CN111629002B - OTA (over the air) safety upgrading method and system of vehicle ECU (electronic control Unit) - Google Patents

OTA (over the air) safety upgrading method and system of vehicle ECU (electronic control Unit) Download PDF

Info

Publication number
CN111629002B
CN111629002B CN202010466521.1A CN202010466521A CN111629002B CN 111629002 B CN111629002 B CN 111629002B CN 202010466521 A CN202010466521 A CN 202010466521A CN 111629002 B CN111629002 B CN 111629002B
Authority
CN
China
Prior art keywords
ota
certificate
authentication
ecu
vehicle
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202010466521.1A
Other languages
Chinese (zh)
Other versions
CN111629002A (en
Inventor
黄春晖
唐利科
刘中杰
张建平
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Infotech Shanghai Co ltd
Original Assignee
Infotech Shanghai Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Infotech Shanghai Co ltd filed Critical Infotech Shanghai Co ltd
Priority to CN202010466521.1A priority Critical patent/CN111629002B/en
Publication of CN111629002A publication Critical patent/CN111629002A/en
Application granted granted Critical
Publication of CN111629002B publication Critical patent/CN111629002B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0478Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload applying multiple layers of encryption, e.g. nested tunnels or encrypting the content with a first key and then with at least a second key
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/51Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems at application loading time, e.g. accepting, rejecting, starting or inhibiting executable software based on integrity or source reliability
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F8/00Arrangements for software engineering
    • G06F8/60Software deployment
    • G06F8/65Updates
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0823Network architectures or network communication protocols for network security for authentication of entities using certificates
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/083Network architectures or network communication protocols for network security for authentication of entities using passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0869Network architectures or network communication protocols for network security for authentication of entities for achieving mutual authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/02Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/06Protocols specially adapted for file transfer, e.g. file transfer protocol [FTP]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/12Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L69/00Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
    • H04L69/04Protocols for data compression, e.g. ROHC

Abstract

An OTA security upgrading method of a vehicle ECU comprises an OTA server step and an OTA vehicle end step. The invention respectively carries out safety processing before the upgrade package is uploaded to the OTA server, after the upgrade package is uploaded to the OTA server, when the OTA server issues the upgrade package to the OTA vehicle end and after the OTA vehicle end obtains the upgrade package, carries out corresponding authentication through different certificates, and simultaneously adds multiple encryption and signatures and abstract files, thereby improving the safety of upgrade.

Description

OTA (over the air) safety upgrading method and system of vehicle ECU (electronic control Unit)
Technical Field
The invention relates to the technical field of OTA (over the air) upgrading, in particular to an OTA (over the air) safety upgrading method and system of a vehicle ECU (electronic control unit).
Background
At present, in the field of automobiles, electromotion, intellectualization, networking and sharing become a new direction and a new trend of automobile development, the functions of an Electronic Control Unit (ECU) of an automobile are more and more powerful, the research and development time of the whole automobile is more and more tight, the firmware upgrade and iteration of the ECU become the core requirements of a whole automobile factory, and the ECU is also the key work content of after-sale maintenance.
In The past, The upgrade mode can only be performed by a 4S shop for off-line flash, so that The time of a client is delayed, The cost of upgrading a batch of software in a whole car factory is greatly increased, sometimes some versions related to safety need to be installed on a client car as soon as possible, and The timeliness of upgrade cannot be guaranteed in The traditional upgrade mode, so that in order to deal with more and more upgrade scenes, The upgrade mode of Over The Air (OTA) is used more and more.
The traditional security measures for vehicle OTA upgrading are only to authenticate a ca certificate shared by an OTA server and an OTA vehicle end, the OTA server and the OTA vehicle end can access each other after the authentication is passed, once the certificate is cracked, an attacker can easily acquire a large amount of sensitive information, and the security is low.
Disclosure of Invention
Based on the above, the OTA security upgrading method and system for the vehicle ECU are provided to solve the technical problems.
In order to solve the technical problems, the invention adopts the following technical scheme:
an OTA security upgrading method of a vehicle ECU comprises an OTA server step and an OTA vehicle end step;
the OTA server comprises the following steps:
receiving an upgrade package uploaded by an ECU equipment side end, wherein the upgrade package is subjected to primary signature and primary encryption by the ECU equipment side end, and is subjected to secondary signature by a finished automobile OEM end;
applying for a certificate of the ECU equipment side from a PKI side, and verifying the validity of the secondary signature;
acquiring a part number and a software and hardware version number of a corresponding ECU to be upgraded from the TSP end according to information in the upgrade package, and generating an information file;
hashing is carried out on the files in the upgrade package and the information files to obtain summary files;
applying for OTA server certificate from PKI end, signing the abstract file, compressing and packaging the file, information file and abstract file in the upgrade package, and carrying out secondary encryption through secret key;
performing bidirectional authentication with an OTA vehicle end in a mode of internal agreement between an OTA server and the OTA vehicle end;
after the two-way authentication is passed, integrating the compressed packet subjected to the secondary encryption, a method for decrypting the secondary encryption, the encrypted key and the password for analyzing the encrypted key according to a rule agreed with the interior of the OTA vehicle end, and then sending the integrated key to the OTA vehicle end;
the OTA vehicle end step comprises:
performing bidirectional authentication with an OTA server in a mode of internal agreement between the OTA server and an OTA vehicle end;
after the two-way authentication is passed, receiving the compressed packet, a method for decrypting the secondary encryption, the encrypted secret key and a password for analyzing the encrypted secret key from the OTA server, and performing encryption storage after the regulation is carried out;
analyzing the encrypted secret key through the password of the secret key after the encryption is analyzed to obtain the secret key, and decrypting the compressed packet through the method for decrypting the secondary encryption;
decompressing the decrypted compressed packet;
after decompression is completed, performing signature verification:
applying an OTA server certificate from a PKI end, and verifying the validity of the signature on the abstract file;
verifying the validity of the upgrade package according to the abstract file;
verifying the legality of the secondary signature by an upgrading agent program of the ECU to be upgraded through an interface provided by the OEM end of the whole vehicle, a certificate corresponding to the secondary signature and a method agreed with the OEM end of the whole vehicle;
and after the verification of the signature passes, sending the upgrading packet to the ECU to be upgraded, decrypting and verifying the primary encryption and the primary signature by the ECU to be upgraded, and upgrading by the ECU to be upgraded after the verification of the signature passes.
The OTA server and the OTA vehicle end internally agree in a way of shaking hands through a shaking hand message with HTTP data headers agreed by the OTA server and the OTA vehicle end internally, and the bidirectional authentication comprises an OTA server authentication step and an OTA vehicle end authentication step;
the OTA server authentication step comprises:
receiving the handshake message sent by the OTA vehicle end, and authenticating the HTTP data head;
after the authentication is passed, sending a certificate to the OTA client through an HTTPS protocol;
receiving a certificate sent by the OTA vehicle end, confirming that the OTA vehicle end equipment is registered at the TSP end to the TSP end through OTA vehicle end equipment information contained in the certificate after the certificate passes the certification and the TLS certification, and shaking hands after the confirmation;
the OTA vehicle terminal authentication step comprises the following steps:
sending the handshake message to the OTA server through an HTTPS protocol;
and receiving the certificate sent by the OTA server, wherein the certificate passes authentication, the TLS passes authentication, and after the domain name passes authentication, the certificate is sent to the OTA server through an HTTPS protocol.
The rules are OMA protocol based rules.
The hashing of the file in the upgrade package and the information file to obtain the summary file further comprises:
hashing is carried out on the files in the upgrade package and the information files to obtain first abstract files;
hashing the first abstract file to obtain a second abstract file;
the verifying the validity of the upgrade package according to the digest file further comprises:
the first abstract file obtained by decompression is hashed to obtain a second abstract file, the second abstract file is compared with the second abstract file obtained by decompression, and if the comparison is consistent, the first abstract file obtained by decompression is legal;
and hashing the files and the information files in the upgrade package obtained by decompressing to obtain a first abstract file, comparing the first abstract file with the first abstract file obtained by decompressing, and if the comparison is consistent, determining that the files and the information files in the upgrade package obtained by decompressing are legal.
The scheme also comprises that before the OTA vehicle end sends the upgrade package to the ECU to be upgraded, the OTA vehicle end and the upgrade agent program of the ECU to be upgraded perform mutual authentication, and the mutual authentication comprises the following steps:
the OTA vehicle end sends a certificate to the upgrading agent program;
after the upgrading agent program authentication certificate passes, sending the certificate of the upgrading agent program authentication certificate to the OTA vehicle end;
and after the OTA vehicle end authentication certificate passes, mutual authentication is completed.
The scheme also relates to an OTA safety upgrading system of the vehicle ECU, which comprises an OTA server and an OTA vehicle end;
the OTA server is used for executing the following steps:
receiving an upgrade package uploaded by an ECU equipment side end, wherein the upgrade package is subjected to primary signature and primary encryption by the ECU equipment side end, and is subjected to secondary signature by a finished automobile OEM end;
applying for a certificate of the ECU equipment side from a PKI side, and verifying the validity of the secondary signature;
acquiring a part number and a software and hardware version number of a corresponding ECU to be upgraded from the TSP end according to information in the upgrade package, and generating an information file;
hashing is carried out on the files in the upgrade package and the information files to obtain summary files;
applying for OTA server certificate from PKI end, signing the abstract file, compressing and packaging the file, information file and abstract file in the upgrade package, and carrying out secondary encryption through secret key;
performing bidirectional authentication with an OTA vehicle end in a mode of internal agreement between an OTA server and the OTA vehicle end;
after the two-way authentication is passed, integrating the compressed packet subjected to the secondary encryption, a method for decrypting the secondary encryption, the encrypted key and the password for analyzing the encrypted key according to a rule agreed with the interior of the OTA vehicle end, and then sending the integrated key to the OTA vehicle end;
the OTA vehicle end is used for executing the following steps:
performing bidirectional authentication with an OTA server in a mode of internal agreement between the OTA server and an OTA vehicle end;
after the two-way authentication is passed, receiving the compressed packet, a method for decrypting the secondary encryption, the encrypted secret key and a password for analyzing the encrypted secret key from the OTA server, and performing encryption storage after the regulation is carried out;
analyzing the encrypted secret key through the password of the secret key after the encryption is analyzed to obtain the secret key, and decrypting the compressed packet through the method for decrypting the secondary encryption;
decompressing the decrypted compressed packet;
after decompression is completed, performing signature verification:
applying an OTA server certificate from a PKI end, and verifying the validity of the signature on the abstract file;
verifying the validity of the upgrade package according to the abstract file;
verifying the legality of the secondary signature by an upgrading agent program of the ECU to be upgraded through an interface provided by the OEM end of the whole vehicle, a certificate corresponding to the secondary signature and a method agreed with the OEM end of the whole vehicle;
and after the verification of the signature passes, sending the upgrading packet to the ECU to be upgraded, decrypting and verifying the primary encryption and the primary signature by the ECU to be upgraded, and upgrading by the ECU to be upgraded after the verification of the signature passes.
The OTA server and the OTA vehicle end internally agree in a way of shaking hands through a shaking hand message with HTTP data headers agreed by the OTA server and the OTA vehicle end internally, and the bidirectional authentication comprises an OTA server authentication step and an OTA vehicle end authentication step;
the OTA server authentication step comprises:
receiving the handshake message sent by the OTA vehicle end, and authenticating the HTTP data head;
after the authentication is passed, sending a certificate to the OTA client through an HTTPS protocol;
receiving a certificate sent by the OTA vehicle end, confirming that the OTA vehicle end equipment is registered at the TSP end to the TSP end through OTA vehicle end equipment information contained in the certificate after the certificate passes the certification and the TLS certification, and shaking hands after the confirmation;
the OTA vehicle terminal authentication step comprises the following steps:
sending the handshake message to the OTA server through an HTTPS protocol;
and receiving the certificate sent by the OTA server, wherein the certificate passes authentication, the TLS passes authentication, and after the domain name passes authentication, the certificate is sent to the OTA server through an HTTPS protocol.
The rules are OMA protocol based rules.
The hashing of the file in the upgrade package and the information file to obtain the summary file further comprises:
hashing is carried out on the files in the upgrade package and the information files to obtain first abstract files;
hashing the first abstract file to obtain a second abstract file;
the verifying the validity of the upgrade package according to the digest file further comprises:
the first abstract file obtained by decompression is hashed to obtain a second abstract file, the second abstract file is compared with the second abstract file obtained by decompression, and if the comparison is consistent, the first abstract file obtained by decompression is legal;
and hashing the files and the information files in the upgrade package obtained by decompressing to obtain a first abstract file, comparing the first abstract file with the first abstract file obtained by decompressing, and if the comparison is consistent, determining that the files and the information files in the upgrade package obtained by decompressing are legal.
The scheme also comprises that before the OTA vehicle end sends the upgrade package to the ECU to be upgraded, the OTA vehicle end and the upgrade agent program of the ECU to be upgraded perform mutual authentication, and the mutual authentication comprises the following steps:
the OTA vehicle end sends a certificate to the upgrading agent program;
after the upgrading agent program authentication certificate passes, sending the certificate of the upgrading agent program authentication certificate to the OTA vehicle end;
and after the OTA vehicle end authentication certificate passes, mutual authentication is completed.
The invention respectively carries out safety processing before the upgrade package is uploaded to the OTA server, after the upgrade package is uploaded to the OTA server, when the OTA server issues the upgrade package to the OTA vehicle end and after the OTA vehicle end obtains the upgrade package, carries out corresponding authentication through different certificates, and simultaneously adds multiple encryption and signatures and abstract files, thereby improving the safety of upgrade.
Drawings
The invention is described in detail below with reference to the following figures and detailed description:
FIG. 1 is a flow chart of the OTA server steps of the present invention;
FIG. 2 is a flow chart of the OTA vehicle end steps of the present invention;
FIG. 3 is a schematic diagram of a regular folder tree of the present invention.
Detailed Description
As shown in fig. 1 and 2, the OTA security upgrading method for the vehicle ECU comprises an OTA server step and an OTA vehicle end step.
The OTA server comprises the following steps:
and S111, receiving the upgrade package uploaded by the ECU equipment side.
The upgrading packet is subjected to primary signature and primary encryption by an ECU equipment side end in advance, and is subjected to secondary signature by a finished automobile OEM end, and the specific process is as follows:
a. and the ECU equipment side end and the OEM end of the whole vehicle respectively apply for the user and the corresponding authority to the OTA server.
b. And the ECU equipment side end creates an upgrade package, carries out primary signature and primary encryption on the upgrade package, and provides the upgrade package to the complete vehicle OEM end through sftp.
c. And the OEM end of the whole vehicle directly signs the upgrade package for the second time without concerning the content of the upgrade package, and the upgrade package is packaged and then sent to the ECU equipment side end through sftp.
Of course, the upgrade package may be delivered in a manner other than sftp in steps b and c.
d. And the ECU equipment side logs in the OTA server by using the user name and the password, and then uploads the update package.
If the number of the uploaded upgrade packages is large, namely the upgrade packages are uploaded by the plurality of ECU equipment sides, the OEM end of the whole automobile can log in the OTA server by using a user name and a password, and the uploaded upgrade packages are packaged, namely the upgrade packages of the plurality of ECU equipment sides are arranged.
And S112, applying a certificate of the ECU equipment side from the PKI side, and verifying the validity of the secondary signature.
And S113, acquiring the part number and the software and hardware version number of the corresponding ECU to be upgraded from the TSP end according to the information in the upgrade package, and generating an information file. The format of the information file is a common data transmission format, such as json or xml.
The PKI refers to Public Key Infrastructure (Public Key Infrastructure), and the TSP refers to automotive remote Service Provider (Telematics Service Provider).
The mutual authentication is based on a PKI end and a TSP end, data are written into the TSP end in the whole vehicle offline process, the data required in the authentication process are from the TSP end, when a certificate is applied to the PKI end, the PKI end is distributed after being authenticated according to the data of the TSP end, and when equipment is used as required, the certificate is applied to the PKI end through an interface.
The data written to the TSP end includes:
vehicle data, vehicle VIN code information, manufacturer information, brand information, project name, series name, vehicle model name, manufacturing date, and lot number.
The master node ECU and other ECU information include the ECU name, the ECU serial number, the ECU code id, the part number, the hardware version and the upgrade estimate time.
And S114, hashing the files and the information files in the upgrade package to obtain the summary file.
And S115, applying for an OTA server certificate from the PKI end, signing the abstract file, compressing and packaging the file, the information file and the abstract file in the upgrade package, and carrying out secondary encryption through a secret key.
And S116, performing bidirectional authentication with the OTA vehicle end in a mode of internal agreement between the OTA server and the OTA vehicle end.
And S117, after the bidirectional authentication is passed, integrating the compressed packet after the secondary encryption, the method for decrypting the secondary encryption, the encrypted key and the password for analyzing the encrypted key according to the rule agreed with the interior of the OTA vehicle end, and then sending the integrated key to the OTA vehicle end.
The whole vehicle OEM end can log in an OTA server by using a user name and a password, a corresponding upgrade package is selected to create a corresponding upgrade task, each ECU of each trolley can be accurately selected by the task, and the whole vehicle OEM end can firstly measure one trolley or a small number of trolleys, namely, verify the reliability of the upgrade package, and then carry out large-scale operation.
Step II, OTA vehicle end comprises:
and S121, the OTA client program performs bidirectional authentication with the OTA server in a mode that the OTA server and the OTA vehicle end are internally agreed.
The OTA client runs on the OTA vehicle-end main node ECU.
And S122, after the two-way authentication is passed, the OTA client program receives the compressed packet from the OTA server, the method for decrypting the secondary encryption, the encrypted key and the password for analyzing the encrypted key, arranges the encrypted key according to the rules and then encrypts and stores the encrypted key, so that the data is prevented from being intercepted, and the safety is improved.
The decryption method in step S117 may be an identifier, and decryption methods corresponding to different identifiers are preset in the OTA vehicle, and after receiving the identifier, the OTA vehicle can obtain a corresponding decryption method.
And S123, the OTA client program analyzes the encrypted key through the password of the key after the encryption is analyzed to obtain the key, and decrypts the compressed packet through a method for decrypting the secondary encryption.
And S124, decompressing the decrypted compressed packet by the OTA client program.
S125, after decompression is completed, the OTA client program checks the signature:
a. and applying for an OTA server certificate from the PKI end, and verifying the validity of the signature on the abstract file.
b. And verifying the validity of the upgrade package according to the abstract file.
c. And verifying the validity of the secondary signature by an upgrading agent program of the ECU to be upgraded through an interface provided by the OEM end of the whole vehicle, a certificate corresponding to the secondary signature and a method agreed with the OEM end of the whole vehicle.
And S126, after the verification passes, the OTA client program sends the upgrade package to the ECU to be upgraded, the ECU to be upgraded decrypts and verifies the signature for one time, and the ECU to be upgraded is used for upgrading after the verification passes.
If the OTA server does not have the upgrading task, the session between the OTA server and the OTA vehicle end is terminated, and after the next communication period, bidirectional authentication is needed in each communication process.
The invention respectively carries out safety processing before the upgrade package is uploaded to the OTA server, after the upgrade package is uploaded to the OTA server, when the OTA server issues the upgrade package to the OTA vehicle end and after the OTA vehicle end obtains the upgrade package, carries out corresponding authentication through different certificates, and simultaneously adds multiple encryption and signatures and abstract files, thereby improving the safety of upgrade.
In this embodiment, the OTA server and the OTA vehicle end in steps S116 and S121 are agreed internally by means of handshaking messages having HTTP headers agreed internally by the OTA server and the OTA vehicle end, and in the above two steps, the bidirectional authentication includes an OTA server authentication step and an OTA vehicle end authentication step.
The OTA server authentication step comprises the following steps:
a. and receiving the handshake message sent by the OTA vehicle end, and authenticating the HTTP data header.
b. And after the authentication is passed, sending the certificate to the OTA client through an HTTPS protocol.
c. And receiving a certificate sent by the OTA vehicle end, after the certificate passes the authentication and the TLS passes the authentication, confirming that the OTA vehicle end equipment is registered at the TSP end to the TSP end through OTA vehicle end equipment information contained in the certificate, and shaking hands after the confirmation.
The OTA vehicle terminal authentication step comprises:
a. and the OTA client program sends the handshake message to the OTA server through an HTTPS protocol by a software and hardware interface provided by the main node ECU.
b. And the OTA client program receives the certificate sent by the OTA server, the certificate authentication is passed, the TLS authentication is passed, and after the domain name authentication is passed, the OTA client program sends the certificate of the OTA client program to the OTA server through an HTTPS protocol.
In the present embodiment, the rules in steps S117 and S122 are rules based on the OMA protocol.
As shown in fig. 3, the integrated data may adopt a multi-level folder structure, each folder contains an xml file describing the folder, if there is a folder in the subordinate, the folder type is a node type, and if there is only a value and a description below the folder, the value is parsed according to the description, and the description and the value are externally invisible and internally known. For example, the data B of the type a originally to be sent by the cloud end is processed, the data in the folder is the data D of the type C, and the original data can be known to be the data B of the type a according to the description file.
In this embodiment, the certificate obtained from the PKI side is stored in the memory or encrypted and stored in the FLASH (FLASH memory), so as to ensure the security of the certificate.
In this embodiment, step S114 (hash the file and the information file in the upgrade package to obtain the digest file) further includes:
and hashing the files and the information files in the upgrade package through the OTA server certificate to obtain a first summary file.
And hashing the first summary file through the OTA server certificate to obtain a second summary file.
Accordingly, the step b of the step S125 (verifying the validity of the upgrade package according to the digest file) further includes:
and hashing the first abstract file obtained by decompression through the OTA server certificate to obtain a second abstract file, comparing the second abstract file with the second abstract file obtained by decompression, and if the comparison is consistent, determining that the first abstract file obtained by decompression is legal.
And hashing the files and the information files in the upgrade package obtained by decompressing through the OTA server certificate to obtain a first abstract file, comparing the first abstract file with the first abstract file obtained by decompressing, and if the comparison is consistent, determining that the files and the information files in the upgrade package obtained by decompressing are legal, namely the upgrade package is legal.
And the OTA server certificate is obtained by applying from a PKI end.
In this embodiment, before the OTA vehicle end sends the upgrade package to the ECU to be upgraded, the OTA client program of the OTA vehicle end and the upgrade agent program of the ECU to be upgraded perform mutual authentication, and after the mutual authentication is completed (legal), the upgrade package is sent to the ECU to be upgraded, so that it is ensured that both the sender and the receiver of the upgrade package are legal, and the security is improved.
Wherein the mutual authentication includes:
a. the OTA client program sends the certificate to the upgrade agent program.
b. And after the upgrading agent program passes the authentication certificate, sending the certificate to the OTA client program.
c. And after the OTA client program passes the authentication certificate, mutual authentication is completed.
The scheme also relates to an OTA safety upgrading system of the vehicle ECU, which comprises an OTA server and an OTA vehicle end;
as shown in fig. 1, the OTA server is configured to perform the following steps:
and S111, receiving the upgrade package uploaded by the ECU equipment side.
The upgrading packet is subjected to primary signature and primary encryption by an ECU equipment side end in advance, and is subjected to secondary signature by a finished automobile OEM end, and the specific process is as follows:
a. and the ECU equipment side end and the OEM end of the whole vehicle respectively apply for the user and the corresponding authority to the OTA server.
b. And the ECU equipment side end creates an upgrade package, carries out primary signature and primary encryption on the upgrade package, and provides the upgrade package to the complete vehicle OEM end through sftp.
c. And the OEM end of the whole vehicle directly signs the upgrade package for the second time without concerning the content of the upgrade package, and the upgrade package is packaged and then sent to the ECU equipment side end through sftp.
Of course, the upgrade package may be delivered in a manner other than sftp in steps b and c.
d. And the ECU equipment side logs in the OTA server by using the user name and the password, and then uploads the update package.
If the number of the uploaded upgrade packages is large, namely the upgrade packages are uploaded by the plurality of ECU equipment sides, the OEM end of the whole automobile can log in the OTA server by using a user name and a password, and the uploaded upgrade packages are packaged, namely the upgrade packages of the plurality of ECU equipment sides are arranged.
And S112, applying a certificate of the ECU equipment side from the PKI side, and verifying the validity of the secondary signature.
And S113, acquiring the part number and the software and hardware version number of the corresponding ECU to be upgraded from the TSP end according to the information in the upgrade package, and generating an information file. The format of the information file is a common data transmission format, such as json or xml.
The PKI refers to Public Key Infrastructure (Public Key Infrastructure), and the TSP refers to automotive remote Service Provider (Telematics Service Provider).
The mutual authentication is based on a PKI end and a TSP end, data are written into the TSP end in the whole vehicle offline process, the data required in the authentication process are from the TSP end, when a certificate is applied to the PKI end, the PKI end is distributed after being authenticated according to the data of the TSP end, and when equipment is used as required, the certificate is applied to the PKI end through an interface.
The data written to the TSP end includes:
vehicle data, vehicle VIN code information, manufacturer information, brand information, project name, series name, vehicle model name, manufacturing date, and lot number.
The master node ECU and other ECU information include the ECU name, the ECU serial number, the ECU code id, the part number, the hardware version and the upgrade estimate time.
And S114, hashing the files and the information files in the upgrade package to obtain the summary file.
And S115, applying for an OTA server certificate from the PKI end, signing the abstract file, compressing and packaging the file, the information file and the abstract file in the upgrade package, and carrying out secondary encryption through a secret key.
And S116, performing bidirectional authentication with the OTA vehicle end in a mode of internal agreement between the OTA server and the OTA vehicle end.
And S117, after the bidirectional authentication is passed, integrating the compressed packet after the secondary encryption, the method for decrypting the secondary encryption, the encrypted key and the password for analyzing the encrypted key according to the rule agreed with the interior of the OTA vehicle end, and then sending the integrated key to the OTA vehicle end.
The whole vehicle OEM end can log in an OTA server by using a user name and a password, a corresponding upgrade package is selected to create a corresponding upgrade task, each ECU of each trolley can be accurately selected by the task, and the whole vehicle OEM end can firstly measure one trolley or a small number of trolleys, namely, verify the reliability of the upgrade package, and then carry out large-scale operation.
As shown in fig. 2, the OTA car end is configured to perform the following steps:
and S121, the OTA client program performs bidirectional authentication with the OTA server in a mode that the OTA server and the OTA vehicle end are internally agreed.
The OTA client runs on the OTA vehicle-end main node ECU.
And S122, after the two-way authentication is passed, the OTA client program receives the compressed packet from the OTA server, the method for decrypting the secondary encryption, the encrypted key and the password for analyzing the encrypted key, arranges the encrypted key according to the rules and then encrypts and stores the encrypted key, so that the data is prevented from being intercepted, and the safety is improved.
The decryption method in step S117 may be an identifier, and decryption methods corresponding to different identifiers are preset in the OTA vehicle, and after receiving the identifier, the OTA vehicle can obtain a corresponding decryption method.
And S123, the OTA client program analyzes the encrypted key through the password of the key after the encryption is analyzed to obtain the key, and decrypts the compressed packet through a method for decrypting the secondary encryption.
And S124, decompressing the decrypted compressed packet by the OTA client program.
S125, after decompression is completed, the OTA client program checks the signature:
a. and applying for an OTA server certificate from the PKI end, and verifying the validity of the signature on the abstract file.
b. And verifying the validity of the upgrade package according to the abstract file.
c. And verifying the validity of the secondary signature by an upgrading agent program of the ECU to be upgraded through an interface provided by the OEM end of the whole vehicle, a certificate corresponding to the secondary signature and a method agreed with the OEM end of the whole vehicle.
And S126, after the verification passes, the OTA client program sends the upgrade package to the ECU to be upgraded, the ECU to be upgraded decrypts and verifies the signature for one time, and the ECU to be upgraded is used for upgrading after the verification passes.
If the OTA server does not have the upgrading task, the session between the OTA server and the OTA vehicle end is terminated, and after the next communication period, bidirectional authentication is needed in each communication process.
The invention respectively carries out safety processing before the upgrade package is uploaded to the OTA server, after the upgrade package is uploaded to the OTA server, when the OTA server issues the upgrade package to the OTA vehicle end and after the OTA vehicle end obtains the upgrade package, carries out corresponding authentication through different certificates, and simultaneously adds multiple encryption and signatures and abstract files, thereby improving the safety of upgrade.
In this embodiment, the OTA server and the OTA vehicle end in steps S116 and S121 are agreed internally by means of handshaking messages having HTTP headers agreed internally by the OTA server and the OTA vehicle end, and in the above two steps, the bidirectional authentication includes an OTA server authentication step and an OTA vehicle end authentication step.
The OTA server authentication step comprises the following steps:
a. and receiving the handshake message sent by the OTA vehicle end, and authenticating the HTTP data header.
b. And after the authentication is passed, sending the certificate to the OTA client through an HTTPS protocol.
c. And receiving a certificate sent by the OTA vehicle end, after the certificate passes the authentication and the TLS passes the authentication, confirming that the OTA vehicle end equipment is registered at the TSP end to the TSP end through OTA vehicle end equipment information contained in the certificate, and shaking hands after the confirmation.
The OTA vehicle terminal authentication step comprises:
a. and the OTA client program sends the handshake message to the OTA server through an HTTPS protocol by a software and hardware interface provided by the main node ECU.
b. And the OTA client program receives the certificate sent by the OTA server, the certificate authentication is passed, the TLS authentication is passed, and after the domain name authentication is passed, the OTA client program sends the certificate of the OTA client program to the OTA server through an HTTPS protocol.
In the present embodiment, the rules in steps S117 and S122 are rules based on the OMA protocol.
As shown in fig. 3, the integrated data may adopt a multi-level folder structure, each folder contains an xml file describing the folder, if there is a folder in the subordinate, the folder type is a node type, and if there is only a value and a description below the folder, the value is parsed according to the description, and the description and the value are externally invisible and internally known. For example, the data B of the type a originally to be sent by the cloud end is processed, the data in the folder is the data D of the type C, and the original data can be known to be the data B of the type a according to the description file.
In this embodiment, the certificate obtained from the PKI side is stored in the memory or encrypted and stored in the FLASH (FLASH memory), so as to ensure the security of the certificate.
In this embodiment, step S114 (hash the file in the upgrade package and the information file to obtain a digest file) further includes:
and hashing the files and the information files in the upgrade package through the OTA server certificate to obtain a first summary file.
And hashing the first summary file through the OTA server certificate to obtain a second summary file.
Accordingly, the step b of the step S125 (verifying the validity of the upgrade package according to the digest file) further includes:
and hashing the first abstract file obtained by decompression through the OTA server certificate to obtain a second abstract file, comparing the second abstract file with the second abstract file obtained by decompression, and if the comparison is consistent, determining that the first abstract file obtained by decompression is legal.
And hashing the files and the information files in the upgrade package obtained by decompressing through the OTA server certificate to obtain a first abstract file, comparing the first abstract file with the first abstract file obtained by decompressing, and if the comparison is consistent, determining that the files and the information files in the upgrade package obtained by decompressing are legal, namely the upgrade package is legal.
And the OTA server certificate is obtained by applying from a PKI end.
In this embodiment, before the OTA vehicle end sends the upgrade package to the ECU to be upgraded, the OTA client program of the OTA vehicle end and the upgrade agent program of the ECU to be upgraded perform mutual authentication, and after the mutual authentication is completed (legal), the upgrade package is sent to the ECU to be upgraded, so that it is ensured that both the sender and the receiver of the upgrade package are legal, and the security is improved.
Wherein the mutual authentication includes:
a. the OTA client program sends the certificate to the upgrade agent program.
b. And after the upgrading agent program passes the authentication certificate, sending the certificate to the OTA client program.
c. And after the OTA client program passes the authentication certificate, mutual authentication is completed.
However, those skilled in the art should realize that the above embodiments are illustrative only and not limiting to the present invention, and that changes and modifications to the above described embodiments are intended to fall within the scope of the appended claims, provided they fall within the true spirit of the present invention.

Claims (10)

1. An OTA security upgrading method of a vehicle ECU comprises an OTA server step and an OTA vehicle end step;
the OTA server comprises the following steps:
receiving an upgrade package uploaded by an ECU equipment side end, wherein the upgrade package is subjected to primary signature and primary encryption by the ECU equipment side end, and is subjected to secondary signature by a finished automobile OEM end;
applying for a certificate of the ECU equipment side from a PKI side, and verifying the validity of the secondary signature;
acquiring a part number and a software and hardware version number of a corresponding ECU to be upgraded from the TSP end according to information in the upgrade package, and generating an information file;
hashing is carried out on the files in the upgrade package and the information files to obtain summary files;
applying for OTA server certificate from PKI end, signing the abstract file, compressing and packaging the file, information file and abstract file in the upgrade package, and carrying out secondary encryption through secret key;
performing bidirectional authentication with an OTA vehicle end in a mode of internal agreement between an OTA server and the OTA vehicle end;
after the two-way authentication is passed, integrating the compressed packet subjected to the secondary encryption, a method for decrypting the secondary encryption, the encrypted key and the password for analyzing the encrypted key according to a rule agreed with the interior of the OTA vehicle end, and then sending the integrated key to the OTA vehicle end;
the OTA vehicle end step comprises:
performing bidirectional authentication with an OTA server in a mode of internal agreement between the OTA server and an OTA vehicle end;
after the two-way authentication is passed, receiving the compressed packet, a method for decrypting the secondary encryption, the encrypted secret key and a password for analyzing the encrypted secret key from the OTA server, and performing encryption storage after the regulation is carried out;
analyzing the encrypted secret key through the password of the secret key after the encryption is analyzed to obtain the secret key, and decrypting the compressed packet through the method for decrypting the secondary encryption;
decompressing the decrypted compressed packet;
after decompression is completed, performing signature verification:
applying an OTA server certificate from a PKI end, and verifying the validity of the signature on the abstract file;
verifying the validity of the upgrade package according to the abstract file;
verifying the legality of the secondary signature by an upgrading agent program of the ECU to be upgraded through an interface provided by the OEM end of the whole vehicle, a certificate corresponding to the secondary signature and a method agreed with the OEM end of the whole vehicle;
and after the verification of the signature passes, sending the upgrading packet to the ECU to be upgraded, decrypting and verifying the primary encryption and the primary signature by the ECU to be upgraded, and upgrading by the ECU to be upgraded after the verification of the signature passes.
2. The OTA security upgrade method for the vehicle ECU according to claim 1, wherein the OTA server and the OTA vehicle end are engaged internally in a manner of handshaking through a handshaking message having an HTTP data header engaged internally by the OTA server and the OTA vehicle end, and the bidirectional authentication comprises an OTA server authentication step and an OTA vehicle end authentication step;
the OTA server authentication step comprises:
receiving the handshake message sent by the OTA vehicle end, and authenticating the HTTP data head;
after the authentication is passed, sending a certificate to the OTA client through an HTTPS protocol;
receiving a certificate sent by the OTA vehicle end, confirming that the OTA vehicle end equipment is registered at the TSP end to the TSP end through OTA vehicle end equipment information contained in the certificate after the certificate passes the certification and the TLS certification, and shaking hands after the confirmation;
the OTA vehicle terminal authentication step comprises the following steps:
sending the handshake message to the OTA server through an HTTPS protocol;
and receiving the certificate sent by the OTA server, wherein the certificate passes authentication, the TLS passes authentication, and after the domain name passes authentication, the certificate is sent to the OTA server through an HTTPS protocol.
3. The OTA security upgrade method for a vehicle ECU according to claim 2, wherein the rules are OMA protocol based rules.
4. The OTA security upgrade method for the vehicle ECU according to claim 1 or 3, wherein the hashing the file in the upgrade package and the information file to obtain a digest file further comprises:
hashing is carried out on the files in the upgrade package and the information files to obtain first abstract files;
hashing the first abstract file to obtain a second abstract file;
the verifying the validity of the upgrade package according to the digest file further comprises:
the first abstract file obtained by decompression is hashed to obtain a second abstract file, the second abstract file is compared with the second abstract file obtained by decompression, and if the comparison is consistent, the first abstract file obtained by decompression is legal;
and hashing the files and the information files in the upgrade package obtained by decompressing to obtain a first abstract file, comparing the first abstract file with the first abstract file obtained by decompressing, and if the comparison is consistent, determining that the files and the information files in the upgrade package obtained by decompressing are legal.
5. The OTA security upgrade method for vehicle ECU according to claim 4, further comprising mutual authentication between the OTA vehicle end and an upgrade agent of the ECU to be upgraded before the OTA vehicle end sends the upgrade package to the ECU to be upgraded, the mutual authentication comprising:
the OTA vehicle end sends a certificate to the upgrading agent program;
after the upgrading agent program authentication certificate passes, sending the certificate of the upgrading agent program authentication certificate to the OTA vehicle end;
and after the OTA vehicle end authentication certificate passes, mutual authentication is completed.
6. An OTA security upgrading system of a vehicle ECU is characterized by comprising an OTA server and an OTA vehicle end;
the OTA server is used for executing the following steps:
receiving an upgrade package uploaded by an ECU equipment side end, wherein the upgrade package is subjected to primary signature and primary encryption by the ECU equipment side end, and is subjected to secondary signature by a finished automobile OEM end;
applying for a certificate of the ECU equipment side from a PKI side, and verifying the validity of the secondary signature;
acquiring a part number and a software and hardware version number of a corresponding ECU to be upgraded from the TSP end according to information in the upgrade package, and generating an information file;
hashing is carried out on the files in the upgrade package and the information files to obtain summary files;
applying for OTA server certificate from PKI end, signing the abstract file, compressing and packaging the file, information file and abstract file in the upgrade package, and carrying out secondary encryption through secret key;
performing bidirectional authentication with an OTA vehicle end in a mode of internal agreement between an OTA server and the OTA vehicle end;
after the two-way authentication is passed, integrating the compressed packet subjected to the secondary encryption, a method for decrypting the secondary encryption, the encrypted key and the password for analyzing the encrypted key according to a rule agreed with the interior of the OTA vehicle end, and then sending the integrated key to the OTA vehicle end;
the OTA vehicle end is used for executing the following steps:
performing bidirectional authentication with an OTA server in a mode of internal agreement between the OTA server and an OTA vehicle end;
after the two-way authentication is passed, receiving the compressed packet, a method for decrypting the secondary encryption, the encrypted secret key and a password for analyzing the encrypted secret key from the OTA server, and performing encryption storage after the regulation is carried out;
analyzing the encrypted secret key through the password of the secret key after the encryption is analyzed to obtain the secret key, and decrypting the compressed packet through the method for decrypting the secondary encryption;
decompressing the decrypted compressed packet;
after decompression is completed, performing signature verification:
applying an OTA server certificate from a PKI end, and verifying the validity of the signature on the abstract file;
verifying the validity of the upgrade package according to the abstract file;
verifying the legality of the secondary signature by an upgrading agent program of the ECU to be upgraded through an interface provided by the OEM end of the whole vehicle, a certificate corresponding to the secondary signature and a method agreed with the OEM end of the whole vehicle;
and after the verification of the signature passes, sending the upgrading packet to the ECU to be upgraded, decrypting and verifying the primary encryption and the primary signature by the ECU to be upgraded, and upgrading by the ECU to be upgraded after the verification of the signature passes.
7. The OTA security upgrade system for vehicle ECU according to claim 6, characterized in that the OTA server and OTA vehicle end both internally agreed in a way that handshaking is performed by means of a handshaking message having HTTP data headers agreed in the OTA server and OTA vehicle end both internally, and the mutual authentication comprises an OTA server authentication step and an OTA vehicle end authentication step;
the OTA server authentication step comprises:
receiving the handshake message sent by the OTA vehicle end, and authenticating the HTTP data head;
after the authentication is passed, sending a certificate to the OTA client through an HTTPS protocol;
receiving a certificate sent by the OTA vehicle end, confirming that the OTA vehicle end equipment is registered at the TSP end to the TSP end through OTA vehicle end equipment information contained in the certificate after the certificate passes the certification and the TLS certification, and shaking hands after the confirmation;
the OTA vehicle terminal authentication step comprises the following steps:
sending the handshake message to the OTA server through an HTTPS protocol;
and receiving the certificate sent by the OTA server, wherein the certificate passes authentication, the TLS passes authentication, and after the domain name passes authentication, the certificate is sent to the OTA server through an HTTPS protocol.
8. The OTA security upgrade system for a vehicle ECU according to claim 7, wherein the rules are OMA protocol based rules.
9. The OTA security upgrade system for vehicle ECUs according to claim 6 or 8, wherein the hashing the file in the upgrade package and the information file to obtain a digest file further comprises:
hashing is carried out on the files in the upgrade package and the information files to obtain first abstract files;
hashing the first abstract file to obtain a second abstract file;
the verifying the validity of the upgrade package according to the digest file further comprises:
the first abstract file obtained by decompression is hashed to obtain a second abstract file, the second abstract file is compared with the second abstract file obtained by decompression, and if the comparison is consistent, the first abstract file obtained by decompression is legal;
and hashing the files and the information files in the upgrade package obtained by decompressing to obtain a first abstract file, comparing the first abstract file with the first abstract file obtained by decompressing, and if the comparison is consistent, determining that the files and the information files in the upgrade package obtained by decompressing are legal.
10. The OTA security upgrade system for vehicle ECU according to claim 9, further comprising a mutual authentication between the OTA vehicle end and the upgrade agent of the ECU to be upgraded before the OTA vehicle end sends the upgrade package to the ECU to be upgraded, the mutual authentication comprising:
the OTA vehicle end sends a certificate to the upgrading agent program;
after the upgrading agent program authentication certificate passes, sending the certificate of the upgrading agent program authentication certificate to the OTA vehicle end;
and after the OTA vehicle end authentication certificate passes, mutual authentication is completed.
CN202010466521.1A 2020-05-28 2020-05-28 OTA (over the air) safety upgrading method and system of vehicle ECU (electronic control Unit) Active CN111629002B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202010466521.1A CN111629002B (en) 2020-05-28 2020-05-28 OTA (over the air) safety upgrading method and system of vehicle ECU (electronic control Unit)

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202010466521.1A CN111629002B (en) 2020-05-28 2020-05-28 OTA (over the air) safety upgrading method and system of vehicle ECU (electronic control Unit)

Publications (2)

Publication Number Publication Date
CN111629002A CN111629002A (en) 2020-09-04
CN111629002B true CN111629002B (en) 2022-02-08

Family

ID=72272690

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202010466521.1A Active CN111629002B (en) 2020-05-28 2020-05-28 OTA (over the air) safety upgrading method and system of vehicle ECU (electronic control Unit)

Country Status (1)

Country Link
CN (1) CN111629002B (en)

Families Citing this family (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112583578B (en) * 2020-11-25 2023-03-24 青岛海信传媒网络技术有限公司 Display equipment and safety upgrading method thereof
CN112491557B (en) * 2020-11-26 2022-07-08 北京智象信息技术有限公司 OTA package upgrading method and system for intelligent sound box operating system
CN113055181A (en) * 2021-03-08 2021-06-29 爱瑟福信息科技(上海)有限公司 OTA file security processing method, device and system
CN112882750A (en) * 2021-03-23 2021-06-01 东软睿驰汽车技术(沈阳)有限公司 OTA upgrade package processing method and device and electronic equipment
CN113204358A (en) * 2021-03-25 2021-08-03 联合汽车电子有限公司 Software package refreshing service method, service system and readable storage medium
CN113727299B (en) * 2021-07-15 2024-03-08 江铃汽车股份有限公司 Handshake authentication method and device, readable storage medium and vehicle
CN114547623A (en) * 2022-01-24 2022-05-27 中国第一汽车股份有限公司 Vehicle data upgrading protection method and system and vehicle
CN115174645B (en) * 2022-06-30 2024-03-26 北京新能源汽车股份有限公司 Automobile OTA cloud interaction method and system
CN115967502A (en) * 2023-01-03 2023-04-14 重庆长安汽车股份有限公司 Terminal security upgrading method and system, electronic equipment and readable storage medium

Family Cites Families (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
FR2898001A1 (en) * 2006-02-28 2007-08-31 Gemplus Sa Secured digital content`s e.g. musical piece, secured access management method, involves producing file based on adapted access right, key and certificate, where file is accessible by terminal so that officer processes content based on file
KR101600460B1 (en) * 2013-06-17 2016-03-08 한국산업기술대학교산학협력단 System for electric control unit upgrade with security functions and method thereof
CN106453269B (en) * 2016-09-21 2021-06-25 东软集团股份有限公司 Internet of vehicles safety communication method, vehicle-mounted terminal, server and system
EP3566400B1 (en) * 2017-01-05 2022-08-17 Guardknox Cyber Technologies Ltd. Specially programmed computing systems with associated devices configured to implement centralized services ecu based on services oriented architecture and methods of use thereof
CN109445810A (en) * 2018-09-07 2019-03-08 百度在线网络技术(北京)有限公司 Information upgrade method, device and the storage medium of automatic driving vehicle
CN110489143B (en) * 2019-07-18 2023-10-13 南京依维柯汽车有限公司 FOTA firmware remote upgrading system and method on new energy automobile
CN110597538B (en) * 2019-09-03 2023-06-30 广州小鹏汽车科技有限公司 Software upgrading method and OTA upgrading system based on OTA upgrading system

Also Published As

Publication number Publication date
CN111629002A (en) 2020-09-04

Similar Documents

Publication Publication Date Title
CN111629002B (en) OTA (over the air) safety upgrading method and system of vehicle ECU (electronic control Unit)
JP7159328B2 (en) Secure communication between in-vehicle electronic control units
CN109479000B (en) Reuse system, key generation device, data security device, vehicle-mounted computer, reuse method, and storage medium
US8972736B2 (en) Fully authenticated content transmission from a provider to a recipient device via an intermediary device
US11251978B2 (en) System and method for cryptographic protections of customized computing environment
US8327146B2 (en) Wireless communication using compact certificates
US8856536B2 (en) Method and apparatus for secure firmware download using diagnostic link connector (DLC) and OnStar system
US11882509B2 (en) Virtual key binding method and system
CN110800249B (en) Maintenance system and maintenance method
CN111131313B (en) Safety guarantee method and system for replacing ECU (electronic control Unit) of intelligent networked automobile
US9940446B2 (en) Anti-piracy protection for software
CN109314644B (en) Data providing system, data protection device, data providing method, and storage medium
CN115396121B (en) Security authentication method for security chip OTA data packet and security chip device
JP2023501665A (en) Method and apparatus for processing vehicle upgrade packages
CN113015159A (en) Initial security configuration method, security module and terminal
Buschlinger et al. Plug-and-patch: Secure value added services for electric vehicle charging
CN112883382A (en) Vehicle flashing method, vehicle networking box, vehicle and storage medium
CN117348824B (en) Cloud printing system and related device
CN112261002B (en) Data interface docking method and device
CN111464554B (en) Vehicle information safety control method and system
CN115134154A (en) Authentication method and device, and method and system for remotely controlling vehicle
US20230155842A1 (en) Method and apparatus for certifying an application-specific key and for requesting such certification
CN116419206A (en) OTA upgrading method, device, equipment, storage medium and vehicle
CN117850846A (en) Upgrading method, device, equipment and storage medium of target electronic control unit
CN117768504A (en) System and method for transmitting data of automobile diagnosis interface

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant