CN105656884A - Automobile bus security control device based on security elements and control method thereof - Google Patents
Automobile bus security control device based on security elements and control method thereof Download PDFInfo
- Publication number
- CN105656884A CN105656884A CN201510999129.2A CN201510999129A CN105656884A CN 105656884 A CN105656884 A CN 105656884A CN 201510999129 A CN201510999129 A CN 201510999129A CN 105656884 A CN105656884 A CN 105656884A
- Authority
- CN
- China
- Prior art keywords
- automobile
- instruction
- bus
- module
- security
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0892—Network architectures or network communication protocols for network security for authentication of entities by using authentication-authorization-accounting [AAA] servers or protocols
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L12/00—Data switching networks
- H04L12/28—Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
- H04L12/40—Bus networks
- H04L12/403—Bus networks with centralised control, e.g. polling
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0823—Network architectures or network communication protocols for network security for authentication of entities using certificates
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Small-Scale Networks (AREA)
- Business, Economics & Management (AREA)
- Accounting & Taxation (AREA)
Abstract
The invention discloses an automobile bus security control device based on security elements. The device comprises that a security module is taken as an agent for an external module to access an automobile CAN (Controller Area Network) bus and controls the security of the source of an external instruction; the security module comprises a key module in which the private key of the automobile is cured, a security chip which is connected with the key module and is used for encrypting the externally input encrypted instruction data for accessing an automobile CAN system and authorizing an access level, and an instruction center which is connected with the security chip and is used for interacting with the automobile CAN bus. According to the automobile bus security control device based on security elements and the control method thereof provided by the invention, the implement is convenient; the cost is low; the existing automobile CAN bus system is not changed; the automobile dealer acceptance is high; an instruction sender is verified through increasing an extension hardware module; the security is high; and the intelligent card chip with a computing capability is strong in computing capability and rapid in response.
Description
Technical field
The present invention relates to electricity field, particularly relate to the intelligent automobile technology, particularly a kind of automobile bus safety control device based on security element and control method thereof in automobile networking.
Background technology
CAN(ControllerAreaNetwork): Controller Area Network BUS is a kind of serial communication protocol bus for applying in real time. VSEP(VehicleSecurityElementprotocol): VSEP is that this patent says the car machine intelligent terminal described and the safe module a kind of secure exchange agreement pair when carrying out communication, it is desired to car machine intelligent terminal is sent to safe module after publicly-owned CAN instruction carries out numeral signature.
Present automotive electronics CAN is open, as long as it is semantic correct to render to the order format in bus, so automobile will perform this instruction. Meanwhile, the CAN protocol of each big car trader is all privately owned specification, does not also meet the open CAN protocol standard under requiring car terminals can resolve execution thing networking specification under car is networked. Based under the intelligent transportation environment of vehicle net, can interconnect between bus or train route people, just require that car terminals can understand open CAN standard agreement specification. Automobile needs under the networking of this external car process the instruction sent from World Wide Web, if the instruction that automobile receives is the steering order of malice, will automobile and people be caused serious injury.
Summary of the invention
It is an object of the invention to provide a kind of solution automobile agreement Problem and safe driving problem and the automobile bus safety control device based on security element invented and control method thereof under car is networked.
For solving the problems of the technologies described above, the present invention, based on the automobile bus safety control device of security element, comprising: safe module, and the instruction of the described automobile CAN of control is verified by described safe model calling in the entrance of automobile CAN-bus, described safe module; Wherein said safe module comprises: cipher key module, solidifies automobile private cipher key in described cipher key module, and this module data can only be read to be tampered;Safety chip, described safety chip is connected with described cipher key module, and for external input controls the encrypted instruction decrypt data of described automobile CAN behavior, and the certificate according to visitor authorizes this user can access this automobile CAN instruction-level; Direction Center, described Direction Center is connected with described safety chip, for mutual with described automobile CAN-bus.
Described safe module communicates with automobile intelligent terminal system.
Described safe module is communicated with described automobile intelligent terminal system by VSE protocol interface.
Described Direction Center obtains the publicly-owned CAN instruction after user's authority and deciphering from safety chip, if the permission match of described publicly-owned CAN instruction and user, then described publicly-owned CAN instruction transformation is become the control command of the privately owned CAN of automobile, render to described automobile CAN-bus, and wait the execution result of described automobile CAN-bus.
Based on the control method of the automobile bus safety control device of security element, comprise the steps:
Step 1, utilizes the Open V SE agreement that safe module provides, communicates with vehicle intelligent terminal;
Step 2, utilizes safety chip to be decrypted by encrypted instruction, thus obtains the rank of the expressly addressable automobile CAN data of publicly-owned CAN instruction and this user;
Step 3, utilizes instruction module the authority of publicly-owned CAN instruction and user to be mated
Step 4, utilizes instruction module that publicly-owned CAN instruction transformation is become the privately owned CAN protocol of automobile, and the privately owned CAN protocol of the automobile after conversion is dropped into automobile CAN-bus and performs.
The present invention is based on the automobile bus safety control device of security element and control method embodiment party thereof just; cost is low; do not change existing automobile CAN-bus system; car trader's acceptability is strong; by increasing development hardware module, transmission instruction side is verified; security height; with the intelligent card chip of computing power; computing power is strong; response fast; the order control center of safe module is responsible for the publicly-owned agreement of CAN is done privately owned protocol conversion, namely protects the privately owned agreement of car trader, also meets the lower automobile CAN agreement specification of car networking.
Accompanying drawing explanation
Fig. 1 is the automobile bus safety control schematic diagram of device of the present invention based on security element;
Fig. 2 is the control method flow diagram of the present invention based on the automobile bus safety control device of security element.
Embodiment
Below in conjunction with accompanying drawing, the present invention is described in further detail based on automobile bus safety control device and the control method thereof of security element.
As shown in Figure 1, the present invention, based on the automobile bus safety control device of security element, comprising: safe module, and safe module is connected with automobile CAN-bus, and meanwhile, vehicle-mounted terminal is conversated by VSEP agreement and safe module.
Wherein safe module comprises: cipher key module, solidifies the private cipher key that this car is exclusive in cipher key module, and the private cipher key of cipher key module can not be modified; Safety chip, safety chip is connected with cipher key module and can read key from cipher key module, for the instruction of input is decrypted the authority levels of the ownership verifying out this user's certificate and publicly-owned instruction; Direction Center, Direction Center is connected with safety chip, and user's authority of the output of safety chip and publicly-owned instruction is mated, if the match is successful, then this publicly-owned CAN instruction transformation is become the privately owned CAN control command of automotive electronics, render to CAN, and return the execution result of CAN.
VSEP agreement is the simple agreement of the mutual a kind of agreement of safe module and vehicle intelligent terminal, and safe module accepts the lasting link of client terminal, it is only necessary to the identity of user carries out a digital signature identification when client link.Safe module also provides simple link simultaneously, it is desired to the publicly-owned CAN data that intelligent terminal sends must carry out digital signature with the Public Key of safe module.
As shown in Figure 2, at the entrance of described automobile CAN-bus, increase safe module, safe module is solidified unique private cipher key of described automobile. When safe module receives the instruction of car machine intelligent multimedia terminal by VSE security protocol, safety chip reads key certificate from cipher key module and is decrypted and authority verification by the director data of encryption; If verification is passed through, safety chip reportedly passs Direction Center module the authority number of levels of the publicly-owned CAN instruction obtained after deciphering and user, and publicly-owned CAN instruction and authority are mated by Direction Center module; If the match is successful, then publicly-owned CAN instruction translation is become the privately owned CAN protocol of automotive electronics described in this, if conversion is correct, just changes later instruction and drop into CAN execution.
The present invention is based on the automobile bus safety control device of security element and control method embodiment party thereof just; cost is low; do not change existing automobile CAN-bus system; car trader's acceptability is strong; by increasing development hardware module, transmission instruction side is verified; security height; with the intelligent card chip of computing power; computing power is strong; response fast; the order control center of safe module is responsible for the publicly-owned agreement of CAN is done privately owned protocol conversion, namely protects the privately owned agreement of car trader, also meets the lower automobile CAN agreement specification of car networking.
Below the better embodiment of the invention has been carried out concrete explanation, but the invention is not limited to described embodiment, those of ordinary skill in the art also can make all equivalent modification or replacement under the prerequisite not running counter to the invention spirit, and these equivalent modification or replacement are all included in the application's claim limited range.
Claims (5)
1. based on the automobile bus safety control device of security element, it is characterised in that, comprising:
Safe module, the instruction of the described automobile CAN of control is verified by described safe model calling in the entrance of automobile CAN-bus, described safe module; Wherein
Described safe module comprises:
Cipher key module, solidifies automobile private cipher key in described cipher key module, and this module data can only be read to be tampered;
Safety chip, described safety chip is connected with described cipher key module, and for external input controls the encrypted instruction decrypt data of described automobile CAN behavior, and the certificate according to visitor authorizes this user can access this automobile CAN instruction-level;
Direction Center, described Direction Center is connected with described safety chip, for mutual with described automobile CAN-bus.
2. the automobile bus safety control device based on security element according to claim 1, it is characterised in that, described safe module communicates with automobile intelligent terminal system.
3. the automobile bus safety control device based on security element according to claim 2, it is characterised in that, described safe module is communicated with described automobile intelligent terminal system by VSE protocol interface.
4. the automobile bus safety control device based on security element according to claim 1, it is characterized in that, described Direction Center obtains the publicly-owned CAN instruction after user's authority and deciphering from safety chip, if the permission match of described publicly-owned CAN instruction and user, then described publicly-owned CAN instruction transformation is become the control command of the privately owned CAN of automobile, render to described automobile CAN-bus, and wait the execution result of described automobile CAN-bus.
5. based on the control method of automobile bus safety control device of security element, it is characterised in that, comprise the steps:
Step 1, utilizes the Open V SE agreement that safe module provides, communicates with vehicle intelligent terminal;
Step 2, utilizes safety chip to be decrypted by encrypted instruction, thus obtains the rank of the expressly addressable automobile CAN data of publicly-owned CAN instruction and this user;
Step 3, utilizes instruction module the authority of publicly-owned CAN instruction and user to be mated
Step 4, utilizes instruction module that publicly-owned CAN instruction transformation is become the privately owned CAN protocol of automobile, and the privately owned CAN protocol of the automobile after conversion is dropped into automobile CAN-bus and performs.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201510999129.2A CN105656884A (en) | 2015-12-28 | 2015-12-28 | Automobile bus security control device based on security elements and control method thereof |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201510999129.2A CN105656884A (en) | 2015-12-28 | 2015-12-28 | Automobile bus security control device based on security elements and control method thereof |
Publications (1)
Publication Number | Publication Date |
---|---|
CN105656884A true CN105656884A (en) | 2016-06-08 |
Family
ID=56477993
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201510999129.2A Pending CN105656884A (en) | 2015-12-28 | 2015-12-28 | Automobile bus security control device based on security elements and control method thereof |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN105656884A (en) |
Cited By (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN106331062A (en) * | 2016-08-15 | 2017-01-11 | 成都云科新能汽车技术有限公司 | Command release execution system and method based on interaction of cloud platform and vehicle terminal |
CN109067771A (en) * | 2018-09-06 | 2018-12-21 | 北京长城华冠汽车科技股份有限公司 | Security protection system, method and the vehicle of vehicle |
CN111417947A (en) * | 2017-11-21 | 2020-07-14 | 奥迪股份公司 | Single chip system for vehicle |
Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101350725A (en) * | 2007-02-13 | 2009-01-21 | Secunet安全网络股份公司 | Safety unit |
CN103139029A (en) * | 2011-11-25 | 2013-06-05 | 中国北车股份有限公司大连电力牵引研发中心 | Data communication method, system and gateway |
-
2015
- 2015-12-28 CN CN201510999129.2A patent/CN105656884A/en active Pending
Patent Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101350725A (en) * | 2007-02-13 | 2009-01-21 | Secunet安全网络股份公司 | Safety unit |
CN103139029A (en) * | 2011-11-25 | 2013-06-05 | 中国北车股份有限公司大连电力牵引研发中心 | Data communication method, system and gateway |
Cited By (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN106331062A (en) * | 2016-08-15 | 2017-01-11 | 成都云科新能汽车技术有限公司 | Command release execution system and method based on interaction of cloud platform and vehicle terminal |
CN111417947A (en) * | 2017-11-21 | 2020-07-14 | 奥迪股份公司 | Single chip system for vehicle |
CN111417947B (en) * | 2017-11-21 | 2021-03-02 | 奥迪股份公司 | Single chip system for vehicle |
US11244082B2 (en) | 2017-11-21 | 2022-02-08 | Audi Ag | One-chip system for a vehicle |
CN109067771A (en) * | 2018-09-06 | 2018-12-21 | 北京长城华冠汽车科技股份有限公司 | Security protection system, method and the vehicle of vehicle |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN106101111B (en) | Vehicle electronics safe communication system and communication means | |
EP2912595B1 (en) | Method for producing a soft token, computer program product and service computer system | |
CN109862040A (en) | A kind of safety certifying method and Verification System | |
WO2017101310A1 (en) | Remote control method, device and system for vehicle | |
CN109040285B (en) | Method and device for safety authentication of vehicle-mounted network, storage medium and vehicle | |
CN106100836B (en) | A kind of method and system of industrial user's authentication and encryption | |
CN111783068B (en) | Device authentication method, system, electronic device and storage medium | |
CN106452782A (en) | Method and system for producing a secure communication channel for terminals | |
CN106357681A (en) | Security access and secret communication method of vehicle-mounted remote diagnostic services | |
CN108141444B (en) | Improved authentication method and authentication device | |
WO2018223041A1 (en) | System and method for cryptographic protections of customized computing environment | |
EP2751950A1 (en) | Method for generating a soft token, computer program product and service computer system | |
CN111372247A (en) | Terminal secure access method and terminal secure access system based on narrowband Internet of things | |
CN104158819A (en) | Safety authentication method of vehicle-mounted information entertainment terminal | |
CN109190362B (en) | Secure communication method and related equipment | |
CN110800249A (en) | Maintenance system and maintenance method | |
KR101377570B1 (en) | Apparatus and method for communication security for charging of electric vehicle | |
CN110289967A (en) | Communication authentication method, device and vehicle | |
CN105162797A (en) | Bidirectional authentication method based on video surveillance system | |
CN103929428A (en) | Method for achieving communication safety of vehicle-mounted electronic information system | |
CN102523095A (en) | User digital certificate remote update method with intelligent card protection function | |
KR20180054775A (en) | Method and system for providing security against initial contact establishment of mobile devices and devices | |
CN109314645A (en) | Data providing system, data protecting device, data offering method and computer program | |
CN104349313A (en) | Service authorization method, equipment and system | |
CN111786799A (en) | Digital certificate signing and issuing method and system based on Internet of things communication module |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20160608 |