CN108073156B - A kind of the security algorithm management method and system of vehicle electronic control unit - Google Patents
A kind of the security algorithm management method and system of vehicle electronic control unit Download PDFInfo
- Publication number
- CN108073156B CN108073156B CN201711156500.4A CN201711156500A CN108073156B CN 108073156 B CN108073156 B CN 108073156B CN 201711156500 A CN201711156500 A CN 201711156500A CN 108073156 B CN108073156 B CN 108073156B
- Authority
- CN
- China
- Prior art keywords
- control unit
- electronic control
- security algorithm
- target electronic
- constant value
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Classifications
-
- G—PHYSICS
- G05—CONTROLLING; REGULATING
- G05B—CONTROL OR REGULATING SYSTEMS IN GENERAL; FUNCTIONAL ELEMENTS OF SUCH SYSTEMS; MONITORING OR TESTING ARRANGEMENTS FOR SUCH SYSTEMS OR ELEMENTS
- G05B23/00—Testing or monitoring of control systems or parts thereof
- G05B23/02—Electric testing or monitoring
- G05B23/0205—Electric testing or monitoring by means of a monitoring system capable of detecting and responding to faults
- G05B23/0218—Electric testing or monitoring by means of a monitoring system capable of detecting and responding to faults characterised by the fault detection method dealing with either existing or incipient faults
- G05B23/0256—Electric testing or monitoring by means of a monitoring system capable of detecting and responding to faults characterised by the fault detection method dealing with either existing or incipient faults injecting test signals and analyzing monitored process response, e.g. injecting the test signal while interrupting the normal operation of the monitored system; superimposing the test signal onto a control signal during normal operation of the monitored system
-
- G—PHYSICS
- G05—CONTROLLING; REGULATING
- G05B—CONTROL OR REGULATING SYSTEMS IN GENERAL; FUNCTIONAL ELEMENTS OF SUCH SYSTEMS; MONITORING OR TESTING ARRANGEMENTS FOR SUCH SYSTEMS OR ELEMENTS
- G05B2219/00—Program-control systems
- G05B2219/20—Pc systems
- G05B2219/24—Pc safety
- G05B2219/24065—Real time diagnostics
Abstract
The present invention provides the security algorithm management method and system of a kind of vehicle electronic control unit, wherein security algorithm management method includes: to be retrieved as the respectively arranged mutually different constant value of multiple target electronic control units, and generate the open security algorithm of the multiple target electronic control unit, wherein, the key value of the open security algorithm is that intermediate variable adds seed, and the intermediate variable is obtained by being calculated the corresponding constant value of target electronic control unit using internal security algorithm;The multiple target electronic control unit is respectively configured in the open security algorithm, and sets the corresponding constant value of the target electronic control unit for the value of the diagnostic data identifier of each target electronic control unit.The open security algorithm that each supplier obtains in the embodiment of the present invention is different, realizes confidentiality;Main engine plants' diagnostic device can obtain the open security algorithm of all suppliers by internal security algorithm simultaneously, convenient for management, be easily used.
Description
Technical field
The present invention relates to automobile technical field more particularly to a kind of security algorithm management methods of vehicle electronic control unit
And system.
Background technique
The security algorithm of vehicle electronic control unit (ECU) is the important channel for protecting automobile ECU internal information, possesses this
Security algorithm, can carry out the modification or configuration of relevant information to ECU, and the specific algorithm of security algorithm is an important and guarantor
Close content, the algorithm are managed by main engine plants.
But inside automobile industry, the same ECU may be supplied by multiple suppliers, be carried out to multiple suppliers
When security algorithm is managed, main engine plants are often faced with a contradictory situation: if same to supplier A and supplier B release
Security algorithm, then be difficult to ensure the confidentiality of security algorithm namely multiple suppliers both know about other side ECU safety calculate
Method;If discharging different security algorithms to supplier A and supplier B, although confidentiality can guarantee, to main engine plants
Control brings very big trouble, and main engine plants can be more chaotic when managing security algorithm.It is more troublesome to be, if diagnosing
Equipment development is further added by supplier after completing, diagnostic device software all needs to update and long term maintenance, workload are very big.
Summary of the invention
Technical problem to be solved by the present invention lies in provide a kind of security algorithm manager of vehicle electronic control unit
Method and system had not only ensured the confidentiality of the security algorithm between the target electronic control unit of each supplier, but also can be convenient for host
Factory manages the security algorithm of each target electronic control unit.
In order to solve the above technical problem, the present invention provides a kind of security algorithm managers of vehicle electronic control unit
Method, comprising:
It is retrieved as the respectively arranged mutually different constant value of multiple target electronic control units, and generates the multiple mesh
Mark the open security algorithm of electronic control unit, wherein the key value of the open security algorithm is that intermediate variable adds seed
Value, the intermediate variable are obtained by being calculated the corresponding constant value of target electronic control unit using internal security algorithm;
The open security algorithm is respectively configured the multiple target electronic control unit, and by each target electronic
The value of the diagnostic data identifier of control unit is set as the corresponding constant value of the target electronic control unit.
Wherein, the corresponding constant value of the target electronic control unit is calculated into acquisition using the internal security algorithm
Intermediate variable is all different.
Wherein, the security algorithm management method further include:
Its corresponding constant value and seed are obtained from the target electronic control unit by diagnostic device;And by institute
It states constant value and acquisition intermediate variable is calculated using the internal security algorithm;And according to the intermediate variable and the seed
Identify the open security algorithm of the target electronic control unit.
Wherein, the acquisition modes of the constant value are: being examined by diagnostic device to target electronic control unit transmission
Severed finger enables, and obtains from target electronic control unit feedback.
Wherein, the acquisition modes of the seed are: being asked by diagnostic device to target electronic control unit transmission
Kind of a sub-instructions are sought, are obtained from target electronic control unit feedback.
The present invention also provides a kind of security algorithm management systems of vehicle electronic control unit, comprising:
Algorithm generation module, for being retrieved as the respectively arranged mutually different constant of multiple target electronic control units
Value, and generate the open security algorithm of the multiple target electronic control unit, wherein the key value of the open security algorithm
Seed is added for intermediate variable, the intermediate variable is by pacifying the corresponding constant value of target electronic control unit using internal
Full algorithm, which calculates, to be obtained;
Algorithm configuration module controls list for the multiple target electronic to be respectively configured in the open security algorithm
Member, and the target electronic control unit pair is set by the value of the diagnostic data identifier of each target electronic control unit
The constant value answered.
Wherein, the corresponding constant value of the target electronic control unit is calculated into acquisition using the internal security algorithm
Intermediate variable is all different.
Wherein, the security algorithm management system further include:
Diagnostic device, for obtaining its corresponding constant value and seed from the target electronic control unit, and by institute
It states constant value and acquisition intermediate variable is calculated using the internal security algorithm, know further according to the intermediate variable and the seed
Not Chu the target electronic control unit open security algorithm.
Wherein, the acquisition modes of the constant value are: being sent out by the diagnostic device to the target electronic control unit
Diagnostic instruction is sent, is obtained from target electronic control unit feedback.
Wherein, the acquisition modes of the seed are: being sent out by the diagnostic device to the target electronic control unit
Request kind sub-instructions are sent, are obtained from target electronic control unit feedback.
The beneficial effect of the embodiment of the present invention is: right by open security algorithm and internal security algorithm double-encryption
For supplier, the open security algorithm that each supplier obtains is different, realizes confidentiality;To main engine plants' diagnostic device
Speech, can obtain the open security algorithm of all suppliers by internal security algorithm, convenient for management, be easily used.
Specific embodiment
The explanation of following embodiment is can be to the specific embodiment implemented to the example present invention.
The embodiment of the present invention one provides a kind of security algorithm management method of vehicle electronic control unit, comprising:
It is retrieved as the respectively arranged mutually different constant value of multiple target electronic control units, and generates the multiple mesh
Mark the open security algorithm of electronic control unit, wherein the key value of the open security algorithm is that intermediate variable adds seed
Value, the intermediate variable are obtained by being calculated the corresponding constant value of target electronic control unit using internal security algorithm;
The open security algorithm is respectively configured the multiple target electronic control unit, and by each target electronic
The value of the diagnostic data identifier of control unit is set as the corresponding constant value of the target electronic control unit.
Specifically, in the present embodiment, constant value is designed as const, which can be read from ECU by diagnostic instruction
It takes out, diagnostic data identifier (DID) is by taking 0x02FF as an example.
For supplier A, constant value const_A=0xABCDEF12 of its target ECU is set;For supplier B,
Constant value const_B=0x12345678 of its target ECU is set.Correspondingly, the diagnosis DID setting of the target ECU of supplier A
Diagnosis DID for DID 0x02FF=0xABCDEF12, the target ECU of supplier B is set as DID 0x02FF=0x12345678.
It is understood that the constant value of the aforementioned target ECU setting for supplier A, supplier B is only for example, it can in practical application
To be set as arbitrary value.
Since the constant value being arranged to each target ECU is mutually different, internal security algorithm will not be supplied to supplier,
It is just different that the corresponding constant value of each target ECU is calculated to the intermediate variable obtained using internal security algorithm, it therefore, will
The key value for being supplied to the open security algorithm of the target ECU of each supplier is also different, this allows for each supply
The open security algorithm of the target ECU of quotient is different, has achieved the purpose that confidentiality.
Internal security algorithm is grasped by main engine plants, will not be supplied to each supplier.As previously mentioned, being multiple target ECU
The key value of the open security algorithm of generation is needed by the way that the corresponding constant value of each target ECU is used internal security algorithm meter
The intermediate variable obtained is calculated, therefore, actually disclosing security algorithm is obtained based on internal security algorithm.
The effect that the value of the diagnostic data identifier of each target ECU is set as its corresponding constant value is, it is main
The diagnostic device of machine factory reads the value of its diagnostic data identifier by diagnostic instruction from the target ECU, is equivalent to lead
The diagnostic device of machine factory obtains the constant value of target ECU.As previously mentioned, the constant value is calculated using internal security algorithm
The intermediate variable of the open security algorithm of target ECU can be obtained, and the seed of the open security algorithm of target ECU can lead to
It crosses to target ECU and sends request kind sub-instructions, then obtained from target ECU feedback, in this way, the open peace of target ECU
Full algorithm can be identified by the diagnostic device of main engine plants, and then can carry out the unlock operation of next step.Different suppliers mention
When the target ECU access of confession, main engine plants' diagnostic device can automatic identification as previously described.Although each which achieves being configured to
The open security algorithm of target ECU is different, but can guarantee the uniqueness of security algorithm, diagnostic device pair on diagnostic device
Each target ECU can call the same security algorithm, and not needing identification is the ECU which supplier provides.
Certainly, it is designed as the target ECU of each supplier constant value being arranged readable, is for diagnostic device energy after sale
Enough to read, then supplier can also read, i.e. the specific constant value of its target ECU can be known in supplier, but supplier
Be not aware that constant value to intermediate variable temp internal security algorithm.
It is illustrated below in conjunction with aforementioned citing.Internal security algorithm can be designed as its key value Key=temp+
Seed, wherein intermediate variable temp=const × 3.It is understood that the calculating of intermediate variable herein is for ease of description
It is only for example, actual internal security algorithm can be designed extremely complex.In being calculated by above-mentioned internal security algorithm
Between variable temp, wherein for supplier A ECU open security algorithm intermediate variable temp_A=const_A × 3=
0x0369CD36, intermediate variable temp_B=const_B × 3 of the open security algorithm of the ECU for supplier B=
0x39D369B6。
It can finally be provided to key value Key=0x0369CD36+seed of the open security algorithm of the target ECU of supplier A,
Its diagnostic data identifier DID 0x02FF=0xABCDEF12, is supplied to the open security algorithm of the target ECU of supplier B
Key value Key=0x39D369B6+seed, diagnostic data identifier DID 0x02FF=0x12345678.In this way, supplier A
Target ECU and supplier B the open security algorithm difference that obtains of target ECU, achieved the purpose that confidentiality, and from its
Each supplier of this algorithm (i.e. internal security algorithm) of constant value to intermediate variable temp do not know, counter can not also push away brokenly
Solution.
By taking the target ECU access that supplier A is provided as an example, the diagnostic device of main engine plants sends request seed (request
Seed it) instructs, ECU feeds back a seed (seed) after receiving request kind sub-instructions, which is random value;
Similarly, the diagnostic device of main engine plants to ECU send diagnostic instruction, ECU to return its DID value (0x02FF=
0xABCDEF12), then the value of the DID is put into internal security algorithm and is calculated by diagnostic device, and key value Key=
(0xABCDEF12 × 3)+seed obtains the open security algorithm of supplier A are as follows: key value Key=0x0369CD36+seed.Have
This algorithm, the diagnostic device of main engine plants can be unlocked the ECU of supplier A.
It should be noted that target ECU if the later period increases supplier, such as supplier C newly, is then similarly it and is set
A constant value const_C=0x22222222 is set, DID is diagnosed and is set as DID 0x02FF=0x22222222, it is open to pacify
Intermediate variable temp=const_C × 3=0x66666666 in full algorithm, then the diagnostic device of main engine plants passes through diagnostic instruction
After the value for obtaining seed and DID, the open security algorithm of the ECU of supplier C just can know that, it is soft without changing diagnostic device
Part.
Corresponding to the embodiment of the present invention one, implementation column two of the present invention provides a kind of security algorithm of vehicle electronic control unit
Management system, comprising:
Algorithm generation module, for being retrieved as the respectively arranged mutually different constant of multiple target electronic control units
Value, and generate the open security algorithm of the multiple target electronic control unit, wherein the key value of the open security algorithm
Seed is added for intermediate variable, the intermediate variable is by pacifying the corresponding constant value of target electronic control unit using internal
Full algorithm, which calculates, to be obtained;
Algorithm configuration module controls list for the multiple target electronic to be respectively configured in the open security algorithm
Member, and the target electronic control unit pair is set by the value of the diagnostic data identifier of each target electronic control unit
The constant value answered.
Wherein, the corresponding constant value of the target electronic control unit is calculated into acquisition using the internal security algorithm
Intermediate variable is all different.
Wherein, the security algorithm management system further include:
Diagnostic device, for obtaining its corresponding constant value and seed from the target electronic control unit, and by institute
It states constant value and acquisition intermediate variable is calculated using the internal security algorithm, know further according to the intermediate variable and the seed
Not Chu the target electronic control unit open security algorithm.
Wherein, the acquisition modes of the constant value are: being sent out by the diagnostic device to the target electronic control unit
Diagnostic instruction is sent, is obtained from target electronic control unit feedback.
Wherein, the acquisition modes of the seed are: being sent out by the diagnostic device to the target electronic control unit
Request kind sub-instructions are sent, are obtained from target electronic control unit feedback.
By above description it is found that the beneficial effect of the embodiment of the present invention is: passing through open security algorithm and internal peace
Full algorithm double-encryption, for supplier, the open security algorithm that each supplier obtains is different, realizes confidentiality;
For main engine plants' diagnostic device, the open security algorithm of all suppliers, manager can be obtained by internal security algorithm
Just, it is easily used.
The above disclosure is only the preferred embodiments of the present invention, cannot limit the right model of the present invention with this certainly
It encloses, therefore equivalent changes made in accordance with the claims of the present invention, is still within the scope of the present invention.
Claims (9)
1. a kind of security algorithm management method of vehicle electronic control unit, comprising:
It is retrieved as the respectively arranged mutually different constant value of multiple target electronic control units, and generates the multiple target electricity
The open security algorithm of sub-control unit, wherein during the key value of the open security algorithm of each target electronic control unit is
Between variable add seed, intermediate variable corresponding to the open security algorithm of each target electronic control unit is by by target
Constant value corresponding to electronic control unit is calculated using internal security algorithm and is obtained;The disclosure of each target electronic control unit
Intermediate variable corresponding to security algorithm is all different;
The multiple target electronic is respectively configured in the open security algorithm of the multiple target electronic control unit of generation
Control unit, and set the target electronic for the value of the diagnostic data identifier of each target electronic control unit and control
The corresponding constant value of unit.
2. security algorithm management method according to claim 1, which is characterized in that further include:
Its corresponding constant value and seed are obtained from the target electronic control unit by diagnostic device;And it will be described normal
Numerical value is calculated using the internal security algorithm and obtains intermediate variable;And it is identified according to the intermediate variable and the seed
The open security algorithm of the target electronic control unit out.
3. security algorithm management method according to claim 2, which is characterized in that the acquisition modes of the constant value are:
Diagnostic instruction is sent to the target electronic control unit by diagnostic device, is obtained from target electronic control unit feedback
.
4. security algorithm management method according to claim 2, which is characterized in that the acquisition modes of the seed are:
Request kind sub-instructions are sent to the target electronic control unit by diagnostic device, are fed back from the target electronic control unit
It obtains.
5. a kind of security algorithm management system of vehicle electronic control unit characterized by comprising
Algorithm generation module, for being retrieved as the respectively arranged mutually different constant value of multiple target electronic control units, and
Generate the open security algorithm of the multiple target electronic control unit, wherein the open peace of each target electronic control unit
The key value of full algorithm is that intermediate variable adds seed, corresponding to the open security algorithm of each target electronic control unit
Intermediate variable is obtained by being calculated constant value corresponding to target electronic control unit using internal security algorithm;Each target
Intermediate variable corresponding to the open security algorithm of electronic control unit is all different;
Algorithm configuration module, for the open security algorithm of the multiple target electronic control unit generated to be respectively configured
The multiple target electronic control unit, and set the value of the diagnostic data identifier of each target electronic control unit to
The corresponding constant value of the target electronic control unit.
6. security algorithm management system according to claim 5, which is characterized in that by the target electronic control unit pair
The constant value answered calculates the intermediate variable obtained using the internal security algorithm and is all different.
7. security algorithm management system according to claim 5, which is characterized in that further include:
Diagnostic device, for obtaining its corresponding constant value and seed from the target electronic control unit, and will be described normal
Numerical value is calculated using the internal security algorithm and obtains intermediate variable, is identified further according to the intermediate variable and the seed
The open security algorithm of the target electronic control unit.
8. security algorithm management system according to claim 7, which is characterized in that the acquisition modes of the constant value are:
Diagnostic instruction is sent to the target electronic control unit by the diagnostic device, is fed back from the target electronic control unit
It obtains.
9. security algorithm management system according to claim 7, which is characterized in that the acquisition modes of the seed are:
Request kind sub-instructions are sent to the target electronic control unit by the diagnostic device, from the target electronic control unit
Feedback obtains.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201711156500.4A CN108073156B (en) | 2017-11-20 | 2017-11-20 | A kind of the security algorithm management method and system of vehicle electronic control unit |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201711156500.4A CN108073156B (en) | 2017-11-20 | 2017-11-20 | A kind of the security algorithm management method and system of vehicle electronic control unit |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN108073156A CN108073156A (en) | 2018-05-25 |
| CN108073156B true CN108073156B (en) | 2019-11-01 |
Family
ID=62157478
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201711156500.4A Active CN108073156B (en) | 2017-11-20 | 2017-11-20 | A kind of the security algorithm management method and system of vehicle electronic control unit |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN108073156B (en) |
Families Citing this family (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113094691A (en) * | 2021-03-24 | 2021-07-09 | 东风电驱动系统有限公司 | Whole vehicle ECU device safety access method and system |
Family Cites Families (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2015170452A1 (en) * | 2014-05-08 | 2015-11-12 | パナソニック インテレクチュアル プロパティ コーポレーション オブ アメリカ | In-car network system, electronic control unit and update processing method |
| US20160099806A1 (en) * | 2014-10-07 | 2016-04-07 | GM Global Technology Operations LLC | Distributing secret keys for managing access to ecus |
| JP6618480B2 (en) * | 2014-11-12 | 2019-12-11 | パナソニック インテレクチュアル プロパティ コーポレーション オブ アメリカPanasonic Intellectual Property Corporation of America | Update management method, update management system, and control program |
| JP6502832B2 (en) * | 2015-11-13 | 2019-04-17 | 株式会社東芝 | Inspection apparatus, communication system, mobile unit and inspection method |
| CN106027260B (en) * | 2016-05-12 | 2019-04-02 | 成都信息工程大学 | Automobile ECU integrity verification and encryption communication method based on cipher key pre-distribution |
-
2017
- 2017-11-20 CN CN201711156500.4A patent/CN108073156B/en active Active
Also Published As
| Publication number | Publication date |
|---|---|
| CN108073156A (en) | 2018-05-25 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN100592686C (en) | A secure validation method for car diagnosis communication | |
| CN105320854B (en) | By signing, balance prevents automation component from being distorted by program | |
| CN104850093B (en) | Method and automated network for the security in monitoring automation network | |
| US8306782B2 (en) | System for monitoring and diagnosing remote devices | |
| CN109523040B (en) | User equipment repair method, server, system and medium capable of protecting privacy | |
| CN110086697A (en) | Household electrical appliances fault handling method and device | |
| CN112887282B (en) | Identity authentication method, device, system and electronic equipment | |
| DE102020121533A1 (en) | TRUSTED AUTOMOTIVE AUTOMOTIVE MICROCON TROLLERS | |
| CN106155043A (en) | Vehicle data acquisition methods, device and equipment | |
| CN109063423A (en) | application software authorization method and system | |
| CN108073156B (en) | A kind of the security algorithm management method and system of vehicle electronic control unit | |
| CN109302501B (en) | Industrial control data storage method, device and system based on block chain technology | |
| US20230275767A1 (en) | Control System for Technical Plants Having Certificate Management | |
| DE102018101535A1 (en) | Secure daisy-chain delivery | |
| US20080005552A1 (en) | Safety Data Writes | |
| JP2017041244A5 (en) | ||
| CN107172053A (en) | The method of controlling security and safety control of computer | |
| EP2163956A1 (en) | Method for providing control information for a distributed operation in an automation system, computer program and automation system | |
| CN116668200A (en) | Internet of things data security transmission method and system | |
| CN106790304A (en) | Data access method, device, node and server cluster | |
| US20230299971A1 (en) | Data protection apparatus, electronic apparatus, method, and storage medium | |
| CN113411311B (en) | ECU diagnosis authorization verification method, storage medium and system | |
| CN109083506A (en) | A kind of system based on power supply station's car key management | |
| CN112153151B (en) | Intelligent manufacturing workshop safety management method and system based on blockchain | |
| US20220179998A1 (en) | Apparatus and method for checking the integrity of sensor-data streams |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |