CN109656600A - Vehicle-mounted method for upgrading software, system, device and medium - Google Patents
Vehicle-mounted method for upgrading software, system, device and medium Download PDFInfo
- Publication number
- CN109656600A CN109656600A CN201910000682.9A CN201910000682A CN109656600A CN 109656600 A CN109656600 A CN 109656600A CN 201910000682 A CN201910000682 A CN 201910000682A CN 109656600 A CN109656600 A CN 109656600A
- Authority
- CN
- China
- Prior art keywords
- vehicle
- upgrade
- software
- upgrade file
- certificate
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F8/00—Arrangements for software engineering
- G06F8/60—Software deployment
- G06F8/65—Updates
Abstract
A kind of vehicle-mounted method for upgrading software, includes the following steps: step 1, and data creating is extracted from root certificate and sub- certificate into code key;Step 2, encryption is carried out using secret key pair upgrade file form upgrade package;Step 3, onboard system is decrypted after receiving upgrade package using secret key pair upgrade package, obtains upgrade file;Step 4, upgrade file is carried out to vehicle-mounted software using upgrade file.Upgrade package of the vehicle-mounted method for upgrading software of the present invention Jing Guo the technical treatment also can not do converse works analyzing to upgrade file even if being acquired, and due to that can not know how upgrade file ciphertext generates, what code key is.And only have sub- certificate, in the case where root certificate can not be obtained, also can not just derive encryption code key even if guessing code key may be that certain mode is composed in upgrade package.
Description
Technical field
The present invention relates to physical field more particularly to the information processing technology, especially a kind of vehicle-mounted method for upgrading software is
System, device and medium.
Background technique
The software upgrade package of car entertainment product (IVI) is all the upgrade file of plaintext under normal circumstances and adds correspondence
Digital signature.Since upgrade package may be addressed to the shop 4S in the whole nation, such upgrade package is possible to fall into hacker's hand.Even if
Upgrade package is attached to digital signature, but due to upgrade file itself or plaintext, hacker can be by related tool to upgrading
File does converse works analyzing, and then understands our system is how to operate, and gives a clue for his next step attack.
In this context, upgrade package just needs to be confused or encrypt, and does converse works analyzing to reach increase hacker
Difficulty.But traditional upgrade package reinforcement means, there are two disadvantages:
1) if Obfuscating Algorithms (not being related to code key) is used only will be reduced out original once guessing Obfuscating Algorithms by hacker
Upgrade file, so that it may continue converse works analyzing.
If 2) encrypted using code key, the preservation of that code key becomes problem again.Even if having relevant safe procedures, also inevitably
Cause the leakage of code key;The complexity of plant produced line is also added simultaneously (after needing to encrypt code key to machine burning to support
Continuous software upgrading).
Summary of the invention
In view of the above technical problems, the purpose of the present invention is to provide a kind of vehicle-mounted method for upgrading software, system, device and
Medium.
In order to solve the above technical problems, vehicle-mounted method for upgrading software of the invention, includes the following steps:
Step 1, data creating is extracted from root certificate and sub- certificate into code key;
Step 2, encryption is carried out using secret key pair upgrade file form upgrade package;
Step 3, the upgrade package is transferred to onboard system, onboard system is solved using the secret key pair upgrade package
It is close, obtain upgrade file;
Step 4, upgrade file is carried out to vehicle-mounted software using upgrade file.
In step 1, data creating is extracted from the root certificate of Public Key Infrastructure and sub- certificate into code key.
Code key is AES128 code key.
A kind of vehicle-mounted software update system, comprising:
Module is made, for extracting data creating from root certificate and sub- certificate into code key;
Encrypting module forms upgrade package for carrying out encryption using secret key pair upgrade file;
Deciphering module obtains upgrade file for being decrypted using secret key pair upgrade package;
Upgraded module, for carrying out upgrade file to vehicle-mounted software using upgrade file.
A kind of vehicle-mounted software updating apparatus, comprising: be stored with the memory of vehicle-mounted software upgrade procedure and for running vehicle
The step of processor of load software upgrade procedure, vehicle-mounted software upgrade procedure is arranged for carrying out vehicle-mounted method for upgrading software.
A kind of computer readable storage medium, which is characterized in that vehicle-mounted software is stored on computer readable storage medium
The step of upgrade procedure, vehicle-mounted software upgrade procedure realizes vehicle-mounted method for upgrading software when being executed by processor.
The upgrade package of vehicle-mounted method for upgrading software of the invention Jing Guo the technical treatment also can not be right even if being acquired
Upgrade file does converse works analyzing, and due to that can not know how upgrade file ciphertext generates, what code key is.And it rises
There was only sub- certificate in grade packet, even if guessing code key may be that certain mode is composed, in the case where root certificate can not be obtained,
Also encryption code key can not be just derived.
Detailed description of the invention
Fig. 1 is the vehicle-mounted method for upgrading software flow chart of the present invention.
Specific embodiment
The vehicle-mounted method for upgrading software of the present invention is described in further detail with reference to the accompanying drawing.
The technology premise of the vehicle-mounted method for upgrading software of the present invention: the PKI system of safety upgrade can use two-stage certificate (root
Certificate, sub- certificate).Root certificate can be integrated into machine in advance;And sub- certificate is signed and issued by root certificate, corresponding private key for pair
The signature of daily upgrade file, and sub- certificate can be put into upgrade package.
The core point of technology: the upgrade procedure in upgrade package tools and machine, mutually one rule of agreement, such as from
The end of certificate data is fetched forward evidence, respectively extracts the data of corresponding length from root certificate, sub- certificate according to the rule, is spliced
At the AES code key of 16 bytes.The code key only be temporarily present in memory, will not as entity be present in flash or some
In national treasury.Upgrade package tools understand the AES secret key pair that temporarily spliced with this again after being signed with private key to upgrade file
Upgrade file encryption;And the upgrade procedure in machine can temporarily generate AES using same rule after detecting upgrade package
The decryption of secret key pair upgrade file.
Treaty rule citing: rule is flexibility and changeability, and each developer can lay down a regulation according to the hobby of oneself.It lifts
A example first extracts the data of 7 bytes from some position of sub- certificate, then proposes 9 bytes from some position of root certificate
Data, this two block number is according to 16 byte datas that are stitched together as AES128 code key.
As shown in Figure 1, the vehicle-mounted method for upgrading software of the present invention, is divided into two parts:
1) upgrade package tools
As long as upgrade package tools have linked associated encryption algorithms library, so that it may using the rule of agreement, from root certificate and son
AES128 code key is extracted in certificate, and then is encrypted with AES128 secret key pair upgrade file.
2) upgrade procedure in machine
Likewise, upgrade procedure also can extract AES128 code key, Jin Eryong by the rule of agreement from root certificate and sub- certificate
The secret key pair upgrade file ciphertext is decrypted.
The preferred embodiment of the present invention has been described in detail above, but the invention be not limited to it is described
Embodiment, those skilled in the art can also make various equivalent on the premise of not violating the inventive spirit of the present invention
Variation or replacement, these equivalent variation or replacement are all included in the scope defined by the claims of the present application.
Claims (6)
1. a kind of vehicle-mounted method for upgrading software, which comprises the steps of:
Step 1, data creating is extracted from root certificate and sub- certificate into code key;
Step 2, encryption is carried out using secret key pair upgrade file form upgrade package;
Step 3, the upgrade package is transferred to onboard system, onboard system is solved using the secret key pair upgrade package
It is close, obtain upgrade file;
Step 4, upgrade file is carried out to vehicle-mounted software using the upgrade file.
2. vehicle-mounted method for upgrading software according to claim 1, which is characterized in that in step 1, from Public Key Infrastructure
Data creating is extracted in root certificate and sub- certificate into code key.
3. vehicle-mounted method for upgrading software according to claim 1, which is characterized in that code key is AES128 code key.
4. a kind of vehicle-mounted software update system characterized by comprising
Module is made, for extracting data creating from root certificate and sub- certificate into code key;
Encrypting module forms upgrade package for carrying out encryption using secret key pair upgrade file;
Deciphering module obtains upgrade file for being decrypted using secret key pair upgrade package;
Upgraded module, for carrying out upgrade file to vehicle-mounted software using upgrade file.
5. a kind of vehicle-mounted software updating apparatus characterized by comprising be stored with the memory and use of vehicle-mounted software upgrade procedure
In the processor for running vehicle-mounted software upgrade procedure, vehicle-mounted software upgrade procedure is arranged for carrying out such as any one of claims 1 to 3
The step of described vehicle-mounted method for upgrading software.
6. a kind of computer readable storage medium, which is characterized in that be stored with vehicle-mounted software liter on computer readable storage medium
Grade program, vehicle-mounted software upgrade procedure realize vehicle-mounted software liter as claimed in any one of claims 1 to 3 when being executed by processor
The step of grade method.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910000682.9A CN109656600B (en) | 2019-01-02 | 2019-01-02 | Vehicle-mounted software upgrading method, system, device and medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910000682.9A CN109656600B (en) | 2019-01-02 | 2019-01-02 | Vehicle-mounted software upgrading method, system, device and medium |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN109656600A true CN109656600A (en) | 2019-04-19 |
| CN109656600B CN109656600B (en) | 2022-03-22 |
Family
ID=66118603
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201910000682.9A Active CN109656600B (en) | 2019-01-02 | 2019-01-02 | Vehicle-mounted software upgrading method, system, device and medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN109656600B (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112069502A (en) * | 2020-07-22 | 2020-12-11 | 延锋伟世通电子科技(上海)有限公司 | Safe starting method and device for vehicle-mounted MCU |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20150256347A1 (en) * | 2014-03-05 | 2015-09-10 | Industrial Technology Research Institute | Apparatuses and methods for certificate generation, certificate revocation and certificate verification |
| CN108196867A (en) * | 2018-03-08 | 2018-06-22 | 深圳市文鼎创数据科技有限公司 | Device for upgrading firmware, equipment and its firmware upgrade method of equipment |
| US20180219857A1 (en) * | 2017-01-27 | 2018-08-02 | Soumendra Bhattacharya | Systems and methods for certificate chain validation of secure elements |
| CN108632248A (en) * | 2018-03-22 | 2018-10-09 | 平安科技(深圳)有限公司 | Data ciphering method, data query method, apparatus, equipment and storage medium |
| US20180337788A1 (en) * | 2013-01-29 | 2018-11-22 | NEC Laboratories Europe GmbH | Method and system for providing encrypted data for searching of information therein and a method and system for searching of information on encrypted data |
-
2019
- 2019-01-02 CN CN201910000682.9A patent/CN109656600B/en active Active
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20180337788A1 (en) * | 2013-01-29 | 2018-11-22 | NEC Laboratories Europe GmbH | Method and system for providing encrypted data for searching of information therein and a method and system for searching of information on encrypted data |
| US20150256347A1 (en) * | 2014-03-05 | 2015-09-10 | Industrial Technology Research Institute | Apparatuses and methods for certificate generation, certificate revocation and certificate verification |
| US20180219857A1 (en) * | 2017-01-27 | 2018-08-02 | Soumendra Bhattacharya | Systems and methods for certificate chain validation of secure elements |
| CN108196867A (en) * | 2018-03-08 | 2018-06-22 | 深圳市文鼎创数据科技有限公司 | Device for upgrading firmware, equipment and its firmware upgrade method of equipment |
| CN108632248A (en) * | 2018-03-22 | 2018-10-09 | 平安科技(深圳)有限公司 | Data ciphering method, data query method, apparatus, equipment and storage medium |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112069502A (en) * | 2020-07-22 | 2020-12-11 | 延锋伟世通电子科技(上海)有限公司 | Safe starting method and device for vehicle-mounted MCU |
| CN112069502B (en) * | 2020-07-22 | 2024-02-09 | 延锋伟世通电子科技(上海)有限公司 | Safe starting method and device for vehicle-mounted MCU |
Also Published As
| Publication number | Publication date |
|---|---|
| CN109656600B (en) | 2022-03-22 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN100499452C (en) | Device and method for securely transmitting authorization data | |
| CN107682159B (en) | Trusted application management method and trusted application management system of intelligent terminal | |
| CN108566381A (en) | A kind of security upgrading method, device, server, equipment and medium | |
| US8495383B2 (en) | Method for the secure storing of program state data in an electronic device | |
| CN105468990A (en) | Sensitive information management control method and apparatus | |
| CN111274611A (en) | Data desensitization method, device and computer readable storage medium | |
| US10726130B2 (en) | Method and device for verifying upgrade of diagnosis connector of diagnostic equipment, and diagnosis connector | |
| CN107196907B (en) | A kind of guard method of Android SO files and device | |
| CN102082784A (en) | Method for upgrading software on line | |
| CN102932349A (en) | Data transmission method, device and system | |
| CN110704854B (en) | Stream type encryption method aiming at text data reserved format | |
| CN110855616B (en) | Digital key generation system | |
| CN103546289A (en) | USB (universal serial bus) Key based secure data transmission method and system | |
| SE517116C2 (en) | Method and device for secure communication services | |
| CN102523095A (en) | User digital certificate remote update method with intelligent card protection function | |
| CN105721154B (en) | Encryption protection method based on Android platform communication interface | |
| CN109005184A (en) | File encrypting method and device, storage medium, terminal | |
| CN112653719A (en) | Automobile information safety storage method and device, electronic equipment and storage medium | |
| CN114327532A (en) | Automobile OTA (over the air) upgrade information security implementation method based on digital signature and encryption | |
| CN109660328A (en) | Symmetric block encryption method, apparatus, equipment and medium | |
| CN113722741A (en) | Data encryption method and device and data decryption method and device | |
| CN109656600A (en) | Vehicle-mounted method for upgrading software, system, device and medium | |
| CN113326518A (en) | Data processing method and device | |
| WO2018033017A1 (en) | Terminal state conversion method and system for credit granting | |
| US7519179B2 (en) | Information transmission apparatus and method, information reception apparatus and method, and information-providing system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |