CN105704102A - Method and device for vehicle network access control - Google Patents
Method and device for vehicle network access control Download PDFInfo
- Publication number
- CN105704102A CN105704102A CN201410699168.6A CN201410699168A CN105704102A CN 105704102 A CN105704102 A CN 105704102A CN 201410699168 A CN201410699168 A CN 201410699168A CN 105704102 A CN105704102 A CN 105704102A
- Authority
- CN
- China
- Prior art keywords
- external equipment
- vehicle network
- access
- described external
- handshake protocol
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Abstract
The invention discloses a method and a device for vehicle network access control. The method mainly comprises steps that an access request sent by the external equipment is received; whether connection according to a handshake protocol with the external equipment is required is determined, and the handshake protocol comprises identity identification of the external equipment and vehicle network activation; if required, the identity of the external equipment is identified according to the handshake protocol; when the identity of the external equipment is identified to be legal, a vehicle network requested by the external equipment for access is activated according to the handshake protocol, and the activated vehicle network accepts access operation of the external equipment. Through the method and the device, the vehicle network can be protected from being accessed by illegal equipment, and possibility of cracking original factory protocols carried out by illegal equipment can be reduced.
Description
Technical field
The present invention relates to telematics field, particularly relate to a kind of vehicle network access control method and device。
Background technology
At present, in order to pay close attention to state and the fault message of vehicle in real time to car owner, the vehicle data collection instrument of dress after progressively carrying out on the market。And these instruments collection data are to obtain vehicle bus and diagnosis data by OBD interface (On-BoardDiagnostic is called for short OBD interface), and it is shown in real time on sound equipment screen。Only outwards discharge a small amount of information due to OBD interface, coverage rate is very narrow, and the system information such as bodywork system on car load, instrument, air-conditioning, sound equipment, door module is not outwards discharged。In order to improve compatibility and the competitiveness of sampling instrument, these Worktools Inc. can try every possible means and crack the communications protocol of former depot, access vehicle network, obtain more data, such as such as car door car window state, door lock state, seat belt status, key status etc.。
Due to bus and the normal operation logic of diagnosis data definition format and former vehicle thereof of Hou Zhuan company unclear former depot, only go by rule of thumb to crack some signal and diagnosis message。Simultaneously for video data in real time, the sampling instrument of Hou Zhuan company can constantly send bus message and diagnose message to car load network, the access of high frequency time will necessarily cause certain pressure to in-vehicle network, cause that automotive networking is unstable, increase vehicle network load, when situation is serious, also can directly affect normal vehicle operation。
Summary of the invention
The many aspects of the embodiment of the present invention propose a kind of vehicle network access control method and device, can prevent illegality equipment from accessing vehicle network, reduce illegality equipment and crack the probability of genuine agreement。
First aspect, the embodiment of the present invention provides a kind of vehicle network access control method, including:
Receive the access request that external equipment sends;
Judging currently to be connected with the foundation of described external equipment the need of according to Handshake Protocol, described Handshake Protocol includes the identification of external equipment and activates with vehicle network;
If it is judged that for needing, then the identity of external equipment according to described Handshake Protocol identification;
When the identity identifying described external equipment is legitimate device, activate the vehicle network of the requested access of described external equipment according to described Handshake Protocol, so that the vehicle network after activating accepts the access operation of described external equipment。
In conjunction with first aspect, under the first implementation of first aspect, the described identity of external equipment according to described Handshake Protocol identification, including:
Receiving the first service information that described external equipment sends, described first service information includes the identification code of described external equipment;
Identification code according to described external equipment, inquiry prestores whether there is identical identification code in code database, if it is present determine that the identity of described external equipment is legitimate device, otherwise, refuses the access request of described external equipment。
In conjunction with first aspect, under the second implementation of first aspect, described when the identity identifying described external equipment is legitimate device, the vehicle network according to the activation requested access of described external equipment of described Handshake Protocol, including:
Receiving the second service information that described external equipment sends, described second service information comprises the vehicle network information of the requested access of described external equipment;
According to described vehicle network information, activate the vehicle network of the requested access of described external equipment。
In conjunction with first or the second implementation of first aspect or first aspect, under the third implementation of first aspect, described judgement is currently connected with the foundation of described external equipment the need of according to Handshake Protocol, including:
Judge whether the current value of enumerator is zero;Described enumerator is provided with initial value in advance;
If, it is determined that need to be connected with the foundation of described external equipment according to Handshake Protocol;
If it is not, then make the vehicle network activated accept the access operation of described external equipment, and the value making described enumerator current subtracts 1。In conjunction with the third implementation of first aspect, under the 4th kind of implementation of first aspect, after the described vehicle network activated accepts the access operation of described external equipment, also include:
Start timing, record the access time of described external equipment;
When the described access time exceedes default time threshold, shield described vehicle network, and again identify the identity of described external equipment according to described Handshake Protocol;
When the identity identifying described external equipment is legitimate device, activate the vehicle network of the requested access of described external equipment according to described Handshake Protocol, so that the vehicle network after activating accepts the access operation of described external equipment;
When the identity identifying described external equipment is illegality equipment, refuse the access request of described external equipment。
In conjunction with the third implementation of first aspect, under the 5th kind of implementation of first aspect, after the described vehicle network activated accepts the access operation of described external equipment, also include:
Judge whether described external equipment completes to access, and if so, then shields described vehicle network。
Second aspect, embodiments provides a kind of vehicle network access control apparatus, including:
Receiver module, for receiving the access request that external equipment sends;
Judge module, is used for judging currently to be connected with the foundation of described external equipment the need of according to Handshake Protocol, and described Handshake Protocol includes the identification of external equipment and activates with vehicle network;
Identification module, is used for when described judge module determines that needs are connected with the foundation of described external equipment according to described Handshake Protocol, the identity of external equipment according to described Handshake Protocol identification;With,
Network activation module, for when described in described identification module identification, the identity of external equipment is legitimate device, the vehicle network of the requested access of described external equipment is activated, so that the vehicle network after activating accepts the access operation of described external equipment according to described Handshake Protocol。
In conjunction with second aspect, under the first implementation, described identification module includes:
First receives unit, and for when described judge module determines that needs are connected with the foundation of described external equipment according to described Handshake Protocol, receiving the first service information that described external equipment sends, described first service information includes the identification code of described external equipment;With,
Identity recognizing unit, for identification code according to described external equipment, inquiry prestores whether there is identical identification code in code database, if it is present determine that the identity of described external equipment is legitimate device, otherwise, refuses the access request of described external equipment。
In conjunction with second aspect, under the second implementation, described network activation module includes:
Second receives unit, and for receiving the second service information that described external equipment sends, described second service information comprises the vehicle network information of the requested access of described external equipment;With,
Network activation unit, for according to described vehicle network information, activating the vehicle network of the requested access of described external equipment。
In conjunction with first or the second implementation of second aspect or second aspect, under the third implementation of second aspect, described judge module includes:
Whether counting judging unit, be zero for judging the current value of enumerator;Described enumerator is provided with initial value in advance;
Counting determines unit, for when described counting judging unit determines that the current value of described enumerator is zero, it is determined that need to be connected with the foundation of described external equipment according to Handshake Protocol;With,
Operation acceptance unit, for when described counting judging unit determines that the current value of described enumerator is not zero, making the vehicle network activated accept the access operation of described external equipment, and the value making described enumerator current subtract 1。
In conjunction with the third implementation of second aspect, under the 4th kind of implementation, described vehicle network access control apparatus also includes:
Timer, the access for accepting described external equipment at the described vehicle network activated starts timing, records the access time of described external equipment after operating;With,
First network screen unit, for when the described access time exceedes default time threshold, shielding described vehicle network, and again identify the identity of described external equipment according to described Handshake Protocol;
Described first network screen unit includes:
First activates unit, for when again identifying that the identity of described external equipment is legitimate device, activating the vehicle network of the requested access of described external equipment according to described Handshake Protocol, so that the vehicle network after activating accepts the access operation of described external equipment;With,
First request refusal unit, for when the identity of external equipment described in equipment is illegality equipment, refusing the access request of described external equipment。
In conjunction with the third implementation of second aspect, under the 5th kind of implementation, described vehicle network access control apparatus also includes:
Access judge module, be used for judging whether described external equipment completes to access;With,
Second net mask unit, for, after described access judge module determines that described external equipment completes access, shielding described vehicle network。
Therefore, implement the embodiment of the present invention, have the advantages that
A kind of vehicle network access control method that the embodiment of the present invention provides, when receiving the access request that external equipment sends, judging currently to be connected with the foundation of described external equipment the need of according to Handshake Protocol, this Handshake Protocol includes the identification of external equipment and activates with vehicle network。If needed, according to Handshake Protocol, external equipment is carried out identification, and when determining that the identity of external equipment is legitimate device, the vehicle network of the requested access of external equipment is activated, so that the vehicle network after activating accepts the access operation of external equipment according to Handshake Protocol。External equipment, after allowing access vehicle network, communicates with vehicle, obtains vehicle data and realizes diagnosis or other functions。Constantly transmission diagnosis message is adopted to crack former depot agreement to obtain more collection data compared to prior art, technical solution of the present invention can prevent illegality equipment from accessing vehicle network, prevent illegality equipment from accessing the related diagnostic data do not discharged, reduce the interference to former depot network。
Further, judge whether to need to set up according to Handshake Protocol connect time, be whether zero judge according to the value of enumerator。Computer is provided with initial value in advance。When vehicle does not also dispatch from the factory, initial value is 0xFF, and all external equipments all can directly access vehicle network, but often accesses once, and the value of enumerator subtracts 1, needs to re-establish connection according to Handshake Protocol and just can communicate after reducing to 0。And after dispatching from the factory, the value of enumerator is reset, after guaranteeing to dispatch from the factory, external equipment often accesses a vehicle network all to be needed to set up according to Handshake Protocol to connect, not only it is avoided that and before dispatching from the factory, accesses the situation being both needed to set up connection every time, reduce the access time, improve the efficiency accessed, and prevent illegality equipment from accessing vehicle network further。
Further, after the vehicle network activated accepts the access operation of external equipment, the record access time, when the access time exceedes default time threshold, shield vehicle network, again identify the identity of external equipment according to Handshake Protocol, and when redefining the identity of external equipment and being legitimate device, the vehicle network that external equipment is requested is reactivated, it is possible to avoid external equipment to access vehicle network for a long time, it is prevented that the illegality equipment operating time is long according to Handshake Protocol。
Further, after external equipment completes access, shield the activation vehicle network of this external equipment, activate further according to Handshake Protocol when needs access, reduce illegality equipment further and access vehicle network probability。
On the other hand, embodiments providing a kind of vehicle network access control apparatus, external equipment is when the value of enumerator is zero, it is necessary to after being connected according to Handshake Protocol foundation with access control apparatus, vehicle network could be accessed, make illegality equipment pass through OBD interface and cannot directly access vehicle network。And except the OBD all diagnostic messages independently outwards discharged, other diagnostic messages are required for being obtained by access control apparatus, shield car load bus signals, it is prevented that illegally crack network data。OBD interface can be passed through compared to prior art external equipment and directly access vehicle network, obtain more collection data, the access control apparatus adopting the embodiment of the present invention can prevent illegality equipment from accessing vehicle network, prevent illegality equipment from accessing the related diagnostic data do not discharged, reduce the interference to former depot network。
Accompanying drawing explanation
Fig. 1 is the schematic flow sheet of an embodiment of the vehicle network access control method that the embodiment of the present invention provides;
Fig. 2 is the schematic flow sheet of another embodiment of the vehicle network access control method that the embodiment of the present invention provides;
Fig. 3 is the schematic flow sheet of another embodiment of the vehicle network access control method that the embodiment of the present invention provides;
Fig. 4 is the schematic flow sheet of the still another embodiment of the vehicle network access control method that the embodiment of the present invention provides;
Fig. 5 is the structural representation of a kind of vehicle network access control apparatus that the embodiment of the present invention provides;
Fig. 6 is the structural representation of an embodiment of the identification module that the embodiment of the present invention provides;
Fig. 7 is the structural representation of an embodiment of the network activation module that the embodiment of the present invention provides;
Fig. 8 is the structural representation of another embodiment of the vehicle network access control apparatus that the embodiment of the present invention provides;
Fig. 9 is the structural representation of another embodiment of the vehicle network access control apparatus that the embodiment of the present invention provides;
Figure 10 is the structural representation of an embodiment of the first network screen unit that the embodiment of the present invention provides;
Figure 11 is the structural representation of the still another embodiment of the vehicle network access control apparatus that the embodiment of the present invention provides。
Detailed description of the invention
Below in conjunction with the accompanying drawing in the embodiment of the present invention, the technical scheme in the embodiment of the present invention is clearly and completely described, it is clear that described embodiment is only a part of embodiment of the present invention, rather than whole embodiments。Based on the embodiment in the present invention, the every other embodiment that those of ordinary skill in the art obtain under not making creative work premise, broadly fall into the scope of protection of the invention。
Embodiment 1
Being the schematic flow sheet of an embodiment of the vehicle network access control method that the embodiment of the present invention provides referring to Fig. 1, Fig. 1, the method comprises the following steps:
Step 101: receive the access request that external equipment sends。
In the present embodiment, external equipment sends access request to vehicle, and request accesses vehicle network, thus carrying out diagnosing or other access operation。
Step 102: judging currently to be connected with external equipment foundation the need of according to Handshake Protocol, this Handshake Protocol includes the identification of external equipment and activates with vehicle network。If it is, perform step 103, otherwise perform step 105。
In the present embodiment, by the access of external equipment operation is checked on, when receiving the access request that external equipment sends, judge currently to be connected with external equipment foundation the need of according to Handshake Protocol, if needed, perform next step, otherwise, the vehicle network activated is made to accept the access operation of external equipment。
Step 103: the identity according to Handshake Protocol identification external equipment。
In the present embodiment, Handshake Protocol can be, but not limited to include: the identification of external equipment activates with vehicle network。
In the present embodiment, the identification of external equipment is particularly as follows: receive the first service information that external equipment sends, and this first service information includes the identification code of external equipment。Prestoring a code database in vehicle, this code database defines each identification code identifying correspondence。Such as definition 0xAA is: Guangzhou Automobile Workshop's off-line test equipment;0xBB is: Guangzhou Automobile Workshop is diagnostic apparatus after sale;0xCC is: Guangzhou Automobile Workshop's exploitation testing tool;0xDD is: Guangzhou Automobile Workshop's miscellaneous equipment;Other are encoded to illegality equipment。Vehicle is according to the identification code in first service information, and whether inquiry exists identical identification code in predictive coding storehouse, if existed, the identity then determining this external equipment is legitimate device, otherwise, it determines the identity of this external equipment is illegality equipment, refuse the access request of this external equipment。
Step 104: when the identity identifying external equipment is legitimate device, activate the vehicle network of the requested access of external equipment according to Handshake Protocol。
In the present embodiment, when identifying that external equipment is legitimate device, activate the vehicle network of the requested access of external equipment according to Handshake Protocol, particularly as follows: receive the second service information that external equipment sends, this second service information comprises the vehicle network information of the requested access of external equipment。External equipment can ask to activate certain network or all-network, and vehicle, according to this vehicle network information, activates the vehicle network that external equipment request accesses。Vehicle interior can be, but not limited to each network is defined, and makes the corresponding coding of each network, when request activates, according to the corresponding network of ciphering activation。Such as: defining 0x00,0x06-0xff is: AllchannelDisabled;Definition 0x01 is: PCANchannelEnabled;Definition 0x02 is: ACANchannelEnabled;Definition 0x03 is: SCANchannelEnabled;Definition 0x04 is: BCANchannelEnabled;Definition 0x05 is: DiagroutingEnabled。By default, the access of all-network is all shielding, it is to avoid the unauthorized access of external equipment。
In the present embodiment, external equipment sends first service information and second service information can synthesize same information on services, it is not necessary to send twice, improve work efficiency。
Step 105: make the vehicle network after activation accept the access operation of external equipment。
In the present embodiment, external equipment is by after identification and network activation, and vehicle can be conducted interviews operation by external equipment, obtains vehicle data, it is achieved diagnose or other functions。Vehicle is carried out diagnosis for prior art by external equipment, does not repeat them here。
Therefore, a kind of vehicle network access control method that the embodiment of the present invention provides, when receiving the access request that external equipment sends, it is judged that be currently connected with external equipment foundation the need of according to Handshake Protocol, this Handshake Protocol includes the identification of external equipment and activates with vehicle network。If needed, according to Handshake Protocol, external equipment is carried out identification, and when determining that the identity of external equipment is legitimate device, the vehicle network of the requested access of external equipment is activated, so that the vehicle network after activating accepts the access operation of external equipment according to Handshake Protocol。External equipment, after allowing access vehicle network, communicates with vehicle, obtains vehicle data and realizes diagnosis or other functions。Constantly transmission diagnosis message is adopted to crack former depot agreement to obtain more collection data compared to prior art, technical solution of the present invention can prevent illegality equipment from accessing vehicle network, prevent illegality equipment from accessing non-discharge related diagnostic data, reduce the interference to former depot network。
Embodiment 2
The schematic flow sheet of another embodiment of the vehicle network access control method provided for the embodiment of the present invention referring to Fig. 2, Fig. 2。As shown in Figure 2, the present embodiment and embodiment 1 are distinctive in that, step 202: judge whether the current value of enumerator is zero, and enumerator is provided with initial value in advance, if, then determine that needs are connected with external equipment foundation according to Handshake Protocol, perform step 103, otherwise, it determines need not be connected with external equipment foundation according to Handshake Protocol, perform step 206: make the vehicle network activated accept the access operation of external equipment, and the value making enumerator current subtracts 1。
In the present embodiment, defining enumerator a: Counter, enumerator preset configuration has initial value。Arranging enumerator is possible to prevent illegality equipment to access vehicle network, but brings puzzlement to the off-line test equipment of genuine and test development equipment simultaneously。Because diagnosis is required for once shaking hands every time, expends time in, affect diagnosis efficiency。Solution is: when supplier send part to main engine plants, enumerator Counter can be set to 0xFF, all access information all do not need Handshake Protocol and namely may have access to, but enumerator often accesses once, its numerical value will subtract 1, when the value of enumerator is 0, external equipment needs just can conduct interviews after being connected with vehicle network foundation according to Handshake Protocol。And when production line rolls off the production line vehicle release, if Counter is not equal to 0, then need to be reset by Counter with off-line test equipment, all external device access vehicle datas hereafter are required for carrying out identification and network activation according to Handshake Protocol。So both can guarantee that and when genuine detects, do not affect work efficiency, the access of illegality equipment can be prevented again after vehicle release。
Therefore, judge whether to need to set up according to Handshake Protocol connect time, be whether zero judge according to the value of enumerator。Computer is provided with initial value in advance。When vehicle does not also dispatch from the factory, initial value is 0xFF, and all external equipments all can directly access vehicle network, but often accesses once, and the value of enumerator subtracts 1, needs to re-establish connection according to Handshake Protocol and just can communicate after reducing to 0。And after dispatching from the factory, the value of enumerator is reset, after guaranteeing to dispatch from the factory, external equipment often accesses a vehicle network all to be needed to connect according to Handshake Protocol, not only it is avoided that and before dispatching from the factory, accesses the situation being both needed to set up connection every time, reduce the access time, improve the efficiency accessed, and prevent illegality equipment from accessing vehicle network further。
Embodiment 3
The schematic flow sheet of another embodiment of the vehicle network access control method provided for the embodiment of the present invention referring to Fig. 3, Fig. 3。As it is shown on figure 3, the present embodiment and embodiment 2 are distinctive in that, after step 105 and step 206, also include step 301: start timing, the access time of record external equipment;Perform step 302: when the access time exceedes default time threshold, shielding vehicle network, and the identity of external equipment is again identified according to Handshake Protocol, step 303: whether the identity judging this external equipment is legitimate device, if it is determined that be legitimate device, then perform step 304: activate the vehicle network of the requested access of external equipment, so that the vehicle network after activating accepts the access operation of external equipment。If it is determined that be illegality equipment, then perform step 305: the access request of refusal external equipment。
In the present embodiment, if the access time is not above time threshold, then vehicle network continues to accept the access operation of external equipment。
In the present embodiment, access vehicle network for a long time in order to avoid external equipment, cause vehicle network load excessive, the time can be accessed definition one, limit the external equipment admissible access time。Receive external equipment and access operation after, start timing, and record this access time。If the time of access is more than default time threshold, external equipment need to re-establish connection according to Handshake Protocol, namely again identifies identity and reactivates vehicle network。When illegality equipment successful access vehicle network, timer is avoided that illegality equipment accesses vehicle network for a long time, and again identifies so that illegality equipment need to again identify that identity, if identifying that this equipment is illegality equipment, then refuses the access request of this equipment。
In the present embodiment, in order to ensure the timing reasonability of timer, the value of access time can be adjusted by diagnostic command, when there are specific demand in exploitation test phase or former depot, by the equipment of former depot, this value can be set to infinity, almost without the operating time of restriction external equipment。After diagnosis terminates, then this value is returned to default value。Both ensured the actual demand of former depot, the illegality equipment operating time can be prevented again long。
Therefore, after the vehicle network activated accepts the access operation of external equipment, the record access time, when the access time exceedes default time threshold, shield vehicle network, again identify the identity of external equipment according to Handshake Protocol, and when redefining the identity of external equipment and being legitimate device, the vehicle network that external equipment is requested is reactivated, it is possible to avoid external equipment to access vehicle network for a long time, it is prevented that the illegality equipment operating time is long according to Handshake Protocol。
Embodiment 4
The schematic flow sheet of the still another embodiment of the vehicle network access control method provided for the embodiment of the present invention referring to Fig. 4, Fig. 4。As shown in Figure 4, Fig. 4 and Fig. 2 is distinctive in that, also includes step 401 after step 105 and step 206: judge whether external equipment completes to access, if it is, perform step 402, otherwise returns step 105。
Step 402: shielding vehicle network。
Therefore, after external equipment completes access, shield the activation vehicle network of this external equipment, activate further according to Handshake Protocol when needs access, reduce illegality equipment further and access vehicle network probability, avoid illegality equipment constantly to send diagnosis message, disturb car load network, affect car load normal operation。
Embodiment 5
Structural representation referring to a kind of vehicle network access control apparatus that Fig. 5, Fig. 5 provide for the embodiment of the present invention。This access control apparatus can mask car load bus signals, it is prevented that illegally cracks network data, is simultaneous for diagnosis request and carries out operation of checking on。This access control apparatus includes:
Receiver module 501, for receiving the access request that external equipment sends。
Judge module 502, electrically connects with receiver module 501, is used for judging currently to be connected with the foundation of described external equipment the need of according to Handshake Protocol, and described Handshake Protocol includes the identification of external equipment and activates with vehicle network。
Identification module 503, electrically connects with judge module 502, is used for when judge module 502 determines that needs are connected with external equipment foundation according to Handshake Protocol, the identity according to Handshake Protocol identification external equipment。
Network activation module 504, electrically connect with judge module 502, during for determining that at identification module 503 identity of external equipment is legitimate device, activate the vehicle network of the requested access of external equipment according to Handshake Protocol, so that the vehicle network after activating accepts the access operation of external equipment。
As a kind of citing of the present embodiment, referring to the structural representation of the embodiment that Fig. 6, Fig. 6 are identification module, identification module 503 includes: first receives unit 601 and identity recognizing unit 602。First receives unit 601 for when judge module 502 determines that needs are connected with external equipment foundation according to Handshake Protocol, receiving the first service information that external equipment sends, and this first service information includes the identification code of external equipment。Identity recognizing unit 602 receives unit 601 with first and electrically connects, and for the identification code according to external equipment, inquires about in the code database that prestores whether there is identical identification code, if existed, the identity then determining external equipment is legitimate device, otherwise, and the access request of refusal external equipment。
As a kind of citing of the present embodiment, referring to the structural representation of the embodiment that Fig. 7, Fig. 7 are network activation module。Network activation module 504 includes: second receives unit 701 and network activation unit 702。Second receives unit 701 for receiving the second service information that external equipment sends, and this second service information comprises the vehicle network information of the requested access of external equipment。Network activation unit 702 receives unit 701 with second and electrically connects, for according to vehicle network information, activating the vehicle network of the requested access of external equipment。
The operation principle of the present embodiment and steps flow chart can be, but not limited to the relevant record referring to embodiment 1。
Therefore, embodiments providing a kind of vehicle network access control apparatus, external equipment needs could access vehicle network, make illegality equipment pass through OBD interface and cannot directly access vehicle network after being connected with access control apparatus foundation according to Handshake Protocol。And except the OBD all diagnostic messages independently outwards discharged, other diagnostic messages are required for being obtained by access control apparatus, shield car load bus signals, it is prevented that illegally crack network data。OBD interface can be passed through compared to prior art external equipment and directly access vehicle network, obtain more collection data, the access control apparatus adopting the embodiment of the present invention can prevent illegality equipment from accessing vehicle network, prevent illegality equipment from accessing the related diagnostic data do not discharged, reduce the interference to former depot network
Embodiment 6
The structural representation of another embodiment of the vehicle network access control apparatus provided for the embodiment of the present invention referring to Fig. 8, Fig. 8。The present embodiment and embodiment 5 are distinctive in that, access control apparatus also includes: enumerator 801, it is judged that module 502 includes counting judging unit 802, counting determines unit 803 and operation acceptance unit 804。
Counting judging unit 802 electrically connects with enumerator 801, is used for judging whether the current value of enumerator 801 is zero, and this enumerator 801 is provided with initial value in advance。
Counting determines that unit 803 electrically connects with counting judging unit 802, for when counting judging unit 802 and determining that the current value of enumerator 801 is zero, it is determined that need to be connected with the foundation of described external equipment according to Handshake Protocol。
Operation acceptance unit 804 electrically connects with counting judging unit 802, for when counting judging unit 802 and determining that the current value of enumerator 801 is not zero, making the vehicle network activated accept the access operation of external equipment, and the value making enumerator 801 current subtracts 1。
The more detailed operation principle of the present embodiment can be, but not limited to the relevant record referring to embodiment 2 to steps flow chart。
Therefore, adopt this enforcement technical scheme, in vehicle network access control apparatus, be provided with enumerator 801, judge whether to need to set up according to Handshake Protocol connect time, be whether zero judge according to the value of enumerator 801。Computer 801 is provided with initial value in advance。When vehicle does not also dispatch from the factory, initial value is 0xFF, and all external equipments all can directly access vehicle network, but often accesses once, and the value of enumerator subtracts 1, and after reducing to 0, external equipment needs to re-establish to connect according to Handshake Protocol just can communicate。And after dispatching from the factory, the value of enumerator is reset, after guaranteeing to dispatch from the factory, external equipment often accesses a vehicle network all to be needed to set up according to Handshake Protocol to connect, not only it is avoided that and before dispatching from the factory, accesses the situation being both needed to set up connection every time, reduce the access time, improve the efficiency accessed, and prevent illegality equipment from accessing vehicle network further。
Embodiment 7
The structural representation of another embodiment of the vehicle network access control apparatus provided for the embodiment of the present invention referring to Fig. 9, Fig. 9。The present embodiment and embodiment 6 are distinctive in that, access control apparatus also includes: timer 901 and first network screen unit 902。Timer 901 electrically connects with network activation module 504, first network screen unit 902, after the access for accepting external equipment at the vehicle network activated operates, starts timing, the access time of record external equipment。
First network screen unit 902 is for when the access time exceedes default time threshold, shielding vehicle network, and again identify the identity of external equipment according to Handshake Protocol。
Structural representation referring to the embodiment that Figure 10, Figure 10 are first network screen unit。First network screen unit 902 includes: first activates unit 9021 and the first request refusal unit 9022。First activates unit 9021 for when again identifying that the identity of external equipment is legitimate device, activating the vehicle network of the requested access of external equipment according to Handshake Protocol, so that the vehicle network after activating accepts the access operation of external equipment;
First request refusal unit 9022 is for when the identity of identification external equipment is illegality equipment, refusing the access request of external equipment。
The more detailed operation principle of the present embodiment can be, but not limited to the relevant record referring to embodiment 3 to steps flow chart。
Therefore, access control apparatus is after the vehicle network activated accepts the access operation of external equipment, by the timer 901 record access time, when the access time exceedes default time threshold, first screen unit 902 shields vehicle network, again the identity of external equipment is identified, and when redefining the identity of external equipment and being legitimate device, reactivate the vehicle network that external equipment is requested, reception external device access operates, external equipment can be avoided to access vehicle network for a long time, it is prevented that the illegality equipment operating time is long。
Embodiment 8
The structural representation of the still another embodiment of the vehicle network access control apparatus provided for the embodiment of the present invention referring to Figure 11, Figure 11。The present embodiment and embodiment 7 are distinctive in that, vehicle network access control apparatus also includes: access judge module 1101 and the second net mask unit 1102。Access judge module 1101 to electrically connect with network activation module 504, be used for judging whether external equipment completes to access。Second net mask unit 1102 electrically connects with accessing judge module 1001, for, after access judge module 1101 determines that external equipment completes access, shielding vehicle network。
The more detailed operation principle of the present embodiment and process step can be, but not limited to the relevant record referring to embodiment 3 to embodiment 4。
Therefore, vehicle network access control apparatus, after external equipment completes access, shields the activation vehicle network of this external equipment, activates when needs access again, and reduces illegality equipment further and accesses vehicle network probability。
One of ordinary skill in the art will appreciate that all or part of flow process realizing in above-described embodiment method, can be by the hardware that computer program carrys out instruction relevant to complete, described program can be stored in a computer read/write memory medium, this program is upon execution, it may include such as the flow process of the embodiment of above-mentioned each side method。Wherein, described storage medium can be magnetic disc, CD, read-only store-memory body (Read-OnlyMemory, ROM) or random store-memory body (RandomAccessMemory, RAM) etc.。
The above is the preferred embodiment of the present invention; it should be pointed out that, for those skilled in the art, under the premise without departing from the principles of the invention; can also making some improvements and modifications, these improvements and modifications are also considered as protection scope of the present invention。
Claims (12)
1. a vehicle network access control method, it is characterised in that including:
Receive the access request that external equipment sends;
Judging currently to be connected with the foundation of described external equipment the need of according to Handshake Protocol, described Handshake Protocol includes the identification of external equipment and activates with vehicle network;
If it is judged that for needing, then the identity of external equipment according to described Handshake Protocol identification;
When the identity identifying described external equipment is legitimate device, activate the vehicle network of the requested access of described external equipment according to described Handshake Protocol, so that the vehicle network after activating accepts the access operation of described external equipment。
2. vehicle network access control method according to claim 1, it is characterised in that the described identity of external equipment according to described Handshake Protocol identification, including:
Receiving the first service information that described external equipment sends, described first service information includes the identification code of described external equipment;
Identification code according to described external equipment, inquiry prestores whether there is identical identification code in code database, if it is present determine that the identity of described external equipment is legitimate device, otherwise, refuses the access request of described external equipment。
3. vehicle network access control method according to claim 1, it is characterised in that described when the identity identifying described external equipment is legitimate device, the vehicle network according to the activation requested access of described external equipment of described Handshake Protocol, including:
Receiving the second service information that described external equipment sends, described second service information comprises the vehicle network information of the requested access of described external equipment;
According to described vehicle network information, activate the vehicle network of the requested access of described external equipment。
4. the vehicle network access control method according to any one of claims 1 to 3, it is characterised in that described judgement is currently connected with the foundation of described external equipment the need of according to Handshake Protocol, including:
Judge whether the current value of enumerator is zero;Described enumerator is provided with initial value in advance;
If, it is determined that need to be connected with the foundation of described external equipment according to Handshake Protocol;
If it is not, then make the vehicle network activated accept the access operation of described external equipment, and the value making described enumerator current subtracts 1。
5. vehicle network access control method according to claim 4, it is characterised in that after the described vehicle network activated accepts the access operation of described external equipment, also include:
Start timing, record the access time of described external equipment;
When the described access time exceedes default time threshold, shield described vehicle network, and again identify the identity of described external equipment according to described Handshake Protocol;
When the identity identifying described external equipment is legitimate device, activate the vehicle network of the requested access of described external equipment according to described Handshake Protocol, so that the vehicle network after activating accepts the access operation of described external equipment;
When the identity identifying described external equipment is illegality equipment, refuse the access request of described external equipment。
6. vehicle network access control method according to claim 4, it is characterised in that after the described vehicle network activated accepts the access operation of described external equipment, also include:
Judge whether described external equipment completes to access, and if so, then shields described vehicle network。
7. a vehicle network access control apparatus, it is characterised in that including:
Receiver module, for receiving the access request that external equipment sends;
Judge module, is used for judging currently to be connected with the foundation of described external equipment the need of according to Handshake Protocol, and described Handshake Protocol includes the identification of external equipment and activates with vehicle network;
Identification module, is used for when described judge module determines that needs are connected with the foundation of described external equipment according to described Handshake Protocol, the identity of external equipment according to described Handshake Protocol identification;With,
Network activation module, for when described in described identification module identification, the identity of external equipment is legitimate device, the vehicle network of the requested access of described external equipment is activated, so that the vehicle network after activating accepts the access operation of described external equipment according to described Handshake Protocol。
8. vehicle network access control apparatus according to claim 7, it is characterised in that described identification module includes:
First receives unit, and for when described judge module determines that needs are connected with the foundation of described external equipment according to described Handshake Protocol, receiving the first service information that described external equipment sends, described first service information includes the identification code of described external equipment;With,
Identity recognizing unit, for identification code according to described external equipment, inquiry prestores whether there is identical identification code in code database, if it is present determine that the identity of described external equipment is legitimate device, otherwise, refuses the access request of described external equipment。
9. vehicle network access control apparatus according to claim 7, it is characterised in that described network activation module includes:
Second receives unit, and for receiving the second service information that described external equipment sends, described second service information comprises the vehicle network information of the requested access of described external equipment;With,
Network activation unit, for according to described vehicle network information, activating the vehicle network of the requested access of described external equipment。
10. the vehicle network access control apparatus according to any one of claim 7 to 9, it is characterised in that described judge module includes:
Whether counting judging unit, be zero for judging the current value of enumerator;Described enumerator is provided with initial value in advance;
Counting determines unit, for when described counting judging unit determines that the current value of described enumerator is zero, it is determined that need to be connected with the foundation of described external equipment according to Handshake Protocol;With,
Operation acceptance unit, for when described counting judging unit determines that the current value of described enumerator is not zero, making the vehicle network activated accept the access operation of described external equipment, and the value making described enumerator current subtract 1。
11. vehicle network access control apparatus according to claim 10, it is characterised in that described vehicle network access control apparatus also includes:
Timer, the access for accepting described external equipment at the described vehicle network activated starts timing, records the access time of described external equipment after operating;With,
First network screen unit, for when the described access time exceedes default time threshold, shielding described vehicle network, and again identify the identity of described external equipment according to described Handshake Protocol;
Described first network screen unit includes:
First activates unit, for when again identifying that the identity of described external equipment is legitimate device, activating the vehicle network of the requested access of described external equipment according to described Handshake Protocol, so that the vehicle network after activating accepts the access operation of described external equipment;With,
First request refusal unit, for when the identity of the described external equipment of identification is illegality equipment, refusing the access request of described external equipment。
12. vehicle network access control apparatus according to claim 10, it is characterised in that described vehicle network access control apparatus also includes:
Access judge module, be used for judging whether described external equipment completes to access;With,
Second net mask unit, for, after described access judge module determines that described external equipment completes access, shielding described vehicle network。
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410699168.6A CN105704102B (en) | 2014-11-26 | 2014-11-26 | Vehicle network access control method and device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410699168.6A CN105704102B (en) | 2014-11-26 | 2014-11-26 | Vehicle network access control method and device |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN105704102A true CN105704102A (en) | 2016-06-22 |
| CN105704102B CN105704102B (en) | 2019-06-07 |
Family
ID=56294481
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201410699168.6A Active CN105704102B (en) | 2014-11-26 | 2014-11-26 | Vehicle network access control method and device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN105704102B (en) |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106372545A (en) * | 2016-08-29 | 2017-02-01 | 北京新能源汽车股份有限公司 | Data processing method, on-board diagnostics (OBD) controller and vehicle |
| CN108688616A (en) * | 2017-04-06 | 2018-10-23 | 上海汽车集团股份有限公司 | A kind of method, apparatus and system of vehicle anti-theft alarm |
| CN113741393A (en) * | 2021-09-03 | 2021-12-03 | 东风汽车集团股份有限公司 | Vehicle safety network architecture based on central gateway and diagnosis method thereof |
Citations (15)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20070083304A1 (en) * | 2005-10-06 | 2007-04-12 | Denso Corporation | On-vehicle network diagnosis system and on-vehicle control apparatus thereof |
| CN101150403A (en) * | 2007-11-01 | 2008-03-26 | 奇瑞汽车有限公司 | Control method for diagnosing protocol security validation status machine |
| CN101166087A (en) * | 2007-09-30 | 2008-04-23 | 奇瑞汽车有限公司 | A secure validation method for car diagnosis communication |
| CN101199183A (en) * | 2005-06-15 | 2008-06-11 | 大众汽车有限公司 | Method and device enabling the component of a motor vehicle to reliably communicate with an external communication partner by means of a wireless communications connection |
| CN101291229A (en) * | 2007-02-23 | 2008-10-22 | 通用汽车环球科技运作公司 | System and method for controlling mobile platform information access |
| CN101587576A (en) * | 2009-04-10 | 2009-11-25 | 重庆市公安局 | Public inquiring and supervising system of public security cases |
| CN102045309A (en) * | 2009-10-14 | 2011-05-04 | 上海可鲁系统软件有限公司 | Method and device for preventing computer from being attacked by virus |
| CN102098326A (en) * | 2010-12-13 | 2011-06-15 | 斯必克机电产品(苏州)有限公司 | Method and system for automobile network diagnosis |
| WO2011101414A1 (en) * | 2010-02-22 | 2011-08-25 | Continental Automotive Gmbh | System and method for preventing an attack on a networked vehicle |
| CN102393888A (en) * | 2011-07-21 | 2012-03-28 | 广州汽车集团股份有限公司 | ECU (Electric Control Unit) security access processing method |
| CN102857573A (en) * | 2012-09-17 | 2013-01-02 | 广州杰赛科技股份有限公司 | Safety identification method and safety identification system for onboard communication |
| CN103455022A (en) * | 2012-06-01 | 2013-12-18 | 北汽福田汽车股份有限公司 | Method and device for diagnosing vehicle-mounted electronic control devices |
| CN103529823A (en) * | 2013-10-17 | 2014-01-22 | 北奔重型汽车集团有限公司 | Security access control method for vehicle diagnosis system |
| CN103914059A (en) * | 2013-01-09 | 2014-07-09 | 上海通用汽车有限公司 | Remote bus diagnostic method and system |
| WO2014119380A1 (en) * | 2013-01-31 | 2014-08-07 | 株式会社オートネットワーク技術研究所 | Access limiting device, on-board communication system, and communication limiting method |
-
2014
- 2014-11-26 CN CN201410699168.6A patent/CN105704102B/en active Active
Patent Citations (15)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101199183A (en) * | 2005-06-15 | 2008-06-11 | 大众汽车有限公司 | Method and device enabling the component of a motor vehicle to reliably communicate with an external communication partner by means of a wireless communications connection |
| US20070083304A1 (en) * | 2005-10-06 | 2007-04-12 | Denso Corporation | On-vehicle network diagnosis system and on-vehicle control apparatus thereof |
| CN101291229A (en) * | 2007-02-23 | 2008-10-22 | 通用汽车环球科技运作公司 | System and method for controlling mobile platform information access |
| CN101166087A (en) * | 2007-09-30 | 2008-04-23 | 奇瑞汽车有限公司 | A secure validation method for car diagnosis communication |
| CN101150403A (en) * | 2007-11-01 | 2008-03-26 | 奇瑞汽车有限公司 | Control method for diagnosing protocol security validation status machine |
| CN101587576A (en) * | 2009-04-10 | 2009-11-25 | 重庆市公安局 | Public inquiring and supervising system of public security cases |
| CN102045309A (en) * | 2009-10-14 | 2011-05-04 | 上海可鲁系统软件有限公司 | Method and device for preventing computer from being attacked by virus |
| WO2011101414A1 (en) * | 2010-02-22 | 2011-08-25 | Continental Automotive Gmbh | System and method for preventing an attack on a networked vehicle |
| CN102098326A (en) * | 2010-12-13 | 2011-06-15 | 斯必克机电产品(苏州)有限公司 | Method and system for automobile network diagnosis |
| CN102393888A (en) * | 2011-07-21 | 2012-03-28 | 广州汽车集团股份有限公司 | ECU (Electric Control Unit) security access processing method |
| CN103455022A (en) * | 2012-06-01 | 2013-12-18 | 北汽福田汽车股份有限公司 | Method and device for diagnosing vehicle-mounted electronic control devices |
| CN102857573A (en) * | 2012-09-17 | 2013-01-02 | 广州杰赛科技股份有限公司 | Safety identification method and safety identification system for onboard communication |
| CN103914059A (en) * | 2013-01-09 | 2014-07-09 | 上海通用汽车有限公司 | Remote bus diagnostic method and system |
| WO2014119380A1 (en) * | 2013-01-31 | 2014-08-07 | 株式会社オートネットワーク技術研究所 | Access limiting device, on-board communication system, and communication limiting method |
| CN103529823A (en) * | 2013-10-17 | 2014-01-22 | 北奔重型汽车集团有限公司 | Security access control method for vehicle diagnosis system |
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106372545A (en) * | 2016-08-29 | 2017-02-01 | 北京新能源汽车股份有限公司 | Data processing method, on-board diagnostics (OBD) controller and vehicle |
| CN106372545B (en) * | 2016-08-29 | 2020-09-11 | 北京新能源汽车股份有限公司 | Data processing method, vehicle-mounted automatic diagnosis system OBD controller and vehicle |
| CN108688616A (en) * | 2017-04-06 | 2018-10-23 | 上海汽车集团股份有限公司 | A kind of method, apparatus and system of vehicle anti-theft alarm |
| CN113741393A (en) * | 2021-09-03 | 2021-12-03 | 东风汽车集团股份有限公司 | Vehicle safety network architecture based on central gateway and diagnosis method thereof |
Also Published As
| Publication number | Publication date |
|---|---|
| CN105704102B (en) | 2019-06-07 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US9805520B2 (en) | Method and system for providing vehicle security service | |
| WO2021237648A1 (en) | Vehicle diagnosis method, system, and device, and server | |
| CN101718992B (en) | Vehicle diagnosis system and method based on internet C/S mode | |
| CN105589719A (en) | System for remotely upgrading full vehicle-mounted controller softwares and upgrading method thereof | |
| CN110071904B (en) | Detection method and system of vehicle-mounted terminal, server and storage medium | |
| CN107792009A (en) | Vehicle starting method and device based on driver identity certification | |
| CN102880162A (en) | Automobile diagnostic method, system, diagnostic terminal and backstage server | |
| CN111314386B (en) | Intrusion detection method and device for intelligent networked automobile | |
| CN105704102A (en) | Method and device for vehicle network access control | |
| CN113645590B (en) | Method, device, equipment and medium for remotely controlling vehicle based on encryption algorithm | |
| CN105374074A (en) | Parking lot entering-and-outgoing control method and parking lot entering-and-outgoing control system | |
| CN110956436A (en) | Data management method, device and system for welding production line | |
| CN111123892A (en) | Remote diagnosis system and method based on 5G technology | |
| CN105243706A (en) | Control method, control device and control system of entrance and exit of vehicles in garage | |
| CN106982213A (en) | A kind of network attack defence method and relevant apparatus applied to mobile unit | |
| CN113183916B (en) | Remote vehicle locking and anti-dismantling method, device, equipment and storage medium | |
| CN110083371B (en) | Vehicle program updating system and method, updating tool and storage medium | |
| CN112148312A (en) | Firmware upgrading management method, device, equipment and medium for electronic controller | |
| CN108364363A (en) | For realizing the onboard system of electric non-stop toll, method and vehicle | |
| CN111447589A (en) | Vehicle-mounted Ethernet diagnosis system monitoring and authorized use method based on mobile communication | |
| CN105700507A (en) | Method and device for vehicle network diagnosis control | |
| CN113704106B (en) | Off-line detection system, method, equipment and medium for automobile digital key | |
| CN105227555A (en) | Equipment starting method and system | |
| CN112217799B (en) | Vehicle diagnosis method, vehicle diagnosis device and terminal equipment | |
| CN110545115B (en) | Method for reducing same frequency interference of vehicle and vehicle-mounted keyless starting equipment |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |