k position of λ and m, i.e. m (k+1, L), to send to by diagnosis vehicle modules as client-puzzle, solve after making to be diagnosed vehicle modules to obtain client-puzzle problem low k position m ' (1, k) thus meet following formula:
Hash(m(1,k),m’(k+1,L))=λ
In formula, λ is Hash operation result, and k is the lower bit number of binary bits value m, i.e. the difficulty of defence policies;
3. defence policies assembly uses and selects based on the k value of game theoretic mixing Nash Equilibrium strategy to client-puzzle, and selection strategy represents chooses probabilistic combination to different value of K, comprises the steps:
I) read vehicle performance factor, calculate the specifically consuming time of vehicle and the behavior of ticket server cryptography; These time overhead a_c (i, j) comprising illegal request consuming time, reply expense s_c (i, j) of ticket server, wherein i represents different illegal request strategies, and j represents the k value of the puzzle problem obtained; Send a request message after directly obtaining Solution at random M3 and calculate puzzle value and send regular request, obtains following data:
A_c (1, j)=Hash_time (j=is any)
a_c(2,j)=Hash_time+Puzzle(p)+Enc_time (j=p)
S_c (1, j)=Hash_time (j=is any)
s_c(2,j)=Hash_time+Verf_time+Dec_time+2*Hash_time
+ 2*Sgn_time+2*Enc_time (j=is any);
II) set up Payoff (i, j) gain matrix, wherein Payoff (i, j) is the income sending illegal request in 1s, meets Payoff (i, j)=s_c (i, j) * 1s/a_c (i, j);
III) calculate defence policies:
According to gain matrix, obtain following formula, wherein k1, k2, k3 and k4 are the k value that in puzzle problem, size increases progressively:
Payoff(1,k1)*x1+Payoff(1,k2)*x2+Payoff(1,k3)*x3+Payoff(1,k4)*x4=Payoff(2,k1)*x1+Payoff(2,k2)*x2+Payoff(2,k3)*x3+Payoff(2,k4)*x4 (1)
X1+x2+x3+x4=1 and x1,2,3,4>=0 (2)
min(Payoff(i,k1)*x1+Payoff(i,k2)*x2+Payoff(i,k3)*x3+Payoff(i,k4)*x4)(3)
Defence policies assembly through type (1) (2) (3), use linear programming computing method, draw final Selection Strategy P*=(x1, x2, x3, x4);
4. defence policies assembly provides the client-puzzle problem of a certain difficulty according to probability P to by diagnosis vehicle; Meanwhile, defence policies assembly, by the solution of problem, is namely worth m (1, L) and deducts value m (k+1, L), be designated as solution ', deposit in status register.
10. vehicle remote diagnosis authorization method according to claim 7, is characterized in that, described step one the 8th) step, carry out checking and be divided into two steps:
The first step, the nonce of reading state storer v, and the nonce received vproving correctness after comparison;
Second step, checking Hash (nonce v, TS, Puzzle) and=ANS_MSG.
CN201510106587.9A 2015-03-11 2015-03-11 Authorization system and method for vehicle remote diagnosis Pending CN104765357A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201510106587.9A CN104765357A (en) 2015-03-11 2015-03-11 Authorization system and method for vehicle remote diagnosis

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201510106587.9A CN104765357A (en) 2015-03-11 2015-03-11 Authorization system and method for vehicle remote diagnosis

Publications (1)

Publication Number Publication Date
CN104765357A true CN104765357A (en) 2015-07-08

Family

ID=53647265

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201510106587.9A Pending CN104765357A (en) 2015-03-11 2015-03-11 Authorization system and method for vehicle remote diagnosis

Country Status (1)

Country Link
CN (1) CN104765357A (en)

Cited By (18)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106357681A (en) * 2016-11-02 2017-01-25 合肥工业大学 Security access and secret communication method of vehicle-mounted remote diagnostic services
CN106685985A (en) * 2017-01-17 2017-05-17 同济大学 Vehicle remote diagnosis system and method based on information safety technology
CN107479525A (en) * 2016-12-23 2017-12-15 宝沃汽车(中国)有限公司 Vehicle remote diagnosis system and its control method
CN108076043A (en) * 2016-11-10 2018-05-25 通用汽车环球科技运作有限责任公司 For the virtual key of vehicle maintenance
CN108153906A (en) * 2018-01-17 2018-06-12 武汉创牛科技有限公司 Fault mode density of infection inquiry system in a kind of vehicle operation
CN108243212A (en) * 2016-12-24 2018-07-03 宝沃汽车(中国)有限公司 For the method and apparatus of vehicle diagnostics
CN108268024A (en) * 2017-12-29 2018-07-10 深圳市道通科技股份有限公司 Vehicular diagnostic method, device, terminal and computer readable storage medium
CN108306940A (en) * 2017-01-11 2018-07-20 通用汽车环球科技运作有限责任公司 The method and system of the remotely modifying of information for electric appliance activation transmission
CN109270919A (en) * 2018-08-31 2019-01-25 深圳市元征科技股份有限公司 A kind of vehicle detection data managing method, analysis method, equipment and server
CN109740304A (en) * 2018-11-30 2019-05-10 深圳市元征科技股份有限公司 A kind of vehicle diagnosis right management method and relevant device
CN110233820A (en) * 2019-04-25 2019-09-13 深圳市元征科技股份有限公司 A kind of right management method of vehicle diagnostics, system and server, terminal
CN111142500A (en) * 2019-12-26 2020-05-12 国汽(北京)智能网联汽车研究院有限公司 Permission setting method and device for vehicle diagnosis data and vehicle-mounted gateway controller
CN111431901A (en) * 2020-03-23 2020-07-17 重庆长安汽车股份有限公司 System and method for safely accessing ECU (electronic control Unit) in vehicle by external equipment
CN113114467A (en) * 2021-03-23 2021-07-13 中汽创智科技有限公司 Secure access method and system for movable bill
CN113439425A (en) * 2020-01-23 2021-09-24 华为技术有限公司 Message transmission method and device
CN113703415A (en) * 2020-05-20 2021-11-26 广州汽车集团股份有限公司 Detection method and device for vehicle electronic control unit, storage medium and terminal equipment
CN114342320A (en) * 2019-09-10 2022-04-12 Fca美国有限责任公司 Authenticated vehicle diagnostic access techniques
WO2024000402A1 (en) * 2022-06-30 2024-01-04 华为技术有限公司 Diagnostic method and apparatus

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1816822A (en) * 2003-08-11 2006-08-09 索尼株式会社 Authentication method, authentication system, and authentication server
EP1688888A1 (en) * 2005-02-04 2006-08-09 Sokymat Automotive GmbH Method for communication and verification of authentication data between a portable device with transponder and a vehicle reading unit
CN1847817A (en) * 2005-04-15 2006-10-18 中国移动通信集团公司 Mobile communication system and method for providing automobile with service
US20140003228A1 (en) * 2012-06-27 2014-01-02 Cisco Technology, Inc. Optimizations in Multi-Destination Tree Calculations for Layer 2 Link State Protocols
KR20140048554A (en) * 2012-10-16 2014-04-24 콘티넨탈 오토모티브 시스템 주식회사 Plurality of fob detecting system of vehicle and method thereof

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1816822A (en) * 2003-08-11 2006-08-09 索尼株式会社 Authentication method, authentication system, and authentication server
EP1688888A1 (en) * 2005-02-04 2006-08-09 Sokymat Automotive GmbH Method for communication and verification of authentication data between a portable device with transponder and a vehicle reading unit
CN1847817A (en) * 2005-04-15 2006-10-18 中国移动通信集团公司 Mobile communication system and method for providing automobile with service
US20140003228A1 (en) * 2012-06-27 2014-01-02 Cisco Technology, Inc. Optimizations in Multi-Destination Tree Calculations for Layer 2 Link State Protocols
KR20140048554A (en) * 2012-10-16 2014-04-24 콘티넨탈 오토모티브 시스템 주식회사 Plurality of fob detecting system of vehicle and method thereof

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
焦政达等: "新的车辆远程诊断授权协议", 《通信学报》 *

Cited By (25)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106357681A (en) * 2016-11-02 2017-01-25 合肥工业大学 Security access and secret communication method of vehicle-mounted remote diagnostic services
CN108076043A (en) * 2016-11-10 2018-05-25 通用汽车环球科技运作有限责任公司 For the virtual key of vehicle maintenance
CN107479525B (en) * 2016-12-23 2019-09-20 宝沃汽车(中国)有限公司 Vehicle remote diagnosis system and its control method
CN107479525A (en) * 2016-12-23 2017-12-15 宝沃汽车(中国)有限公司 Vehicle remote diagnosis system and its control method
CN108243212A (en) * 2016-12-24 2018-07-03 宝沃汽车(中国)有限公司 For the method and apparatus of vehicle diagnostics
CN108306940B (en) * 2017-01-11 2021-08-31 通用汽车环球科技运作有限责任公司 Method and system for remote modification of information transmitted by appliance activation
CN108306940A (en) * 2017-01-11 2018-07-20 通用汽车环球科技运作有限责任公司 The method and system of the remotely modifying of information for electric appliance activation transmission
CN106685985A (en) * 2017-01-17 2017-05-17 同济大学 Vehicle remote diagnosis system and method based on information safety technology
CN106685985B (en) * 2017-01-17 2019-11-29 同济大学 A kind of vehicle remote diagnosis system and method based on information security technology
CN108268024A (en) * 2017-12-29 2018-07-10 深圳市道通科技股份有限公司 Vehicular diagnostic method, device, terminal and computer readable storage medium
CN108268024B (en) * 2017-12-29 2021-09-21 深圳市道通科技股份有限公司 Vehicle diagnosis method, device, terminal and computer-readable storage medium
CN108153906A (en) * 2018-01-17 2018-06-12 武汉创牛科技有限公司 Fault mode density of infection inquiry system in a kind of vehicle operation
CN109270919A (en) * 2018-08-31 2019-01-25 深圳市元征科技股份有限公司 A kind of vehicle detection data managing method, analysis method, equipment and server
CN109270919B (en) * 2018-08-31 2019-10-18 深圳市元征科技股份有限公司 A kind of vehicle detection data managing method, analysis method, equipment and server
CN109740304A (en) * 2018-11-30 2019-05-10 深圳市元征科技股份有限公司 A kind of vehicle diagnosis right management method and relevant device
CN110233820A (en) * 2019-04-25 2019-09-13 深圳市元征科技股份有限公司 A kind of right management method of vehicle diagnostics, system and server, terminal
CN114342320A (en) * 2019-09-10 2022-04-12 Fca美国有限责任公司 Authenticated vehicle diagnostic access techniques
CN111142500A (en) * 2019-12-26 2020-05-12 国汽(北京)智能网联汽车研究院有限公司 Permission setting method and device for vehicle diagnosis data and vehicle-mounted gateway controller
CN111142500B (en) * 2019-12-26 2021-08-10 国汽(北京)智能网联汽车研究院有限公司 Permission setting method and device for vehicle diagnosis data and vehicle-mounted gateway controller
CN113439425A (en) * 2020-01-23 2021-09-24 华为技术有限公司 Message transmission method and device
CN111431901A (en) * 2020-03-23 2020-07-17 重庆长安汽车股份有限公司 System and method for safely accessing ECU (electronic control Unit) in vehicle by external equipment
CN111431901B (en) * 2020-03-23 2021-10-12 重庆长安汽车股份有限公司 System and method for safely accessing ECU (electronic control Unit) in vehicle by external equipment
CN113703415A (en) * 2020-05-20 2021-11-26 广州汽车集团股份有限公司 Detection method and device for vehicle electronic control unit, storage medium and terminal equipment
CN113114467A (en) * 2021-03-23 2021-07-13 中汽创智科技有限公司 Secure access method and system for movable bill
WO2024000402A1 (en) * 2022-06-30 2024-01-04 华为技术有限公司 Diagnostic method and apparatus

Similar Documents

Publication Publication Date Title
CN104765357A (en) Authorization system and method for vehicle remote diagnosis
CN111464980B (en) Electronic evidence obtaining device and method based on block chain in Internet of vehicles environment
CN111049660B (en) Certificate distribution method, system, device and equipment, and storage medium
CN103517273B (en) Authentication method, managing platform and Internet-of-Things equipment
CN111131313B (en) Safety guarantee method and system for replacing ECU (electronic control Unit) of intelligent networked automobile
CN101300808B (en) Method and arrangement for secure autentication
CN110519309B (en) Data transmission method, device, terminal, server and storage medium
CN109067549B (en) Virtual key bidirectional authentication system and method
CN111181928B (en) Vehicle diagnosis method, server, and computer-readable storage medium
CN105635147A (en) Vehicle-mounted-special-equipment-system-based secure data transmission method and system
CN108650220B (en) Method and equipment for issuing and acquiring mobile terminal certificate and automobile end chip certificate
CN113129518B (en) Electric vehicle charging system and resource management method thereof
CN101777978A (en) Method and system based on wireless terminal for applying digital certificate and wireless terminal
CN103888938A (en) PKI private key protection method of dynamically generated key based on parameters
CN110147666B (en) Lightweight NFC identity authentication method in scene of Internet of things and Internet of things communication platform
CN113569226B (en) Parking space management system and method based on block chain
CN106789897A (en) For the digital certificate authentication method and system of application program for mobile terminal
CN106789024A (en) A kind of remote de-locking method, device and system
CN115396121A (en) Security authentication method for security chip OTA data packet and security chip device
CN111105235A (en) Supply chain transaction privacy protection system and method based on block chain and related equipment
CN102521777B (en) A kind of method and system realizing remote credit
CN116074023A (en) Authentication method and communication device
CN101471775B (en) Authentication method for MS and BS of WiMAX system
Kleberger et al. Protecting vehicles against unauthorised diagnostics sessions using trusted third parties
Chen et al. Sustainable Secure Communication in Consumer-Centric Electric Vehicle Charging in Industry 5.0 Environments

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
EXSB Decision made by sipo to initiate substantive examination
SE01 Entry into force of request for substantive examination
WD01 Invention patent application deemed withdrawn after publication
WD01 Invention patent application deemed withdrawn after publication

Application publication date: 20150708