CN105656884A - Automobile bus security control device based on security elements and control method thereof - Google Patents

Automobile bus security control device based on security elements and control method thereof Download PDF

Info

Publication number
CN105656884A
CN105656884A CN201510999129.2A CN201510999129A CN105656884A CN 105656884 A CN105656884 A CN 105656884A CN 201510999129 A CN201510999129 A CN 201510999129A CN 105656884 A CN105656884 A CN 105656884A
Authority
CN
China
Prior art keywords
automobile
instruction
bus
module
security
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201510999129.2A
Other languages
Chinese (zh)
Inventor
陈万东
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Yanfeng Visteon Electronic Technology Shanghai Co Ltd
Original Assignee
Yanfeng Visteon Electronic Technology Shanghai Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Yanfeng Visteon Electronic Technology Shanghai Co Ltd filed Critical Yanfeng Visteon Electronic Technology Shanghai Co Ltd
Priority to CN201510999129.2A priority Critical patent/CN105656884A/en
Publication of CN105656884A publication Critical patent/CN105656884A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0892Network architectures or network communication protocols for network security for authentication of entities by using authentication-authorization-accounting [AAA] servers or protocols
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • H04L12/40Bus networks
    • H04L12/403Bus networks with centralised control, e.g. polling
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0823Network architectures or network communication protocols for network security for authentication of entities using certificates
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Small-Scale Networks (AREA)
  • Business, Economics & Management (AREA)
  • Accounting & Taxation (AREA)

Abstract

The invention discloses an automobile bus security control device based on security elements. The device comprises that a security module is taken as an agent for an external module to access an automobile CAN (Controller Area Network) bus and controls the security of the source of an external instruction; the security module comprises a key module in which the private key of the automobile is cured, a security chip which is connected with the key module and is used for encrypting the externally input encrypted instruction data for accessing an automobile CAN system and authorizing an access level, and an instruction center which is connected with the security chip and is used for interacting with the automobile CAN bus. According to the automobile bus security control device based on security elements and the control method thereof provided by the invention, the implement is convenient; the cost is low; the existing automobile CAN bus system is not changed; the automobile dealer acceptance is high; an instruction sender is verified through increasing an extension hardware module; the security is high; and the intelligent card chip with a computing capability is strong in computing capability and rapid in response.

Description

Based on automobile bus safety control device and the control method thereof of security element
Technical field
The present invention relates to electricity field, particularly relate to the intelligent automobile technology, particularly a kind of automobile bus safety control device based on security element and control method thereof in automobile networking.
Background technology
CAN(ControllerAreaNetwork): Controller Area Network BUS is a kind of serial communication protocol bus for applying in real time. VSEP(VehicleSecurityElementprotocol): VSEP is that this patent says the car machine intelligent terminal described and the safe module a kind of secure exchange agreement pair when carrying out communication, it is desired to car machine intelligent terminal is sent to safe module after publicly-owned CAN instruction carries out numeral signature.
Present automotive electronics CAN is open, as long as it is semantic correct to render to the order format in bus, so automobile will perform this instruction. Meanwhile, the CAN protocol of each big car trader is all privately owned specification, does not also meet the open CAN protocol standard under requiring car terminals can resolve execution thing networking specification under car is networked. Based under the intelligent transportation environment of vehicle net, can interconnect between bus or train route people, just require that car terminals can understand open CAN standard agreement specification. Automobile needs under the networking of this external car process the instruction sent from World Wide Web, if the instruction that automobile receives is the steering order of malice, will automobile and people be caused serious injury.
Summary of the invention
It is an object of the invention to provide a kind of solution automobile agreement Problem and safe driving problem and the automobile bus safety control device based on security element invented and control method thereof under car is networked.
For solving the problems of the technologies described above, the present invention, based on the automobile bus safety control device of security element, comprising: safe module, and the instruction of the described automobile CAN of control is verified by described safe model calling in the entrance of automobile CAN-bus, described safe module; Wherein said safe module comprises: cipher key module, solidifies automobile private cipher key in described cipher key module, and this module data can only be read to be tampered;Safety chip, described safety chip is connected with described cipher key module, and for external input controls the encrypted instruction decrypt data of described automobile CAN behavior, and the certificate according to visitor authorizes this user can access this automobile CAN instruction-level; Direction Center, described Direction Center is connected with described safety chip, for mutual with described automobile CAN-bus.
Described safe module communicates with automobile intelligent terminal system.
Described safe module is communicated with described automobile intelligent terminal system by VSE protocol interface.
Described Direction Center obtains the publicly-owned CAN instruction after user's authority and deciphering from safety chip, if the permission match of described publicly-owned CAN instruction and user, then described publicly-owned CAN instruction transformation is become the control command of the privately owned CAN of automobile, render to described automobile CAN-bus, and wait the execution result of described automobile CAN-bus.
Based on the control method of the automobile bus safety control device of security element, comprise the steps:
Step 1, utilizes the Open V SE agreement that safe module provides, communicates with vehicle intelligent terminal;
Step 2, utilizes safety chip to be decrypted by encrypted instruction, thus obtains the rank of the expressly addressable automobile CAN data of publicly-owned CAN instruction and this user;
Step 3, utilizes instruction module the authority of publicly-owned CAN instruction and user to be mated
Step 4, utilizes instruction module that publicly-owned CAN instruction transformation is become the privately owned CAN protocol of automobile, and the privately owned CAN protocol of the automobile after conversion is dropped into automobile CAN-bus and performs.
The present invention is based on the automobile bus safety control device of security element and control method embodiment party thereof just; cost is low; do not change existing automobile CAN-bus system; car trader's acceptability is strong; by increasing development hardware module, transmission instruction side is verified; security height; with the intelligent card chip of computing power; computing power is strong; response fast; the order control center of safe module is responsible for the publicly-owned agreement of CAN is done privately owned protocol conversion, namely protects the privately owned agreement of car trader, also meets the lower automobile CAN agreement specification of car networking.
Accompanying drawing explanation
Fig. 1 is the automobile bus safety control schematic diagram of device of the present invention based on security element;
Fig. 2 is the control method flow diagram of the present invention based on the automobile bus safety control device of security element.
Embodiment
Below in conjunction with accompanying drawing, the present invention is described in further detail based on automobile bus safety control device and the control method thereof of security element.
As shown in Figure 1, the present invention, based on the automobile bus safety control device of security element, comprising: safe module, and safe module is connected with automobile CAN-bus, and meanwhile, vehicle-mounted terminal is conversated by VSEP agreement and safe module.
Wherein safe module comprises: cipher key module, solidifies the private cipher key that this car is exclusive in cipher key module, and the private cipher key of cipher key module can not be modified; Safety chip, safety chip is connected with cipher key module and can read key from cipher key module, for the instruction of input is decrypted the authority levels of the ownership verifying out this user's certificate and publicly-owned instruction; Direction Center, Direction Center is connected with safety chip, and user's authority of the output of safety chip and publicly-owned instruction is mated, if the match is successful, then this publicly-owned CAN instruction transformation is become the privately owned CAN control command of automotive electronics, render to CAN, and return the execution result of CAN.
VSEP agreement is the simple agreement of the mutual a kind of agreement of safe module and vehicle intelligent terminal, and safe module accepts the lasting link of client terminal, it is only necessary to the identity of user carries out a digital signature identification when client link.Safe module also provides simple link simultaneously, it is desired to the publicly-owned CAN data that intelligent terminal sends must carry out digital signature with the Public Key of safe module.
As shown in Figure 2, at the entrance of described automobile CAN-bus, increase safe module, safe module is solidified unique private cipher key of described automobile. When safe module receives the instruction of car machine intelligent multimedia terminal by VSE security protocol, safety chip reads key certificate from cipher key module and is decrypted and authority verification by the director data of encryption; If verification is passed through, safety chip reportedly passs Direction Center module the authority number of levels of the publicly-owned CAN instruction obtained after deciphering and user, and publicly-owned CAN instruction and authority are mated by Direction Center module; If the match is successful, then publicly-owned CAN instruction translation is become the privately owned CAN protocol of automotive electronics described in this, if conversion is correct, just changes later instruction and drop into CAN execution.
The present invention is based on the automobile bus safety control device of security element and control method embodiment party thereof just; cost is low; do not change existing automobile CAN-bus system; car trader's acceptability is strong; by increasing development hardware module, transmission instruction side is verified; security height; with the intelligent card chip of computing power; computing power is strong; response fast; the order control center of safe module is responsible for the publicly-owned agreement of CAN is done privately owned protocol conversion, namely protects the privately owned agreement of car trader, also meets the lower automobile CAN agreement specification of car networking.
Below the better embodiment of the invention has been carried out concrete explanation, but the invention is not limited to described embodiment, those of ordinary skill in the art also can make all equivalent modification or replacement under the prerequisite not running counter to the invention spirit, and these equivalent modification or replacement are all included in the application's claim limited range.

Claims (5)

1. based on the automobile bus safety control device of security element, it is characterised in that, comprising:
Safe module, the instruction of the described automobile CAN of control is verified by described safe model calling in the entrance of automobile CAN-bus, described safe module; Wherein
Described safe module comprises:
Cipher key module, solidifies automobile private cipher key in described cipher key module, and this module data can only be read to be tampered;
Safety chip, described safety chip is connected with described cipher key module, and for external input controls the encrypted instruction decrypt data of described automobile CAN behavior, and the certificate according to visitor authorizes this user can access this automobile CAN instruction-level;
Direction Center, described Direction Center is connected with described safety chip, for mutual with described automobile CAN-bus.
2. the automobile bus safety control device based on security element according to claim 1, it is characterised in that, described safe module communicates with automobile intelligent terminal system.
3. the automobile bus safety control device based on security element according to claim 2, it is characterised in that, described safe module is communicated with described automobile intelligent terminal system by VSE protocol interface.
4. the automobile bus safety control device based on security element according to claim 1, it is characterized in that, described Direction Center obtains the publicly-owned CAN instruction after user's authority and deciphering from safety chip, if the permission match of described publicly-owned CAN instruction and user, then described publicly-owned CAN instruction transformation is become the control command of the privately owned CAN of automobile, render to described automobile CAN-bus, and wait the execution result of described automobile CAN-bus.
5. based on the control method of automobile bus safety control device of security element, it is characterised in that, comprise the steps:
Step 1, utilizes the Open V SE agreement that safe module provides, communicates with vehicle intelligent terminal;
Step 2, utilizes safety chip to be decrypted by encrypted instruction, thus obtains the rank of the expressly addressable automobile CAN data of publicly-owned CAN instruction and this user;
Step 3, utilizes instruction module the authority of publicly-owned CAN instruction and user to be mated
Step 4, utilizes instruction module that publicly-owned CAN instruction transformation is become the privately owned CAN protocol of automobile, and the privately owned CAN protocol of the automobile after conversion is dropped into automobile CAN-bus and performs.
CN201510999129.2A 2015-12-28 2015-12-28 Automobile bus security control device based on security elements and control method thereof Pending CN105656884A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201510999129.2A CN105656884A (en) 2015-12-28 2015-12-28 Automobile bus security control device based on security elements and control method thereof

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201510999129.2A CN105656884A (en) 2015-12-28 2015-12-28 Automobile bus security control device based on security elements and control method thereof

Publications (1)

Publication Number Publication Date
CN105656884A true CN105656884A (en) 2016-06-08

Family

ID=56477993

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201510999129.2A Pending CN105656884A (en) 2015-12-28 2015-12-28 Automobile bus security control device based on security elements and control method thereof

Country Status (1)

Country Link
CN (1) CN105656884A (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106331062A (en) * 2016-08-15 2017-01-11 成都云科新能汽车技术有限公司 Command release execution system and method based on interaction of cloud platform and vehicle terminal
CN109067771A (en) * 2018-09-06 2018-12-21 北京长城华冠汽车科技股份有限公司 Security protection system, method and the vehicle of vehicle
CN111417947A (en) * 2017-11-21 2020-07-14 奥迪股份公司 Single chip system for vehicle

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101350725A (en) * 2007-02-13 2009-01-21 Secunet安全网络股份公司 Safety unit
CN103139029A (en) * 2011-11-25 2013-06-05 中国北车股份有限公司大连电力牵引研发中心 Data communication method, system and gateway

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101350725A (en) * 2007-02-13 2009-01-21 Secunet安全网络股份公司 Safety unit
CN103139029A (en) * 2011-11-25 2013-06-05 中国北车股份有限公司大连电力牵引研发中心 Data communication method, system and gateway

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106331062A (en) * 2016-08-15 2017-01-11 成都云科新能汽车技术有限公司 Command release execution system and method based on interaction of cloud platform and vehicle terminal
CN111417947A (en) * 2017-11-21 2020-07-14 奥迪股份公司 Single chip system for vehicle
CN111417947B (en) * 2017-11-21 2021-03-02 奥迪股份公司 Single chip system for vehicle
US11244082B2 (en) 2017-11-21 2022-02-08 Audi Ag One-chip system for a vehicle
CN109067771A (en) * 2018-09-06 2018-12-21 北京长城华冠汽车科技股份有限公司 Security protection system, method and the vehicle of vehicle

Similar Documents

Publication Publication Date Title
CN106101111B (en) Vehicle electronics safe communication system and communication means
EP2912595B1 (en) Method for producing a soft token, computer program product and service computer system
CN109862040A (en) A kind of safety certifying method and Verification System
WO2017101310A1 (en) Remote control method, device and system for vehicle
CN109040285B (en) Method and device for safety authentication of vehicle-mounted network, storage medium and vehicle
CN106100836B (en) A kind of method and system of industrial user's authentication and encryption
CN111783068B (en) Device authentication method, system, electronic device and storage medium
CN106452782A (en) Method and system for producing a secure communication channel for terminals
CN106357681A (en) Security access and secret communication method of vehicle-mounted remote diagnostic services
CN108141444B (en) Improved authentication method and authentication device
WO2018223041A1 (en) System and method for cryptographic protections of customized computing environment
EP2751950A1 (en) Method for generating a soft token, computer program product and service computer system
CN111372247A (en) Terminal secure access method and terminal secure access system based on narrowband Internet of things
CN104158819A (en) Safety authentication method of vehicle-mounted information entertainment terminal
CN109190362B (en) Secure communication method and related equipment
CN110800249A (en) Maintenance system and maintenance method
KR101377570B1 (en) Apparatus and method for communication security for charging of electric vehicle
CN110289967A (en) Communication authentication method, device and vehicle
CN105162797A (en) Bidirectional authentication method based on video surveillance system
CN103929428A (en) Method for achieving communication safety of vehicle-mounted electronic information system
CN102523095A (en) User digital certificate remote update method with intelligent card protection function
KR20180054775A (en) Method and system for providing security against initial contact establishment of mobile devices and devices
CN109314645A (en) Data providing system, data protecting device, data offering method and computer program
CN104349313A (en) Service authorization method, equipment and system
CN111786799A (en) Digital certificate signing and issuing method and system based on Internet of things communication module

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication
RJ01 Rejection of invention patent application after publication

Application publication date: 20160608