CN112327796B - Control method and electronic control unit for automobile diagnosis service - Google Patents

Control method and electronic control unit for automobile diagnosis service Download PDF

Info

Publication number
CN112327796B
CN112327796B CN202011129002.2A CN202011129002A CN112327796B CN 112327796 B CN112327796 B CN 112327796B CN 202011129002 A CN202011129002 A CN 202011129002A CN 112327796 B CN112327796 B CN 112327796B
Authority
CN
China
Prior art keywords
diagnostic
instrument
service
diagnosis
identifier
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202011129002.2A
Other languages
Chinese (zh)
Other versions
CN112327796A (en
Inventor
叶翔
何川
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Zhida Chengyuan Technology Co ltd
Original Assignee
ARCHERMIND TECHNOLOGY (NANJING) CO LTD
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by ARCHERMIND TECHNOLOGY (NANJING) CO LTD filed Critical ARCHERMIND TECHNOLOGY (NANJING) CO LTD
Priority to CN202011129002.2A priority Critical patent/CN112327796B/en
Publication of CN112327796A publication Critical patent/CN112327796A/en
Application granted granted Critical
Publication of CN112327796B publication Critical patent/CN112327796B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G05CONTROLLING; REGULATING
    • G05BCONTROL OR REGULATING SYSTEMS IN GENERAL; FUNCTIONAL ELEMENTS OF SUCH SYSTEMS; MONITORING OR TESTING ARRANGEMENTS FOR SUCH SYSTEMS OR ELEMENTS
    • G05B23/00Testing or monitoring of control systems or parts thereof
    • G05B23/02Electric testing or monitoring
    • G05B23/0205Electric testing or monitoring by means of a monitoring system capable of detecting and responding to faults
    • G05B23/0259Electric testing or monitoring by means of a monitoring system capable of detecting and responding to faults characterized by the response to fault detection
    • G05B23/0262Confirmation of fault detection, e.g. extra checks to confirm that a failure has indeed occurred
    • GPHYSICS
    • G05CONTROLLING; REGULATING
    • G05BCONTROL OR REGULATING SYSTEMS IN GENERAL; FUNCTIONAL ELEMENTS OF SUCH SYSTEMS; MONITORING OR TESTING ARRANGEMENTS FOR SUCH SYSTEMS OR ELEMENTS
    • G05B2219/00Program-control systems
    • G05B2219/20Pc systems
    • G05B2219/24Pc safety
    • G05B2219/24065Real time diagnostics

Abstract

The invention provides a control method and an electronic control unit for automobile diagnosis service, wherein the method comprises the following steps: when a seed request message sent by a diagnostic instrument is received, seed data is generated and sent to the diagnostic instrument; receiving a private key request message sent by a diagnostic instrument, and performing security authentication according to a diagnostic instrument identifier and an encrypted private key in the private key request message; acquiring a safety authentication result and sending the safety authentication result to a diagnostic instrument; and receiving a diagnosis service request initiated by the diagnosis instrument, performing authority authentication according to the diagnosis service table and the diagnosis instrument identifier, and feeding back an authority authentication result corresponding to the diagnosis service request to the diagnosis instrument. The invention distributes different diagnostic service authorities to the diagnostic instruments with different identities, realizes that different diagnostic services are controlled to be accessed according to the identifiers of the diagnostic instruments under the same diagnostic session scene, and ensures that the control granularity of the diagnostic service authorities is finer.

Description

Control method and electronic control unit for automobile diagnosis service
Technical Field
The invention relates to automobile electronic diagnosis, in particular to a control method and an electronic control unit of automobile diagnosis service.
Background
The UDS protocol (Unified Diagnostic Services) is a standardized standard for Diagnostic Services, such as reading fault data, configuring related service data, and the like. Tools such as diagnostic instruments may access automotive related services via the UDS protocol. In view of automotive-related security, access to UDS services (such as write data 2E services, etc.) must be secured through a secure authentication.
However, in the existing security authentication scheme of the UDS, once the diagnostic device passes the security authentication, all the diagnostic service permissions are granted to the diagnostic device that passes the security authentication, so that the security authentication granularity is coarse, and it is difficult to adapt to some actual diagnostic scenarios. For example, if different diagnostic devices are controlled with different permissions, such scenarios cannot be satisfied according to the existing UDS security implementation mechanism. Therefore, how to control different diagnostic service authorities for different diagnostic apparatuses in the same diagnostic session is a problem that needs to be solved urgently by those skilled in the art.
Disclosure of Invention
The invention aims to provide a control method and an electronic control unit for automobile diagnosis service, which realize the allocation of different diagnosis service authorities to diagnosis instruments with different identities, realize the control of accessing different diagnosis services according to identifiers of the diagnosis instruments under the same diagnosis session situation and ensure that the control granularity of the diagnosis service authorities is finer.
The technical scheme provided by the invention is as follows:
the invention provides a control method of automobile diagnosis service, which comprises the following steps:
when a seed request message sent by a diagnostic instrument is received, seed data is generated and sent to the diagnostic instrument;
receiving a private key request message sent by a diagnostic instrument, and performing security authentication according to a diagnostic instrument identifier and an encrypted private key in the private key request message;
acquiring a safety authentication result and sending the safety authentication result to the diagnostic instrument;
and receiving a diagnosis service request initiated by the diagnosis instrument, performing authority authentication according to a diagnosis service table and a diagnosis instrument identifier, and feeding back an authority authentication result corresponding to the diagnosis service request to the diagnosis instrument.
Further, before generating seed data and sending the seed data to the diagnostic apparatus when receiving a seed request message sent by the diagnostic apparatus, the method includes:
initializing the diagnosis service table after power-on or reset; the diagnostic service table includes a correspondence of service types and diagnostic instrument identifiers.
Further, the performing security authentication according to the diagnostic instrument identifier and the encrypted private key in the private key request message includes:
receiving a private key request message sent by the diagnostic instrument;
calculating according to the seed data and the identifier of the diagnostic instrument to obtain a calculation key, and comparing the calculation key with an encryption private key;
if the calculation key is consistent with the encrypted private key, determining that the security authentication is passed;
and if the calculation key is different from the encryption private key, determining that the security authentication fails.
Further, the obtaining a security authentication result and sending the security authentication result to the diagnostic apparatus includes:
when the security authentication passes, the identifier of the diagnostic apparatus in the private key request message is stored, and a determined response message passing the security authentication is fed back to the diagnostic apparatus;
and replacing the identifier of the diagnostic instrument with a preset identifier when the security authentication fails, and feeding back a negative response message that the security authentication fails to pass to the diagnostic instrument.
Further, the performing authority authentication according to the diagnostic service table and the diagnostic device identifier, and the feeding back the authority authentication result corresponding to the diagnostic service request to the diagnostic device includes:
according to the diagnostic instrument identifier and the service type included in the diagnostic service request, inquiring in a diagnostic service table, and judging whether the diagnostic instrument corresponding to the identifier has the capability of accessing the service type;
if yes, returning a positive response message to the diagnostic instrument;
if not, a negative response message is returned to the diagnostic apparatus, and the diagnostic service request of the diagnostic apparatus is rejected.
The present invention also provides an electronic control unit comprising:
the communication module is used for receiving a seed request message, a private key request message and a diagnosis service request sent by the diagnosis instrument; the diagnostic instrument is also used for sending seed data corresponding to the seed request message, a security authentication result corresponding to the private key request message and an authority authentication result corresponding to the diagnostic service request to the diagnostic instrument;
the security authentication module is used for receiving a private key request message sent by the diagnostic instrument and performing security authentication according to a diagnostic instrument identifier and an encrypted private key in the private key request message to obtain a security authentication result;
the updating module is used for updating the identifier of the diagnostic instrument according to the safety certification result;
and the authority authentication module is used for carrying out authority authentication on the diagnosis service request according to the diagnosis service table and the diagnosis instrument identifier to obtain an authority authentication result.
Further, the method also comprises the following steps:
the initialization module is used for initializing the diagnosis service table after power-on or reset; the diagnostic service table includes a correspondence of service types and diagnostic instrument identifiers.
Further, the security authentication module includes:
the calculation submodule is used for calculating to obtain a calculation key according to the seed data and the identifier of the diagnostic instrument;
the comparison submodule is used for comparing the calculation key with an encryption private key; if the calculation key is consistent with the encrypted private key, determining that the security authentication is passed; and if the calculation key is different from the encryption private key, determining that the security authentication fails.
Further, the update module includes:
the storage sub-module is used for storing a preset identifier, and the preset identifier is used for indicating that the security authentication fails;
the updating submodule is used for saving the diagnostic instrument identifier in the private key request message when the security authentication passes; the diagnostic instrument identifier is replaced by a preset identifier when the safety certification is not passed;
the security authentication module includes:
the first generation submodule is used for generating a confirmation response message if the security authentication passes; if the security authentication fails, generating a negative response message;
the communication module is further configured to send the confirmation response message to the diagnostic apparatus if the security authentication passes, and send the negative response message to the diagnostic apparatus if the security authentication does not pass.
Further, the right authentication module includes:
the judging submodule is used for inquiring in a diagnosis service table according to the identifier of the diagnosis instrument and the service type included in the diagnosis service request, and judging whether the diagnosis instrument corresponding to the identifier has the capability of accessing the service type; if yes, generating a positive response message, and if no, generating a negative response message;
the communication module is further configured to return a positive response message to the diagnostic apparatus, or return a negative response message to the diagnostic apparatus, and reject the diagnostic service request of the diagnostic apparatus.
The control method and the electronic control unit for the automobile diagnosis service can distribute different diagnosis service authorities for the diagnosis instruments with different identities, are simple and convenient, have lower error rate, realize the control of different diagnosis service authorities for different diagnosis instruments under the same diagnosis session scene, and control and access different diagnosis services according to the diagnosis instrument identifiers, so that the control granularity of the diagnosis service authorities is thinner.
Drawings
The above features, technical features, advantages and implementations of a control method and an electronic control unit for automotive diagnostic services will be further explained in a clearly understandable manner, referring to the accompanying drawings, which illustrate preferred embodiments.
FIG. 1 is a flow chart of one embodiment of a method of controlling a vehicle diagnostic service of the present invention;
FIG. 2 is a flow chart of another embodiment of a method of controlling a vehicle diagnostic service of the present invention;
FIG. 3 is a schematic view of a scene flow of a 2E service request of a control method of the automobile diagnosis service of the invention;
fig. 4 is a schematic structural diagram of an embodiment of an electronic control unit of the present invention.
Detailed Description
In the following description, for purposes of explanation and not limitation, specific details are set forth, such as particular system structures, techniques, etc. in order to provide a thorough understanding of the embodiments of the present application. However, it will be apparent to one skilled in the art that the present application may be practiced in other embodiments that depart from these specific details. In other instances, detailed descriptions of well-known systems, devices, circuits, and methods are omitted so as not to obscure the description of the present application with unnecessary detail.
It will be understood that the terms "comprises" and/or "comprising," when used in this specification and the appended claims, specify the presence of stated features, integers, steps, operations, elements, and/or components, but do not preclude the presence or addition of one or more other features, integers, steps, operations, elements, components, and/or groups thereof.
For the sake of simplicity, only the parts relevant to the present invention are schematically shown in the drawings, and they do not represent the actual structure as a product. In addition, in order to make the drawings concise and understandable, components having the same structure or function in some of the drawings are only schematically illustrated or only labeled. In this document, "one" means not only "only one" but also a case of "more than one".
It should be further understood that the term "and/or" as used in this specification and the appended claims refers to and includes any and all possible combinations of one or more of the associated listed items.
In addition, in the description of the present application, the terms "first", "second", and the like are used only for distinguishing the description, and are not intended to indicate or imply relative importance.
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the following description will be made with reference to the accompanying drawings. It is obvious that the drawings in the following description are only some examples of the invention, and that for a person skilled in the art, other drawings and embodiments can be derived from them without inventive effort.
In accordance with an embodiment of the present invention, there is provided an embodiment of a control method for automotive diagnostic services, it is noted that the steps illustrated in the flowchart of the drawings may be carried out in a computer system such as a set of computer-executable instructions, and that while a logical order is illustrated in the flowchart, in some cases the steps illustrated or described may be carried out in an order different than that presented herein.
One embodiment of the present invention, as shown in fig. 1, is a control method for a vehicle diagnostic service, including:
s100, generating seed data and sending the seed data to the diagnostic instrument when receiving a seed request message sent by the diagnostic instrument;
specifically, the concept of diagnosis comes from the medical field, and medical staff can use data to judge the illness of a patient by inquiring and observing the patient or detecting the patient by an instrument. The purpose of vehicle diagnosis is similar to that of vehicle diagnosis, so that the fault and the fault reason of a vehicle or a certain controller can be judged quickly and accurately, and reliable basis is provided for maintenance. The vehicle diagnosis needs to have a diagnostic apparatus and an ECU end (namely, a vehicle-mounted computer or an electronic control unit), the diagnostic apparatus (namely, the diagnostic apparatus or diagnostic equipment of the vehicle) and the ECU end communicate in a question-and-answer mode, so that both the diagnostic apparatus and the ECU end need to follow the same diagnostic communication protocol, and the application adopts the common ISO 14229, namely the UDS protocol. When the diagnostic instrument has the diagnostic service requirement, a seed request message is generated according to the UDS protocol and is sent to the ECU end, and the ECU end randomly generates seed data after receiving the seed message.
S200, receiving a private key request message sent by the diagnostic instrument, and performing security authentication according to a diagnostic instrument identifier and an encrypted private key in the private key request message;
s300, acquiring a safety certification result and sending the safety certification result to a diagnostic instrument;
specifically, after the ECU sends the generated seed data to the diagnostic apparatus, the diagnostic apparatus sends a private key request message to the ECU, where the private key request message includes a diagnostic apparatus identifier and an encrypted private key. The diagnostic device identifier is a character string representing the identity of the diagnostic device, and may be an SN (i.e., serial number), a model number, or the like. The encrypted private key is obtained by carrying out encryption calculation on the diagnostic instrument according to the seed data, the diagnostic instrument identifier and a preset encryption algorithm after the diagnostic instrument receives the seed data sent by the ECU terminal. And after receiving the private key request message, the ECU performs security authentication on the diagnostic instrument according to the diagnostic instrument identifier and the encrypted private key to judge whether the diagnostic instrument has the security access right.
And the ECU terminal transmits the security authentication result to a diagnostic instrument which sends the private key request message. After the diagnostic instrument receives the safety certification result sent by the ECU terminal, the diagnostic instrument can send a diagnostic server request to the ECU terminal on the premise that the ECU terminal verifies that the safety certification of the diagnostic instrument passes.
S400, receiving a diagnosis service request initiated by the diagnosis instrument, performing authority authentication according to the diagnosis service table and the diagnosis instrument identifier, and feeding back an authority authentication result corresponding to the diagnosis service request to the diagnosis instrument.
Specifically, the diagnostic service table includes a corresponding relationship between a service type and a diagnostic instrument identifier, and the service type and the diagnostic service name are already specified in the UDS protocol, so that which diagnostic instrument the diagnostic instrument is can be identified by setting the diagnostic instrument identifier, and the diagnostic service authority of the diagnostic instrument can be further analyzed. For example, when the service type is "22", the UDS protocol specifies the corresponding diagnostic service name as "read data", when the service type is "2E", the UDS protocol specifies the corresponding diagnostic service name as "write data", and when the service type is "19", the UDS protocol specifies the corresponding diagnostic service name as "read trouble code". Here, the service type and the diagnostic service name are only examples, and the correspondence relationship between the other service types and the diagnostic service names may be referred to in the UDS protocol specifically, and will not be described in detail here. Generally, the service type and the diagnostic meter identifier of the diagnostic service table are represented in a binary, octal or hexadecimal manner, preferably hexadecimal.
Therefore, the ECU terminal matches the received diagnosis service request according to the diagnosis service table and the identifier of the diagnosis instrument, judges whether to allow the diagnosis service authority required by the diagnosis service request to be granted to the diagnosis instrument according to the matching result, further obtains the authority authentication result corresponding to the diagnosis service request according to the judgment result, then sends the authority authentication result to the diagnosis instrument, and the diagnosis instrument carries out access diagnosis on the vehicle according to the authority authentication result or reinitiates the request to carry out a new round of authentication.
In the embodiment, the diagnostic instrument identifier is participated in the safety certification, so that the individual and personalized safety certification can be performed for different diagnostic instruments, and the safety of the diagnosis service performed by a plurality of diagnostic instruments is improved. In addition, the diagnostic service table is set, the diagnostic instrument identifier indicates the identity of the diagnostic instrument, so that different diagnostic service authorities can be distributed to the diagnostic instruments with different identities, the method is simple and convenient, the error rate is lower, the control of different diagnostic service authorities on different diagnostic instruments under the same diagnostic session situation is further realized, and different UDS services (namely unified diagnostic services) are controlled and accessed according to the diagnostic instrument identifier, so that the control granularity of the diagnostic service authorities is finer.
One embodiment of the present invention, as shown in fig. 2, is a control method for a vehicle diagnostic service, including:
s010 initializes the diagnosis service table after power-on or reset; the diagnostic service table includes a correspondence of service types and diagnostic instrument identifiers.
Specifically, after the ECU is powered on or reset, Bootloader code (i.e., a boot program) is executed first. Bootloader executes basic initialization, and initializes hardware equipment and a diagnosis service table so as to prepare software and hardware environment of the ECU end.
S100, generating seed data and sending the seed data to the diagnostic instrument when receiving a seed request message sent by the diagnostic instrument;
specifically, after the ECU is powered on or reset to complete initialization of the diagnostic service table, the ECU monitors whether a seed request message sent by the diagnostic apparatus is received in real time, and if the ECU determines that the seed request message sent by the diagnostic apparatus is received, the ECU randomly generates seed data and sends the seed data to the corresponding diagnostic apparatus.
S210, receiving a private key request message sent by the diagnostic instrument, calculating according to the seed data and the identifier of the diagnostic instrument to obtain a calculation key, and comparing the calculation key with the encrypted private key;
specifically, the seed request message sent by the diagnostic apparatus includes a first security level value, and the private key request message sent by the diagnostic apparatus also includes a second security level value, where the first security level value is an odd number, the second security level value is an even number, and the second security level value is equal to the first security level value + 1. In addition, the private key request message also comprises a diagnostic instrument identifier of the automobile diagnostic instrument and an encrypted private key, wherein the encrypted private key is obtained through calculation according to the seed data, the diagnostic instrument identifier and a user-defined security algorithm.
The security level values in the seed request message and the private key request message sent by the diagnostic device to the ECU terminal are correlated, so that the security level of the diagnostic session is the same level. For example, if the first security level value in the seed request message sent by the diagnostic apparatus to the ECU is "0 x 05", the second security level value of the private key request message subsequently sent by the diagnostic apparatus to the ECU is "0 x 06", that is, "0 x 05" and "0 x 06" are a pair. For example, if the first security level value in the seed request message sent by the diagnostic apparatus to the ECU is "0 x 01", the second security level value of the private key request message subsequently sent by the diagnostic apparatus to the ECU is "0 x 02", that is, "0 x 01" and "0 x 02" are a pair. Here, it is only an example, and the relationship between the security level value between the seed request message and the private key request message sent by the diagnostic apparatus can be referred to the UDS protocol, and will not be described in detail here.
When the diagnostic apparatus sends the seed request message and the private key request message, the description is given by taking the example of requesting to enter 01 this security level (sub-function). It is noted, however, that the Sub-function (i.e., the first security level) of the request seed need not be 01, but may be any odd value between 03, 05, or 07-7D, with which different security levels are sorted. Likewise, the Sub-function (i.e., the second security level) at the time of sending the private key request message is not necessarily 02(01+1), and may be any even value between 04, 06, or 08-7E. Note, however, that the second security level of the private key request message is the value of the first security level +1 in the previously sent seed request message, i.e., as 01 corresponds to 02,03 corresponds to 04, and 07 corresponds to 08. Here, for example, information such as the division of a specific security level, a key algorithm, a seed algorithm, and the length of a key may be previously specified by the automobile manufacturer.
Preferably, the diagnostic device identifier of the diagnostic device may be carried in the clear, i.e. the private key request message may include the diagnostic device identifier in the clear. Of course, the diagnostic identifier of the diagnostic device may also be carried as a calculation factor for cryptographic use. In the scheme, the diagnostic instrument identifier is carried in the private key request message, and the private key request message can also carry customized content according to requirements.
S220, if the calculated key is consistent with the encrypted private key, determining that the security authentication is passed;
s230, if the calculated secret key is different from the encrypted private key, determining that the security authentication fails;
specifically, after receiving a private key request message sent by a diagnostic instrument, the ECU performs encryption calculation according to a diagnostic instrument identifier in the private key request message and seed data generated before, and also according to a custom security algorithm to obtain a calculation key. The self-defined safety algorithm built in the ECU end is matched with the self-defined safety algorithm built in the diagnostic apparatus.
And after the ECU terminal calculates the calculation key, comparing the encrypted private key in the private key request message received from the diagnostic instrument with the calculation key. And if the calculation key is consistent with or the same as the encryption private key, determining that the security authentication is passed. And if the calculation key is not consistent with or different from the encryption private key, determining that the security authentication is not passed.
S310, replacing the identifier of the diagnostic instrument with the identifier of the diagnostic instrument in the private key request message when the security authentication passes, and feeding back a determined response message passing the security authentication to the diagnostic instrument;
s320, replacing the identifier of the diagnostic instrument with a preset identifier when the security authentication fails, and feeding back a negative response message that the security authentication fails to pass to the diagnostic instrument; the preset identifier is used for indicating that the security authentication is not passed;
specifically, the ECU determines that the security authentication fails when the calculation key is different from the encryption private key, and at this time, the ECU feeds back a negative response message indicating that the security authentication fails to pass to the diagnostic instrument according to the diagnostic service protocol. And the ECU end determines that the security authentication is passed when the calculation key is consistent with the encryption private key, and at the moment, the ECU end feeds back a determined response message that the security authentication is passed to the diagnostic instrument according to the diagnostic service protocol.
S410, receiving a diagnosis service request initiated by a diagnosis instrument;
s420, according to the identifier of the diagnostic instrument and the service type included in the diagnostic service request, inquiring in a diagnostic service table, and judging whether the diagnostic instrument corresponding to the identifier has the capability of accessing the service type;
s430, if yes, returning a positive response message to the diagnostic instrument;
s440, if not, returning a negative response message to the diagnostic instrument, and rejecting the diagnostic service request of the diagnostic instrument;
in particular, a UDS is essentially a collection of a series of services. Each Service of the UDS (including but not limited to 10 diagnostic session control, 14 clear diagnostic information, 19 read diagnostic information, 22 read data from DID, 27 secure unlock Service, 2E write data from DID) has its own independent SID (Service Identifier, diagnostic Service ID is Service type).
The diagnostic party (Tester) sends a specified diagnostic service Request (Request) to the ECU terminal, wherein the diagnostic service Request needs to contain the service type, and the service type is in the first byte. And after the ECU end receives the diagnosis service request sent by the diagnosis instrument, the diagnosis service request is analyzed to obtain the service type in the diagnosis service request.
Specifically, the ECU performs query in the diagnostic service table according to the identifier of the diagnostic apparatus and the service type included in the diagnostic service request, determines whether the diagnostic apparatus corresponding to the identifier has the capability of accessing the service type, and if so, the header byte of the positive response message fed back to the diagnostic apparatus is [ SID +0x40], for example, the service type is 0x10, and when the ECU determines that the diagnostic apparatus corresponding to the identifier has the capability of accessing the service type, the header byte of the reply in the positive response message fed back to the diagnostic apparatus is "0 x50 (0 x10+0x 40)", and also, for example, the service type is 0x19, and when the diagnostic apparatus corresponding to the identifier of the ECU has the capability of accessing the service type, the header byte of the reply in the positive response message fed back to the diagnostic apparatus is "0 x59 (0 x19+0x 40).
If the ECU terminal determines that the diagnostic apparatus corresponding to the identifier does not have the capability of accessing the service type, the first byte of a negative response message fed back to the diagnostic apparatus is 0x7F, the second byte is that the diagnostic service request comprises the service type, and the third byte is NRC. For example, the service type is 0x10, and when the ECU determines that the diagnostic apparatus corresponding to the identifier does not have the capability of accessing the service type, the reply header byte in the Negative Response message fed back to the diagnostic apparatus is "header byte is 0x7F, the second byte is 0x10, and the third byte is NRC (Negative Response Code, which is an abbreviation of Negative Response Code and represents a reason for failing). Common NCRs can refer to the UDS protocol and are not described in detail here.
In the embodiment, the whole process is subjected to secondary authentication, when the ECU terminal receives a seed request message sent by the diagnostic instrument during primary authentication, the ECU terminal generates seed data and transmits the seed data to the diagnostic instrument, then receives a private key request message sent by the diagnostic instrument, performs security authentication according to an encrypted private key and a diagnostic instrument identifier in the private key request message, and returns a security authentication result to the diagnostic instrument. And the second authentication is used for authenticating the authority of the diagnosis service authority of the diagnosis instrument according to the diagnosis service table, the identifier of the diagnosis instrument and the service type in the diagnosis service request sent by the diagnosis instrument, so that whether the diagnosis instrument initiating the diagnosis service request can perform diagnosis service operation corresponding to the service type is judged, and an authority security authentication result is returned to the diagnosis instrument.
In addition, in the embodiment, the diagnostic instrument identifier is involved in the safety certification, so that the individual and personalized safety certification can be performed for different diagnostic instruments, and the safety of the diagnostic service performed by multiple diagnostic instruments is improved. In addition, the diagnostic service table is set, the diagnostic instrument identifier indicates the identity of the diagnostic instrument, so that different diagnostic service authorities can be distributed to the diagnostic instruments with different identities, the method is simple and convenient, the error rate is lower, and further different diagnostic service authorities can be controlled for different diagnostic instruments under the same diagnostic session situation, so that different diagnostic instruments can access different diagnostic services according to the diagnostic instrument identifier, and the control granularity of the diagnostic service authorities is refined.
For example, assuming that the ECU terminal is initialized after being powered on or reset, when the ECU terminal is initialized after being started, a diagnostic service table (data in the table are both 16 systems) in which diagnostic device identifiers correspond to service IDs of supported UDSs is established inside the ECU terminal, as shown in table 1 below, table 1 below shows a correspondence between the diagnostic device identifiers and service types, the service type of table 1 below is a symbolic classification of 6 major classes of USD diagnostic services, and the correspondence between the diagnostic device identifiers and the sub-services in each major class may be further refined and set according to the sub-services in each major class.
Diagnostic instrument identifier UDS-Supported service IDs, i.e. service types
12 22
12 2E
12 14
12 19
13 22
13 19
15 22
15 14 01
....
TABLE 1 diagnostic service Table
As shown in fig. 3, it is assumed that the service type of the diagnostic service that needs to be executed by the diagnostic apparatus is 2E service, the Seed request message sent by the diagnostic apparatus to the ECU side is "2701 request", and the ECU side returns Seed data Seed1 to the diagnostic apparatus. Then, the diagnostic apparatus calculates Seed data Seed1 and its diagnostic identifier ID 12 by a self-defined security algorithm to obtain an encrypted private key of B1B 2C 1C 2D 1D 2E 1E2, encrypts the diagnostic apparatus identifier to obtain a diagnostic apparatus identifier in a ciphertext form as A1a2, then combines the encrypted private key request message to generate "2702 A1a 2B 1B 2C 1C 2D 1D 2E 1E 2", sends the private key request message to the ECU, and after receiving the private key request message, the ECU analyzes the private key request message to obtain an encrypted private key of B1B 2C 1C 2D 1D 2E 1E2, and analyzes to obtain the diagnostic apparatus identifier A1a2 ID 12. At this time, the ECU side calculates the Seed data Seed1 generated by the ECU side and the identifier of the diagnostic apparatus obtained by receiving and analyzing the Seed data Seed1 by using a self-defined security algorithm adapted to the diagnostic apparatus to obtain a calculation key, and if the calculation key is also B1B 2C 1C 2D 1D 2E 1E2, the security authentication is passed, the identifier of the diagnostic apparatus corresponding to the private key request message is stored in the ECU, that is, the identifier of the diagnostic apparatus is updated to ID 12, and a confirmation response message is sent to the diagnostic apparatus. If the calculation key is not B1B 2C 1C 2D 1D 2E 1E2, the security authentication is not passed, and the ECU internally stores FF, that is, updates the diagnostic device identifier to ID FF (FF is a preset identifier indicating that the security authentication has not passed, is a set value of the preset identifier, and may be set to another character combination as necessary), and transmits a negative response message to the diagnostic device. If the diagnostic apparatus still sends the diagnostic service request with the service type of 2E to the ECU terminal in the session process after receiving the negative response message, the ECU terminal directly refuses and sends the negative response message to the diagnostic apparatus.
If the diagnostic device receives the confirmation response message, the diagnostic device still sends a UDE service request (namely the diagnostic service request of the invention) with the service type of 2E to the ECU terminal in the session process, after the ECU terminal receives the UDE service request with the service type of 2E, the ECU terminal can acquire the identifier of the query diagnostic device corresponding to 2E according to the diagnostic service table, then the ECU terminal queries in the diagnostic service table according to the identifier of the diagnostic device and the service type included in the diagnostic service request, and judges that the diagnostic device corresponding to the identifier has the capability of accessing the service type. If the UDS request service ID is 2E, the identifier of the diagnostic instrument initiating the UDS request service is 12, whether the diagnostic instrument corresponding to the identifier has the capability of accessing the service type can be known according to the diagnostic service table shown in the table 1, the 2E service request passes, and the service request result (namely the authority authentication result) sent to the diagnostic instrument by the ECU terminal is a positive response message. If the UDS request service ID is 2E, the diagnostic instrument identifier inside the ECU is 13. According to the diagnosis service table shown in table 1, it can be known that the diagnosis instrument corresponding to the identifier does not have the capability of accessing the service type, the 2E service request does not pass, and the service request result sent to the diagnosis instrument by the ECU side is a negative response message. Here, it is only an example, and other similar service ID requests, such as 22, 14, 19, etc., can be authenticated according to the above-mentioned flow.
It should be noted that, whether the result is the security authentication result or the authority authentication result, the format of the return message fed back to the diagnostic apparatus by the ECU end is consistent with the UDS standard.
In the embodiment, the type of the diagnostic apparatus is simply and effectively identified through setting and judging the identifier of the diagnostic apparatus, so that the control of different authorities on different diagnostic apparatuses is facilitated. In addition, by carrying out secondary authentication, the security authentication is carried out for the first time so as to judge whether the diagnostic instrument is legal for security access, and the authority authentication is carried out for the second time so as to judge whether the diagnostic instrument has the execution authority of the requested diagnostic service operation, so that the control of different authorities is carried out on different diagnostic instruments under the same diagnostic session, and the authority control granularity is finer.
In one embodiment of the present invention, as shown in fig. 4, an electronic control unit includes:
the communication module 10 is configured to receive a seed request message, a private key request message and a diagnosis service request sent by a diagnosis instrument; the diagnostic instrument is also used for sending seed data corresponding to the seed request message, a security authentication result corresponding to the private key request message and an authority authentication result corresponding to the diagnostic service request to the diagnostic instrument;
the security authentication module 20 is configured to receive a private key request message sent by the diagnostic device, and perform security authentication according to the diagnostic device identifier and the encrypted private key in the private key request message to obtain a security authentication result;
an update module 30 for updating the diagnostic instrument identifier with the security authentication result;
and the authority authentication module 40 is used for performing authority authentication on the diagnosis service request according to the diagnosis service table and the diagnosis instrument identifier to obtain an authority authentication result.
Based on the foregoing embodiment, further comprising:
the initialization module is used for initializing the diagnosis service table after power-on or reset; the diagnostic service table includes a correspondence of service types and diagnostic instrument identifiers.
Based on the foregoing embodiment, the security authentication module 20 includes:
the calculation submodule is used for calculating to obtain a calculation key according to the seed data and the identifier of the diagnostic instrument;
the comparison submodule is used for comparing the calculation key with the encrypted private key; if the calculation key is consistent with the encryption private key, the security authentication is determined to pass; and if the calculation key is different from the encryption private key, determining that the security authentication fails.
Based on the foregoing embodiment, the update module 30 includes:
the storage sub-module is used for storing a preset identifier, and the preset identifier is used for indicating that the security authentication fails;
the updating submodule is used for saving the diagnostic instrument identifier in the private key request message when the security authentication passes; the diagnostic instrument identifier is replaced by a preset identifier when the safety certification is not passed;
the security authentication module 20 includes:
the first generation submodule is used for generating a confirmation response message if the security authentication passes; if the security authentication fails, generating a negative response message;
the communication module 10 is further configured to send a confirmation response message to the diagnostic apparatus if the security authentication passes, and send a negative response message to the diagnostic apparatus if the security authentication does not pass.
Based on the foregoing embodiment, the authority authentication module 40 includes:
the judging submodule is used for inquiring in the diagnosis service table according to the identifier of the diagnosis instrument and the service type included in the diagnosis service request, and judging whether the diagnosis instrument corresponding to the identifier has the capability of accessing the service type; if yes, generating a positive response message, and if no, generating a negative response message;
the communication module 10 is further configured to return a positive response message to the diagnostic apparatus, or return a negative response message to the diagnostic apparatus, and reject the diagnostic service request of the diagnostic apparatus.
Specifically, this embodiment is a device embodiment corresponding to the method embodiment, and specific effects refer to the method embodiment, which is not described in detail herein.
It will be apparent to those skilled in the art that, for convenience and brevity of description, only the above-described division of program modules is illustrated, and in practical applications, the above-described distribution of functions may be performed by different program modules, that is, the internal structure of the apparatus may be divided into different program units or modules to perform all or part of the above-described functions. Each program module in the embodiments may be integrated in one processing unit, or each unit may exist alone physically, or two or more units are integrated in one processing unit, and the integrated unit may be implemented in a form of hardware, or may be implemented in a form of software program unit. In addition, the specific names of the program modules are only used for distinguishing the program modules from one another, and are not used for limiting the protection scope of the application.
The electronic control unit may include, but is not limited to, a processor, a memory. It will be appreciated by those skilled in the art that the foregoing is merely an example of an electronic control unit and is not intended to be limiting and may include more or fewer components than those shown, or some components in combination, or different components, such as: the electronic control unit may also include input/output interfaces, display devices, network access devices, communication buses, communication interfaces, and the like. A communication interface and a communication bus, and may further comprise an input/output interface, wherein the processor, the memory, the input/output interface and the communication interface complete communication with each other through the communication bus. The memory stores a computer program, and the processor is used for executing the computer program stored on the memory and realizing the control method of the automobile diagnosis service in the corresponding method embodiment.
In the above embodiments, the descriptions of the respective embodiments have respective emphasis, and reference may be made to the related descriptions of other embodiments for parts that are not described or recited in detail in a certain embodiment.
Those of ordinary skill in the art will appreciate that the various illustrative elements and algorithm steps described in connection with the embodiments disclosed herein may be implemented as electronic hardware or combinations of computer software and electronic hardware. Whether such functionality is implemented as hardware or software depends upon the particular application and design constraints imposed on the implementation. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the present application.
It should be noted that the above embodiments can be freely combined as necessary. The foregoing is only a preferred embodiment of the present invention, and it should be noted that, for those skilled in the art, various modifications and decorations can be made without departing from the principle of the present invention, and these modifications and decorations should also be regarded as the protection scope of the present invention.

Claims (10)

1. A method of controlling a vehicle diagnostic service, comprising:
when a seed request message sent by a diagnostic instrument is received, seed data is generated and sent to the diagnostic instrument, wherein the seed request message comprises a first safety grade value;
receiving a private key request message sent by a diagnostic instrument, and performing security authentication according to a diagnostic instrument identifier and an encrypted private key in the private key request message, wherein the private key request message comprises a second security level value, and the second security level value is equal to a first security level value + 1;
acquiring a safety authentication result and sending the safety authentication result to the diagnostic instrument;
receiving a diagnosis service request initiated by the diagnosis instrument, performing authority authentication according to a diagnosis service table and a diagnosis instrument identifier, and feeding back an authority authentication result corresponding to the diagnosis service request to the diagnosis instrument, wherein the authority authentication result specifically comprises the following steps:
receiving a diagnosis service request initiated by a diagnosis instrument;
according to the identifier of the diagnostic instrument and the service type included in the diagnostic service request, inquiring in a diagnostic service table, and judging whether the diagnostic instrument corresponding to the identifier has the capability of accessing the service type;
if yes, returning a positive response message to the diagnostic instrument;
if not, a negative response message is returned to the diagnostic instrument, and the diagnostic service request of the diagnostic instrument is refused.
2. The method for controlling the automobile diagnosis service according to claim 1, wherein before generating and transmitting seed data to the diagnosis instrument upon receiving a seed request message transmitted from the diagnosis instrument, the method comprises:
initializing the diagnosis service table after power-on or reset; the diagnostic service table includes a correspondence of service types and diagnostic instrument identifiers.
3. The method for controlling vehicle diagnostic service according to claim 1, wherein the performing security authentication according to the diagnostic instrument identifier and the encryption private key in the private key request message comprises:
calculating according to the seed data and the identifier of the diagnostic instrument to obtain a calculation key, and comparing the calculation key with an encryption private key;
if the calculation key is consistent with the encrypted private key, determining that the security authentication is passed;
and if the calculation key is different from the encryption private key, determining that the security authentication fails.
4. The method for controlling vehicle diagnostic service according to claim 1, wherein the obtaining and sending the security authentication result to the diagnostic instrument comprises:
when the security authentication passes, the identifier of the diagnostic apparatus in the private key request message is stored, and a determined response message passing the security authentication is fed back to the diagnostic apparatus;
and replacing the identifier of the diagnostic instrument with a preset identifier when the security authentication fails, and feeding back a negative response message that the security authentication fails to pass to the diagnostic instrument.
5. The method for controlling automobile diagnostic service according to any one of claims 1 to 4, wherein the performing authority authentication according to a diagnostic service table and a diagnostic instrument identifier, and the feeding back an authority authentication result corresponding to the diagnostic service request to the diagnostic instrument includes:
according to the diagnostic instrument identifier and the service type included in the diagnostic service request, inquiring in a diagnostic service table, and judging whether the diagnostic instrument corresponding to the identifier has the capability of accessing the service type;
if yes, returning a positive response message to the diagnostic instrument;
if not, a negative response message is returned to the diagnostic apparatus, and the diagnostic service request of the diagnostic apparatus is rejected.
6. An electronic control unit, comprising:
the communication module is used for receiving a seed request message, a private key request message and a diagnosis service request sent by the diagnosis instrument; the diagnostic device is further configured to send seed data corresponding to the seed request message, a security authentication result corresponding to the private key request message, and an authority authentication result corresponding to the diagnostic service request to the diagnostic device, where the seed request message includes a first security level value, the private key request message includes a second security level value, and the second security level value is equal to the first security level value + 1;
the security authentication module is used for receiving a private key request message sent by the diagnostic instrument and performing security authentication according to a diagnostic instrument identifier and an encrypted private key in the private key request message to obtain a security authentication result;
the updating module is used for updating the identifier of the diagnostic instrument according to the safety certification result;
the authority authentication module is used for carrying out authority authentication on the diagnosis service request according to the diagnosis service table and the diagnosis instrument identifier to obtain an authority authentication result;
the authority authentication module comprises:
the judging submodule is used for inquiring in the diagnosis service table according to the identifier of the diagnosis instrument and the service type included in the diagnosis service request, and judging whether the diagnosis instrument corresponding to the identifier has the capability of accessing the service type; if yes, generating a positive response message, and if no, generating a negative response message;
and the communication module is also used for returning a positive response message to the diagnostic instrument or returning a negative response message to the diagnostic instrument to reject the diagnostic service request of the diagnostic instrument.
7. The electronic control unit of claim 6, further comprising:
the initialization module is used for initializing the diagnosis service table after power-on or reset; the diagnostic service table includes a correspondence of service types and diagnostic instrument identifiers.
8. The electronic control unit of claim 6, wherein the security authentication module comprises:
the calculation submodule is used for calculating to obtain a calculation key according to the seed data and the identifier of the diagnostic instrument;
the comparison submodule is used for comparing the calculation key with an encryption private key; if the calculation key is consistent with the encrypted private key, determining that the security authentication is passed; and if the calculation key is different from the encryption private key, determining that the security authentication fails.
9. The electronic control unit of claim 8, wherein the update module comprises:
the storage sub-module is used for storing a preset identifier, and the preset identifier is used for indicating that the security authentication fails;
the updating submodule is used for saving the diagnostic instrument identifier in the private key request message when the security authentication passes; the diagnostic instrument identifier is replaced by a preset identifier when the safety certification is not passed;
the security authentication module includes:
the first generation submodule is used for generating a confirmation response message if the security authentication passes; if the security authentication fails, generating a negative response message;
the communication module is further configured to send the confirmation response message to the diagnostic apparatus if the security authentication passes, and send the negative response message to the diagnostic apparatus if the security authentication does not pass.
10. The electronic control unit according to any one of claims 6-9, wherein the rights authentication module comprises:
the judging submodule is used for inquiring in a diagnosis service table according to the identifier of the diagnosis instrument and the service type included in the diagnosis service request, and judging whether the diagnosis instrument corresponding to the identifier has the capability of accessing the service type; if yes, generating a positive response message, and if no, generating a negative response message;
the communication module is further configured to return a positive response message to the diagnostic apparatus, or return a negative response message to the diagnostic apparatus, and reject the diagnostic service request of the diagnostic apparatus.
CN202011129002.2A 2020-10-21 2020-10-21 Control method and electronic control unit for automobile diagnosis service Active CN112327796B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202011129002.2A CN112327796B (en) 2020-10-21 2020-10-21 Control method and electronic control unit for automobile diagnosis service

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202011129002.2A CN112327796B (en) 2020-10-21 2020-10-21 Control method and electronic control unit for automobile diagnosis service

Publications (2)

Publication Number Publication Date
CN112327796A CN112327796A (en) 2021-02-05
CN112327796B true CN112327796B (en) 2022-05-06

Family

ID=74311894

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202011129002.2A Active CN112327796B (en) 2020-10-21 2020-10-21 Control method and electronic control unit for automobile diagnosis service

Country Status (1)

Country Link
CN (1) CN112327796B (en)

Families Citing this family (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113411311B (en) * 2021-05-20 2023-05-30 联合汽车电子有限公司 ECU diagnosis authorization verification method, storage medium and system
CN114338073A (en) * 2021-11-09 2022-04-12 江铃汽车股份有限公司 Protection method, system, storage medium and equipment for vehicle-mounted network
CN115442064A (en) * 2022-03-31 2022-12-06 北京罗克维尔斯科技有限公司 Vehicle controller diagnosis method, device, equipment and medium
CN117234563B (en) * 2023-11-10 2024-03-22 万帮数字能源股份有限公司 Method and client for upgrading firmware of ECU (electronic control Unit) based on UDS (Universal description service) protocol

Family Cites Families (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN100592686C (en) * 2007-09-30 2010-02-24 奇瑞汽车股份有限公司 A secure validation method for car diagnosis communication
CN102255901B (en) * 2011-07-06 2012-07-04 广州汽车集团股份有限公司 On-vehicle diagnosis security verification method
CN102393888B (en) * 2011-07-21 2015-04-22 广州汽车集团股份有限公司 ECU (Electric Control Unit) security access processing method
US9043073B2 (en) * 2011-11-16 2015-05-26 Flextronics Ap, Llc On board vehicle diagnostic module
CN103529823B (en) * 2013-10-17 2016-04-06 北奔重型汽车集团有限公司 A kind of safety access control method for automotive diagnostic system
CN106161441B (en) * 2016-07-05 2019-05-03 上汽通用汽车有限公司 A kind of security diagnostics communication means and system for interior local area network
CN106713264B (en) * 2016-11-18 2019-06-21 郑州信大捷安信息技术股份有限公司 A kind of method and system remotely controlled for vehicle safety with diagnosis
CN106685985B (en) * 2017-01-17 2019-11-29 同济大学 A kind of vehicle remote diagnosis system and method based on information security technology

Also Published As

Publication number Publication date
CN112327796A (en) 2021-02-05

Similar Documents

Publication Publication Date Title
CN112327796B (en) Control method and electronic control unit for automobile diagnosis service
US7197637B2 (en) Authorization process using a certificate
US6968060B1 (en) Method for verifying the use of public keys generated by an on-board system
CN110138562B (en) Certificate issuing method, device and system of intelligent equipment
US20080091941A1 (en) Group Signature System, Member Status Judging Device, Group Signature Method And Member Status Judging Program
JP2018501567A (en) Device verification method and equipment
KR20150052260A (en) Method and system for verifying an access request
CN112153646B (en) Authentication method, equipment and system
CN113285932B (en) Method for acquiring edge service, server and edge device
CN111565182B (en) Vehicle diagnosis method and device and storage medium
JP6174229B1 (en) Distribution system, data security device, distribution method, and computer program
CN110740038B (en) Blockchain and communication method, gateway, communication system and storage medium thereof
CN112913209A (en) Service authorization management method and device
CN113268046B (en) Diagnosis networking safety unlocking implementation system under AUTOSAR framework
CN117459549A (en) Internet of vehicles service method, internet of vehicles service device, electronic equipment and storage medium
CN1942347B (en) Authentication of vehicle-external device
CN110708311A (en) Download permission authorization method and device and server
JP6218914B1 (en) Distribution system, data security device, distribution method, and computer program
CN112511295B (en) Authentication method and device for interface calling, micro-service application and key management center
US20230291574A1 (en) Method for securely equipping a vehicle with an individual certificate
CN113992336A (en) Encryption network offline data trusted exchange method and device based on block chain
US11856091B2 (en) Data distribution system, data processing device, and program
CN109936522B (en) Equipment authentication method and equipment authentication system
JP6830877B2 (en) Distribution system, key generator, distribution method, and computer program
KR101868227B1 (en) Method for certifying authenticity of module for vehicle and apparatus thereof

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant
TR01 Transfer of patent right

Effective date of registration: 20221104

Address after: 215000 Floor 12, Building N4, 2:5 Industrial Park, No. 88 Dongchang Road, Suzhou Industrial Park, Jiangsu Province

Patentee after: Zhida Chengyuan Technology Co.,Ltd.

Address before: 210012 building 4, No.19, ningshuang Road, Yuhuatai District, Nanjing City, Jiangsu Province

Patentee before: ARCHERMIND TECHNOLOGY (NANJING) Co.,Ltd.

TR01 Transfer of patent right