CN112653548B - Key processing method, gateway, electric detection equipment, diagnostic instrument and electronic control unit - Google Patents
Key processing method, gateway, electric detection equipment, diagnostic instrument and electronic control unit Download PDFInfo
- Publication number
- CN112653548B CN112653548B CN201910955409.1A CN201910955409A CN112653548B CN 112653548 B CN112653548 B CN 112653548B CN 201910955409 A CN201910955409 A CN 201910955409A CN 112653548 B CN112653548 B CN 112653548B
- Authority
- CN
- China
- Prior art keywords
- key
- gateway
- electronic control
- learning
- control unit
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0819—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0819—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
- H04L9/0822—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using key encryption key
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
- H04L9/0869—Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0894—Escrow, recovery or storing of secret information, e.g. secret key escrow or cryptographic key storage
- H04L9/0897—Escrow, recovery or storing of secret information, e.g. secret key escrow or cryptographic key storage involving additional devices, e.g. trusted platform module [TPM], smartcard or USB
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Selective Calling Equipment (AREA)
Abstract
The invention provides a key processing method, a gateway, an electric detection device, a diagnostic apparatus and an electronic control unit, which relate to the technical field of information security, and the method comprises the following steps: receiving a key learning process starting instruction, and feeding back a first process response; if the key-on learning process instruction is an off-line key-on learning process instruction, entering an off-line key learning process; and if the key learning process starting instruction is an after-sale key learning process starting instruction, entering an after-sale key learning process. The scheme of the invention improves the efficiency of off-line key learning, simplifies the flow of after-sale key learning and reduces the possibility of key leakage.
Description
Technical Field
The invention relates to the technical field of information security, in particular to a secret key processing method, a gateway, an electric detection device, a diagnostic apparatus and an electronic control unit.
Background
Among the prior art, in order to prevent that the vehicle is stolen, all have power theftproof function on each vehicle, promptly: the identity of the three electronic control units can be identified through the authentication functions of the vehicle controller, the keyless entry, namely the authentication between the one-key starting controller and the electronic steering column lock controller, so that whether each electronic control unit is a legal electronic control unit approved by each host factory or not is judged.
At present, when the vehicle-mounted power anti-theft device is off line, a vehicle identification code is mainly scanned through an electric detection device, the key is generated and then written into an electronic control unit in a certain sequence, when the device is changed after sale, the electronic control unit in a learned state is inquired through a diagnostic instrument trigger command, and the key stored in the electronic control unit in the learned state is distributed to the electronic control unit in an unlearned state according to a learning and checking truth table.
By adopting the conventional key processing method, the vehicle identification codes need to be manually scanned during offline, and all electronic control units learn in sequence, so that the offline key learning time is longer, the offline production speed is influenced, and in addition, the keys are not safely stored after the key learning, so that the keys are easy to leak; during after-sales key learning, along with the development of automobile intellectualization and automation, more and more electronic control units need to be authenticated, and since the key learning needs to be mutually shared among the electronic control units at present, a complex key sharing truth table and a checking truth table are easily caused.
Disclosure of Invention
The invention aims to provide a key processing method, a gateway, an electric detection device, a diagnostic instrument and an electronic control unit, so that the problems that the key on-line of a vehicle is long in learning time, the key sharing process after sale is complex and the key is easy to leak in the prior art are solved.
In order to achieve the above object, the present invention provides a key processing method applied to a gateway, including:
receiving a key learning process starting instruction, and feeding back a first process response;
if the key-on learning process instruction is an off-line key-on learning process instruction, entering an off-line key learning process;
and entering an after-sale key learning process if the key learning process starting instruction is an after-sale key learning process starting instruction.
Wherein, the offline key learning process comprises:
after receiving an offline key learning triggering instruction sent by the electric examination equipment, feeding back a first process result response, generating a key, and storing the key in a hardware encryption chip of the gateway;
broadcasting and sending the key to each electronic control unit;
and verifying and authenticating with each electronic control unit according to a pre-stored first key verification sequence table.
The step of carrying out verification and authentication with each electronic control unit according to a pre-stored first key verification sequence table comprises the following steps:
generating a random number at intervals of a first preset time length, encrypting the random number and generating a check value;
sending the random number and the check value to a first unlearned electronic control unit in the first key check order table;
if the comparison result and the learning state fed back by the first unlearned electronic control unit are received, or if the comparison result and the learning state fed back by the first unlearned electronic control unit are not received within a second preset time length after the random number and the check value are sent, recording that the learning state of the first unlearned electronic control unit is unlearned, returning to the interval of the first preset time length to generate the random number, encrypting the random number and generating the check value;
receiving an instruction which is sent by the electric detection equipment and requests the learning state of each electronic control unit, and feeding back the learning state of each electronic control unit;
and receiving an offline learning flow ending instruction sent by the electric detection equipment and feeding back a second process response.
Wherein, after the step of feeding back the learning state of each electronic control unit, the method further comprises:
and if an offline key learning triggering instruction sent by the electric inspection equipment is received, broadcasting and sending the key to each electronic control unit, returning to the interval of the first preset time length, generating a random number, encrypting the random number and generating a check value.
Wherein, the after-sale key learning process comprises:
receiving an instruction for inquiring the learning state of each electronic control unit sent by the diagnostic instrument, and feeding back a result response of the second process;
according to a second key check sequence table stored in advance, sending an instruction for requesting the learning state of the electronic control units to the electronic control units at intervals of a third preset time length, and receiving the learning state fed back by the electronic control units;
after receiving an instruction which is sent by the diagnostic instrument and requests the learning state of each electronic control unit, feeding back the learning state of the gateway and the learning state of each electronic control unit;
after receiving the temporary secret key sent by the diagnostic instrument and the instruction for triggering the gateway secret key distribution, feeding back a third process response, and entering an after-sale secret key learning process of the electronic control unit.
Wherein, the process of the key learning after the sale of the electronic control unit comprises the following steps:
sending the temporary key to a second unlearned electronic control unit in the second key check sequence table;
encrypting the key stored by the gateway by using the temporary key to generate an encrypted ciphertext;
sending the key and the encrypted ciphertext to the second unlearned electronic control unit;
after a fourth preset time length of the secret key and the encrypted ciphertext is sent, a random number is generated, the random number is encrypted, a check value is generated, and the random number and the check value are sent to the second unlearned electronic control unit;
judging whether a comparison result and a learning state fed back by the electronic control unit are received within a fifth preset time after the random number and the check value are sent, if so, recording the received comparison result and the learning state, and if not, recording the learning state of the electronic control unit as not-learned;
if an instruction which is sent by the diagnostic instrument and requests the electronic control unit to learn the state is received, feeding back the learning state of the second unlearned electronic control unit;
and feeding back a fourth process response if an after-sales learning flow finishing instruction sent by the diagnostic instrument is received.
Wherein after the step of feeding back the learning state of the gateway and the learning states of the electronic control units, the method further comprises:
after receiving a second temporary key and a command for triggering gateway key learning, which are sent by the diagnostic instrument, feeding back a fifth process response;
sending the second temporary key and a key learning request to a first learned electronic control unit in the second key check sequence table, and receiving an encrypted key fed back by the first learned electronic control unit;
decrypting the encrypted key by using the second temporary key to obtain a key and storing the key in a hardware encryption chip;
after receiving the sixth preset time length of the encrypted secret key, generating a random number, encrypting the random number by using the secret key, and generating a check value;
sending the random number and the check value to the first learned electronic control unit, and receiving a comparison result fed back by the first learned electronic control unit;
if the comparison result is consistent, recording the learning state of the gateway as learned; if the comparison result is inconsistent, or the comparison result is not received within a seventh preset time period, recording the learning state of the gateway as not-learned;
and after receiving an instruction which is sent by the diagnostic instrument and requests the learning state of the gateway, feeding back the learning state of the gateway.
The embodiment of the invention also provides a secret key processing method, which is applied to the electric detection equipment and comprises the following steps:
sending an instruction for starting an offline key learning process to a gateway;
after receiving a process response sent by the gateway, sending an offline key learning triggering instruction to the gateway, and receiving a process result response sent by the gateway;
after a first preset time length of an offline key learning triggering instruction is sent, a learning state instruction requesting each electronic control unit is sent to the gateway;
receiving the learning state of each electronic control unit sent by the gateway, and returning to the step of sending an offline key learning trigger instruction to the gateway if the learning state of at least one electronic control unit is not learned; otherwise, sending an instruction for finishing off-line key learning process to the gateway.
The embodiment of the invention also discloses a key processing method applied to a diagnostic apparatus, which comprises the following steps:
sending an instruction for starting an after-sale key learning process to a gateway;
after receiving a first process response sent by the gateway, sending a learning state instruction for inquiring each electronic control unit;
after a first preset time length for inquiring the learning state instruction of each electronic control unit is sent, sending the learning state instruction for requesting each electronic control unit to the gateway;
receiving the learning state of each electronic control unit and the learning state of the gateway sent by the gateway;
if the learning state of the gateway is not learned, entering an after-sale key learning process of the gateway; and if the learning state of the gateway is learned, entering an after-sale key learning process of the electronic control unit.
Wherein, the gateway after-sale key learning process comprises:
sending a first security access instruction to a first learned electronic control unit in a pre-stored key verification sequence table, and receiving an access result fed back by the first learned electronic control unit;
if the access result is that the access is passed, sending a temporary key and a command for triggering gateway key learning to the gateway;
after the second preset time length of the safety access instruction is sent, sending a learning state instruction for requesting a gateway to the gateway, and receiving a learning state fed back by the gateway;
if the learning state of the gateway is learned, entering an after-sale key learning process of the electronic control unit; and if the learning state of the gateway is not learned, stopping key learning.
Wherein, the process of the key learning after the sale of the electronic control unit comprises:
sending a second security access instruction to a first unlearned electronic control unit in the key check sequence table, and receiving an access result sent by the first unlearned electronic control unit;
when the access result is access passing, sending a temporary key to the gateway and triggering a gateway key distribution instruction;
after a third preset time length of the second security access instruction is sent, sending a request to the gateway for the learning state of the first unlearned electronic control unit, and receiving the learning state fed back by the gateway;
and if the learning state is a learned state, returning to the step of sending a second security access instruction to a first unlearned electronic control unit in the key check sequence table and receiving an access result sent by the first unlearned electronic control unit, and if the learning state is an unlearned state or a feedback learning state is not received within a fourth preset time period after the instruction for requesting the learning state of the first unlearned electronic control unit is sent, stopping the after-sales key learning.
The embodiment of the invention also provides a key processing method, which is applied to an electronic control unit and comprises the following steps:
receiving a random number and a check value sent by a gateway;
encrypting the random number according to a currently stored key;
determining the current learning state according to the comparison result of the encryption result and the check value;
and feeding back the encryption result and the learning state to a gateway.
Before the step of receiving the random number and the check value sent by the gateway, the method further includes:
and receiving the key broadcast by the gateway.
Before the step of receiving the random number and the check value sent by the gateway, the method further includes:
receiving an instruction which is sent by the gateway and requests the electronic control unit to learn the state, and feeding the learning state of the electronic control unit back to the gateway;
receiving a first safety access instruction sent by a diagnostic instrument, and feeding back an access result;
receiving a temporary key sent by the gateway;
and receiving the encrypted ciphertext sent by the gateway, decrypting the encrypted ciphertext by adopting the temporary key, acquiring a key and storing the key in a hardware encryption chip.
Before the step of receiving the random number and the check value sent by the gateway, the method further includes:
receiving an instruction which is sent by the gateway and requests the electronic control unit to learn the state, and feeding the learning state of the electronic control unit back to the gateway;
receiving a second safety access instruction sent by the diagnostic instrument, and feeding back an access result;
receiving a temporary key sent by the gateway;
receiving a key learning request instruction sent by the gateway;
and encrypting the currently stored key by adopting the temporary key, and feeding back the encrypted key to the gateway.
Wherein the step of determining the current learning state according to the comparison result of the encryption result and the check value comprises:
and if the encryption result is the same as the check value, determining that the current learning state is learned, otherwise, determining that the current learning state is not learned.
An embodiment of the present invention further provides a gateway, including:
the receiving module is used for receiving a command for starting the key learning process and feeding back a first process response;
the first control module is used for entering the off-line key learning process if the key learning process starting instruction is an off-line key learning process starting instruction;
and the second control module is used for entering the after-sale key learning process if the key learning process starting instruction is an after-sale key learning process starting instruction.
Wherein the first control module comprises:
the first processing submodule is used for feeding back a first process result response after receiving an offline key learning triggering instruction sent by the electric detection equipment, generating a key and storing the key in a hardware encryption chip of the gateway;
the sending submodule is used for broadcasting and sending the key to each electronic control unit;
and the verification sub-module is used for verifying and authenticating with each electronic control unit according to a pre-stored first key verification sequence table.
Wherein, the check submodule includes:
the first processing unit is used for generating a random number at intervals of a first preset time length, encrypting the random number and generating a check value;
a first sending unit, configured to send the random number and the check value to a first unlearned electronic control unit in the first key check order table;
a second processing unit, configured to, if the comparison result and the learning state fed back by the first unlearned electronic control unit are received, or if the comparison result and the learning state fed back by the first unlearned electronic control unit are not received within a second preset time period after the random number and the check value are sent, record that the learning state of the first unlearned electronic control unit is unlearned, return to a first preset time period, generate a random number, encrypt the random number, and generate a check value;
the first transceiving unit is used for receiving an instruction which is sent by the electric detection equipment and used for requesting the learning state of each electronic control unit and feeding back the learning state of each electronic control unit;
and the second transceiving unit is used for receiving the offline learning flow ending instruction sent by the electric detection equipment and feeding back a second process response.
Wherein, the check submodule further comprises:
and the third processing unit is used for broadcasting and sending the secret key to each electronic control unit if an offline secret key learning triggering instruction sent by the electric detection equipment is received, returning to the interval of the first preset time length, generating a random number, encrypting the random number and generating a check value.
Wherein the second control module comprises:
the first transceiving sub-module is used for receiving the command for inquiring the learning state of each electronic control unit sent by the diagnostic instrument and feeding back the result response of the second process;
the second transceiving submodule is used for sending an instruction for requesting the learning state of the electronic control units to the electronic control units at intervals of a third preset time length according to a prestored second key checking sequence table and receiving the learning state fed back by the electronic control units;
the third transceiving submodule is used for feeding back the learning state of the gateway and the learning state of each electronic control unit after receiving the instruction which is sent by the diagnostic apparatus and requests the learning state of each electronic control unit;
and the fourth transceiving submodule is used for feeding back a third process response after receiving the temporary secret key sent by the diagnostic instrument and the instruction for triggering the gateway secret key distribution, and entering the process of key learning after sale of the electronic control unit.
Wherein the fourth transceiver sub-module comprises:
a second sending unit, configured to send the temporary key to a second unlearned electronic control unit in the second key check order table;
the generating unit is used for encrypting the key stored by the gateway by using the temporary key to generate an encrypted ciphertext;
a third transmitting unit configured to transmit the key and the encrypted ciphertext to the second unlearned electronic control unit;
a fourth processing unit, configured to generate a random number after sending the secret key and a fourth preset duration of the encrypted ciphertext, encrypt the random number, generate a check value, and send the random number and the check value to the second unlearned electronic control unit;
the judging unit is used for judging whether the comparison result and the learning state fed back by the electronic control unit are received within a fifth preset time length after the random number and the check value are sent, if yes, the received comparison result and the learning state are recorded, and if not, the learning state of the electronic control unit is recorded as not-learned;
a fourth sending unit, configured to feed back a learning state of the second unlearned electronic control unit if an instruction requesting the learning state of the electronic control unit is received, the instruction being sent by the diagnostic apparatus;
and the third transceiving unit is used for feeding back a fourth process response if receiving an after-sales learning flow finishing instruction sent by the diagnostic instrument.
Wherein the second control module further comprises:
the fifth transceiving submodule is used for feeding back a fifth process response after receiving the second temporary secret key sent by the diagnostic instrument and the instruction for triggering gateway secret key learning;
a sixth transceiving submodule, configured to send the second temporary key and the key learning request to the first learned electronic control unit in the second key check sequence table, and receive the encrypted key fed back by the first learned electronic control unit;
the obtaining submodule is used for decrypting the encrypted secret key by using the second temporary secret key to obtain a secret key and storing the secret key in a hardware encryption chip;
the second processing submodule is used for generating a random number after receiving the sixth preset time length of the encrypted secret key, encrypting the random number by using the secret key and generating a check value;
the seventh transceiving submodule is used for sending the random number and the check value to the first learned electronic control unit and receiving a comparison result fed back by the first learned electronic control unit;
the recording sub-module is used for recording the learning state of the gateway as learned if the comparison result is consistent; if the comparison result is inconsistent, or the comparison result is not received within a seventh preset time period, recording the learning state of the gateway as not-learned;
and the eighth transceiving submodule is used for feeding back the learning state of the gateway after receiving the command which is sent by the diagnostic instrument and requests the learning state of the gateway.
An embodiment of the present invention further provides an electrical testing apparatus, including:
the first sending module is used for sending an instruction for starting the offline key learning process to the gateway;
the receiving and sending module is used for sending an offline key learning triggering instruction to the gateway after receiving the process response sent by the gateway, and receiving the process result response sent by the gateway;
the second sending module is used for sending a learning state instruction for requesting each electronic control unit to the gateway after sending the first preset time length of the offline key learning triggering instruction;
the processing module is used for receiving the learning state of each electronic control unit sent by the gateway, and returning to the step of sending an offline key learning trigger instruction to the gateway if the learning state of at least one electronic control unit is not learned; otherwise, sending an instruction for finishing off-line key learning process to the gateway.
An embodiment of the present invention further provides a diagnostic apparatus, including:
the first sending module is used for sending an instruction for starting an after-sale key learning process to the gateway;
the first transceiver module is used for sending a learning state instruction for inquiring each electronic control unit after receiving a first process response sent by the gateway;
the second sending module is used for sending a learning state instruction for requesting each electronic control unit to the gateway after sending the first preset time for inquiring the learning state instruction of each electronic control unit;
the first receiving module is used for receiving the learning state of each electronic control unit and the learning state of the gateway, which are sent by the gateway;
the control module is used for entering a gateway after-sale key learning process if the learning state of the gateway is not learned; and if the learning state of the gateway is learned, entering an after-sale key learning process of the electronic control unit.
Wherein the control module comprises:
the first transceiving submodule is used for sending a first secure access instruction to a first learned electronic control unit in a pre-stored key check sequence table and receiving an access result fed back by the first learned electronic control unit;
the first sending submodule is used for sending a temporary key and a command for triggering gateway key learning to the gateway if the access result is that the access is passed;
the second transceiver sub-module is used for sending a learning state instruction requesting the gateway to the gateway after sending a second preset time length of the safety access instruction, and receiving a learning state fed back by the gateway;
the first control submodule is used for entering an after-sale key learning process of the electronic control unit if the learning state of the gateway is learned; and if the learning state of the gateway is not learned, stopping key learning.
Wherein the control module further comprises:
the third transceiving submodule is used for sending a second security access instruction to the first unlearned electronic control unit in the key checking sequence table and receiving an access result sent by the first unlearned electronic control unit;
the second sending submodule is used for sending a temporary key to the gateway and triggering a gateway key distribution instruction when the access result is that the access is passed;
the fourth transceiving submodule is used for sending a request to the gateway for the learning state of the first unlearned electronic control unit after sending a third preset time length of the second security access instruction, and receiving the learning state fed back by the gateway;
and the second control submodule is used for returning to the step of sending a second security access instruction to the first unlearned electronic control unit in the key check sequence table and receiving an access result sent by the first unlearned electronic control unit if the learning state is the unlearned state, and stopping after-sale key learning if the learning state is the unlearned state or a feedback learning state is not received within a fourth preset time period after the learning state instruction of the first unlearned electronic control unit is sent.
An embodiment of the present invention further provides an electronic control unit, including:
the first receiving module is used for receiving the random number and the check value sent by the gateway;
the encryption module is used for encrypting the random number according to the currently stored key;
the first determining module is used for determining the current learning state according to the comparison result of the encryption result and the check value;
and the first sending module is used for feeding back the encryption result and the learning state to a gateway.
Wherein the electronic control unit further comprises:
and the second receiving module is used for receiving the key sent by the gateway broadcast.
Wherein the electronic control unit further comprises:
the first transceiver module is used for receiving an instruction which is sent by the gateway and requests the electronic control unit to learn the state, and feeding back the learning state of the first transceiver module to the gateway;
the second transceiver module is used for receiving the first security access instruction sent by the diagnostic instrument and feeding back an access result;
a third receiving module, configured to receive the temporary key sent by the gateway;
and the first processing module is used for receiving the encrypted ciphertext sent by the gateway, decrypting the encrypted ciphertext by adopting the temporary key, acquiring a key and storing the key in a hardware encryption chip.
Wherein the electronic control unit further comprises:
the third transceiver module is used for receiving an instruction which is sent by the gateway and requests the electronic control unit to learn the state, and feeding the learning state of the third transceiver module back to the gateway;
the fourth transceiver module is used for receiving a second security access instruction sent by the diagnostic instrument and feeding back an access result;
a fourth receiving module, configured to receive the temporary key sent by the gateway;
a fifth receiving module, configured to receive a key learning request instruction sent by the gateway;
and the second processing module is used for encrypting the current stored key by adopting the temporary key and feeding back the encrypted key to the gateway.
The first determining module is specifically configured to determine that the current learning state is learned if the encryption result is the same as the check value, and otherwise, determine that the current learning state is not learned.
The technical scheme of the invention at least has the following beneficial effects:
according to the key processing method provided by the embodiment of the invention, the gateway determines a specific key learning process based on the received key-opening learning process instruction, if the key-opening learning process instruction is an offline key learning process instruction, the offline key learning process is started, and if the key-opening learning process instruction is an after-sale key learning process instruction, the after-sale key learning process is started. The key is prevented from being generated by scanning the vehicle identification code when the vehicle is off line, and the key is sequentially written into each electronic control unit, so that the efficiency of off-line learning is improved; if the key learning process starting instruction is an after-sale key learning process starting instruction, an after-sale key learning process is started, and in the after-sale key learning process, all keys are distributed after being encrypted, so that the possibility of key leakage is reduced.
Drawings
FIG. 1 is a diagram illustrating basic steps of a key processing method according to an embodiment of the present invention;
FIG. 2 is a diagram illustrating the basic steps of a key processing method according to another embodiment of the present invention;
FIG. 3 is a diagram illustrating the basic steps of a key processing method according to another embodiment of the present invention;
FIG. 4 is a diagram illustrating the basic steps of a key processing method according to yet another embodiment of the present invention;
fig. 5 is a schematic diagram of a basic structure of a gateway according to an embodiment of the present invention;
FIG. 6 is a schematic diagram of the basic structure of an electrical testing apparatus according to an embodiment of the present invention;
FIG. 7 is a schematic diagram of the basic structure of the diagnostic apparatus according to the embodiment of the present invention;
fig. 8 is a schematic diagram of a basic structure of an electronic control unit according to an embodiment of the present invention.
Detailed Description
To make the technical problems, technical solutions and advantages of the present invention more apparent, the following detailed description is given with reference to the accompanying drawings and specific embodiments.
The invention provides a key processing method, a gateway, an electric inspection device, a diagnostic instrument and an electronic control unit, aiming at the problems that the vehicle off-line key learning time is long, the after-sale key sharing process is complex and the key is easy to leak in the prior art, so that the off-line key learning efficiency is improved, the after-sale key sharing process is simplified, and the key leakage possibility is reduced.
Please refer to fig. 1, which is a key learning method according to an embodiment of the present invention, applied to a gateway, including:
step S101, receiving a key learning process starting instruction and feeding back a first process response;
in this step, the instruction for starting the key learning process may be an instruction for starting an offline key learning process included in a 31 service instruction sent by the electrical inspection equipment, or may be an instruction for starting an after-market key learning process included in a 31 service instruction sent by the diagnostic apparatus. Preferably, the electric detection equipment is offline electric detection equipment, namely electric detection equipment for detecting the quality of the vehicle when the vehicle is taken off a production line; the diagnostic instrument is an after-sale diagnostic instrument.
Step S102, if the key-off-line key learning process starting instruction is an off-line key learning process starting instruction, entering an off-line key learning process;
in this step, when the gateway determines that the currently received key-off key-on learning process instruction is the key-off key-on learning process instruction sent by the electrical inspection equipment, the gateway enters the key-off learning process.
Step S103, if the key learning process starting instruction is an after-sales key learning process starting instruction, entering an after-sales key learning process.
In this step, when the gateway determines that the currently received key-opening learning flow instruction is the after-sale key-opening learning flow instruction sent by the diagnostic apparatus, the gateway enters an after-sale key learning flow.
Specifically, in step S102, the offline key learning process specifically includes:
firstly, after receiving an offline key learning triggering instruction sent by electric inspection equipment, feeding back a first process result response;
in this step, the gateway feeds back the first process result response to the electrical inspection device, so as to inform the electrical inspection device that the gateway has received the offline key learning triggering instruction sent by the electrical inspection device.
Second, a key is generated.
In this step, the gateway generates the key based on a pre-stored symmetric secure encryption algorithm, wherein the key is a vehicle key.
And thirdly, storing the key in a hardware encryption chip of the gateway.
In the embodiment of the invention, the secret key is stored in the hardware encryption chip of the gateway, thereby avoiding personal injury and property injury caused by hackers or illegal personnel obtaining the secret key of the whole vehicle.
Then, the transmission key is broadcast to the respective electronic control units.
In the step, the key is sent to each electronic control unit in a broadcasting mode, so that the plurality of electronic control units can learn the key at the same time, the off-line key learning time is reduced, and the off-line production speed is improved.
And finally, carrying out verification authentication with each electronic control unit according to a first key verification sequence table stored in advance.
By adopting the steps, the learning states of the electronic control units are monitored, and each electronic control unit is ensured to acquire and store the whole vehicle key, so that the vehicle is prevented from being stolen in the use process, the vehicle is ensured to have a power anti-theft function, and the user experience is improved.
More specifically, the step of performing verification and authentication with each electronic control unit according to a pre-stored first key verification sequence table includes:
firstly, generating a random number at intervals of a first preset duration, encrypting the random number and generating a check value.
It should be noted that the first preset time duration in this step is a first preset time duration after the gateway broadcasts and sends the key to each electronic control unit.
The step of encrypting the random number to generate the check value specifically comprises the following steps: and encrypting the random number by using the secret key and a symmetric secure encryption algorithm to generate the check value, wherein the check value can be the encrypted random number.
Second, the random number and the check value are sent to a first unlearned electronic control unit in the first key check order table.
In this step, the first unlearned electronic control unit is preferably an electronic control unit whose current first learning state is unlearned in the first key check sequence table.
And thirdly, when the comparison result and the learning state fed back by the first unlearned electronic control unit are received, or if the comparison result and the learning state fed back by the first unlearned electronic control unit are not received in a second preset time length after the random number and the check value are sent, recording the learning state of the first unlearned electronic control unit as unlearned, returning to the interval of the first preset time length to generate the random number, encrypting the random number and generating the check value.
In this step, the gateway receives the comparison result fed back by the first unlearned electronic control unit, and the key learning process of the first unlearned electronic control unit is represented to be finished; and if the gateway does not receive the comparison result and the learning state fed back by the first unlearned electronic control unit within a second preset time after the second random number and the check value are sent, forcibly ending the key learning process of the first unlearned electronic control unit.
Fourthly, receiving an instruction which is sent by the electric detection equipment and requests each electronic control unit to learn the state, and feeding back the learning state of each electronic control unit;
and fifthly, receiving an offline learning flow finishing instruction sent by the electric examination equipment and feeding back a response of a second process.
Further, after the step of feeding back the learning state of each electronic control unit, the method further includes:
and if an offline key learning triggering instruction sent by the electric inspection equipment is received, broadcasting and sending the key to each electronic control unit, returning to the interval of the first preset time length, generating a random number, encrypting the random number and generating a check value.
According to the key processing method provided by the embodiment of the invention, the gateway starts the key learning of each electronic control unit on the vehicle by receiving the offline key learning instruction sent by the electric inspection equipment, so that the process of artificially scanning the vehicle identification code is reduced, the gateway broadcasts and sends the key to each electronic control unit, and the key is sequentially checked with each electronic control unit according to the first key checking sequence table, so that the key learning of each electronic control unit is avoided, the offline key learning time is shortened, and the offline production speed is improved; in addition, the secret key is stored in the hardware encryption chip, and the possibility of secret key leakage is reduced.
Specifically, the after-sale key learning process includes:
firstly, receiving an instruction for inquiring the learning state of each electronic control unit sent by a diagnostic instrument, and feeding back a second process result response;
in this step, the gateway feeds back the second process result response to the diagnostic apparatus, so as to inform the diagnostic apparatus that the gateway has received the instruction for querying the learning state of each electronic control unit sent by the diagnostic apparatus.
Secondly, sending an instruction for requesting the learning state of the electronic control units to the electronic control units at intervals of a third preset time length according to a prestored second key check sequence table, and receiving the learning state fed back by the electronic control units;
in this step, the third preset time period is a third preset time period after the gateway receives the learning state fed back by the inquiry of each electronic control unit, or may be a third preset time period after the gateway receives a learning state fed back by one electronic control unit.
Thirdly, after receiving an instruction which is sent by the diagnostic instrument and requests the learning state of each electronic control unit, feeding back the learning state of the gateway and the learning state of each electronic control unit;
and fourthly, after receiving the temporary secret key sent by the diagnostic instrument and an instruction for triggering gateway secret key distribution, feeding back a third process response, and entering an after-sale secret key learning process of the electronic control unit.
In this step, according to a received instruction for querying each electronic control unit sent by the diagnostic apparatus, an instruction for requesting a learning state of the electronic control unit is sent to each electronic control unit, and the received learning state of each electronic control unit is fed back to the diagnostic apparatus, so that the diagnostic apparatus sends a temporary key and an instruction for triggering distribution of a gateway key to the gateway according to the learning state of each electronic control unit, and the electronic control unit in an unlearned state (a newly replaced electronic control unit) performs key learning.
Specifically, the process of the electronic control unit after-sale key learning includes:
first, sending the temporary key to a second unlearned electronic control unit in the second key check sequence table;
secondly, encrypting the key stored by the gateway by using the temporary key to generate an encrypted ciphertext;
third, sending the key and the encrypted ciphertext to the second unlearned electronic control unit;
in this step, the secret key and the encrypted ciphertext are sent to the second unlearned electronic control unit, so that the phenomenon that the distribution of the secret key is plaintext transmission in the after-sale secret key sharing process is avoided, and the possibility that the secret key is leaked is reduced.
Fourthly, after a fourth preset time length of the secret key and the encrypted ciphertext is sent, a random number is generated, the random number is encrypted, a check value is generated, and the random number and the check value are sent to the second unlearned electronic control unit;
fifthly, judging whether a comparison result and a learning state fed back by the electronic control unit are received within a fifth preset time after the random number and the check value are sent, if so, recording the received comparison result and the learning state, and if not, recording the learning state of the electronic control unit as not-learned;
it should be noted that the fourth and fifth steps are similar to the principle of "performing verification and authentication with each electronic control unit" in the foregoing, and are not described herein again.
Sixthly, if an instruction which is sent by the diagnostic instrument and requests the electronic control unit to learn the state is received, feeding back the learning state of the second unlearned electronic control unit;
and seventhly, feeding back a fourth process response if an after-sales learning flow finishing instruction sent by the diagnostic instrument is received.
Further, after the step of feeding back the learning state of the gateway and the learning states of the electronic control units when the learning state of the gateway is not learned, the method further includes:
firstly, after receiving a second temporary key and a command for triggering gateway key learning sent by the diagnostic instrument, feeding back a fifth process response;
secondly, sending the second temporary key and a key learning request to a first learned electronic control unit in the second key checking sequence table, and receiving an encrypted key fed back by the first learned electronic control unit;
wherein the encryption key is a key obtained by encrypting the key based on the second temporary key.
Thirdly, the encrypted secret key is decrypted by using the second temporary secret key, and a secret key is obtained and stored in a hardware encryption chip;
fourthly, after receiving a sixth preset time length of the encrypted secret key, generating a random number, encrypting the random number by using the secret key, and generating a check value;
fifthly, sending the random number and the check value to the first learned electronic control unit, and receiving a comparison result fed back by the first learned electronic control unit;
it should be noted that the fourth and fifth steps are similar to the principle of "performing verification and authentication with each electronic control unit" in the foregoing, and are not described herein again.
Sixthly, if the comparison result is consistent, recording the learning state of the gateway as learned; if the comparison result is inconsistent, or the comparison result is not received within a seventh preset time period, recording the learning state of the gateway as not-learned;
and seventhly, after receiving an instruction which is sent by the diagnostic instrument and requests the learning state of the gateway, feeding back the learning state of the gateway.
The after-sale key learning process in the embodiment of the invention is divided into two learning processes according to the learning state of the gateway, when the gateway is in the learned state, the key learning of the electronic control unit is carried out, and when the gateway is in the non-learned state, the key learning process of the gateway is firstly carried out, and then the key learning of the electronic control unit is carried out. In addition, compared with after-sale key learning in the prior art, the after-sale key learning in the embodiment of the invention realizes encrypted transmission of the key, and the key is stored in the hardware encryption chip, so that the possibility of the key being leaked is reduced.
Referring to fig. 2, a schematic diagram of basic steps of a key processing method according to another embodiment of the present invention is shown, where the key processing method is applied to an electric inspection apparatus, and includes:
step S201, an instruction for starting the offline key learning process is sent to a gateway;
step S202, after receiving the process response sent by the gateway, sending an offline key learning triggering instruction to the gateway, and receiving the process result response sent by the gateway;
step S203, after the first preset duration of the offline key learning triggering instruction is sent, a learning state instruction requesting each electronic control unit is sent to the gateway;
step S204, receiving the learning state of each electronic control unit sent by the gateway, and returning to the step of sending an offline key learning trigger instruction to the gateway if the learning state of at least one electronic control unit is not learned; otherwise, sending an instruction for finishing off-line key learning process to the gateway.
It should be noted that the electrical inspection equipment is preferably offline electrical inspection equipment.
According to the key processing method, the command for starting the offline key learning process is sent to the gateway through the electric detection equipment to start the offline key learning, so that the processes that vehicle identification codes are scanned manually one by one and then key learning of electronic control units is carried out in sequence are avoided, the time length of offline key learning is shortened, and the offline production speed is increased.
Referring to fig. 3, a schematic diagram of basic steps of a key processing method according to another embodiment of the present invention is shown, where the key processing method is applied to a diagnostic apparatus, and includes:
step S301, sending an instruction for starting an after-sale key learning process to a gateway;
step S302, after receiving a first process response sent by the gateway, sending a learning state instruction for inquiring each electronic control unit;
in this embodiment, a learning state instruction for querying each electronic control unit is sent to the gateway, so that the current learning states of each electronic control unit and the gateway can be obtained, and a subsequent key learning process is determined according to the current learning states of the gateway and each electronic control unit.
Step S303, after sending a first preset time length for inquiring the learning state instruction of each electronic control unit, sending a learning state instruction for requesting each electronic control unit to the gateway;
the first preset time is the time required by the gateway to inquire the learning state of each electronic control unit.
Step S304, receiving the learning state of each electronic control unit and the learning state of the gateway sent by the gateway;
step S305, if the learning state of the gateway is not learned, entering a gateway after-sale key learning process; and if the learning state of the gateway is learned, entering an after-sale key learning process of the electronic control unit.
In this step, the subsequent process of the key processing method is determined according to the learning state of the gateway, if the learning state of the gateway is learned, the process directly enters the key learning process after sale of the electronic control unit, and if the learning state of the gateway is not learned, the process firstly enters the key learning process after sale of the gateway and then enters the key learning process after sale of the electronic control unit. Please see the following detailed description.
Specifically, the gateway after-sale key learning process includes:
firstly, sending a first security access instruction to a first learned electronic control unit in a pre-stored key verification sequence table, and receiving an access result fed back by the first learned electronic control unit;
it should be noted that the security access command is a 27 service security access command sent by the diagnostic apparatus.
Secondly, if the access result is that the access is passed, sending a temporary key and a command for triggering gateway key learning to the gateway; wherein, in the gateway, the temporary key is used to decrypt the encrypted key.
Then, after a second preset time length of the safety access instruction is sent, a learning state instruction of a request gateway is sent to the gateway, and a learning state fed back by the gateway is received; in this step, the second preset duration is greater than or equal to the time required by the gateway itself to learn the secret key.
Finally, if the learning state of the gateway is learned, entering an after-sale key learning process of the electronic control unit; and if the learning state of the gateway is not learned, stopping key learning. Since the key learning of the ecu is based on that the gateway has already performed key learning and the key has already been stored in the gateway, in this step, if the learning state of the gateway is not learned, it is necessary to further determine the cause of the non-learning and ensure that the gateway completes the key learning, and therefore, when it is determined that the learning state of the gateway is not learned, the key learning is stopped.
Specifically, the process of the electronic control unit after-sale key learning includes:
firstly, sending a second security access instruction to a first unlearned electronic control unit in the key check sequence table, and receiving an access result sent by the first unlearned electronic control unit;
secondly, when the access result is that the access is passed, sending a temporary key to the gateway and triggering a gateway key distribution instruction;
thirdly, after a third preset time length of the second security access instruction is sent, sending a request to the gateway for the learning state of the first unlearned electronic control unit, and receiving the learning state fed back by the gateway;
and fourthly, if the learning state is learned, returning to the step of sending a second safe access instruction to a first unlearned electronic control unit in the key check sequence table and receiving an access result sent by the first unlearned electronic control unit, and if the learning state is unlearned or a learning state which does not receive feedback within a fourth preset time period after the instruction requesting the learning state of the first unlearned electronic control unit is sent, stopping the after-sale key learning.
It should be noted that the first unlearned ecu may be an ecu whose current first learning state in the key check order table is unlearned.
Please refer to fig. 4, which is a schematic diagram illustrating basic steps of a key processing method according to still another embodiment of the present invention, where the key processing method is applied to an electronic control unit, and includes:
step S401, receiving a random number and a check value sent by a gateway; in this step, the check value is an encryption result obtained by encrypting the random number according to the secret key by using a symmetric secure encryption algorithm by the gateway.
Step S402, encrypting the random number according to the current stored key; similarly, the process of encrypting the random number also adopts a symmetric secure encryption algorithm, and encrypts the random number according to the secret key.
Step S403, determining the current learning state according to the comparison result of the encryption result and the check value;
step S404, the encryption result and the learning state are fed back to the gateway.
Further, in step S401, the random number and the check value sent by the gateway are received, before the method further includes:
and receiving the key broadcast by the gateway.
It should be noted that, after receiving the key, the electronic control unit needs to store the key in its own hardware encryption chip, so as to avoid the key being leaked, and improve the security of information.
Further, before the step of receiving the random number and the check value sent by the gateway, the method further includes:
receiving an instruction which is sent by the gateway and requests the electronic control unit to learn the state, and feeding back the learning state of the electronic control unit to the gateway;
receiving a first safety access instruction sent by a diagnostic instrument, and feeding back an access result;
receiving a temporary key sent by the gateway;
and receiving the encrypted ciphertext sent by the gateway, decrypting the encrypted ciphertext by adopting the temporary key, acquiring a key and storing the key in a hardware encryption chip.
This step is a process specifically executed by the electronic control unit when the diagnostic apparatus determines the learning state of each of the electronic control units.
Further, before the step of receiving the random number and the check value sent by the gateway, the method further includes:
receiving an instruction which is sent by the gateway and requests the electronic control unit to learn the state, and feeding back the learning state of the electronic control unit to the gateway;
receiving a second safety access instruction sent by the diagnostic instrument, and feeding back an access result;
receiving a temporary key sent by the gateway;
receiving a key learning request instruction sent by the gateway;
and encrypting the currently stored key by adopting the temporary key, and feeding back the encrypted key to the gateway.
It should be noted that, in this step, when the gateway performs key learning, the electronic control unit performs a specific execution process.
Specifically, step S403 determines the current learning state according to the comparison result between the encryption result and the check value, which specifically includes:
and if the encryption result is the same as the check value, determining that the current learning state is learned, otherwise, determining that the current learning state is not learned.
According to the key processing method provided by the embodiment of the invention, the key learning process is started through the electric detection equipment, so that the manual scanning of the vehicle identification code is avoided, the off-line key learning time is shortened, and the production speed of the vehicle is improved; during after-sale key processing, the key is shared in an encrypted mode and is stored in a hardware security chip of the gateway and hardware security chips of all electronic control units, so that a hacker or an illegal person is prevented from obtaining the key of the whole vehicle and damaging the vehicle, and personal injury and property injury are caused; in addition, the key processing method of the embodiment of the invention can also be suitable for communication authentication and encryption of more subsequent electronic control units, completely meets the information security requirement of automatic driving, has high expansibility, reduces the production and maintenance cost, and improves the use experience of users.
Fig. 5 is a schematic diagram of a basic structure of a gateway according to an embodiment of the present invention; the gateway includes:
a receiving module 501, configured to receive a key learning process starting instruction, and feed back a first process response;
a first control module 502, configured to enter an offline key learning process if the key learning process starting instruction is an offline key learning process starting instruction;
the second control module 503 is configured to enter an after-sales key learning process if the key learning process starting instruction is an after-sales key learning process starting instruction.
In the gateway according to the embodiment of the present invention, the first control module 502 includes:
the first processing submodule is used for feeding back a first process result response after receiving an offline key learning triggering instruction sent by the electric detection equipment, generating a key and storing the key in a hardware encryption chip of the gateway;
the sending submodule is used for broadcasting the sending key to each electronic control unit;
and the verification sub-module is used for verifying and authenticating with each electronic control unit according to a pre-stored first key verification sequence table.
In the gateway of the embodiment of the present invention, the check submodule includes:
the first processing unit is used for generating a random number at intervals of a first preset time length, encrypting the random number and generating a check value;
the first sending unit is used for sending the random number and the check value to a first unlearned electronic control unit in the first key check order table;
a second processing unit, configured to, if the comparison result and the learning state fed back by the first unlearned electronic control unit are received, or if the comparison result and the learning state fed back by the first unlearned electronic control unit are not received within a second preset time period after the random number and the check value are sent, record that the learning state of the first unlearned electronic control unit is unlearned, return to the interval first preset time period to generate a random number, encrypt the random number, and generate a check value;
the first transceiving unit is used for receiving an instruction which is sent by the electric detection equipment and requests each electronic control unit to learn the state, and feeding back the learning state of each electronic control unit;
and the second transceiving unit is used for receiving the offline learning flow finishing instruction sent by the electric detection equipment and feeding back a second process response.
In the gateway of the embodiment of the present invention, the check submodule further includes:
and the third processing unit is used for broadcasting and sending the secret key to each electronic control unit if an offline secret key learning triggering instruction sent by the electric detection equipment is received, returning to the interval of the first preset time length, generating a random number, encrypting the random number and generating a check value.
In the gateway according to the embodiment of the present invention, the second control module 503 includes:
the first transceiving submodule is used for receiving an instruction which is sent by the diagnostic instrument and used for inquiring the learning state of each electronic control unit and feeding back a second process result response;
the second transceiving submodule is used for sending an instruction for requesting the learning state of the electronic control units to the electronic control units at intervals of a third preset time length according to a prestored second key checking sequence table and receiving the learning state fed back by the electronic control units;
the third transceiving submodule is used for feeding back the learning state of the gateway and the learning state of each electronic control unit after receiving the instruction which is sent by the diagnostic instrument and requests the learning state of each electronic control unit;
and the fourth transceiving submodule is used for feeding back a third process response after receiving the temporary secret key sent by the diagnostic instrument and the instruction for triggering the gateway secret key distribution, and entering the process of key learning after sale of the electronic control unit.
In the gateway according to the embodiment of the present invention, the fourth transceiver module includes:
a second sending unit configured to send the temporary key to a second unlearned electronic control unit in the second key check sequence table;
the generating unit is used for encrypting the key stored by the gateway by using the temporary key to generate an encrypted ciphertext;
a third transmitting unit configured to transmit the key and the encrypted ciphertext to the second unlearned electronic control unit;
a fourth processing unit, configured to generate a random number after sending the secret key and a fourth preset duration of the encrypted ciphertext, encrypt the random number, generate a check value, and send the random number and the check value to the second unlearned electronic control unit;
the judging unit is used for judging whether the comparison result and the learning state fed back by the electronic control unit are received within a fifth preset time length after the random number and the check value are sent, if yes, the received comparison result and the learning state are recorded, and if not, the learning state of the electronic control unit is recorded as not-learned;
a fourth sending unit, configured to feed back a learning state of the second unlearned electronic control unit if an instruction requesting the learning state of the electronic control unit sent by the diagnostic apparatus is received;
and the third transceiving unit is used for feeding back a fourth process response if receiving an after-sales learning flow finishing instruction sent by the diagnostic instrument.
In the gateway according to the embodiment of the present invention, the second control module 503 further includes:
the fifth transceiving submodule is used for feeding back a fifth process response after receiving the second temporary secret key sent by the diagnostic instrument and the instruction for triggering gateway secret key learning;
a sixth transceiving submodule, configured to send the second temporary key and the key learning request to the first learned electronic control unit in the second key check sequence table, and receive the encrypted key fed back by the first learned electronic control unit;
the obtaining submodule is used for decrypting the encrypted secret key by using the second temporary secret key to obtain a secret key and storing the secret key in a hardware encryption chip;
the second processing submodule is used for generating a random number after receiving the sixth preset time length of the encrypted secret key, encrypting the random number by using the secret key and generating a check value;
the seventh transceiving submodule is used for sending the random number and the check value to the first learned electronic control unit and receiving a comparison result fed back by the first learned electronic control unit;
the recording submodule is used for recording the learning state of the gateway as learned if the comparison result is consistent; if the comparison result is inconsistent, or the comparison result is not received within a seventh preset time period, recording the learning state of the gateway as not-learned;
and the eighth transceiving submodule is used for feeding back the learning state of the gateway after receiving the command which is sent by the diagnostic instrument and requests the learning state of the gateway.
Referring to fig. 6, a schematic diagram of a basic structure of an electrical inspection apparatus according to an embodiment of the present invention is shown, where the electrical inspection apparatus includes:
a first sending module 601, configured to send an instruction to start an offline key learning procedure to a gateway;
the transceiver module 602 is configured to send an offline key learning trigger instruction to the gateway after receiving the process response sent by the gateway, and receive a process result response sent by the gateway;
a second sending module 603, configured to send a learning state instruction requesting each electronic control unit to the gateway after sending a first preset time duration of the offline key learning trigger instruction;
a processing module 604, configured to receive the learning status of each electronic control unit sent by the gateway, and if the learning status of at least one electronic control unit is not learned, return to the step of sending the offline key learning trigger instruction to the gateway; otherwise, sending an instruction for finishing off-line key learning process to the gateway.
Fig. 7 is a schematic diagram of a basic structure of a diagnostic apparatus according to an embodiment of the present invention, including:
a first sending module 701, configured to send an instruction to start an after-sale key learning process to a gateway;
a first transceiver module 702, configured to send a learning state instruction for querying each electronic control unit after receiving a first process response sent by the gateway;
a second sending module 703, configured to send a learning status instruction requesting each electronic control unit to the gateway after sending a first preset time length for querying the learning status instruction of each electronic control unit;
a first receiving module 704, configured to receive the learning states of the electronic control units and the learning state of the gateway sent by the gateway;
the control module 705 is configured to enter a gateway after-sale key learning process if the learning state of the gateway is not learned; and if the learning state of the gateway is learned, entering an after-sale key learning process of the electronic control unit.
In the diagnostic apparatus according to the embodiment of the present invention, the control module 705 includes:
the first transceiving submodule is used for sending a first safety access instruction to a first learned electronic control unit in a prestored key checking sequence table and receiving an access result fed back by the first learned electronic control unit;
the first sending submodule is used for sending a temporary key and a command for triggering gateway key learning to the gateway if the access result is that the access is passed;
the second transceiver sub-module is used for sending a learning state instruction requesting the gateway to the gateway after sending a second preset time length of the safety access instruction, and receiving a learning state fed back by the gateway;
the first control submodule is used for entering an after-sale key learning process of the electronic control unit if the learning state of the gateway is learned; and if the learning state of the gateway is not learned, stopping key learning.
In the diagnostic apparatus according to the embodiment of the present invention, the control module 705 further includes:
the third transceiving submodule is used for sending a second security access instruction to the first unlearned electronic control unit in the key checking sequence table and receiving an access result sent by the first unlearned electronic control unit;
the second sending submodule is used for sending a temporary key to the gateway and triggering a gateway key distribution instruction when the access result is that the access is passed;
the fourth transceiving submodule is used for sending a request to the gateway for the learning state of the first unlearned electronic control unit after sending a third preset time length of the second security access instruction, and receiving the learning state fed back by the gateway;
and the second control submodule is used for returning to the step of sending a second safe access instruction to a first unlearned electronic control unit in the key check sequence list and receiving an access result sent by the first unlearned electronic control unit if the learning state is unlearned, or stopping the after-sale key learning if the learning state is not learned or a feedback learning state is not received within a fourth preset time length after the learning state instruction of the first unlearned electronic control unit is sent.
Referring to fig. 8, a basic structure diagram of an electronic control unit according to an embodiment of the present invention is shown, where the electronic control unit includes:
a first receiving module 801, configured to receive a random number and a check value sent by a gateway;
an encryption module 802, configured to encrypt the random number according to a currently stored key;
a first determining module 803, configured to determine a current learning state according to a comparison result between the encryption result and the check value;
a first sending module 804, configured to feed back the encryption result and the learning status to a gateway.
The electronic control unit of the embodiment of the present invention further includes:
and the second receiving module is used for receiving the key sent by the gateway broadcast.
The electronic control unit of the embodiment of the present invention further includes:
the first transceiver module is used for receiving an instruction which is sent by the gateway and requests the electronic control unit to learn the state, and feeding back the learning state of the first transceiver module to the gateway;
the second transceiver module is used for receiving the first security access instruction sent by the diagnostic instrument and feeding back an access result;
a third receiving module, configured to receive a temporary key sent by the gateway;
and the first processing module is used for receiving the encrypted ciphertext sent by the gateway, decrypting the encrypted ciphertext by adopting the temporary key, acquiring a key and storing the key in a hardware encryption chip.
The electronic control unit of the embodiment of the present invention further includes:
the third transceiver module is used for receiving an instruction which is sent by the gateway and requests the electronic control unit to learn the state, and feeding the learning state of the third transceiver module back to the gateway;
the fourth transceiver module is used for receiving a second security access instruction sent by the diagnostic instrument and feeding back an access result;
a fourth receiving module, configured to receive the temporary key sent by the gateway;
a fifth receiving module, configured to receive a key learning request instruction sent by the gateway;
and the second processing module is used for encrypting the current stored key by adopting the temporary key and feeding back the encrypted key to the gateway.
In the electronic control unit according to the embodiment of the present invention, the first determining module 803 is specifically configured to determine that the current learning state is learned if the encryption result is the same as the check value, and otherwise, determine that the current learning state is not learned.
While the foregoing is directed to the preferred embodiment of the present invention, it will be appreciated by those skilled in the art that various changes and modifications may be made therein without departing from the principles of the invention as set forth in the appended claims.
Claims (17)
1. A key processing method is applied to a gateway, and is characterized by comprising the following steps:
receiving a key learning process starting instruction, and feeding back a first process response;
if the key-off-line key learning process starting instruction is an off-line key learning process starting instruction, entering an off-line key learning process;
if the key learning process starting instruction is an after-sale key learning process starting instruction, entering an after-sale key learning process;
the offline key learning process comprises the following steps:
after receiving an offline key learning triggering instruction sent by the electric examination equipment, feeding back a first process result response, generating a key, and storing the key in a hardware encryption chip of the gateway;
broadcasting and sending the key to each electronic control unit;
verifying and authenticating with each electronic control unit according to a pre-stored first key verification sequence table;
the step of carrying out verification and authentication with each electronic control unit according to a pre-stored first key verification sequence table comprises the following steps:
generating a random number at intervals of a first preset time length, encrypting the random number and generating a check value;
sending the random number and the check value to a first unlearned electronic control unit in the first key check order table;
if the comparison result and the learning state fed back by the first unlearned electronic control unit are received, or if the comparison result and the learning state fed back by the first unlearned electronic control unit are not received within a second preset time after the random number and the check value are sent, recording that the learning state of the first unlearned electronic control unit is unlearned, returning to a first preset time interval to generate a random number, encrypting the random number and generating the check value;
receiving an instruction which is sent by the electric detection equipment and requests each electronic control unit to learn the state, and feeding back the learning state of each electronic control unit;
and receiving an offline learning flow finishing instruction sent by the electric examination equipment and feeding back a response of a second process.
2. The key processing method according to claim 1, wherein after the step of feeding back the learning state of each electronic control unit, the method further comprises:
and if an offline key learning triggering instruction sent by the electric detection equipment is received, broadcasting and sending the key to each electronic control unit, returning to the interval of a first preset time length, generating a random number, encrypting the random number and generating a check value.
3. The key processing method of claim 1, wherein the after-market key learning process comprises:
receiving an instruction for inquiring the learning state of each electronic control unit sent by the diagnostic instrument, and feeding back a second process result response;
according to a second key check sequence table stored in advance, sending an instruction for requesting the learning state of the electronic control units to the electronic control units at intervals of a third preset time length, and receiving the learning state fed back by the electronic control units;
after receiving an instruction which is sent by the diagnostic instrument and requests the learning state of each electronic control unit, feeding back the learning state of the gateway and the learning state of each electronic control unit;
after receiving the temporary secret key sent by the diagnostic instrument and the instruction for triggering the gateway secret key distribution, feeding back a third process response, and entering an after-sale secret key learning process of the electronic control unit.
4. The key processing method of claim 3, wherein the flow of the electronic control unit after-sale key learning comprises:
sending the temporary key to a second unlearned electronic control unit in the second key check sequence table;
encrypting the key stored by the gateway by using the temporary key to generate an encrypted ciphertext;
sending the key and the encrypted ciphertext to the second unlearned electronic control unit;
after a fourth preset time length of the secret key and the encrypted ciphertext is sent, a random number is generated, the random number is encrypted, a check value is generated, and the random number and the check value are sent to the second unlearned electronic control unit;
judging whether a comparison result and a learning state fed back by the electronic control unit are received within a fifth preset time after the random number and the check value are sent, if so, recording the received comparison result and the learning state, and if not, recording the learning state of the electronic control unit as not-learned;
if an instruction which is sent by the diagnostic instrument and requests the electronic control unit to learn the state is received, feeding back the learning state of the second unlearned electronic control unit;
and feeding back a fourth process response if an after-sale learning flow finishing instruction sent by the diagnostic instrument is received.
5. The key processing method according to claim 3, wherein after the step of feeding back the learning state of the gateway and the learning states of the respective electronic control units, the method further comprises:
after receiving a second temporary key sent by the diagnostic instrument and an instruction for triggering gateway key learning, feeding back a fifth process response;
sending the second temporary key and a key learning request to a first learned electronic control unit in the second key check sequence table, and receiving an encrypted key fed back by the first learned electronic control unit;
decrypting the encrypted key by using the second temporary key to obtain a key and storing the key in a hardware encryption chip;
generating a random number after receiving the sixth preset time length of the encrypted key, and encrypting the random number by using the key to generate a check value;
sending the random number and the check value to the first learned electronic control unit, and receiving a comparison result fed back by the first learned electronic control unit;
if the comparison result is consistent, recording the learning state of the gateway as learned; if the comparison result is inconsistent, or the comparison result is not received within a seventh preset time period, recording the learning state of the gateway as not-learned;
and after receiving an instruction which is sent by the diagnostic instrument and requests the learning state of the gateway, feeding back the learning state of the gateway.
6. A key processing method is applied to electric detection equipment and is characterized by comprising the following steps:
sending an instruction for starting an offline key learning process to a gateway;
after receiving a process response sent by the gateway, sending an offline key learning triggering instruction to the gateway, and receiving a process result response sent by the gateway;
after a first preset time length of an offline key learning triggering instruction is sent, a learning state instruction requesting each electronic control unit is sent to the gateway;
receiving the learning state of each electronic control unit sent by the gateway, and returning to the step of sending an offline key learning triggering instruction to the gateway if the learning state of at least one electronic control unit is not learned; otherwise, sending an instruction for finishing off-line key learning process to the gateway.
7. A key processing method is applied to a diagnostic instrument and is characterized by comprising the following steps:
sending an instruction for starting an after-sale key learning process to a gateway;
after receiving a first process response sent by the gateway, sending a learning state instruction for inquiring each electronic control unit;
after a first preset time length for inquiring the learning state instruction of each electronic control unit is sent, sending a learning state instruction for requesting each electronic control unit to the gateway;
receiving the learning state of each electronic control unit and the learning state of the gateway sent by the gateway;
if the learning state of the gateway is not learned, entering an after-sale key learning process of the gateway; and if the learning state of the gateway is learned, entering an after-sale key learning process of the electronic control unit.
8. The key processing method of claim 7, wherein the gateway after-market key learning process comprises:
sending a first security access instruction to a first learned electronic control unit in a pre-stored key verification sequence table, and receiving an access result fed back by the first learned electronic control unit;
if the access result is that the access is passed, sending a temporary key and a command for triggering gateway key learning to the gateway;
after a second preset time length of the safety access instruction is sent, a learning state instruction requesting the gateway is sent to the gateway, and a learning state fed back by the gateway is received;
if the learning state of the gateway is learned, entering an after-sale key learning process of the electronic control unit; and if the learning state of the gateway is not learned, stopping key learning.
9. The key processing method according to claim 7 or 8, wherein the flow of the electronic control unit after-sale key learning comprises:
sending a second security access instruction to a first unlearned electronic control unit in the key check sequence table, and receiving an access result sent by the first unlearned electronic control unit;
when the access result is that the access is passed, sending a temporary key to the gateway and triggering a gateway key distribution instruction;
after a third preset time length of the second security access instruction is sent, sending a request to the gateway for the learning state of the first unlearned electronic control unit, and receiving the learning state fed back by the gateway;
and if the learning state is a learned state, returning to the step of sending a second security access instruction to a first unlearned electronic control unit in the key check sequence table and receiving an access result sent by the first unlearned electronic control unit, and if the learning state is an unlearned state or a feedback learning state is not received within a fourth preset time period after the instruction for requesting the learning state of the first unlearned electronic control unit is sent, stopping the after-sales key learning.
10. A key processing method is applied to an electronic control unit and is characterized by comprising the following steps:
receiving a random number and a check value sent by a gateway;
encrypting the random number according to a currently stored key;
determining the current learning state according to the comparison result of the encryption result and the check value;
feeding back the encryption result and the learning state to a gateway;
before the step of receiving the random number and the check value sent by the gateway, the method further includes:
receiving an instruction which is sent by the gateway and requests the electronic control unit to learn the state, and feeding back the learning state of the electronic control unit to the gateway;
receiving a first safety access instruction sent by a diagnostic instrument, and feeding back an access result;
receiving a temporary key sent by the gateway;
and receiving the encrypted ciphertext sent by the gateway, decrypting the encrypted ciphertext by adopting the temporary key, acquiring a key and storing the key in a hardware encryption chip.
11. The key processing method of claim 10, wherein the step of receiving the random number and the check value sent by the gateway is preceded by the method further comprising:
and receiving the key broadcast by the gateway.
12. The key processing method of claim 10, wherein the step of receiving the random number and the check value sent by the gateway is preceded by the method further comprising:
receiving an instruction which is sent by the gateway and requests the electronic control unit to learn the state, and feeding back the learning state of the electronic control unit to the gateway;
receiving a second safety access instruction sent by the diagnostic instrument, and feeding back an access result;
receiving a temporary key sent by the gateway;
receiving a key learning request instruction sent by the gateway;
and encrypting the currently stored key by adopting the temporary key, and feeding back the encrypted key to the gateway.
13. The key processing method according to claim 10, wherein the step of determining the current learning state based on the comparison result of the encryption result and the check value comprises:
and if the encryption result is the same as the check value, determining that the current learning state is learned, otherwise, determining that the current learning state is not learned.
14. A gateway, comprising:
the first receiving module is used for receiving a command for starting the key learning process and feeding back a response of a first process;
the first control module is used for entering an offline key learning process if the key learning process starting instruction is an offline key learning process starting instruction;
the second control module is used for entering an after-sale key learning process if the key learning process starting instruction is an after-sale key learning process starting instruction;
the first control module includes:
the first processing submodule is used for feeding back a first process result response after receiving an offline key learning triggering instruction sent by the electric detection equipment, generating a key and storing the key in a hardware encryption chip of the gateway;
the sending submodule is used for broadcasting and sending the key to each electronic control unit;
the verification submodule is used for verifying and authenticating the electronic control units according to a prestored first key verification sequence table;
the check submodule includes:
the first processing unit is used for generating a random number at intervals of a first preset time length, encrypting the random number and generating a check value;
the first sending unit is used for sending the random number and the check value to a first unlearned electronic control unit in the first key check order table;
a second processing unit, configured to, if the comparison result and the learning state fed back by the first unlearned electronic control unit are received, or if the comparison result and the learning state fed back by the first unlearned electronic control unit are not received within a second preset time period after the random number and the check value are sent, record that the learning state of the first unlearned electronic control unit is unlearned, return to a first preset time period, generate a random number, encrypt the random number, and generate a check value;
the first transceiving unit is used for receiving an instruction which is sent by the electric detection equipment and requests each electronic control unit to learn the state, and feeding back the learning state of each electronic control unit;
and the second transceiving unit is used for receiving the offline learning flow ending instruction sent by the electric detection equipment and feeding back a second process response.
15. An electrical testing apparatus, comprising:
the first sending module is used for sending an instruction for starting an offline key learning process to the gateway;
the receiving and sending module is used for sending an offline key learning triggering instruction to the gateway after receiving the process response sent by the gateway, and receiving the process result response sent by the gateway;
the second sending module is used for sending a learning state instruction for requesting each electronic control unit to the gateway after sending the first preset time length of the offline key learning triggering instruction;
the processing module is used for receiving the learning state of each electronic control unit sent by the gateway, and returning to the step of sending an offline key learning trigger instruction to the gateway if the learning state of at least one electronic control unit is not learned; otherwise, sending an instruction for finishing off-line key learning process to the gateway.
16. A diagnostic instrument, comprising:
the first sending module is used for sending an instruction for starting an after-sale key learning process to the gateway;
the first transceiver module is used for sending a learning state instruction for inquiring each electronic control unit after receiving a first process response sent by the gateway;
the second sending module is used for sending a learning state instruction for requesting each electronic control unit to the gateway after sending the first preset time for inquiring the learning state instruction of each electronic control unit;
the first receiving module is used for receiving the learning state of each electronic control unit and the learning state of the gateway, which are sent by the gateway;
the control module is used for entering a gateway after-sale key learning process if the learning state of the gateway is not learned; and if the learning state of the gateway is learned, entering an after-sale key learning process of the electronic control unit.
17. An electronic control unit, comprising:
the first receiving module is used for receiving the random number and the check value sent by the gateway;
the encryption module is used for encrypting the random number according to the currently stored key;
the first determining module is used for determining the current learning state according to the comparison result of the encryption result and the check value;
the first sending module is used for feeding back the encryption result and the learning state to a gateway;
the electronic control unit further includes:
the first transceiver module is used for receiving an instruction which is sent by the gateway and requests the electronic control unit to learn the state, and feeding back the learning state of the first transceiver module to the gateway;
the second transceiver module is used for receiving the first security access instruction sent by the diagnostic instrument and feeding back an access result;
a third receiving module, configured to receive the temporary key sent by the gateway;
and the first processing module is used for receiving the encrypted ciphertext sent by the gateway, decrypting the encrypted ciphertext by adopting the temporary key, acquiring a key and storing the key in a hardware encryption chip.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910955409.1A CN112653548B (en) | 2019-10-09 | 2019-10-09 | Key processing method, gateway, electric detection equipment, diagnostic instrument and electronic control unit |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910955409.1A CN112653548B (en) | 2019-10-09 | 2019-10-09 | Key processing method, gateway, electric detection equipment, diagnostic instrument and electronic control unit |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN112653548A CN112653548A (en) | 2021-04-13 |
| CN112653548B true CN112653548B (en) | 2023-02-21 |
Family
ID=75342576
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201910955409.1A Active CN112653548B (en) | 2019-10-09 | 2019-10-09 | Key processing method, gateway, electric detection equipment, diagnostic instrument and electronic control unit |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN112653548B (en) |
Families Citing this family (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114666041A (en) * | 2021-05-31 | 2022-06-24 | 长城汽车股份有限公司 | Key injection method, device, medium and vehicle |
| CN114785557B (en) * | 2022-03-28 | 2023-06-06 | 重庆长安汽车股份有限公司 | Whole vehicle symmetric key distribution system, method and storage medium |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106161441A (en) * | 2016-07-05 | 2016-11-23 | 上汽通用汽车有限公司 | The security diagnostics communication means of a kind of LAN in car and system |
| CN107610278A (en) * | 2017-07-31 | 2018-01-19 | 宁波远景汽车零部件有限公司 | Intelligent key learning method and system |
| CN109150514A (en) * | 2018-08-30 | 2019-01-04 | 北京新能源汽车股份有限公司 | A kind of wiring method and equipment of key |
| CN109327307A (en) * | 2018-10-24 | 2019-02-12 | 东南(福建)汽车工业有限公司 | CAN bus based automobile remote control method |
| CN109428716A (en) * | 2017-08-30 | 2019-03-05 | 福特全球技术公司 | The encryption key distribution of car group |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20070001805A1 (en) * | 2005-07-01 | 2007-01-04 | Utter Thomas E | Multiple vehicle authentication for entry and starting systems |
-
2019
- 2019-10-09 CN CN201910955409.1A patent/CN112653548B/en active Active
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106161441A (en) * | 2016-07-05 | 2016-11-23 | 上汽通用汽车有限公司 | The security diagnostics communication means of a kind of LAN in car and system |
| CN107610278A (en) * | 2017-07-31 | 2018-01-19 | 宁波远景汽车零部件有限公司 | Intelligent key learning method and system |
| CN109428716A (en) * | 2017-08-30 | 2019-03-05 | 福特全球技术公司 | The encryption key distribution of car group |
| CN109150514A (en) * | 2018-08-30 | 2019-01-04 | 北京新能源汽车股份有限公司 | A kind of wiring method and equipment of key |
| CN109327307A (en) * | 2018-10-24 | 2019-02-12 | 东南(福建)汽车工业有限公司 | CAN bus based automobile remote control method |
Also Published As
| Publication number | Publication date |
|---|---|
| CN112653548A (en) | 2021-04-13 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| EP2663018B1 (en) | Electronic key registration system | |
| CN108122311B (en) | Vehicle virtual key implementation method and system | |
| CN107085870B (en) | Regulating vehicle access using encryption methods | |
| CN111131313B (en) | Safety guarantee method and system for replacing ECU (electronic control Unit) of intelligent networked automobile | |
| CN108536118B (en) | Vehicle ECU, system and method for ECU to provide diagnostic information | |
| CN113781678B (en) | Vehicle Bluetooth key generation and authentication method and system in networking-free environment | |
| CN112653548B (en) | Key processing method, gateway, electric detection equipment, diagnostic instrument and electronic control unit | |
| US10778655B2 (en) | Secure control and access of a vehicle | |
| CN104753962A (en) | OBD (On-board diagnostics) safety management method and system | |
| JP2019009688A (en) | Maintenance system and maintenance method | |
| CN111845624B (en) | Method for starting vehicle without key | |
| CN105187442A (en) | Vehicle authorization method, device, vehicle-mounted terminal, terminal and system | |
| CN109728899B (en) | Pure electric vehicle authentication key safety management method and system | |
| CN111114489A (en) | Automatic transmission automobile anti-theft method and automatic transmission automobile | |
| CN111083696B (en) | Communication verification method and system, mobile terminal and vehicle machine side | |
| CN108944784A (en) | The authentication method and system of engine anti-theft unit | |
| CN108116367B (en) | Keyless system matching method and keyless matching system | |
| CN113497704A (en) | Vehicle-mounted key generation method, vehicle and computer-readable storage medium | |
| CN111080856A (en) | Bluetooth entrance guard unlocking method | |
| CN109416711A (en) | Method for the control device in safety verification motor vehicle | |
| CN113572720B (en) | Data encryption method, data decryption device and electric automobile | |
| CN111294771A (en) | In-vehicle device, system for implementing in-vehicle communication and related method | |
| CN107215308B (en) | Keyless system and control method of keyless system | |
| CN105015490A (en) | Authentication method for antitheft unit of engine | |
| CN116456336A (en) | External equipment access security authentication method, system, automobile, equipment and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |