CN112544052B - Key agreement method and device - Google Patents

Abstract

The application provides a key agreement method and a device. The method comprises the following steps: after a first VIU negotiates a common first random number with other VIUs in an in-vehicle electronic control system, a second random number, a temporary shared key and a temporary common private key are determined according to the first random number, a temporary common public key is generated according to the temporary common private key, then a communication key and a random number seed are authenticated and negotiated with a DC according to the second random number, the temporary common public key and an equipment private key preset by the first VIU, authentication is carried out on the communication encryption key and the communication authentication key with the first ECU according to the random number seed and an authentication key preset by the first VIU, and after the communication encryption key and the communication authentication key are determined to be successfully authenticated with the first ECU, the communication encryption key and the communication authentication key are encrypted through the communication key and then sent to the first DC. Therefore, key agreement under the CCA framework is realized, and the safe communication can be established between each DC and each ECU.

Description

Key agreement method and device

Technical Field

The present application relates to the field of communications technologies, and in particular, to a key agreement method and apparatus.

Background

Nowadays, intellectualization, networking, electromotion and sharing have become development trends in the automobile field, and the development trends are usually realized by depending on an in-vehicle electronic control system, which mainly includes electronic control elements such as a Domain Controller (DC) and an Electronic Control Unit (ECU). The DC is used for controlling a plurality of automobile parts in the functional domain, the ECU has an electronic control function, the automobile parts can be controlled based on control information, and data to be transmitted in the automobile parts can be processed. Along with the development of networking and intellectualization of automobiles, various network safety hazards come along, such as network attack, data leakage, even remote control of vehicles and the like. Therefore, a perfect key management system is urgently needed by the in-vehicle electronic control system to provide safety guarantee for the vehicle and the user.

Key Management System (KMS) is used to generate, distribute, and manage devices and applicationsIn a centralized network architecture based on a central gateway, each functional domain has a DC, the specific function is completed by an ECU in a DC control domain, and cross-domain communication interaction is carried out between the DCs through the central gateway. In the prior art, an onboard KMS is deployed on a central gateway, which is responsible for distributing shared keys between the ECUs and the DC, so that secure communication can be established between each DC and each ECU. The process of generating the communication key by the ECU in the vehicle comprises the following steps: first, an ECU_iGenerating a random number Ri and sending the random number Ri to a central gateway, generating a random number seed S after the central gateway receives Ri, and then generating an ECU (electronic control Unit) according to the identifier of the central gateway_iThe identifier, Ri, S and a preset initial key K are subjected to Hash operation to obtain a first message authentication code, and then the first message authentication code and the S are sent to the ECU_i，ECU_iFirst, the first message authentication code is authenticated, and the ECU is authenticated after the first message authentication code passes_iGenerates a communication key by a key derivation function based on preset long-term shared keys GK and S, and then an ECU_iAnd obtaining a second message authentication code through Hash operation according to the identifier of the central gateway and a preset initial key K, obtaining a third message authentication code through Hash operation according to the identifier of the central gateway and the communication key, and finally sending the second message authentication code and the third message authentication code to the central gateway for authentication. The in-vehicle DC generates the communication key in the same process as the ECU generates the communication key. The random number seed S based on which the communication key is generated is uniformly given by the central gateway, that is, the same S is received in the process of generating the communication key by all the ECUs and the DC of the whole vehicle, so that the same communication key can be guaranteed to be shared between all the ECUs and the DC of the whole vehicle.

However, in order to adapt to the trend of intelligent networking of automobiles, the in-vehicle electronic and electrical Architecture is gradually shifted from a centralized network Architecture based on a Central gateway to a distributed Central Computing Architecture (CCA). The CCA architecture distributes electronic control elements (including DC and ECU) of a Vehicle into a plurality of areas, each area is deployed with a Vehicle Integrated Unit (VIU) responsible for managing the ECUs in the area, and the VIUs are interconnected through a high-speed ethernet to complete Vehicle high-speed communication. In the CCA architecture, the central gateway is replaced by a plurality of VIUs, and in the above scheme, all ECUs and DCs in a whole vehicle have the same communication key and depend on a unique S given by the midnet gateway, where S is randomly generated at each key update, and the uniqueness of a plurality of VIUs and S in the CCA architecture cannot be guaranteed, so the above scheme is not applicable to the CCA architecture. Under the CCA architecture, how to negotiate the key is an urgent problem to be solved.

Disclosure of Invention

The application provides a key negotiation method and device, which are used for solving the problem of how to perform key negotiation under a CCA framework.

In a first aspect, the present application provides a key agreement method, including: after a first vehicle integrated unit VIU negotiates a common first random number with other VIUs in a vehicle electronic control system, a second random number, a temporary shared key and a temporary common private key are determined according to the first random number, a temporary common public key is generated according to the temporary common private key, the first VIU authenticates and negotiates a communication key and a random number seed with a first DC according to the second random number, the temporary common public key and a device private key preset by the first VIU, the first DC is one DC in the vehicle electronic control system, the first VIU authenticates and negotiates a communication encryption key and a communication authentication key with a first electronic control unit ECU according to the random number seed and an authentication key preset by the first VIU, and after the first VIU determines that the authentication with the first ECU succeeds, the communication encryption key and the communication authentication key are encrypted through the communication key and then sent to the first DC.

According to the key negotiation method provided by the first aspect, after the first VIU negotiates a common first random number with other VIUs in the in-vehicle electronic control system, the second random number, the temporary shared key and the temporary common private key are determined according to the first random number, and the temporary common public key is generated according to the temporary common private key. Because the second random number, the temporary shared key and the temporary common key are shared by all the VIUs, the DC and any one of the VIUs can negotiate to obtain the same communication key and random number seed, after negotiation is completed, the DC and each VIU can use the same communication key to carry out secure communication, and secure communication connection does not need to be established between the DC and each VIU. And then the first VIU authenticates and negotiates a communication encryption key and a communication authentication key with the first ECU according to the random number seed and an authentication key preset by the VIU, and finally the communication encryption key and the communication authentication key are encrypted by the communication key and then sent to the first DC, wherein the communication encryption key and the communication authentication key are used between each DC and each ECU to establish secure communication. Therefore, key agreement under the CCA framework is realized, and the safe communication can be established between each DC and each ECU.

In one possible design, the first VIU authenticates and negotiates the communication key and the random number seed with the first domain control unit DC according to the second random number, the temporary common public key, and a device private key preset by the first VIU, and may be:

the first VIU receives a third random number, a temporary public key and a signature value sent by the first DC;

the first VIU verifies the signature value according to the equipment public key, the third random number and the temporary public key of the first DC;

after the first VIU verifies the signature value, calculating a digital signature value according to the second random number, the temporary common public key and the equipment private key of the first VIU;

the first VIU sends the second random number, the temporary common public key and the digital signature value to the first DC, the first DC verifies the digital signature value according to the second random number, the temporary common public key and the equipment public key of the first VIU, and a communication key is determined according to the temporary private key and the temporary common public key after verification is successful;

and the first VIU determines a communication key according to the temporary public key and the temporary common private key, and determines a random number seed according to the third random number and the second random number, or determines the random number seed according to the third random number, the second random number and the functional domain identifier of the first VIU.

With the key agreement method provided in this embodiment, in the manner of determining the random number seed according to the third random number, the second random number, and the functional domain identifier of the first VIU, since the random number seed is determined by the first VIU according to the third random number, the second random number, and the functional domain identifier of the first VIU, and the identifiers of different functional domains are different, the random number seeds corresponding to different functional domains are different. The random number seeds are used for key distribution between the VIU and the ECU, different random number seeds are used when the ECU of different functional domains is subjected to key distribution, different communication encryption keys and different communication authentication keys in different functional domains can be realized, the use range of the keys is reduced, and the safety is higher.

In one possible design, after the first VIU sends the second random number, the temporary common public key, the digital signature value, and a device certificate preset by the first VIU to the first DC, the method may further include:

the first VIU calculates a first check value according to the third random number, the temporary public key and the temporary shared key;

and the first VIU sends the third random number, the temporary public key and the first check value to other VIUs in the in-vehicle electronic control system, and is used for calculating a second check value according to the third random number, the temporary public key and the temporary shared key by the other VIUs, determining a communication key according to the temporary public key and the temporary public key when the first check value is confirmed to be the same as the second check value, and determining the random number seed according to the third random number and the second random number, or determining the random number seed according to the third random number, the second random number and the functional domain identification of the other VIUs.

In one possible design, the first VIU root random number seed and the authentication key preset by the first VIU, which authenticate and negotiate the communication encryption key and the communication authentication key with the first ECU, may be:

the first VIU receives a fourth random number sent by the first ECU;

and the first VIU authenticates and negotiates a communication encryption key and a communication authentication key with the first ECU according to the fourth random number, the random number seed and an authentication key preset by the first VIU.

In one possible design, the first vu authenticates and negotiates a communication encryption key and a communication authentication key with the first ECU according to the fourth random number, the random number seed and an authentication key preset by the first vu, and may be:

the first VIU calculates a third check value according to the fourth random number, the random number seed and an authentication key preset by the first VIU;

the first VIU sends the random number seed and the third check value to the first ECU, and the first ECU is used for authenticating the third check value;

the first VIU receives a first message authentication code and a second message authentication code which are sent after the first ECU authenticates the third check value, the first message authentication code is obtained by the first ECU through calculation according to the random number seed and an authentication key preset by the first ECU, and the second message authentication code is obtained by the first ECU through calculation according to the communication encryption key and the communication authentication key;

the first VIU determines a communication encryption key and a communication authentication key according to a long-term shared key and a random number seed preset by the first VIU;

the first VIU authenticates the first message authentication code and the second message authentication code.

In one possible design, the first VIU authenticates the first message authentication code and the second message authentication code, and may be:

the first VIU calculates a third message authentication code according to the random number seed and an authentication key preset by the first VIU, and calculates a fourth message authentication code according to the communication encryption key and the communication authentication key;

the first VIU compares the first message authentication code with the third message authentication code, and compares the second message authentication code with the fourth message authentication code;

the first VIU determines that the authentication with the first ECU is successful, and the method comprises the following steps:

and if the first message authentication code is the same as the third message authentication code and the second message authentication code is the same as the fourth message authentication code, the first VIU determines that the authentication with the first ECU is successful.

With the key agreement method provided in this embodiment, in a manner of determining the random number seed from the third random number, the second random number, and the functional domain identifier of the first VIU, the key distributed to the ECU by the first VIU is related to the random number seed, and the random number seed is related to the functional domain identifier, so the communication encryption key and the communication authentication key distributed to the ECU by the first VIU are distinguished by the functional domain, and the communication encryption key and the communication authentication key in different functional domains are different, so that the communication encryption key and the communication authentication key in different functional domains can be different, the use range of the key is reduced, and the security is higher.

In one possible design, the communication encryption key and the communication authentication key are sent to the first DC after being encrypted by the communication key, and may be:

the first VIU encrypts the communication encryption key and the communication authentication key through the communication key to obtain an encrypted ciphertext;

the first VIU sends the second message authentication code and the encrypted ciphertext to the first DC.

By the key agreement method provided by the embodiment, the first DC does not need to store a long-term shared key, but the first VIU encrypts and sends the communication encryption key and the communication authentication key to the first DC at the end stage of the whole agreement process, so that the leakage of the whole vehicle shared key GK caused by the attack of the DC can be avoided.

In a second aspect, the present application provides a key agreement method, including:

the first domain control unit DC generates a temporary private key and a third random number, and generates a corresponding temporary public key according to the temporary private key, wherein the first DC is one DC in the in-vehicle electronic control system; the first DC authenticates the first vehicle integrated unit VIU and negotiates a communication key according to the temporary public key, the third random number and a device private key preset by the first DC; and the first DC receives a communication encryption key and a communication authentication key which are sent by the first VIU and encrypted by the communication key, wherein the communication encryption key and the communication authentication key are obtained by the first VIU through authentication and negotiation with the first ECU according to the random number seed and an authentication key preset by the first VIU.

According to the key agreement method provided by the second aspect, a temporary private key and a third random number are generated through a first DC, a corresponding temporary public key is generated according to the temporary private key, the first DC authenticates a first VIU and negotiates a communication key according to the temporary public key, the third random number and an equipment private key preset by the first DC, and finally the first DC receives a communication encryption key and a communication authentication key which are sent by the first VIU and encrypted through the communication key, wherein the communication encryption key and the communication authentication key are used between each DC and each ECU and can establish secure communication. Therefore, key agreement under the CCA framework is realized, and the safe communication can be established between each DC and each ECU.

In one possible design, the first DC performs authentication and negotiates a communication key with the first vehicle integrated unit VIU according to the temporary public key, the third random number, and a device private key preset by the first DC, and may be:

the first DC carries out digital signature on the temporary public key and the third random number by using an equipment private key preset by the first DC to obtain a signature value;

the first DC sends the temporary public key, the third random number and the signature value to the first VIU;

the first DC receives a second random number, a temporary common public key and a digital signature value sent by the first VIU, wherein the digital signature value is obtained by the first VIU through calculation according to the second random number, the temporary common public key and a preset device private key of the first VIU, the second random number is determined by the first VIU according to the first random number, and the first random number is a common random number negotiated by the first VIU and other VIUs in the in-vehicle electronic control system;

the first DC verifies the digital signature value according to the second random number, the temporary common public key and the equipment public key of the first VIU;

and after the first DC verifies the digital signature value, determining a communication key according to the temporary private key and the temporary common public key.

According to the key agreement method provided by the embodiment, the first random number is a common random number negotiated by the first VIU and other VIUs in the in-vehicle electronic control system, the second random number, the temporary shared key and the temporary common private key are determined by the first VIU according to the first random number, so that the second random number, the temporary shared key and the temporary common key are shared by all the VIUs, the DC and any one of the VIUs can negotiate to obtain the same communication key and random number seed, the DC and each VIU can use the same communication key to perform secure communication after negotiation is completed, and secure communication connection does not need to be established between the DC and each VIU.

In a third aspect, the present application provides a key agreement apparatus, including:

the determining module is used for determining a second random number, a temporary shared key and a temporary common private key according to the first random number after negotiating a common first random number with other VIUs in the in-vehicle electronic control system, and generating a temporary common public key according to the temporary common private key;

the first authentication negotiation module is used for authenticating and negotiating a communication key and a random number seed with the first domain control unit DC according to the second random number, the temporary common public key and an equipment private key preset by the first VIU, wherein the first DC is one DC in the in-vehicle electronic control system;

the second authentication negotiation module is used for authenticating with the first electronic control unit ECU and negotiating a communication encryption key and a communication authentication key according to the random number seed and an authentication key preset by the first VIU;

and the transmitting module is used for transmitting the communication encryption key and the communication authentication key to the first DC after encrypting the communication encryption key and the communication authentication key through the communication key after determining that the authentication with the first ECU is successful.

In one possible design, the first authentication negotiation module includes:

a receiving unit, configured to receive a third random number, a temporary public key, and a signature value sent by the first DC;

a verification unit, configured to verify the signature value according to the device public key of the first DC, the third random number, and the temporary public key;

the computing unit is used for computing the digital signature value according to the second random number, the temporary common public key and the equipment private key of the first VIU after the signature value is verified;

a sending unit, configured to send the second random number, the temporary common public key, and the digital signature value to the first DC, where the first DC verifies the digital signature value according to the second random number, the temporary common public key, and the device public key of the first VIU, and determines a communication key according to the temporary private key and the temporary common public key after successful verification;

and the determining unit is used for determining the communication key according to the temporary public key and the temporary common private key, and determining the random number seed according to the third random number and the second random number, or determining the random number seed according to the third random number, the second random number and the functional domain identifier of the first VIU.

In one possible design, the computing unit is further configured to: after the transmitting unit transmits the second random number, the temporary common public key, and the digital signature value to the first DC, calculating a first check value according to the third random number, the temporary public key, and the temporary shared key;

the sending unit is further configured to: and sending the third random number, the temporary public key and the first check value to other VIUs in the in-vehicle electronic control system, wherein the other VIUs are used for calculating a second check value according to the third random number, the temporary public key and the temporary shared key, determining a communication key according to the temporary public key and the temporary common private key when the first check value is confirmed to be the same as the second check value, and determining the random number seed according to the third random number and the second random number or determining the random number seed according to the third random number, the second random number and the functional domain identification of other VIUs.

In one possible design, the second authentication negotiation module includes:

the receiving unit is used for receiving the fourth random number sent by the first ECU;

and the authentication negotiation unit is used for authenticating with the first ECU and negotiating a communication encryption key and a communication authentication key according to the fourth random number, the random number seed and the authentication key preset by the first VIU.

In one possible design, the authentication negotiation unit is configured to:

calculating a third check value according to the fourth random number, the random number seed and an authentication key preset by the first VIU;

sending the random number seed and the third check value to the first ECU for the first ECU to authenticate the third check value;

receiving a first message authentication code and a second message authentication code which are sent after the first ECU authenticates the third check value, wherein the first message authentication code is obtained by the first ECU through calculation according to the random number seed and an authentication key preset by the first ECU, and the second message authentication code is obtained by the first ECU through calculation according to a communication encryption key and a communication authentication key;

determining a communication encryption key and a communication authentication key according to a long-term shared key and a random number seed preset by a first VIU;

and authenticating the first message authentication code and the second message authentication code.

In one possible design, the authentication negotiation unit is configured to:

calculating a third message authentication code according to the random number seed and an authentication key preset by the first VIU, and calculating a fourth message authentication code according to the communication encryption key and the communication authentication key;

comparing the first message authentication code with the third message authentication code, and comparing the second message authentication code with the fourth message authentication code;

the authentication negotiation module is used for:

and if the first message authentication code is the same as the third message authentication code and the second message authentication code is the same as the fourth message authentication code, determining that the first ECU is successfully authenticated.

In one possible design, the sending module is configured to:

encrypting the communication encryption key and the communication authentication key through the communication key to obtain an encrypted ciphertext;

the second message authentication code and the encrypted ciphertext are sent to the first DC.

The beneficial effects of the key agreement device provided in the third aspect and each possible design of the third aspect may refer to the beneficial effects brought by each possible implementation manner of the first aspect, and are not described herein again.

In a fourth aspect, the present application provides a key agreement apparatus, including:

the generating module is used for generating a temporary private key and a third random number and generating a corresponding temporary public key according to the temporary private key, wherein the first DC is one DC in the in-vehicle electronic control system;

the authentication negotiation module is used for authenticating with the first vehicle integrated unit VIU and negotiating a communication key according to the temporary public key, the third random number and a device private key preset by the first DC;

and the receiving module is used for receiving a communication encryption key and a communication authentication key which are sent by the first VIU and encrypted by the communication key, wherein the communication encryption key and the communication authentication key are obtained by the first VIU through authentication and negotiation with the first ECU according to the random number seed and an authentication key preset by the first VIU.

In one possible design, the authentication negotiation module includes:

the digital signature unit is used for digitally signing the temporary public key and the third random number by using a device private key preset by the first DC to obtain a signature value;

a sending unit, configured to send the temporary public key, the third random number, and the signature value to the first VIU;

the receiving unit is used for receiving a second random number, a temporary common public key and a digital signature value sent by the first VIU, wherein the digital signature value is obtained by the first VIU through calculation according to the second random number, the temporary common public key and a preset device private key of the first VIU, the second random number is determined by the first VIU according to the first random number, and the first random number is a common random number negotiated by the first VIU and other VIUs in the in-vehicle electronic control system;

the verification unit is used for verifying the digital signature value according to the second random number, the temporary common public key and the equipment public key of the first VIU;

and the determining unit is used for determining the communication key according to the temporary private key and the temporary common public key after the verification unit passes the verification of the digital signature value.

The beneficial effects of the key agreement device provided in the fourth aspect and each possible design of the fourth aspect may refer to the beneficial effects brought by each possible implementation manner of the second aspect, and are not described herein again.

In a fifth aspect, the present application provides a key agreement apparatus, including: a memory and a processor;

the memory is used for storing program instructions;

the processor is configured to invoke program instructions in the memory to perform the key agreement method of the first aspect and any one of the possible designs of the first aspect.

In a sixth aspect, the present application provides a readable storage medium, where an execution instruction is stored, and when the execution instruction is executed by at least one processor of a key agreement device, the key agreement device executes the method in any one of the possible designs of the first aspect and the first aspect.

In a seventh aspect, the present application provides a program product comprising execution instructions stored in a readable storage medium. The executable instructions may be read by at least one processor of the key agreement device from a readable storage medium, and execution of the executable instructions by the at least one processor causes the key agreement device to implement the method of the first aspect and any one of the possible designs of the first aspect.

Drawings

Fig. 1 is a schematic structural diagram of an in-vehicle electronic control system of a CCA architecture;

fig. 2 is an interaction flowchart of an embodiment of a key agreement method provided in the present application;

fig. 3 is a schematic flowchart illustrating an embodiment of pairwise authentication and negotiation between a first VIU and a first DC between a communication key and a random number seed according to the present application;

fig. 4 is a schematic flowchart of an embodiment of a first vu authenticating with a first ECU and negotiating a communication encryption key and a communication authentication key according to the present application;

fig. 5 is an interaction flowchart of an embodiment of a key agreement method provided in the present application;

fig. 6 is a schematic structural diagram of an embodiment of a key agreement apparatus provided in the present application;

fig. 7 is a schematic structural diagram of an embodiment of a key agreement apparatus provided in the present application;

fig. 8 is a schematic structural diagram of an embodiment of a key agreement apparatus provided in the present application;

fig. 9 is a schematic structural diagram of an embodiment of a key agreement apparatus provided in the present application;

fig. 10 is a schematic structural diagram of an embodiment of a key agreement apparatus provided in the present application;

fig. 11 is a schematic diagram of a key agreement apparatus provided in the present application.

Detailed Description

In this application, the terms "exemplary" or "such as" are used to indicate that any embodiment or aspect described as "exemplary" or "such as" in this application is not to be construed as preferred or advantageous over other embodiments or aspects. Rather, use of the word "exemplary" or "such as" is intended to present concepts related in a concrete fashion.

In the present application, "at least one" means one or more, "a plurality" means two or more. "and/or" describes the association relationship of the associated objects, meaning that there may be three relationships, e.g., a and/or B, which may mean: a exists alone, A and B exist simultaneously, and B exists alone, wherein A and B can be singular or plural. The character "/" generally indicates that the former and latter associated objects are in an "or" relationship.

The key agreement method can be applied to an in-vehicle electronic control system of a CCA framework, under the CCA framework, electronic control elements (including DC and ECU) of a vehicle are distributed in a plurality of areas, each area is provided with a VIU for managing the ECU in the area, and the VIUs are interconnected through a high-speed Ethernet, so that high-bandwidth (high-definition camera and high-definition display), low-delay and high-reliability processing capacity are realized. Fig. 1 is a schematic structural diagram of an in-vehicle electronic control system with a CCA architecture, as shown in fig. 1, the number of the vus deployed in the vehicle is illustrated as 4, and 4 vus are deployed in the vehicle: the VIUs 0, the VIUs 1, the VIUs 2 and the VIUs 3 are interconnected through a high-speed Ethernet, each VIU manages the ECUs in one region, each VIU is connected with the ECUs in one region through a bus, for example, the VIU0 is connected with the ECUs 0, the ECUs 1, the ECUs 2 and the ECUs 3 through one bus, the VIU1 is connected with the ECUs 5, the ECUs 6, the ECUs 7 and the ECUs 8 through one bus, the VIU2 is connected with the ECUs 13, the ECUs 14, the ECUs 15 and the ECUs 16 through one bus, the VIU3 is connected with the ECUs 9, the ECUs 10, the ECUs 11 and the ECUs 12 through one bus, the VIUs 0 and the VIUs 3 are connected with the DC1, and the VIUs 1 and the VIU2 are connected with the DC 2. According to the key agreement method, the VIU deployed in each area is responsible for distributing the shared key between the ECU and the DC, so that secure communication can be established between each DC and each ECU.

The electronic control unit referred to in the present application mainly includes a VIU, an ECU and a DC, and it is understood that the number of the VIU, the ECU and the DC is one or more, and the ECU is used for each_i、VIU_jAnd DC_kWherein i, j and k are positive integers and are the numbers of VIU, ECU and DC respectively. ECU (electronic control Unit)_i、VIU_jAnd DC_kIn which security credentials, in particular an ECU, are preset and stored_iThe preset security credentials are long-term shared key GK and authentication key K_i。VIU_jThe preset security certificate is the device private key sk_VIUjDevice certificate Cert_VIUj(including the device public key pk_VIUj) Root certificate Cert₀(vehicle-wide unification for verifying the validity of the device certificate), long-term shared secret key GK and ECU_iIn the authentication key K preset in_iCorresponding authentication key K_iOr, VIU_jThe preset security certificate is the device private key sk_VIUj、DC_kThe device public key or the hash value of the device public key, the root certificate Cert₀(vehicle-wide unification for verifying the validity of the device certificate), long-term shared secret key GK and ECU_iIn the authentication key K preset in_iCorresponding authentication key K_i。DC_kThe preset security certificate is the device private key sk_DCkDevice certificate Cert_DCk(including the device public key pk_DCk) And root certificate Cert₀(vehicle-wide unification, used to verify the legitimacy of the device certificate). Based on these pre-set security credentials, authentication, negotiation and distribution of authentication and encryption keys between the VIU and VIU, between the VIU and the DC, and between the VIU and the ECUs are used to enable secure communications to be established between each DC and each ECU.

In the prior art, in a centralized network architecture based on a central gateway, all ECUs and a DC in a whole vehicle receive the same random number seed S in a process of generating communication keys, so that it is ensured that all ECUs and the DC in the whole vehicle share the same communication key. However, there are multiple VIUs under the CCA architecture, the central gateway is replaced by multiple VIUs, and S is randomly generated at each key update, so that uniqueness of S cannot be guaranteed, and thus the existing scheme is not applicable to the CCA architecture. In order to solve the problem, the present application provides a key agreement method and apparatus, when a key update process starts, multi-party key agreement is first completed between N VIUs under a CCA architecture, to obtain a first random number shared by the N VIUs, then each VIU derives a second random number, a temporary shared key, and a temporary common key according to the first random number, since the second random number, the temporary shared key, and the temporary common key are shared by all the VIUs, a DC and any one of the VIUs can negotiate to obtain the same communication key and random number seed, after the agreement is completed, the DC and each VIU can use the same communication key to perform secure communication, and a secure communication connection does not need to be established between the DC and each VIU. And then each VIU authenticates and negotiates a communication encryption key and a communication authentication key with the ECU or other ECUs in the management area of the VIU according to the random number seed and the authentication key preset by the VIU, and finally the communication encryption key and the communication authentication key are encrypted through the communication key and then sent to the DC, wherein the communication encryption key and the communication authentication key are used between each DC and each ECU to establish secure communication. Therefore, key agreement under the CCA framework is realized, and the safe communication can be established between each DC and each ECU. The following describes a key agreement method and apparatus provided in the present application in detail with reference to the accompanying drawings.

Fig. 2 is an interaction flowchart of an embodiment of a key agreement method provided in the present application, and as shown in fig. 2, the method of the present embodiment may include:

s101, after the first VIU and other VIUs in the in-vehicle electronic control system negotiate a common first random number, determining a second random number, a temporary shared key and a temporary common private key according to the first random number, and generating a temporary common public key according to the temporary common private key.

Specifically, it can be understood that the first VIU is any one of the VIUs in the electronic control system, all the VIUs in the electronic control system may perform multi-party key agreement using a multi-party key agreement protocol, negotiate a common first random number, and may use any common multi-party key agreement protocol, such as a multi-party key exchange protocol (eliptic currve Diffie-Hellman ECDH) protocol.

The first VIU determines a second random number, a temporary shared key, and a temporary common private key according to the first random number, may derive the second random number, the temporary shared key, and the temporary common private key according to the first random number R through a key derivation function, and the calculation process is: (nonce | Key_VIUKDF (r), where KDF is a Key derivation function (Key derivation function), the Key derivation function may generate data of any length according to input data, and nonce is a second random number, and Key is a Key_VIUTo temporarily share the key eSK is a temporary common private key, then temporary common public key ePK is generated from temporary common private key eSK. Wherein, the temporary shared secret Key_VIUFor secure communications between all the VIUs, a temporary common private key eSK and a temporary common public key ePK are used for key agreement between each VIU and each DC. The key agreement between each VIU and each DC uses the same temporary private key eSK and temporary public key ePK, so the keys agreed upon by all VIUs and DCs are the same.

In this embodiment, the first random number, the second random number, the temporary common private key, and the temporary common public key shared by the multiple vus in the vehicle are negotiated, so that the external logic is unified, and the DC does not need to care about the specific deployment details (such as the number, the distribution position, and connected ECUs) of the vus, so that the authentication negotiation processing logic of the DC is decoupled from the actual deployment details of the vus, and the processing logic is simplified.

S102, the first DC generates a temporary private key and a third random number, and generates a corresponding temporary public key according to the temporary private key.

The first DC is one DC in an in-vehicle electronic control system, namely any DC.

And S103, the first VIU authenticates and negotiates a communication key and a random number seed with the first DC according to the second random number, the temporary common public key and a device private key preset by the first VIU.

Wherein, the random number Seed is Seed_kDCommunication key distribution for a first ECU within a first VIU management area.

Specifically, because the VIUs have a common temporary public key, the first DC and any one of the VIUs may negotiate out the same communication key and random number seed, and after negotiation is completed, the first DC and each of the VIUs may perform secure communication using the same communication key without establishing a plurality of secure connections.

Specifically, in S103, the authenticating and negotiating the communication key and the random number seed with the first DC by the first VIU according to the second random number, the temporary common public key, and the device private key preset by the first VIU may be:

and S1031, the first VIU receives the third random number, the temporary public key and the signature value sent by the first DC.

And S1032, the first VIU verifies the signature value according to the device public key, the third random number and the temporary public key of the first DC.

Specifically, in S1032, the first VIU verifies the signature value according to the device public key, the third random number, and the temporary public key of the first DC, and there are three implementable manners, where the first manner is a certificate transfer manner, the second manner is a manner in which the device public key of the first DC is prestored, and the third manner is a manner in which the device public key or a device public key hash value of the first DC is prestored in the first VIU, and the first VIU verifies the received device public key of the first DC. The following is described in detail:

the first method is as follows: the first VIU receives the third random number, the temporary public key, the signature value and the device certificate of the first DC sent by the first DC, and the device public key of the first DC is included in the device certificate of the first DC.

And the first VIU verifies the validity of the equipment certificate of the first DC according to a root certificate preset by the first VIU, and verifies the signature value according to the third random number and the temporary public key.

The second method comprises the following steps: the first VIU receives the third random number, the temporary public key, and the signature value sent by the first DC.

And the first VIU verifies the signature value according to the pre-stored device public key of the first DC, the third random number and the temporary public key.

The third method comprises the following steps: the first VIU receives the third random number, the temporary public key, the signature value, and the device public key of the first DC transmitted by the first DC.

And the first VIU verifies the received device public key of the first DC according to a pre-stored device public key or a device public key Hash value of the first DC, and verifies the signature value according to the third random number, the temporary public key and the device public key of the first DC after the verification is successful.

And S1033, after the first VIU verifies the signature value, calculating the digital signature value according to the second random number, the temporary common public key and the device private key of the first VIU.

S1034, the first VIU sends the second random number, the temporary common public key, and the digital signature value to the first DC.

And S1035, the first DC verifies the digital signature value according to the second random number, the temporary common public key and the equipment public key of the first VIU, and determines a communication key according to the temporary private key and the temporary common public key after the digital signature value is verified.

In particular, the first DC may also determine the communication key based on the temporary private key and the temporary public key, as well as other information, such as any of the identity of the first VIU, the identity of the first DC, and the identity of the vehicle.

Specifically, when the first DC verifies the digital signature value according to the second random number, the temporary common public key, and the device public key of the first VIU, the manner in which the first DC obtains the device public key of the first VIU is similar to the manner in which the first VIU obtains the device public key of the first DC in S1032, there are three implementable manners, which are described in detail below:

the first method is as follows: and the first DC receives the second random number, the temporary common public key, the digital signature value and the preset device certificate of the first VIU, which are sent by the first VIU, and the device public key of the first VIU is included in the preset device certificate of the first VIU.

And the first DC verifies the validity of the equipment certificate of the first VIU according to a preset root certificate of the first DC, and verifies the digital signature value according to the second random number and the temporary common public key.

In a second mode, the first DC receives the second random number, the temporary common public key and the digital signature value sent by the first VIU.

The first DC verifies the digital signature value according to the pre-stored device public key, the second random number and the temporary common public key of the first VIU.

The third method comprises the following steps: the first DC receives the second random number, the temporary common public key, the digital signature value, and the device public key of the first VIU sent by the first VIU.

And the first DC verifies the received equipment public key of the first VIU according to a pre-stored equipment public key or equipment public key Hash value of the first VIU, and verifies the digital signature value according to the second random number, the temporary public key and the equipment public key of the first VIU after the verification is successful.

S1036, the first VIU determines a communication key according to the temporary private key and the temporary common public key, and determines a random number seed according to the third random number and the second random number, or determines the random number seed according to the third random number, the second random number and the function domain identifier of the first VIU.

And S104, the first DC authenticates and negotiates a communication key with the first VIU according to the temporary public key, the third random number and a device private key preset by the first DC.

Wherein the communication key is used for secure communication between the first VIU and the first DC.

In an implementable manner, S103 may also be that the first DC authenticates with the first VIU according to the temporary public key, the third random number, the first DC preset device certificate, and the first DC preset device private key, and negotiates a communication key with the first VIU after the authentication is successful.

Specifically, the first DC verifies the digital signature value according to the second random number, the temporary common public key, and the device public key of the first VIU, and determines the communication key according to the temporary private key and the temporary common public key after the verification is successful.

And S105, the first VIU authenticates with the first ECU and negotiates a communication encryption key and a communication authentication key according to the random number seed and an authentication key preset by the first VIU.

The first ECU may be an ECU in the first vu management area, or may be another ECU.

Optionally, the first VIU may further authenticate and negotiate a communication encryption key and a communication authentication key with the first ECU according to the identifier of the first VIU, the random number seed, and an authentication key preset by the first VIU.

And S106, after the first VIU determines that the first ECU is successfully authenticated, the communication encryption key and the communication authentication key are encrypted through the communication key and then sent to the first DC.

Specifically, the first VIU sends the communication encryption key and the communication authentication key to the first DC after encrypting with the communication key, which may be:

the first VIU encrypts the communication encryption key and the communication authentication key through the communication key to obtain an encrypted ciphertext, and the first VIU sends the second message authentication code and the encrypted ciphertext to the first DC.

Alternatively, the identity of the first ECU may also be sent simultaneously.

In this embodiment, the first DC does not need to store the long-term shared key, but the first VIU encrypts and sends the communication encryption key and the communication authentication key to the first DC at the end of the entire negotiation process, so that leakage of the entire vehicle shared key GK due to attack on the DC can be avoided.

In the key agreement method provided in this embodiment, after the first VIU negotiates a common first random number with other VIUs in the in-vehicle electronic control system, a second random number, a temporary shared key, and a temporary common private key are determined according to the first random number, and a temporary common public key is generated according to the temporary common private key. Because the second random number, the temporary shared key and the temporary common key are shared by all the VIUs, the DC and any one of the VIUs can negotiate to obtain the same communication key and random number seed, after negotiation is completed, the DC and each VIU can use the same communication key to carry out secure communication, and secure communication connection does not need to be established between the DC and each VIU. And then the first VIU authenticates and negotiates a communication encryption key and a communication authentication key with the first ECU according to the random number seed and an authentication key preset by the VIU, and finally the communication encryption key and the communication authentication key are encrypted by the communication key and then sent to the first DC, wherein the communication encryption key and the communication authentication key are used between each DC and each ECU to establish secure communication. Therefore, key agreement under the CCA framework is realized, and the safe communication can be established between each DC and each ECU.

Fig. 3 is a schematic flow chart of an embodiment of the present application, in which the first VIU and the first DC perform pairwise authentication and negotiate a communication key and a random number seed, and the method of this embodiment may include:

s201, the first DC carries out digital signature on the temporary public key and the third random number by using a device private key preset by the first DC to obtain a signature value.

In particular, the signature value Sig_k＝Sign(r_k||ePK_k,sk_DC)，sk_DCDevice private key preset for first DC, ePK_kIs a temporary public key, r_kIs a third random number.

S202, the first DC sends the temporary public key, the third random number, the signature value and the device public key of the first DC to the first VIU.

And S203, the first VIU verifies the received device public key of the first DC according to the pre-stored device public key or the device public key Hash value of the first DC, and verifies the signature value according to the third random number, the temporary public key and the device public key of the first DC after the verification is successful.

In another practical manner, S202 may be: the first DC sends the temporary public key, the third random number, and the signature value to the first VIU.

Accordingly, S203 may be: and the first VIU verifies the signature value according to the pre-stored device public key, the third random number and the temporary public key of the first DC.

In another practical manner, S202 may be: the first DC sends the third random number, the temporary public key, the signature value and a device certificate preset by the first DC to the first VIU.

Accordingly, S203 may be: and the first VIU verifies the validity of the equipment certificate of the first DC according to a root certificate preset by the first VIU, and verifies the signature value according to the third random number and the temporary public key.

Specifically, if the verification fails, the key updating process is stopped, and if the verification succeeds, S204 is executed.

And S204, after the first VIU is successfully verified, calculating a digital signature value according to the second random number, the temporary common public key and the equipment private key of the first VIU.

In particular, the calculation process may be a digital signature value Sig₀＝Sign(nonce||ePK,sk_VIUj0) Wherein ePK is the temporary common public key, sk_VIUj0Is the device private key of the first VIU and the nonce is the second random number.

S205, the first VIU sends the second random number, the temporary common public key, and the digital signature value to the first DC.

S206, the first VIU determines a communication key according to the temporary public key and the temporary common private key, and determines a random number seed according to the third random number and the second random number, or determines the random number seed according to the third random number, the second random number and the functional domain identifier of the first VIU.

Specifically, the first VIU sends the third random number r_kTemporary public key ePK_kAnd check value MAC_kThen, according to the temporary public key ePK_kPerforming hash operation on the temporary common private Key eSK to obtain a communication Key Key_VDk＝HASH(ePK_keSK) and according to the third random number r_kCalculating Seed by using the second random number nonce and the domain identifier DID_kDThe calculation process is Seed_kD＝HASH(r_k||nonce||DID)。

In this embodiment, in the manner of determining the random number seed according to the third random number, the second random number, and the function domain identifier of the first VIU, since the random number seed is determined by the first VIU according to the third random number, the second random number, and the function domain identifier of the first VIU, and the identifiers of different function domains are different, the random number seeds corresponding to different function domains are different. The random number seeds are used for key distribution between the VIU and the ECU, different random number seeds are used when the ECU of different functional domains is subjected to key distribution, different communication encryption keys and different communication authentication keys in different functional domains can be realized, the use range of the keys is reduced, and the safety is higher.

Optionally, in S206, the first VIU may also determine the communication key according to the temporary private key and the temporary public key, and determine the random number seed according to the third random number and the second random number, that is, the random number seeds may not be distinguished according to the functional domain.

And S207, the first DC verifies the digital signature value according to the pre-stored equipment public key, the second random number and the temporary common public key of the first VIU, and determines a communication key according to the temporary private key and the temporary common public key after the verification is successful.

Specifically, the first DC verifies the digital signature value according to the second random number, the temporary common public key, and the device public key of the first VIU, and stops the key update process if the verification fails; after successful verification, the communication key is determined from the temporary private key and the temporary common public key, which may be determined by the first DC from the temporary public key ePK_kPerforming hash operation on the temporary common public Key ePK to obtain a communication Key Key_VDk＝HASH(eSK_kePK), communication Key_VDkFor secure communication between the first DC and the respective VIU, wherein the HASH is a HASH operation.

In another implementation manner, S205 may be: the first VIU sends the device public key, the second random number, the temporary common public key, and the digital signature value of the first VIU to the first DC.

Accordingly, S207 may be: and the first DC verifies the received equipment public key of the first VIU according to a pre-stored equipment public key or equipment public key Hash value of the first VIU, and verifies the digital signature value according to the second random number, the temporary public key and the equipment public key of the first VIU after the verification is successful.

In another implementation manner, S205 may be: and the first VIU sends the device certificate preset by the first VIU, the second random number, the temporary common public key and the digital signature value to the first DC, wherein the device public key of the first VIU is included in the device certificate preset by the first VIU.

Accordingly, S207 may be: and the first DC verifies the validity of the equipment certificate of the first VIU according to a preset root certificate of the first DC, and verifies the digital signature value according to the second random number and the temporary common public key.

Further, after the first VIU sends the second random number, the temporary common public key, and the digital signature value to the first DC in S205, the method of this embodiment may further include:

and S208, the first VIU calculates a first check value according to the third random number, the temporary public key and the temporary shared key.

In particular, it may be based on a third random number r_kTemporary public key ePK_kAnd temporary shared secret Key_VIUCarrying out Hash operation to obtain a first check value MAC_k＝HASH(r_k||ePK_k||Key_VIU)。

And S209, the first VIU sends the third random number, the temporary public key and the first check value to other VIUs in the in-vehicle electronic control system.

S210, the other VIUs calculate a second check value according to the third random number, the temporary public key and the temporary shared key, determine a communication key according to the temporary public key and the temporary common private key when the first check value is confirmed to be the same as the second check value, determine a random number seed according to the third random number and the second random number, or determine the random number seed according to the third random number, the second random number and the function domain identification of the other VIUs.

Specifically, other VIUs receive the third random number r_kTemporary public key ePK_kAnd a first check value MAC_kThen, according to the third random number r_kTemporary public key ePK_kAnd temporary shared secret Key_VIUPerforming a HASH operation to obtain a second check value MAC ═ HASH (r)_k||ePK_k||Key_VIU) And combining MAC' and MAC_kThe values are compared. If the comparison fails, stopping the key updating process; if the comparison is successful, i.e. the first check value is the same as the second check value, then other VIUs are according to the temporary public key ePK_kPerforming hash operation on the temporary common private Key eSK to obtain a communication Key Key_VDk＝HASH(ePK_keSK), communication Key_VDkFor secure communication between the first DC and the respective VIU. While other VIUs are based on a third random number r_kCalculating random number Seed by using the second random number nonce and the other VIU's domain identification DID_kDThe calculation process may be Seed_kD＝HASH(r_kDID), where DID is the domain identifier of the VIU, DID is used forDifferent functional domains (e.g., power domain, chassis domain, body domain, etc.) are identified. Seed_kDThe method is used for key distribution between the VIU and the ECU, and different random number Seed is used when the key distribution is carried out on the ECUs of different functional domains_kDThe method can realize the difference between the communication encryption key and the communication authentication key in different functional domains, thereby reducing the use range of the key and having higher safety.

An implementable manner of authenticating and negotiating the communication encryption key and the communication authentication key by the first VIU with the first ECU, that is, an implementable manner of S105, is described below with reference to fig. 4, where fig. 4 is a schematic flow chart of an embodiment of authenticating and negotiating the communication encryption key and the communication authentication key by the first VIU with the first ECU provided by the present application, and as shown in fig. 4, the method of the present embodiment may include:

s301, the first ECU generates a fourth random number.

And S302, the first ECU sends the fourth random number to the first VIU, and the first VIU is directly connected with the first ECU.

Optionally, the first ECU may also send an identification of the first ECU to the first VIU.

And S303, the first VIU calculates a third check value according to the fourth random number, the random number seed and an authentication key preset by the first VIU.

Optionally, the first VIU may further calculate a third check value according to the identifier of the first VIU, the identifier of the first ECU, the fourth random number, the random number seed, and an authentication key preset by the first VIU. If the identification of the first VIU and the identification of the first ECU are added, the accuracy is higher.

And S304, the first VIU sends the random number seed and the third check value to the first ECU.

Optionally, an identification of the first VIU may also be sent.

And S305, the first ECU authenticates the third check value.

And S306, after the first ECU authenticates the third check value, the first ECU sends a first message authentication code and a second message authentication code to the first VIU, wherein the first message authentication code is obtained by the first ECU through calculation according to the random number seed and an authentication key preset by the first ECU, the second message authentication code is obtained by the first ECU through calculation according to the communication encryption key and the communication authentication key, or the first message authentication code is obtained by the first ECU through calculation according to the identification of the first ECU, the random number seed and the authentication key preset by the first ECU, and the second message authentication code is obtained by the first ECU through calculation according to the identification of the first ECU, the communication encryption key and the communication authentication key.

And S307, the first VIU determines a communication encryption key and a communication authentication key according to a long-term shared key and a random number seed preset by the first VIU.

Specifically, S307 may be: the first VIU is based on the long-term shared key GK and random number Seed preset in the first VIU_kDCalculating to obtain a communication encryption key EK and a communication authentication key AK through a key derivation function KDF, specifically (EK | | AK) ═ KDF (Seed)_kD,GK)。

S308, the first VIU authenticates the first message authentication code and the second message authentication code.

Specifically, the authenticating the first message authentication code and the second message authentication code by the first VIU may specifically be: and the first VIU calculates a third message authentication code according to the random number seed and an authentication key preset by the first VIU, calculates a fourth message authentication code according to the communication encryption key and the communication authentication key, compares the first message authentication code with the third message authentication code, and compares the second message authentication code with the fourth message authentication code.

The first VIU determines that the authentication with the first ECU is successful, and specifically may be: and if the first message authentication code is the same as the third message authentication code and the second message authentication code is the same as the fourth message authentication code, the first VIU determines that the authentication with the first ECU is successful.

In this embodiment, the first VIU distributes the key and the random number Seed to the ECU_kDRelated, Seed_kDThe communication encryption key and the communication authentication key distributed to the ECU by the first VIU are distinguished according to the functional domain, and the communication encryption key and the communication authentication key in different functional domains are different, so that the communication encryption key and the communication authentication key in different functional domains can be different, the use range of the keys is reduced, and the safety is higher.

The following describes the technical solution of the method embodiment shown in fig. 2-4 in detail by using a specific embodiment.

Fig. 5 is an interaction flowchart of an embodiment of a key agreement method provided in this application, which is described in this embodiment by taking a total of 4 VIUs in an in-vehicle electronic control system as an example, and as shown in fig. 5, the method of this embodiment may include:

s401, the first VIU and other VIUs in the in-vehicle electronic control system conduct multi-party key agreement to obtain a first random number R shared by 4 VIUs in the in-vehicle electronic control system.

Specifically, all the VIUs in the electronic control system may perform multi-party key agreement using a multi-party key agreement protocol, and may use any common multi-party key agreement protocol, such as a multi-party key exchange protocol (eliptic currve Diffie-Hellman ECDH) protocol.

S402, the first VIU derives a second random number, a temporary shared key and a temporary common private key according to the first random number R, and generates a temporary common public key according to the temporary common private key.

Specifically, the first VIU may derive the second random number, the temporary shared key, and the temporary common private key through a key derivation function according to the first random number R, and the calculation process is as follows: (nonce | Key_VIUKDF (r), where KDF is a Key derivation function (Key derivation function), the Key derivation function may generate data of any length according to input data, and nonce is a second random number, and Key is a Key_VIUTo temporarily share the key eSK is a temporary common private key, then temporary common public key ePK is generated from temporary common private key eSK. Wherein, the temporary shared secret Key_VIUFor all VIUs_jSecure communication between, temporary common private key eSK and temporary common public key ePK for the VIU_jAnd DC_kKey agreement between. All VIU_jAnd DC_kAll using the same temporary private key eSK and temporary public key ePK, so all VIUs_jAnd DC_kThe negotiated keys are all the same.

S403, the first VIU and the first DC carry out authentication and cooperationCommercial communication key and random number Seed_kDA first DC connected to the first VIU, a communication key for secure communication between the first VIU and the first DC, and a random number Seed_kDCommunication key distribution for a first ECU within a first VIU management area.

The authenticating and negotiating the communication key and the random number seed by the first VIU and the first DC may specifically include:

s4031, first DC randomly generates temporary private key eSK_kAnd a third random number r_kAnd based on the temporary private key eSK_kGenerate corresponding temporary public keys ePK_k。

S4032, the first DC uses a device private key sk preset by the first DC_DCTo temporary public key ePK_kAnd a third random number r_kPerforming digital signature, and calculating to obtain signature value Sig_k＝Sign(r_k||ePK_k,sk_DC)。

S4033, the first DC will temporarily public key ePK_kA third random number r_kSignature value Sig_kAnd a device certificate Cert preset by the first DC_DCkSent to the first VIU.

S4034, first VIU receives temporary public key ePK_kA third random number r_kSignature value Sig_kAnd a device certificate Cert preset by the first DC_DCkThen, according to the root certificate Cert preset by the first VIU₀Verifying a device certificate Cert of a first DC_DCkThen according to the third random number r_kAnd temporary public key ePK_kFor the signature value Sig_kAnd (6) carrying out verification. If the verification fails, the key updating process is stopped, and if the verification succeeds, the first VIU performs verification according to the second random number nonce, the temporary common public key ePK and the device private key sk of the first VIU_VIUj0Calculating a digital signature value Sig₀The calculation process is Sig₀＝Sign(nonce||ePK,sk_VIUj0) Then, S4035 is executed.

S4035, the first VIU sends the second random number nonce, the temporary common public key ePK and the digital signature value Sig₀And a device certificate Cert of the first VIU_VIUj0To the first DC.

S4036, firstA DC receives the second random number nonce, the temporary common public key ePK, the digital signature value Sig₀And a device certificate Cert of the first VIU_VIUj0Then, according to a root certificate Cert preset by the first DC₀Verifying a device certificate Cert of a first VIU_VIUj0Then the digital signature value Sig according to the second random number nonce and the provisional common public key ePK₀And (6) carrying out verification. If the verification fails, stopping the key updating process; if the verification is successful, the first DC is based on temporary private key eSK_kComputing a communication Key with temporary common public Key ePK_VDkThe calculation process is based on the temporary public key ePK and the temporary private key eSK_kCarrying out Hash operation to obtain a communication Key Key_VDk＝HASH(eSK_kePK), communication Key_VDkFor secure communication between the first DC and the respective VIU, wherein the HASH is a HASH operation.

S4037, the first VIU sends the second random number nonce, the temporary common public key ePK and the digital signature value Sig₀And a device certificate Cert of the first VIU_VIUj0Then, according to the third random number r_kTemporary public key ePK_kAnd temporary shared secret Key_VIUCalculating a first check value MAC_kIn particular according to a third random number r_kTemporary public key ePK_kAnd temporary shared secret Key_VIUCarrying out Hash operation to obtain a first check value MAC_k＝HASH(r_k||ePK_k||Key_VIU)。

S4038, first VIU sends third random number r_kTemporary public key ePK_kAnd a first check value MAC_kTo other VIUs.

S4039, other VIUs receive the third random number r_kTemporary public key ePK_kAnd a first check value MAC_kThen, according to the third random number r_kTemporary public key ePK_kAnd temporary shared secret Key_VIUPerforming a HASH operation to obtain a second check value MAC ═ HASH (r)_k||ePK_k||Key_VIU) And combining MAC' and MAC_kThe values are compared. If the comparison fails, stopping the key updating process; if the comparison is successful, i.e. the first check value is the same as the second check value, thenOther VIUs are based on temporary public key ePK_kPerforming hash operation on the temporary common private Key eSK to obtain a communication Key Key_VDk＝HASH(ePK_keSK), communication Key_VDkFor secure communication between the first DC and the respective VIU. While other VIUs are based on a third random number r_kCalculating random number Seed by the second random number nonce and the functional domain identifier DID_kDThe calculation process is Seed_kD＝HASH(r_kA DID), wherein the DID is a function domain identifier, and the DID is used to identify different function domains (e.g., a power domain, a chassis domain, a vehicle body domain, etc.). Seed_kDFor key distribution between the VIU and the ECU.

S4040, the first VIU sends the third random number r_kTemporary public key ePK_kAnd check value MAC_kThen, according to the temporary public key ePK_kPerforming hash operation on the temporary common private Key eSK to obtain a communication Key Key_VDk＝HASH(ePK_keSK) and according to the third random number r_kCalculating Seed by using the second random number nonce and the domain identifier DID_kDThe calculation process is Seed_kD＝HASH(r_k||nonce||DID)。

S404, the first VIU and the first ECU carry out authentication and generate a communication encryption key EK and a communication authentication key AK.

Where the first ECU is an ECU within the first VIU management area, it will be appreciated that the number of first ECUs is at least one.

Specifically, S404 may include:

s4041, the first ECU generates a fourth random number R_iAnd a fourth random number R_iAnd an identification ID of the first ECU_iTo a first VIU directly connected to the first ECU.

S4042, the first VIU identifies ID according to the first VIU_VIUjID of the first ECU_iA fourth random number R_iRandom Seed_kDAnd authentication key K preset by first VIU_iCalculating a third check value MAC1, specifically, performing a HASH operation to obtain MAC1 ═ HASH (ID)_i||ID_VIUj||R_i||Seed_kD||K_i) And of the first VIUIdentification ID_VIUjRandom Seed_kDAnd the third check value MAC1 to the first ECU.

S4043, the first ECU receives the ID of the first VIU_VIUjRandom Seed_kDAfter the checksum value MAC1 is added, the ID of the first VIU is determined_VIUjID of the first ECU_iA fourth random number R_iRandom Seed_kDAnd an authentication key K preset by the first ECU_iCalculating a check value MAC 1', specifically, obtaining MAC1 ═ HASH (ID) by HASH operation_i||ID_VIUj||R_i||Seed_kD||K_i) And MAC1 and MAC 1' are aligned. If the comparison fails, stopping the key updating process; if the comparison is successful, the first ECU according to a long-term shared key GK and a random number Seed preset in the first ECU_kDCalculating to obtain a communication encryption key EK and a communication authentication key AK through a key derivation function KDF, specifically (EK | | AK) ═ KDF (Seed)_kDGK). Next, a first message authentication code MAC2 and a second message authentication code MAC3 are calculated, MAC2 ═ HASH (ID)_i||Seed_kD||K_i)，MAC3＝HASH(ID_iEK AK) and sends the first message authentication code MAC2 and the second message authentication code MAC3 to the first VIU.

S4044, after receiving the first message authentication code MAC2 and the second message authentication code MAC3, the first VIU sends a message to the second VIU according to the long-term shared key GK and the random number Seed preset in the first VIU_kDCalculating to obtain a communication encryption key EK and a communication authentication key AK through a key derivation function KDF, specifically (EK | | AK) ═ KDF (Seed)_kD,GK)。

S4045, and then calculates a third message authentication code MAC2 ═ HASH (ID)_i||Seed_kD||K_i) And a fourth message authentication code MAC3 ═ HASH (ID)_iIi, EK AK), comparing MAC2 'and MAC 3' with MAC2 and MAC3, respectively, if a pair of MAC2 'and MAC2 and a pair of MAC 3' and MAC3 are different, failing to compare, and stopping the key updating process; if MAC2 'is identical to MAC2 and MAC 3' is identical to MAC3, the comparison is successful.

S405, the first VIU assists the first DC to generate a consistent communication encryption key EK and a consistent communication authentication key AK, and communication key consistency verification is completed.

Specifically, S405 may include:

s4051, the first VIU identifies the first ECU_iA second message authentication code MAC3 and an encrypted ciphertext Enc (EK AK, Key)_VDk) To the first DC.

S4052, the first DC calculates MAC3 ═ HASH (ID)_i||EK_i||AK_i) And MAC 3' is compared to MAC 3. If the comparison fails, the key updating process is stopped. If the comparison is successful, the whole key updating process is completed.

Fig. 6 is a schematic structural diagram of an embodiment of a key agreement device provided in the present application, and as shown in fig. 6, the device of the present embodiment may include: a determination module 11, a first authentication negotiation module 12, a second authentication negotiation module 13, and a transmission module 14, wherein,

the determining module 11 is configured to determine a second random number, a temporary shared key, and a temporary common private key according to a first random number after negotiating with another VIU in the in-vehicle electronic control system to obtain a common first random number, and generate a temporary common public key according to the temporary common private key;

the first authentication negotiation module 12 is configured to authenticate and negotiate a communication key and a random number seed with a first domain control unit DC according to a second random number, a temporary common public key, and an equipment private key preset by a first VIU, where the first DC is one DC in an in-vehicle electronic control system;

the second authentication negotiation module 13 is configured to authenticate and negotiate a communication encryption key and a communication authentication key with the first electronic control unit ECU according to the random number seed and an authentication key preset by the first VIU;

the transmission module 14, after determining that the authentication with the first ECU is successful, transmits the communication encryption key and the communication authentication key to the first DC after encrypting with the communication key.

The apparatus of this embodiment may be configured to implement the technical solutions of the above method embodiments, and the implementation principles and technical effects are similar, which are not described herein again.

Fig. 7 is a schematic structural diagram of an embodiment of a key agreement device provided in the present application, and as shown in fig. 7, on the basis of the device shown in fig. 6, further, in the device of the present embodiment, the first authentication negotiation module 12 may include: a receiving unit 121, a verification unit 122, a calculation unit 123, a sending unit 124 and a determination unit 125, wherein,

the receiving unit 121 is configured to receive the third random number, the temporary public key, and the signature value sent by the first DC;

the verification unit 122 is configured to verify the signature value according to the device public key of the first DC, the third random number, and the temporary public key;

the calculating unit 123 is configured to calculate a digital signature value according to the second random number, the temporary common public key, and the device private key of the first VIU after the signature value passes verification;

the sending unit 124 is configured to send the second random number, the temporary common public key, and the digital signature value to the first DC, where the first DC verifies the digital signature value according to the second random number, the temporary common public key, and the device public key of the first VIU, and determines a communication key according to the temporary private key and the temporary common public key after successful verification;

the determining unit 125 is configured to determine the communication key according to the temporary public key and the temporary common private key, and determine the random number seed according to the third random number and the second random number, or determine the random number seed according to the third random number, the second random number, and the functional domain identifier of the first VIU.

Further, the calculating unit 123 is further configured to: after the transmitting unit 124 transmits the second random number, the temporary common public key, and the digital signature value to the first DC, a first check value is calculated from the third random number, the temporary public key, and the temporary shared key;

the sending unit 124 is further configured to: and sending the third random number, the temporary public key and the first check value to other VIUs in the in-vehicle electronic control system, wherein the other VIUs are used for calculating a second check value according to the third random number, the temporary public key and the temporary shared key, determining a communication key according to the temporary public key and the temporary common private key when the first check value is confirmed to be the same as the second check value, and determining the random number seed according to the third random number and the second random number or determining the random number seed according to the third random number, the second random number and the functional domain identification of other VIUs.

The apparatus of this embodiment may be configured to implement the technical solutions of the above method embodiments, and the implementation principles and technical effects are similar, which are not described herein again.

Fig. 8 is a schematic structural diagram of an embodiment of a key agreement device provided in the present application, as shown in fig. 8, on the basis of the devices shown in fig. 6-7, the present embodiment takes the basis of the device shown in fig. 6 as an example, and further, the second authentication negotiation module 13 in the device of the present embodiment may include: a receiving unit 131 and an authentication negotiation unit 132, wherein,

the receiving unit 131 is configured to receive a fourth random number sent by the first ECU;

the authentication negotiation unit 132 is configured to authenticate and negotiate a communication encryption key and a communication authentication key with the first ECU according to the fourth random number, the random number seed, and an authentication key preset by the first VIU.

Further, the authentication negotiation unit 132 is configured to:

calculating a third check value according to the fourth random number, the random number seed and an authentication key preset by the first VIU;

sending the random number seed and the third check value to the first ECU for the first ECU to authenticate the third check value;

receiving a first message authentication code and a second message authentication code which are sent after the first ECU authenticates the third check value, wherein the first message authentication code is obtained by the first ECU through calculation according to the random number seed and an authentication key preset by the first ECU, and the second message authentication code is obtained by the first ECU through calculation according to a communication encryption key and a communication authentication key;

determining a communication encryption key and a communication authentication key according to a long-term shared key and a random number seed preset by a first VIU;

and authenticating the first message authentication code and the second message authentication code.

Further, the authentication negotiation unit 132 is configured to: calculating a third message authentication code according to the random number seed and an authentication key preset by the first VIU, and calculating a fourth message authentication code according to the communication encryption key and the communication authentication key;

comparing the first message authentication code with the third message authentication code, and comparing the second message authentication code with the fourth message authentication code;

the second authentication negotiation module 13 is configured to:

and if the first message authentication code is the same as the third message authentication code and the second message authentication code is the same as the fourth message authentication code, determining that the first ECU is successfully authenticated.

Further, the sending module 15 is configured to:

encrypting the communication encryption key and the communication authentication key through the communication key to obtain an encrypted ciphertext;

the second message authentication code and the encrypted ciphertext are sent to the first DC.

The apparatus of this embodiment may be configured to implement the technical solutions of the above method embodiments, and the implementation principles and technical effects are similar, which are not described herein again.

Fig. 9 is a schematic structural diagram of an embodiment of a key agreement device provided in this application, and as shown in fig. 9, the device of this embodiment may include: a generating module 21, an authentication negotiation module 22 and a receiving module 23, wherein,

the generating module 21 is configured to generate a temporary private key and a third random number, and generate a corresponding temporary public key according to the temporary private key, where the first DC is a DC in the in-vehicle electronic control system;

the authentication negotiation module 22 is configured to authenticate and negotiate a communication key with the first vehicle integrated unit VIU according to the temporary public key, the third random number, and a device private key preset by the first DC;

the receiving module 23 is configured to receive a communication encryption key and a communication authentication key, which are sent by the first VIU and encrypted by the communication key, where the communication encryption key and the communication authentication key are obtained by the first VIU performing authentication and negotiation with the first ECU according to the random number seed and an authentication key preset by the first VIU.

The apparatus of this embodiment may be configured to implement the technical solutions of the above method embodiments, and the implementation principles and technical effects are similar, which are not described herein again.

Fig. 10 is a schematic structural diagram of an embodiment of a key agreement device provided in the present application, and as shown in fig. 10, on the basis of the device shown in fig. 9, further, the authentication negotiation module 22 in the device of the present embodiment may include: a digital signature unit 221, a transmission unit 222, a reception unit 223, a verification unit 224, and a determination unit 225, wherein,

the digital signature unit 221 is configured to digitally sign the temporary public key and the third random number using an equipment private key preset by the first DC, so as to obtain a signature value;

the sending unit 222 is configured to send the temporary public key, the third random number, and the signature value to the first VIU;

the receiving unit 223 is configured to receive a second random number, a temporary common public key, and a digital signature value sent by the first VIU, where the digital signature value is calculated by the first VIU according to the second random number, the temporary common public key, and an equipment private key preset by the first VIU, the second random number is determined by the first VIU according to the first random number, and the first random number is a common random number negotiated by the first VIU and another VIU in the in-vehicle electronic control system;

the verification unit 224 is configured to verify the digital signature value according to the second random number, the temporary common public key, and the device public key of the first VIU;

the determining unit 225 is configured to determine the communication key according to the temporary private key and the temporary common public key after the verification unit passes the verification of the digital signature value.

The apparatus of this embodiment may be configured to implement the technical solutions of the above method embodiments, and the implementation principles and technical effects are similar, which are not described herein again.

Fig. 11 is a schematic diagram of a key agreement device 100 provided in the present application, where the key agreement device includes:

a memory 101 and a processor 102;

a memory 101 for storing a computer program;

a processor 102, configured to execute the computer program stored in the memory to implement the key agreement method in the foregoing embodiments. Reference may be made in particular to the description relating to the method embodiments described above.

Alternatively, the memory 101 may be separate or integrated with the processor 102.

When the memory 101 is a device independent of the processor 102, the key agreement apparatus 100 may further include:

a bus 103 for connecting the memory 101 and the processor 102.

Optionally, this embodiment further includes: a communication interface 104, the communication interface 104 being connectable to the processor 102 via a bus 103. The processor 102 may control the communication interface 103 to implement the above-described acquired function of the key agreement device 100.

The apparatus may be configured to perform the various steps and/or flows of the above-described method embodiments.

The present application further provides a readable storage medium, in which an execution instruction is stored, and when the execution instruction is executed by at least one processor of the key agreement apparatus, the key agreement apparatus executes the key agreement method provided in the above-mentioned various embodiments.

The present application also provides a program product comprising execution instructions stored in a readable storage medium. The at least one processor of the key agreement device may read the executable instructions from the readable storage medium, and the execution of the executable instructions by the at least one processor causes the key agreement device to implement the key agreement methods provided by the various embodiments described above.

Those of ordinary skill in the art will understand that: in the above embodiments, the implementation may be wholly or partially realized by software, hardware, firmware, or any combination thereof. When implemented in software, may be implemented in whole or in part in the form of a computer program product. The computer program product includes one or more computer instructions. The procedures or functions according to the embodiments of the invention are brought about in whole or in part when the computer program instructions are loaded and executed on a computer. The computer may be a general purpose computer, a special purpose computer, a network of computers, or other programmable device. The computer instructions may be stored in a computer readable storage medium or transmitted from one computer readable storage medium to another, for example, the computer instructions may be transmitted from one website, computer, server, or data center to another website, computer, server, or data center by wire (e.g., coaxial cable, fiber optic, Digital Subscriber Line (DSL)) or wirelessly (e.g., infrared, wireless, microwave, etc.). The computer-readable storage medium can be any available medium that can be accessed by a computer or a data storage device, such as a server, a data center, etc., that incorporates one or more of the available media. The usable medium may be a magnetic medium (e.g., floppy Disk, hard Disk, magnetic tape), an optical medium (e.g., DVD), or a semiconductor medium (e.g., Solid State Disk (SSD)), among others.

Claims (20)

1. A method of key agreement, comprising:

after a first vehicle integrated unit VIU negotiates a common first random number with other VIUs in a vehicle electronic control system, determining a second random number, a temporary shared key and a temporary common private key according to the first random number, and generating a temporary common public key according to the temporary common private key;

the first VIU authenticates and negotiates a communication key and a random number seed with a first domain control unit DC according to the second random number, the temporary common public key and an equipment private key preset by the first VIU, wherein the first DC is one of the in-vehicle electronic control systems;

the first VIU authenticates with a first Electronic Control Unit (ECU) and negotiates a communication encryption key and a communication authentication key according to the random number seed and an authentication key preset by the first VIU;

and after the first VIU determines that the first ECU is successfully authenticated, the first VIU transmits the communication encryption key and the communication authentication key to the first DC after encrypting the communication encryption key and the communication authentication key through the communication key.

2. The method of claim 1, wherein the first VIU authenticating and negotiating a communication key and a nonce seed with a first domain control unit DC according to the second nonce, the temporary common public key, and a device private key preset by the first VIU comprises:

the first VIU receives a third random number, a temporary public key and a signature value sent by the first DC;

the first VIU verifies the signature value according to the equipment public key, the third random number and the temporary public key of the first DC;

after the first VIU verifies the signature value, calculating a digital signature value according to the second random number, the temporary common public key and an equipment private key of the first VIU;

the first VIU sends the second random number, the temporary common public key and the digital signature value to the first DC, the first DC verifies the digital signature value according to the second random number, the temporary common public key and the device public key of the first VIU, and the communication key is determined according to the temporary private key and the temporary common public key after verification is successful;

and the first VIU determines the communication key according to the temporary public key and the temporary common private key, and determines the random number seed according to the third random number and the second random number, or determines the random number seed according to the third random number, the second random number and the function domain identifier of the first VIU.

3. The method of claim 2, wherein after the first VIU sends the second random number, the temporary common public key, the digitally signed value, and a device certificate preset by the first VIU to the first DC, the method further comprises:

the first VIU calculates a first check value according to the third random number, the temporary public key and the temporary shared key;

and the first VIU sends the third random number, the temporary public key and the first check value to other VIUs in the in-vehicle electronic control system, so that the other VIUs can calculate a second check value according to the third random number, the temporary public key and the temporary shared key, determine the communication key according to the temporary public key and the temporary public private key when confirming that the first check value is the same as the second check value, determine the random number seed according to the third random number and the second random number, or determine the random number seed according to the third random number, the second random number and the functional domain identifiers of the other VIUs.

4. The method according to any of claims 1-3, wherein the first VIU authenticates and negotiates a communication encryption key and a communication authentication key with the first ECU based on the random number seed and an authentication key preset by the first VIU, comprising:

the first VIU receives a fourth random number sent by the first ECU;

and the first VIU authenticates and negotiates a communication encryption key and a communication authentication key with the first ECU according to the fourth random number, the random number seed and an authentication key preset by the first VIU.

5. The method of claim 4, wherein the first VIU authenticating and negotiating with the first ECU a communication encryption key and a communication authentication key based on the fourth random number, the random number seed, and an authentication key preset by the first VIU comprises:

the first VIU calculates a third check value according to the fourth random number, the random number seed and an authentication key preset by the first VIU;

the first VIU sends the random number seed and the third check value to the first ECU, and the first ECU is used for authenticating the third check value;

the first VIU receives a first message authentication code and a second message authentication code which are sent after the first ECU authenticates the third check value, wherein the first message authentication code is obtained by the first ECU through calculation according to the random number seed and an authentication key preset by the first ECU, and the second message authentication code is obtained by the first ECU through calculation according to the communication encryption key and the communication authentication key;

the first VIU determines the communication encryption key and the communication authentication key according to a long-term shared key and a random number seed preset by the first VIU;

the first VIU authenticates the first message authentication code and the second message authentication code.

6. The method of claim 5, wherein authenticating the first and second message authentication codes by the first VIU comprises:

the first VIU calculates a third message authentication code according to the random number seed and an authentication key preset by the first VIU, and calculates a fourth message authentication code according to the communication encryption key and the communication authentication key;

the first VIU compares the first message authentication code with the third message authentication code, and compares the second message authentication code with the fourth message authentication code;

the first VIU determining that authentication with the first ECU is successful includes:

and if the first message authentication code is the same as the third message authentication code and the second message authentication code is the same as the fourth message authentication code, the first VIU determines that the first ECU is successfully authenticated.

7. The method of claim 6, wherein the sending the traffic encryption key and the traffic authentication key to the first DC after encrypting with the traffic key comprises:

the first VIU encrypts the communication encryption key and the communication authentication key through the communication key to obtain an encrypted ciphertext;

the first VIU sends the second message authentication code and the encrypted ciphertext to the first DC.

8. A method of key agreement, comprising:

a first domain control unit DC generates a temporary private key and a third random number, and generates a corresponding temporary public key according to the temporary private key, wherein the first DC is one DC in an in-vehicle electronic control system;

the first DC authenticates the first vehicle integrated unit VIU and negotiates a communication key according to the temporary public key, the third random number and a device private key preset by the first DC;

and the first DC receives a communication encryption key and a communication authentication key which are sent by the first VIU and encrypted by the communication key, wherein the communication encryption key and the communication authentication key are obtained by the first VIU through authentication and negotiation with the first ECU according to the random number seed and an authentication key preset by the first VIU.

9. The method of claim 8, wherein the first DC authenticates and negotiates a communication key with a first vehicle integrated unit, VIU, according to the temporary public key, the third random number, and a device private key preset by the first DC, comprising:

the first DC carries out digital signature on the temporary public key and the third random number by using an equipment private key preset by the first DC to obtain a signature value;

the first DC sending the temporary public key, the third random number, and the signature value to a first VIU;

the first DC receives a second random number, a temporary common public key and a digital signature value sent by the first VIU, wherein the digital signature value is obtained by the first VIU through calculation according to the second random number, the temporary common public key and a preset device private key of the first VIU, the second random number is determined by the first VIU according to a first random number, and the first random number is a common random number negotiated by the first VIU and other VIUs in an in-vehicle electronic control system;

the first DC verifies the digital signature value according to the second random number, the temporary common public key and the device public key of the first VIU;

and after the first DC passes the verification of the digital signature value, determining the communication key according to the temporary private key and the temporary common public key.

10. A key agreement apparatus, comprising:

the determining module is used for determining a second random number, a temporary shared key and a temporary common private key according to the first random number after negotiating a common first random number with other VIUs in the in-vehicle electronic control system, and generating a temporary common public key according to the temporary common private key;

the first authentication negotiation module is used for authenticating and negotiating a communication key and a random number seed with a first domain control unit DC according to the second random number, the temporary common public key and an equipment private key preset by a first VIU, wherein the first DC is one DC in the in-vehicle electronic control system;

the second authentication negotiation module is used for authenticating with the first electronic control unit ECU and negotiating a communication encryption key and a communication authentication key according to the random number seed and the authentication key preset by the first VIU;

and the sending module is used for sending the communication encryption key and the communication authentication key to the first DC after encrypting the communication encryption key and the communication authentication key through the communication key after determining that the authentication with the first ECU is successful.

11. The apparatus of claim 10, wherein the first authentication negotiation module comprises:

a receiving unit, configured to receive a third random number, a temporary public key, and a signature value sent by the first DC;

a verification unit, configured to verify the signature value according to a device public key of the first DC, the third random number, and the temporary public key;

a computing unit, configured to compute a digital signature value according to the second random number, the temporary common public key, and an equipment private key of the first VIU after the signature value is verified;

a sending unit, configured to send the second random number, the temporary common public key, and the digital signature value to the first DC, where the first DC verifies the digital signature value according to the second random number, the temporary common public key, and an equipment public key of the first VIU, and determines the communication key according to the temporary private key and the temporary common public key after successful verification;

a determining unit, configured to determine the communication key according to the temporary public key and the temporary common private key, and determine the random number seed according to the third random number and the second random number, or determine the random number seed according to the third random number, the second random number, and a function domain identifier of the first VIU.

12. The apparatus of claim 11,

the computing unit is further to: calculating a first check value from the third random number, the temporary public key, and the temporary shared key after the transmitting unit transmits the second random number, the temporary public key, and the digital signature value to the first DC;

the sending unit is further configured to: and sending the third random number, the temporary public key and the first check value to other VIUs in the in-vehicle electronic control system, wherein the other VIUs are used for calculating a second check value according to the third random number, the temporary public key and the temporary shared key, determining the communication key according to the temporary public key and the temporary common private key when the first check value is confirmed to be the same as the second check value, determining the random number seed according to the third random number and the second random number, or determining the random number seed according to the third random number, the second random number and the functional domain identification of the other VIUs.

13. The apparatus according to any of claims 10-12, wherein the second authentication negotiation module comprises:

a receiving unit, configured to receive a fourth random number sent by the first ECU;

and the authentication negotiation unit is used for authenticating and negotiating a communication encryption key and a communication authentication key with the first ECU according to the fourth random number, the random number seed and an authentication key preset by the first VIU.

14. The apparatus of claim 13, wherein the authentication negotiation unit is configured to:

calculating a third check value according to the fourth random number, the random number seed and an authentication key preset by the first VIU;

sending the random number seed and the third check value to the first ECU, so that the first ECU can authenticate the third check value;

receiving a first message authentication code and a second message authentication code which are sent after the first ECU authenticates the third check value, wherein the first message authentication code is obtained by the first ECU through calculation according to the random number seed and an authentication key preset by the first ECU, and the second message authentication code is obtained by the first ECU through calculation according to the communication encryption key and the communication authentication key;

determining the communication encryption key and the communication authentication key according to a long-term shared key and a random number seed preset by the first VIU;

and authenticating the first message authentication code and the second message authentication code.

15. The apparatus of claim 14, wherein the authentication negotiation unit is configured to:

calculating a third message authentication code according to the random number seed and an authentication key preset by the first VIU, and calculating a fourth message authentication code according to the communication encryption key and the communication authentication key;

comparing the first message authentication code with the third message authentication code, and comparing the second message authentication code with the fourth message authentication code;

the second authentication negotiation module is configured to:

and if the first message authentication code is the same as the third message authentication code and the second message authentication code is the same as the fourth message authentication code, determining that the first ECU is successfully authenticated.

16. The apparatus of claim 10, wherein the sending module is configured to:

encrypting the communication encryption key and the communication authentication key through the communication key to obtain an encrypted ciphertext;

sending the second message authentication code and the encrypted ciphertext to the first DC.

17. A key agreement apparatus, comprising:

the generating module is used for generating a temporary private key and a third random number and generating a corresponding temporary public key according to the temporary private key, wherein the first DC is one DC in an in-vehicle electronic control system;

the authentication negotiation module is used for authenticating with a first Vehicle Integrated Unit (VIU) and negotiating a communication key according to the temporary public key, the third random number and a device private key preset by the first DC;

and the receiving module is used for receiving a communication encryption key and a communication authentication key which are sent by the first VIU and encrypted by the communication key, wherein the communication encryption key and the communication authentication key are obtained by the first VIU through authentication and negotiation with the first ECU according to the random number seed and an authentication key preset by the first VIU.

18. The apparatus of claim 17, wherein the authentication negotiation module comprises:

the digital signature unit is used for digitally signing the temporary public key and the third random number by using a device private key preset by the first DC to obtain a signature value;

a sending unit, configured to send the temporary public key, the third random number, and the signature value to a first VIU;

a receiving unit, configured to receive a second random number, a temporary common public key, and a digital signature value sent by the first VIU, where the digital signature value is obtained by the first VIU through calculation according to the second random number, the temporary common public key, and an equipment private key preset by the first VIU, the second random number is determined by the first VIU according to a first random number, and the first random number is a common random number negotiated by the first VIU and another VIU in an in-vehicle electronic control system;

a verification unit, configured to verify the digital signature value according to the second random number, the temporary common public key, and the device public key of the first VIU;

and the determining unit is used for determining the communication key according to the temporary private key and the temporary common public key after the verification unit passes the verification of the digital signature value.

19. A key agreement apparatus, comprising:

a memory for storing program instructions;

a processor for performing the key agreement method of any one of claims 1-7 or 8-9 when the program instructions in the memory are invoked and executed.

20. A readable storage medium having stored thereon execution instructions, which when executed by at least one processor of a key agreement device, cause the key agreement device to perform a key agreement method according to any one of claims 1-7 or 8-9.

Images