CN108173806B - Distributed network system of automobile, isolation device, message transmission method and automobile - Google Patents

Distributed network system of automobile, isolation device, message transmission method and automobile Download PDF

Info

Publication number
CN108173806B
CN108173806B CN201711200898.7A CN201711200898A CN108173806B CN 108173806 B CN108173806 B CN 108173806B CN 201711200898 A CN201711200898 A CN 201711200898A CN 108173806 B CN108173806 B CN 108173806B
Authority
CN
China
Prior art keywords
message
control module
transmitted
vehicle
bus channel
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201711200898.7A
Other languages
Chinese (zh)
Other versions
CN108173806A (en
Inventor
杨振业
文亮
伍昀
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beiqi Foton Motor Co Ltd
Original Assignee
Beiqi Foton Motor Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beiqi Foton Motor Co Ltd filed Critical Beiqi Foton Motor Co Ltd
Priority to CN201711200898.7A priority Critical patent/CN108173806B/en
Publication of CN108173806A publication Critical patent/CN108173806A/en
Application granted granted Critical
Publication of CN108173806B publication Critical patent/CN108173806B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/0227Filtering policies
    • H04L63/0236Filtering by address, protocol, port number or service, e.g. IP-address or URL
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • H04L12/40Bus networks
    • H04L12/40006Architecture of a communication node
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/12Applying verification of the received information
    • H04L63/126Applying verification of the received information the source of the received data
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/12Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • H04L12/40Bus networks
    • H04L2012/40267Bus for use in transportation systems
    • H04L2012/40273Bus for use in transportation systems the transportation system being a vehicle

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Computing Systems (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Small-Scale Networks (AREA)
  • Health & Medical Sciences (AREA)
  • General Health & Medical Sciences (AREA)
  • Medical Informatics (AREA)

Abstract

The invention discloses a distributed network system of an automobile, an isolation device, a message transmission method and the automobile. Wherein, this distributed network system of car includes: the system comprises a vehicle-mounted diagnosis interface network, an in-vehicle network and an isolation device, wherein the isolation device is positioned between the vehicle-mounted diagnosis interface network and the in-vehicle network and is used for isolating messages which do not meet preset safety conditions. The invention solves the technical problem of complicated design and high cost caused by changing the distributed mode into the centralized network management mode in the prior art.

Description

Distributed network system of automobile, isolation device, message transmission method and automobile
Technical Field
The invention relates to the field of application of automobile manufacturing technology, in particular to a distributed network system, an isolation device, a message transmission method and an automobile of the automobile.
Background
In the existing automobile, a large number of electronic control units exist, and data transmission and interaction and control instruction issuing are performed among the electronic control units through buses, so that a distributed network architecture exists in the network architecture of the whole vehicle-mounted bus.
The architecture of the distributed network is characterized in that each controller forms a network through a plurality of buses, forwarding communication is performed among the networks through a plurality of controllers, uniform network management equipment is not used for scheduling in the mode, and finally, each network is directly connected to a diagnosis interface of a vehicle, as shown in detail in fig. 1, wherein fig. 1 is a schematic diagram of the architecture of the distributed network in the prior art. However, the method has low safety, all networks and controllers in the vehicle can be accessed through the vehicle-mounted diagnosis interface, and serious consequences such as interference or paralysis of in-vehicle communication or abnormal starting/closing of related in-vehicle functions can be achieved by maliciously sending interference messages or faking special messages for the controllers through the diagnosis interface.
The number of vehicles with distributed network architecture is enormous based on the global automobile market. However, as the requirement on the security of the vehicle network becomes higher and higher, the security of the network architecture is urgently required to be improved in a targeted manner. However, according to the current solution, only the network architecture is redesigned and the distributed architecture is changed into the centralized network management architecture. However, this involves a lot of design changes and engineering changes, which is very costly.
In view of the above-mentioned problem of complicated design and high cost caused by changing distributed into centralized network management architecture in the prior art, no effective solution has been proposed at present.
Disclosure of Invention
The embodiment of the invention provides a distributed network system, an isolation device, a message transmission method and an automobile, which are used for at least solving the technical problem of complicated design and high cost caused by changing distributed mode into centralized network management type architecture in the prior art.
According to an aspect of an embodiment of the present invention, there is provided an isolation device including: the main control module is used for routing the message control module and the bus channel control module; the master control module is used for performing performance control on the route control module and activating or forbidding a route control function of the route control module according to an external power supply and a communication input condition; a routing message control module, one end of which is connected with the main control module and the other end of which is connected with the bus channel control module, and is used for adjusting the path of message forwarding in the bus channel and verifying whether the message in each bus channel meets the preset safety condition; and one end of the bus channel control module is connected with the routing message control module and is used for transmitting messages meeting preset safety conditions.
Optionally, the isolation device further comprises: a power supply and a communication wake-up line; the power supply is connected with the main control module and used for supplying power to the main control module; and the communication wake-up line is connected with the main control module and is used for waking up the main control module to enter a communication mode.
Optionally, the number of bus channels corresponding to the bus channel control modules is even, and the number of the bus channel control modules is the same as that of the bus channels.
Optionally, the isolation device is located in a distributed network system of an automobile, where the distributed network system of the automobile includes: the vehicle-mounted diagnosis interface network and the in-vehicle network are arranged, and the isolation device is located between the vehicle-mounted diagnosis interface network and the in-vehicle network and used for isolating messages which do not meet preset safety conditions.
According to another aspect of an embodiment of the present invention, there is provided a distributed network system of an automobile, including: the system comprises a vehicle-mounted diagnosis interface network, an in-vehicle network and an isolation device, wherein the isolation device is positioned between the vehicle-mounted diagnosis interface network and the in-vehicle network and is used for isolating messages which do not meet preset safety conditions.
Wherein, the isolating device comprises the isolating device provided by the above aspect.
Optionally, the isolation device comprises: the main control module is used for routing the message control module and the bus channel control module; the master control module is used for performing performance control on the route control module and activating or forbidding a route control function of the route control module according to an external power supply and a communication input condition; a routing message control module, one end of which is connected with the main control module and the other end of which is connected with the bus channel control module, and is used for adjusting the path of message forwarding in the bus channel and verifying whether the message in each bus channel meets the preset safety condition; and one end of the bus channel control module is connected with the routing message control module and is used for transmitting messages meeting preset safety conditions.
Further, optionally, the isolation device further includes: a power supply and a communication wake-up line; the power supply is connected with the main control module and used for supplying power to the main control module; and the communication wake-up line is connected with the main control module and is used for waking up the main control module to enter a communication mode.
Optionally, the number of bus channels corresponding to the bus channel control modules is even, and the number of the bus channel control modules is the same as that of the bus channels.
According to another aspect of the embodiments of the present invention, a method for transmitting a packet is provided, including: the main control module controls the routing message control module to adjust the path of the message to be transmitted in the bus channel; verifying whether the message to be transmitted in each bus channel meets preset safety conditions or not through a routing message control module; and under the condition that the routing message control module verifies that the message to be transmitted in the bus channel meets the preset safety condition, transmitting the message to be transmitted meeting the preset safety condition through the bus channel control module.
Optionally, verifying, by the routing packet control module, whether the packet to be transmitted in each bus channel meets the preset safety condition includes: if yes, judging whether the service identification in the message to be transmitted is the service identification needed after sale of the channel; if the service identification in the message to be transmitted is the service identification needed after sale of the channel, judging whether the service identification belongs to the risk service in the preset safety condition; if the risk service is confirmed, carrying out security verification on the source node, and releasing the message to be transmitted corresponding to the service identifier after passing the verification through the bus channel control module; and if the security verification of the source node fails, forbidding the access and the forwarding of the message to be transmitted through the bus channel control module.
Further, optionally, if the risk service is confirmed, performing security verification on the source node includes: and verifying the security identification check code in the service identifier and a secondary verification code obtained by performing secondary encryption operation on the security identification check code with a prestored value.
Optionally, the method further includes: and if the message identification of the message to be transmitted does not belong to the identification of the diagnostic message class of the channel in the preset safety condition, forbidding access or forbidding forwarding through the bus channel control module.
Optionally, the transmitting, by the bus channel control module, the message meeting the preset safety condition includes: and if the service identification does not belong to the risk service in the preset safety condition, sending a message to be transmitted through the bus channel control module.
According to still another aspect of an embodiment of the present invention, there is provided an automobile including: the distributed network system of the automobile comprises the distributed network system of the automobile.
In the embodiment of the invention, an isolation device is arranged between a vehicle-mounted diagnosis interface network and a vehicle-mounted network, and a main control module in the isolation device controls a routing message control module to adjust a path for forwarding a message to be transmitted in a bus channel; verifying whether the message to be transmitted in each bus channel meets preset safety conditions or not through a routing message control module; under the condition that the routing message control module verifies that the message to be transmitted in the bus channel meets the preset safety condition, the message to be transmitted meeting the preset safety condition is transmitted through the bus channel control module, and the purpose of reducing the design complexity and the cost is achieved, so that the technical effect of realizing the safety of a network system on the basis of not changing the conventional network system is achieved, and the technical problem that the design is complex and the cost is high due to the fact that the distributed mode is changed into the centralized network management type framework in the prior art is solved.
Drawings
The accompanying drawings, which are included to provide a further understanding of the invention and are incorporated in and constitute a part of this application, illustrate embodiment(s) of the invention and together with the description serve to explain the invention without limiting the invention. In the drawings:
FIG. 1 is a schematic diagram of a system of a distributed network in the prior art;
fig. 2 is a schematic structural diagram of a distributed network system of an automobile according to a first embodiment of the present invention;
FIG. 3 is a schematic structural diagram of another distributed network system of an automobile according to a first embodiment of the invention;
fig. 4 is a schematic structural diagram of an isolation device in a distributed network system of an automobile according to a first embodiment of the present invention;
fig. 5 is a flowchart illustrating a message transmission method according to a third embodiment of the present invention;
fig. 6 is a schematic diagram of a service message flow for determining after-sales diagnosis requirements in a message transmission method according to a third embodiment of the present invention;
fig. 7 is a schematic diagram of a security verification sequence of a risk message source node in a message transmission method according to a third embodiment of the present invention;
fig. 8 is a schematic diagram of a source address information verification message format in a message transmission method according to a third embodiment of the present invention.
Detailed Description
In order to make the technical solutions of the present invention better understood, the technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
It should be noted that the terms "first," "second," and the like in the description and claims of the present invention and in the drawings described above are used for distinguishing between similar elements and not necessarily for describing a particular sequential or chronological order. It is to be understood that the data so used is interchangeable under appropriate circumstances such that the embodiments of the invention described herein are capable of operation in sequences other than those illustrated or described herein. Furthermore, the terms "comprises," "comprising," and "having," and any variations thereof, are intended to cover a non-exclusive inclusion, such that a process, method, system, article, or apparatus that comprises a list of steps or elements is not necessarily limited to those steps or elements expressly listed, but may include other steps or elements not expressly listed or inherent to such process, method, article, or apparatus.
Example one
In accordance with an embodiment of the present invention, there is provided a method embodiment of a distributed network system for an automobile, where the steps illustrated in the flowchart of the figure may be performed in a computer system such as a set of computer executable instructions, and where a logical order is illustrated in the flowchart, in some cases the steps illustrated or described may be performed in an order different than that illustrated herein.
Fig. 2 is a schematic structural diagram of a distributed network system of an automobile according to an embodiment of the present invention, and as shown in fig. 2, the distributed network system of the automobile includes:
the system comprises a vehicle-mounted diagnosis interface network 21, an in-vehicle network 22 and an isolation device 23, wherein the isolation device 23 is positioned between the vehicle-mounted diagnosis interface network 21 and the in-vehicle network 22 and is used for isolating messages which do not meet preset safety conditions.
Specifically, the distributed network system of the automobile provided by the present application is different from the prior art, and fig. 3 is a schematic structural diagram of another distributed network system of the automobile according to an embodiment of the present invention, and as shown in fig. 3, an isolation device 23 is located between a vehicle-mounted diagnostic interface network 21 and a vehicle-mounted network 22, and only service messages required for after-sales diagnosis of this channel can be transferred to the vehicle-mounted network or released to the vehicle-mounted diagnostic interface (that is, the isolation device does not satisfy a preset safety condition) for further improving the safety, and meanwhile, in order to further improve the safety, the isolation device performs source node safety verification on devices connected to the vehicle-mounted diagnostic interface, and allows release after confirming that the devices are diagnostic instruments designated by the original factory, or otherwise, access is also denied.
In the embodiment of the invention, the message to be transmitted is received by adopting a mode of arranging an isolating device between a vehicle-mounted diagnosis interface network and a vehicle-mounted network; judging whether the message to be transmitted meets preset safety conditions or not; the message to be transmitted is transmitted according to the judgment result, so that the aim of reducing the design complexity and the cost is fulfilled, the technical effect of realizing the safety of the network system on the basis of not changing the conventional network system is realized, and the technical problem of complicated design and high cost caused by changing the distributed mode into the centralized network management type architecture in the prior art is solved.
Specifically, fig. 4 is a schematic structural diagram of an isolation device in a distributed network system of an automobile according to an embodiment of the present invention, and as shown in fig. 4, the isolation device in the distributed network system of the automobile provided by the present application is specifically as follows:
optionally, the isolation device 23 comprises: a main control module 231, a routing message control module 232 and a bus channel control module 233; the main control module 231 is configured to enable and control the routing control module 232, and activate or disable the routing control function of the routing control module 232 according to an external power supply and a communication input condition; a routing message control module 232, one end of which is connected to the main control module 231 and the other end of which is connected to the bus channel control module 233, for adjusting the path of the message forwarded in the bus channel and verifying whether the message in each bus channel meets the preset safety condition; one end of the bus channel control module 233 is connected to the routing packet control module 232, and is configured to transmit a packet that meets a preset security condition.
Further, optionally, the isolation device 23 further includes: a power supply 234 and a communication wakeup line 235; the power supply 234 is connected to the main control module 231 and configured to supply power to the main control module 231; and a communication wake-up line 235 connected to the main control module 231 for waking up the main control module to enter a communication mode.
Optionally, the number of bus channels corresponding to the bus channel control modules is even, and the number of the bus channel control modules is the same as that of the bus channels.
In summary, the isolation device 23 in the distributed network system of the automobile provided in the present application includes: a main control module 231, a routing packet control module 232, and a bus channel control module 233, where, as shown in fig. 4, the main control module 231 is marked as 1, the routing packet control module 232 is marked as 2, and the bus channel control module 233 is marked as 3 to 8.
The isolating device 23 has more than 2 (even number) bus channels (each bus channel corresponds to one bus channel control module 233), and is inserted between the in-vehicle network to be protected and the vehicle-mounted diagnostic interface network, and every two bus channels are bound one by one, for example, the channel 1 can only communicate with the channel 2, the channel 3 can only communicate with the channel 4, and so on. For convenience of practical use, the bound channels may be altered by software configuration. Such as channel 1 communicating with channel 3, channel 2 communicating with channel 4, etc. The isolation device 23 can support bus message wake-up and hard-line wake-up through the communication wake-up line 235, and control the routing message control module 232 to quickly establish the routing forwarding capability of the message after wake-up. A message list allowing to be released is established for each bus channel in the isolation device 23, and only service messages required by after-sales diagnosis of the channel can be transferred to an in-vehicle network or released to a vehicle-mounted diagnosis interface.
Meanwhile, in order to further improve the security, the isolation device 23 may perform source node security verification on the device connected to the vehicle-mounted diagnostic interface in the vehicle-mounted diagnostic interface network, and allow the device to pass after confirming that the device is the diagnostic instrument specified by the original factory, otherwise, the device also denies access.
It should be noted that, in the research and development stage of the car factory, it is often necessary to directly read the message data of the in-car network through the vehicle-mounted diagnostic interface in the stages of function verification, road test, and the like, and in order to facilitate the work in the research and development stage, the message list allowed to be released is configured in the isolation device 23 and designed as a configurable part, and in the research and development stage, the message list is configured through software so as not to be filtered, and at this time, the isolation device 23 does not function. When mass production and subsequent use and maintenance are performed, the isolation device 23 is activated, and the isolation device 23 functions properly.
The distributed network system of the automobile provided by the application does not need to change the original network system, the software and hardware design of the original module and the premise that most of the wiring harness can be kept unchanged, the cost is greatly saved, the vehicle-mounted diagnosis interface network is isolated from the in-automobile network, and serious consequences that an unauthorized third party can access all networks and controllers in the automobile through the vehicle-mounted diagnosis interface, and related in-automobile functions are abnormally started/closed and the like through maliciously sending interference messages or faking special messages for the controllers are avoided. Thereby improving the security of the distributed network system.
The distributed network system of the automobile can isolate the vehicle-mounted diagnosis interface network from the in-automobile network on the premise of not changing the original network system, the software and hardware design of the original module and most of wiring harnesses, so that the serious consequences that an unauthorized third party can access all the networks and controllers in the automobile through the vehicle-mounted diagnosis interface, and relevant in-automobile functions are enabled/closed abnormally by sending interference messages maliciously or faking special messages for the controllers are avoided. The security of the distributed network system is improved. The bus channel binding setting and filtering capability accessible software are configured among the isolating device that this application provided, therefore the flexibility is high, also can expand to in the car in other networks that need keep apart simultaneously, have very strong practicality.
Example two
According to another aspect of an embodiment of the present invention, there is provided an isolation device including: the main control module is used for routing the message control module and the bus channel control module; the master control module is used for performing performance control on the route control module and activating or forbidding a route control function of the route control module according to an external power supply and a communication input condition; a routing message control module, one end of which is connected with the main control module and the other end of which is connected with the bus channel control module, and is used for adjusting the path of message forwarding in the bus channel and verifying whether the message in each bus channel meets the preset safety condition; one end of the bus channel control module is connected with the routing message control module, and the bus channel control module is used for transmitting messages meeting preset safety conditions.
The isolation device provided in the present application corresponds to the isolation device 23 in the first embodiment, the main control module in the isolation device provided in the present application corresponds to the main control module 231 in the first embodiment, the routing packet control module corresponds to the routing packet control module 232 in the first embodiment, and the bus channel control module corresponds to the bus channel control module 233 in the first embodiment. The structure of the isolation device provided by the application is shown in figure 4.
Optionally, the isolation device further comprises: a power supply and communication wake-up line interface; the power supply is connected with the main control module and used for supplying power to the main control module; and the communication wake-up line is connected with the main control module and is used for waking up the main control module to enter a communication mode.
Optionally, the number of bus channels corresponding to the bus channel control modules is even, and the number of the bus channel control modules corresponds to the number of the bus channels.
Optionally, the isolation device is located in a distributed network system of an automobile, where the distributed network system of the automobile includes: the vehicle-mounted diagnosis interface network and the in-vehicle network are arranged, and the isolation device is located between the vehicle-mounted diagnosis interface network and the in-vehicle network and used for isolating messages which do not meet preset safety conditions.
EXAMPLE III
According to another aspect of the embodiments of the present invention, there is provided a message transmission method applied to an isolation device in the first embodiment and the second embodiment, and fig. 5 is a schematic flow diagram of a message transmission method according to the third embodiment of the present invention, as shown in fig. 5, including:
step S502, the route message control module is controlled by the main control module to adjust the path of the message to be transmitted in the bus channel;
step S504, verify whether the message to be transmitted in each bus channel meets the preset safety condition through the routing message control module;
step S506, under the condition that the routing message control module verifies that the message to be transmitted in the bus channel meets the preset safety condition, the message to be transmitted meeting the preset safety condition is transmitted through the bus channel control module.
Specifically, the message transmission method provided by the application can be applied to an isolation device in a distributed network system of an automobile corresponding to the embodiment, and applied to an isolation device corresponding to the embodiment, wherein the isolation device judges whether a message to be transmitted meets a preset safety condition after receiving the message to be transmitted sent by an in-vehicle network or a vehicle-mounted diagnosis network, and transmits the message to be transmitted to the in-vehicle network or the vehicle-mounted diagnosis network according to a judgment result.
In the embodiment of the invention, an isolation device is arranged between a vehicle-mounted diagnosis interface network and a vehicle-mounted network, and a main control module in the isolation device controls a routing message control module to adjust a path for forwarding a message to be transmitted in a bus channel; verifying whether the message to be transmitted in each bus channel meets preset safety conditions or not through a routing message control module; under the condition that the routing message control module verifies that the message to be transmitted in the bus channel meets the preset safety condition, the message to be transmitted meeting the preset safety condition is transmitted through the bus channel control module, and the purpose of reducing the design complexity and the cost is achieved, so that the technical effect of realizing the safety of a network system on the basis of not changing the conventional network system is achieved, and the technical problem that the design is complex and the cost is high due to the fact that the distributed mode is changed into the centralized network management type framework in the prior art is solved.
Optionally, the step S504 of verifying, by the routing packet control module, whether the packet to be transmitted in each bus channel meets the preset safety condition includes:
step1, if yes, judging whether the service identification in the message to be transmitted is the service identification needed after sale of the channel;
step2, if the service identification in the message to be transmitted is the service identification needed after sale of the channel, judging whether the service identification belongs to the risk service in the preset safety condition;
step3, if the risk service is confirmed, performing source node security verification, and passing the message to be transmitted corresponding to the service identifier after passing the verification through the bus channel control module;
step4, if the source node fails to verify the security, forbidding the access and forbidding the forwarding of the message to be transmitted through the bus channel control module.
Specifically, as shown in fig. 6, fig. 6 is a schematic diagram of a service message flow for determining after-sales diagnosis needs in a message transmission method according to a third embodiment of the present invention.
Step S1, judging whether the message identification of the message to be transmitted belongs to the identification of the diagnosis message class of the channel in the preset safety condition;
step S2, if not, the access is prohibited or the forwarding is prohibited;
step S3, if yes, judging whether the service identification in the message to be transmitted is the service identification needed after sale of the channel;
step S4, if not, access is prohibited or forwarding is prohibited;
step S5, if yes, judging whether the service identification belongs to the risk service in the preset safety condition;
step S6, if not, allowing the release;
step S7, if the risk service is confirmed, the security verification of the source node is carried out, and the message to be transmitted corresponding to the service identification after passing the verification is released;
and step S8, if the source node fails to verify the security, forbidding the access and the forwarding of the message to be transmitted.
The method for judging whether the message to be transmitted meets the preset safety condition or not and transmitting the message to be transmitted according to the judgment result comprises the following steps:
firstly, judging whether the message identification ID belongs to the identification ID of the diagnosis message class of the channel, and if not, prohibiting access or forwarding. And judging whether the service ID in the message is the service required after sale of the channel or not, and if not, prohibiting access or forwarding. And then judging whether the service is a risk service or not, and if not, allowing to pass. And if the risk service is confirmed, performing security verification on the source node. And if the verification is passed, the release is allowed, otherwise, the access and forwarding are also forbidden.
Further, optionally, if the risk service is confirmed in Step3, performing security verification on the source node includes:
and verifying the secondary verification code obtained by carrying out secondary encryption operation on the security identification verification code and the security identification verification code in the service identifier with a prestored value.
Specifically, a source address information verification message needs to be added after each risk message, and the verification message includes a security verification code obtained by the diagnostic device from an after-sales server according to the vehicle information and a secondary verification code obtained by performing secondary encryption operation on the security verification code. The isolation device corresponding to the message transmission method provided by the application needs to compare the security verification code and the secondary verification code with the internal correct value, and the verification can be passed only after all the two are correct. Fig. 7 is a schematic diagram of a security verification sequence of a risk message source node in a message transmission method according to a third embodiment of the present invention, where a format of a source address information verification message is shown in fig. 8, and fig. 8 is a schematic diagram of a format of a source address information verification message in a message transmission method according to a third embodiment of the present invention.
The security verification code of the vehicle in the source address information verification message format is acquired from the after-sales server by the diagnostic device according to the vehicle information, wherein the security verification code has three bytes in total, namely, a position shown in a diagonal grid in fig. 8; the secondary verification code in the source address information verification message format is obtained by performing special operation on the security verification code, and is shown in the grid in fig. 8; the serial number in the source address information verification message format is in a blank lattice in fig. 8, wherein the range of the serial number is 1-255, and 1-255 identifies that the current serial number is the frame of several.
Optionally, the message transmission method provided in the present application further includes:
after the Step1 and before the Step2, if the message identifier of the message to be transmitted does not belong to the identifier of the diagnostic message class of the channel in the preset safety condition, the access or forwarding is prohibited through the bus channel control module.
Optionally, the step S506 of transmitting the message meeting the preset safety condition through the bus channel control module includes:
after Step2 and before Step3, if the service identifier does not belong to the risk service in the preset safety condition, the message to be transmitted is sent through the bus channel control module.
It should be noted that, the security verification sequence of the risk message source node and the format of the source address information verification message in the present application are only described by way of example, so as to implement the message transmission method provided in the present application, and are not particularly limited.
The distributed network system of the automobile, to which the message transmission method provided by the application is applied, can isolate the vehicle-mounted diagnosis interface network from the vehicle-mounted network on the premise of not changing the original network system, the software and hardware design of the original module and most of the wiring harnesses, so that serious consequences that an unauthorized third party can access all networks and controllers in the automobile through the vehicle-mounted diagnosis interface, and related functions in the automobile are abnormally started/closed by maliciously sending interference messages or faking special messages for the controllers are avoided. The security of the distributed network system is improved. The message transmission method is applied to the isolation device, the binding setting of the bus channel and the configuration of the filtering function can be carried out through software, so that the flexibility is high, meanwhile, the message transmission method can be expanded to other networks needing isolation in a vehicle, and the practicability is very high.
Example four
According to still another aspect of an embodiment of the present invention, there is provided an automobile including: the distributed network system of the automobile comprises the distributed network system of the automobile.
The above-mentioned serial numbers of the embodiments of the present invention are merely for description and do not represent the merits of the embodiments.
In the above embodiments of the present invention, the descriptions of the respective embodiments have respective emphasis, and for parts that are not described in detail in a certain embodiment, reference may be made to related descriptions of other embodiments.
In the embodiments provided in the present application, it should be understood that the disclosed technology can be implemented in other ways. The above-described embodiments of the apparatus are merely illustrative, and for example, the division of the units may be a logical division, and in actual implementation, there may be another division, for example, multiple units or components may be combined or integrated into another system, or some features may be omitted, or not executed. In addition, the shown or discussed mutual coupling or direct coupling or communication connection may be an indirect coupling or communication connection through some interfaces, units or modules, and may be in an electrical or other form.
The units described as separate parts may or may not be physically separate, and parts displayed as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of units. Some or all of the units can be selected according to actual needs to achieve the purpose of the solution of the embodiment.
In addition, functional units in the embodiments of the present invention may be integrated into one processing unit, or each unit may exist alone physically, or two or more units are integrated into one unit. The integrated unit can be realized in a form of hardware, and can also be realized in a form of a software functional unit.
The integrated unit, if implemented in the form of a software functional unit and sold or used as a stand-alone product, may be stored in a computer readable storage medium. Based on such understanding, the technical solution of the present invention may be embodied in the form of a software product, which is stored in a storage medium and includes instructions for causing a computer device (which may be a personal computer, a server, or a network device) to execute all or part of the steps of the method according to the embodiments of the present invention. And the aforementioned storage medium includes: a U-disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a removable hard disk, a magnetic or optical disk, and other various media capable of storing program codes.
The foregoing is only a preferred embodiment of the present invention, and it should be noted that, for those skilled in the art, various modifications and decorations can be made without departing from the principle of the present invention, and these modifications and decorations should also be regarded as the protection scope of the present invention.

Claims (10)

1. An isolation device, comprising:
the main control module is used for routing the message control module and the bus channel control module;
the master control module is used for performing enabling control on the routing control module and activating or forbidding a routing control function of the routing control module according to an external power supply and a communication input condition;
one end of the routing message control module is connected with the main control module, and the other end of the routing message control module is connected with the bus channel control module, and is used for adjusting a message forwarding path in a bus channel and verifying whether the message in each bus channel meets a preset safety condition;
one end of the bus channel control module is connected with the routing message control module and is used for transmitting the message meeting the preset safety condition;
wherein, the verifying whether the message in each bus channel meets the preset safety condition by the routing message control module comprises: judging whether the message identification of the message to be transmitted belongs to the identification of the diagnostic message class of the channel in the preset safety condition; if yes, judging whether the service identification in the message to be transmitted is the service identification needed after sale of the channel; if the service identification in the message to be transmitted is the service identification needed after sale of the channel, judging whether the service identification belongs to the risk service in the preset safety condition; if the risk service is confirmed, performing source node security verification, and releasing the message to be transmitted corresponding to the service identifier after passing the verification through a bus channel control module; and if the security verification of the source node fails, forbidding the access and the forwarding of the message to be transmitted through a bus channel control module.
2. The isolation device of claim 1, further comprising:
a power supply and a communication wake-up line;
the power supply is connected with the main control module and used for supplying power to the main control module;
the communication awakening line is connected with the main control module and used for awakening the main control module to enter a communication mode.
3. The isolation device according to claim 1, wherein the number of the bus channels corresponding to the bus channel control modules is an even number, and the number of the bus channel control modules is the same as the number of the bus channels.
4. An isolation device as claimed in any of claims 1 to 3, wherein the isolation device is located in a distributed network system of a vehicle, wherein the distributed network system of the vehicle comprises: the vehicle-mounted diagnosis interface network and the in-vehicle network are arranged in the vehicle-mounted diagnosis interface network, and the isolation device is located between the vehicle-mounted diagnosis interface network and the in-vehicle network and used for isolating messages which do not meet preset safety conditions.
5. A distributed network system for a vehicle, comprising:
a vehicle-mounted diagnostic interface network, an in-vehicle network, and an isolation device, wherein,
the isolation device is positioned between the vehicle-mounted diagnosis interface network and the in-vehicle network and is used for isolating messages which do not meet preset safety conditions;
wherein the isolation device comprises the isolation device of any one of claims 1 to 4.
6. A method for packet transmission, comprising:
the main control module controls the routing message control module to adjust the path of the message to be transmitted in the bus channel;
verifying whether the message to be transmitted in each bus channel meets preset safety conditions or not through the routing message control module;
under the condition that the routing message control module verifies that the message to be transmitted in the bus channel meets the preset safety condition, transmitting the message to be transmitted meeting the preset safety condition through the bus channel control module;
wherein, the verifying whether the message in each bus channel meets the preset safety condition by the routing message control module comprises: judging whether the message identification of the message to be transmitted belongs to the identification of the diagnostic message class of the channel in the preset safety condition; if yes, judging whether the service identification in the message to be transmitted is the service identification needed after sale of the channel; if the service identification in the message to be transmitted is the service identification needed after sale of the channel, judging whether the service identification belongs to the risk service in the preset safety condition; if the risk service is confirmed, performing source node security verification, and releasing the message to be transmitted corresponding to the service identifier after passing the verification through a bus channel control module; and if the security verification of the source node fails, forbidding the access and the forwarding of the message to be transmitted through a bus channel control module.
7. The packet transmission method according to claim 6, wherein the performing security verification on the source node if the risk service is confirmed comprises:
and verifying the security identification check code in the service identifier and a secondary verification code obtained by performing secondary encryption operation on the security identification check code with a prestored value.
8. The message transmission method according to claim 6, wherein the method further comprises:
and if the message identification of the message to be transmitted does not belong to the identification of the diagnostic message class of the channel in the preset safety condition, forbidding access or forbidding forwarding through a bus channel control module.
9. The message transmission method according to claim 6, wherein the transmitting the message satisfying the preset security condition through the bus channel control module includes:
and if the service identification does not belong to the risk service in the preset safety condition, sending the message to be transmitted through a bus channel control module.
10. An automobile, comprising: a distributed network system of an automobile, wherein the distributed network system of an automobile comprises the distributed network system of an automobile of claim 5.
CN201711200898.7A 2017-11-27 2017-11-27 Distributed network system of automobile, isolation device, message transmission method and automobile Active CN108173806B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201711200898.7A CN108173806B (en) 2017-11-27 2017-11-27 Distributed network system of automobile, isolation device, message transmission method and automobile

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201711200898.7A CN108173806B (en) 2017-11-27 2017-11-27 Distributed network system of automobile, isolation device, message transmission method and automobile

Publications (2)

Publication Number Publication Date
CN108173806A CN108173806A (en) 2018-06-15
CN108173806B true CN108173806B (en) 2020-12-08

Family

ID=62527663

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201711200898.7A Active CN108173806B (en) 2017-11-27 2017-11-27 Distributed network system of automobile, isolation device, message transmission method and automobile

Country Status (1)

Country Link
CN (1) CN108173806B (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111447165B (en) * 2018-12-29 2023-10-31 北京奇虎科技有限公司 Vehicle safety protection method and device

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103809574A (en) * 2014-02-28 2014-05-21 北京经纬恒润科技有限公司 Method for improving security of remote control vehicle
CN106154903A (en) * 2015-04-16 2016-11-23 上海汽车集团股份有限公司 Carry out, with peripheral hardware, the system and method that information is mutual for car load network
CN106647682A (en) * 2015-10-29 2017-05-10 北汽福田汽车股份有限公司 Information obtaining method and device for vehicle fault diagnosis

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US11343327B2 (en) * 2016-05-05 2022-05-24 Veniam, Inc. Systems and methods for managing vehicle OBD data in a network of moving things, for example including autonomous vehicle data

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103809574A (en) * 2014-02-28 2014-05-21 北京经纬恒润科技有限公司 Method for improving security of remote control vehicle
CN106154903A (en) * 2015-04-16 2016-11-23 上海汽车集团股份有限公司 Carry out, with peripheral hardware, the system and method that information is mutual for car load network
CN106647682A (en) * 2015-10-29 2017-05-10 北汽福田汽车股份有限公司 Information obtaining method and device for vehicle fault diagnosis

Also Published As

Publication number Publication date
CN108173806A (en) 2018-06-15

Similar Documents

Publication Publication Date Title
US11283601B2 (en) Update management method, update management system, and non-transitory recording medium
EP3403246B1 (en) A device and method for collecting user-based insurance data in vehicles
EP3084676B1 (en) Secure vehicular data management with enhanced privacy
DE102017124399A1 (en) HARDWARE SECURITY FOR AN ELECTRONIC CONTROL UNIT
EP3823209A1 (en) Key management method, vehicle-mounted network system, and key management device
CN106154903A (en) Carry out, with peripheral hardware, the system and method that information is mutual for car load network
US20140032800A1 (en) Vehicle message filter
EP3316524B1 (en) Protection device from cyber attacks to a vehicle through a diagnostic connector and related method
CN114095298B (en) System and method for managing secure communication between modules in controller local area network
KR101879014B1 (en) Connecting node for a communication network
CN105490803A (en) Distributing secret keys for managing access to ECUs
CN107251511A (en) In-car secure wireless communication framework based on region
CN105897669A (en) Data sending method, data receiving method, sending terminal, receiving terminal and CAN bus network
CN107817779A (en) The system and method for the unregistered device of Information Authentication based on Ethernet switch
KR102393555B1 (en) Method for protected communication between a vehicle and an external server, device for carrying out the key derivation in the method and vehicle
CN108173856A (en) Vehicle communication data safety detection method, device and car-mounted terminal
WO2019035275A1 (en) Vehicle safety system and vehicle safety method
CN111077883A (en) Vehicle-mounted network safety protection method and device based on CAN bus
CN112448813A (en) Method and device for generating an encryption key from a key derivation model, and vehicle
CN115066868A (en) Vehicle safety system
JP2024023912A (en) Fraud detection rule updating method, fraud detection electronic control unit, and on-vehicle network system
CN108173806B (en) Distributed network system of automobile, isolation device, message transmission method and automobile
DE102018109080A1 (en) SYSTEMS AND METHOD FOR USING MECHANICAL VIBRATION FOR OUTBOARD COMMUNICATIONS ON BOARD OF A VEHICLE
EP3291116B1 (en) System and method for validating auxiliary power unit by one time password
CN108881494A (en) Secure messaging methods based on In-vehicle networking and block chain

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant