CN113094691A - Whole vehicle ECU device safety access method and system - Google Patents
Whole vehicle ECU device safety access method and system Download PDFInfo
- Publication number
- CN113094691A CN113094691A CN202110314293.0A CN202110314293A CN113094691A CN 113094691 A CN113094691 A CN 113094691A CN 202110314293 A CN202110314293 A CN 202110314293A CN 113094691 A CN113094691 A CN 113094691A
- Authority
- CN
- China
- Prior art keywords
- ecu
- equipment
- key value
- seed
- diagnostic
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 32
- 238000004364 calculation method Methods 0.000 claims abstract description 55
- 238000003745 diagnosis Methods 0.000 claims description 16
- 238000012986 modification Methods 0.000 description 5
- 230000004048 modification Effects 0.000 description 5
- 208000033748 Device issues Diseases 0.000 description 1
- 230000004075 alteration Effects 0.000 description 1
- 238000010586 diagram Methods 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/44—Program or device authentication
-
- G—PHYSICS
- G05—CONTROLLING; REGULATING
- G05B—CONTROL OR REGULATING SYSTEMS IN GENERAL; FUNCTIONAL ELEMENTS OF SUCH SYSTEMS; MONITORING OR TESTING ARRANGEMENTS FOR SUCH SYSTEMS OR ELEMENTS
- G05B19/00—Programme-control systems
- G05B19/02—Programme-control systems electric
- G05B19/04—Programme control other than numerical control, i.e. in sequence controllers or logic controllers
- G05B19/042—Programme control other than numerical control, i.e. in sequence controllers or logic controllers using digital processors
- G05B19/0423—Input/output
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/45—Structures or tools for the administration of authentication
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/604—Tools and structures for managing or administering access control systems
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/64—Protecting data integrity, e.g. using checksums, certificates or signatures
-
- G—PHYSICS
- G05—CONTROLLING; REGULATING
- G05B—CONTROL OR REGULATING SYSTEMS IN GENERAL; FUNCTIONAL ELEMENTS OF SUCH SYSTEMS; MONITORING OR TESTING ARRANGEMENTS FOR SUCH SYSTEMS OR ELEMENTS
- G05B2219/00—Program-control systems
- G05B2219/20—Pc systems
- G05B2219/25—Pc structure of the system
- G05B2219/25257—Microcontroller
Abstract
The invention provides a method and a system for safely accessing ECU equipment of a whole vehicle, wherein the method comprises the following steps: generating DID parameters based on the written random numbers during offline calibration; receiving a first key value sent by the diagnostic equipment; calculating by using a preset calculation formula according to the locally stored DID parameters and the seed to obtain a second key value; and comparing the first key value with the second key value, and determining the access authority of the diagnostic equipment to the ECU equipment according to the comparison result. According to the invention, aiming at different ECU devices in the whole vehicle, the generated DID parameters, the seed and the preset calculation formula are different, and the finally calculated key values are different, namely the safety algorithms of different ECU devices in the whole vehicle are different, so that even if the safety algorithm of one ECU device is leaked, the safety algorithms of all the ECU devices in the whole vehicle are not leaked, and the safety of the whole vehicle is improved.
Description
Technical Field
The present invention relates to the field of vehicle safety Control, and more particularly, to a method and a system for secure access to an Electronic Control Unit (ECU) device of a vehicle.
Background
Through the safety algorithm, data can be exchanged between the controller and the equipment safely, and the corresponding parameters of the controller are prevented from being tampered maliciously, so that the driving safety of the whole vehicle is prevented from being influenced by the attack of the controller.
The safety algorithm of the current controller is mainly completed through a symmetric algorithm, that is, each controller in the whole Vehicle uses the same algorithm, for example, different controllers such as a VCU (Vehicle Control Unit), a BCM (body controller), and a meter use the same set of safety algorithm, and if the safety algorithm of a certain controller is cracked, the whole Vehicle is in an unsafe state and is easy to tamper with data.
Disclosure of Invention
The present invention provides a method and system for secure access to a vehicle ECU device that overcomes, or at least partially solves, the above-mentioned problems.
According to a first aspect of the invention, a vehicle ECU device security access method is provided, which comprises the following steps: receiving a random number written by factory offline equipment during offline calibration, and generating a DID parameter based on the random number; receiving a first key value sent by the diagnostic equipment, wherein the first key value is calculated by the diagnostic equipment according to the DID parameter read from the ECU equipment and the seed requested from the ECU equipment by using a preset calculation formula; calculating by using a preset calculation formula according to the locally stored DID parameters and the seed to obtain a second key value; and comparing the first key value with the second key value, and determining whether to allow the diagnostic equipment to access the ECU equipment or to deny the diagnostic equipment to access the ECU equipment according to the comparison result.
On the basis of the technical scheme, the invention can be improved as follows.
Optionally, the DID parameter includes n values of 0 to 8, and the seed includes n bytes, where n is determined according to the requirement of the ECU, and n is a positive integer. Optionally, before receiving the first key value sent by the diagnostic device, the method further includes: receiving a first request sent by a diagnostic device, and issuing DID parameters to the diagnostic device according to the first request; and receiving a second request sent by the diagnostic equipment, and issuing a seed to the diagnostic equipment according to the second request.
Optionally, the obtaining of the second key value by using a preset calculation formula according to the locally stored DID parameter and the seed includes:
Key2=F[[Seed[Byte1]>>DID[X1],[Seed[Byte2]>>DID[X2],…,[Seed[Byten]>>DID[Xn]];
wherein, X1,X2.., Xn is a DID parameter of n values, Seed [ Byte1],Seed[Byte2]...,,Seed[Byten]Is a seed of n bytes,>>for the right shift operation, F is a preset calculation formula.
Optionally, the preset calculation formula is byte left shift, byte right shift, and operation, or operation or exclusive or operation, wherein for different ECU devices in the entire vehicle, the corresponding preset calculation formula may be selected.
Optionally, the comparing the first key value and the second key value, and determining whether to allow the diagnostic device to access the ECU device or to deny the diagnostic device from accessing the ECU device according to the comparison result includes: and when the first key value is consistent with the second key value, issuing an access permission instruction to the diagnostic equipment, and if the first key value is not consistent with the second key value, issuing an access rejection instruction to the diagnostic equipment.
According to a second aspect of the present invention, there is provided a vehicle ECU device security access method, including: the diagnostic equipment calculates a first key value by using a preset calculation formula according to the DID parameter read from the ECU equipment and the seed requested from the ECU equipment, and sends the first key value to the ECU equipment; and receiving an access permission instruction or an access denial instruction issued by the ECU equipment, wherein the access permission instruction or the access denial instruction is determined according to a comparison result of a first key value and a second key value, and the second key value is obtained by the ECU equipment through calculation by using a preset calculation formula according to a locally stored DID parameter and a seed.
Optionally, the diagnostic device calculates, according to the DID parameter read from the ECU device and the seed requested from the ECU device, a first key value using a preset calculation formula, and before sending the first key value to the ECU, the diagnostic device further includes: sending a first request to the ECU equipment, and receiving a DID parameter sent by the ECU equipment according to the first request; and sending a second request to the ECU equipment, and receiving a seed issued by the ECU equipment according to the second request.
Optionally, the diagnosing device calculates, according to the DID parameter read from the ECU device and the seed requested from the ECU device, a first key value by using a preset calculation formula, and sends the first key value to the ECU device, where the method includes:
Key1=F[[Seed[Byte1]>>DID[X1],[Seed[Byte2]>>DID[X2],…,[Seed[Byten]>>DID[Xn]];
wherein, X1,X2.., Xn is a DID parameter of n values, Seed [ Byte1],Seed[Byte2]...,,Seed[Byten]Is a seed of n bytes,>>for the right shift operation, F is a preset calculation formula.
According to a third aspect of the present invention, there is provided a complete vehicle ECU device secure access system, including a diagnostic device and a plurality of ECU devices; each ECU device is used for receiving a random number written by factory offline equipment during offline calibration and generating DID parameters based on the random number; receiving a first key value sent by the diagnostic equipment; the diagnostic equipment is also used for obtaining a second key value by utilizing a preset calculation formula according to the locally stored DID parameters and the seed, comparing the first key value with the second key value, and determining whether the diagnostic equipment is allowed to access the ECU or not according to the comparison result; and the diagnostic equipment is used for calculating a first key value by using a preset calculation formula according to the DID parameters read from the ECU equipment and the seed seeds requested from the ECU equipment.
According to the method and the system for safely accessing the ECU equipment of the whole vehicle, which are provided by the invention, aiming at different ECU equipment in the whole vehicle, the generated DID parameters, the seed and the preset calculation formula are different, and the finally calculated key values are different, namely, the safety algorithms of different ECU equipment in the whole vehicle are different, so that even if the safety algorithm of one ECU equipment is leaked, the safety algorithms of all ECU equipment in the whole vehicle are not leaked, and the safety of the whole vehicle is improved.
Drawings
Fig. 1 is a flowchart of a method for secure access to an ECU device of a vehicle according to an embodiment of the present invention;
FIG. 2 is a flowchart of a method for providing a secure access to an ECU device of a vehicle according to an embodiment of the present invention;
fig. 3 is an overall flowchart of a method for secure access to an ECU device of a vehicle according to an embodiment of the present invention;
fig. 4 is a structural diagram of a complete vehicle ECU device security access system according to an embodiment of the present invention.
Detailed Description
The following detailed description of embodiments of the present invention is provided in connection with the accompanying drawings and examples. The following examples are intended to illustrate the invention but are not intended to limit the scope of the invention.
Fig. 1 is a flowchart of a method for secure access to an ECU device of a vehicle according to an embodiment of the present invention, and as shown in fig. 1, the method includes: 101. receiving a random number written by factory offline equipment during offline calibration, and generating a DID parameter based on the random number; 102. receiving a first key value sent by the diagnostic equipment, wherein the first key value is calculated by the diagnostic equipment according to the DID parameter read from the ECU equipment and the seed requested from the ECU equipment by using a preset calculation formula; 103. calculating by using a preset calculation formula according to the locally stored DID parameters and the seed to obtain a second key value; 104. and comparing the first key value with the second key value, and determining whether to allow the diagnostic equipment to access the ECU equipment or to deny the diagnostic equipment to access the ECU equipment according to the comparison result.
It can be understood that, currently, for different controllers in the whole vehicle, the same set of security algorithms is used, and when the security algorithm of one of the controllers is cracked, the security algorithms of the other controllers are also cracked, so that the whole vehicle is in an unsafe state and data is tampered.
Based on this, the security algorithm of the embodiment of the present invention may write a Data Identification (DID) parameter into each controller through a UDS service (unified diagnostic service) when each controller goes offline, and each controller combines a corresponding security algorithm with a DID combined algorithm formula, so that each controller may have a different key, thereby preventing all controllers from being exposed to an unsafe state after an algorithm of a certain controller is leaked.
Specifically, when the ECU is calibrated offline, a random number is written into the ECU device through the factory offline device, and based on the random number, the ECU device generates the DID parameter. When the diagnosis equipment needs to access the ECU equipment, the DID parameters and the seed seeds are read from the ECU equipment, the first key value is obtained through calculation by using a preset formula algorithm according to the DID parameters and the seed seeds, and the first key value is sent to the ECU equipment.
And when the ECU equipment receives the first key value sent by the diagnosis equipment, calculating by using a preset formula algorithm the same as that of the diagnosis equipment according to the locally stored DID parameter and the seed to obtain a second key value. And comparing the first key value sent by the diagnostic equipment with the locally generated second key value, and determining whether the diagnostic equipment is allowed to access the ECU equipment according to the comparison result.
In the embodiment of the invention, because the off-line factory equipment writes the random number into the ECU equipment, the ECU equipment can generate the corresponding DID parameters according to the random number, the seed seeds of each ECU equipment are different, and the preset calculation formula used by each ECU equipment can be different, so that the safety algorithm of each ECU equipment is different, and the condition that all controllers are exposed to an unsafe state after the algorithm of a certain controller is leaked can be avoided.
In a possible embodiment mode, the DID parameter includes n values of 0-8, and the seed includes n bytes, where n is determined according to the requirement of the ECU, and n is a positive integer.
It is understood that the safety algorithm of each ECU device is composed of three parts, i.e., DID parameters, seed seeds, formula algorithm, etc. The DID parameter consists of n numerical values of 0-8, the Seed consists of n bytes Byte 1-Byte en, and the algorithm formula F is a calculation formula designed according to the security level. And writing 0-8 random numbers into the ECU equipment through factory offline equipment during offline calibration of the ECU equipment, and storing the random numbers into corresponding DID of the ECU to obtain DID parameters. For the above n value, the n value can be determined according to different ECU devices, which can ensure that the DID parameters and seed seeds of different ECU devices are different.
In a possible embodiment, before receiving the first key value sent by the diagnostic device, the method further includes: receiving a first request sent by the diagnostic equipment, and issuing DID parameters to the diagnostic equipment according to the first request; and receiving a second request sent by the diagnosis equipment, and issuing a seed to the diagnosis equipment according to the second request.
It can be understood that, when the diagnosis device accesses the ECU device, the ECU device requests the ECU to read the DID parameter and the seed, and the ECU device issues the DID parameter and the seed to the diagnosis device after receiving the request of the diagnosis device. And the diagnostic equipment calculates to obtain a first key value by using a preset calculation formula according to the DID parameters and the seed.
In a possible embodiment, it can be understood that, when the ECU device receives the first key value sent by the diagnostic device, the second key value is calculated by using the same preset calculation formula as that of the diagnostic device according to the locally stored DID parameter and seed. In the embodiment of the present invention, the second key value may be calculated by the following algorithm:
Key2=F[[Seed[Byte1]>>DID[X1],[Seed[Byte2]>>DID[X2],…,[Seed[Byten]>>DID[Xn]];
wherein, X1,X2.., Xn is a DID parameter of n values, Seed [ Byte1],Seed[Byte2]...,,Seed[Byten]Is a seed of n bytes,>>for the right shift operation, F is a preset calculation formula.
The preset calculation formula can be byte left shift, byte right shift, and operation, or operation or exclusive or operation, wherein for different ECU devices in the whole vehicle, the corresponding preset calculation formula can be selected.
In a possible embodiment, the comparing the first key value and the second key value, and determining whether to allow the diagnostic device to access the ECU device or to deny the diagnostic device from accessing the ECU device according to the comparison result includes: and when the first key value is consistent with the second key value, issuing an access permission instruction to the diagnostic equipment, and if the first key value is not consistent with the second key value, issuing an access rejection instruction to the diagnostic equipment.
It can be understood that, after the ECU device locally generates the second key value, the first key value sent by the diagnostic device is compared with the locally generated second key value, and when the first key value and the second key value are consistent, an access permission instruction is issued to the diagnostic device, and if the first key value and the second key value are not consistent, an access denial instruction is issued to the diagnostic device, and the diagnostic device is correspondingly permitted to access the ECU device or denied to access the ECU device, so as to achieve the purpose of securely accessing the ECU device.
Referring to fig. 2, a method for secure access to a vehicle ECU device according to an embodiment of the present invention is provided, including: 201. the diagnostic equipment calculates a first key value by using a preset calculation formula according to the DID parameter read from the ECU equipment and the seed requested from the ECU equipment, and sends the first key value to the ECU equipment; 202. and receiving an access permission instruction or an access denial instruction issued by the ECU equipment, wherein the access permission instruction or the access denial instruction is determined according to a comparison result of a first key value and a second key value, and the second key value is obtained by the ECU equipment through calculation by using a preset calculation formula according to a locally stored DID parameter and a seed.
It is understood that, when the diagnosis device accesses the ECU device, reading the DID parameter and the seed is requested from the ECU device, and the first key value is calculated using a preset calculation formula and transmitted to the ECU device.
And the ECU equipment compares the first key value sent by the diagnosis equipment with a second key value locally stored by the ECU equipment, and issues an access permission instruction or an access rejection instruction to the ECU equipment according to the comparison result.
In the embodiment of the invention, because the off-line factory equipment writes the random number into the ECU equipment, the ECU equipment can generate the corresponding DID parameters according to the random number, the seed of each ECU equipment is different, and the preset calculation formula used by each ECU equipment can be different, so that the safety algorithm of each ECU equipment is different, and the condition that all controllers are exposed to unsafe states after the algorithm of a certain controller is leaked can be avoided.
In a possible embodiment, before the step of the diagnostic device calculating the first key value according to the DID parameter read from the ECU device and the seed requested from the ECU device by using a preset calculation formula, the step of sending the first key value to the ECU further comprises: sending a first request to the ECU equipment, and receiving a DID parameter sent by the ECU equipment according to the first request; and sending a second request to the ECU equipment, and receiving a seed issued by the ECU equipment according to the second request.
When the ECU equipment receives the first request and the second request sent by the diagnostic equipment, the DID parameter and the seed are issued to the diagnostic equipment, the diagnostic equipment calculates a first key value according to the DID parameter and the seed issued by the ECU equipment by using a preset calculation formula, and sends the generated first key value to the ECU equipment.
In a possible embodiment, the method for the diagnosis device to calculate the first key value according to the DID parameter read from the ECU device and the seed requested from the ECU device by using a preset calculation formula and sending the first key value to the ECU device includes:
Key1=F[[Seed[Byte1]>>DID[X1],[Seed[Byte2]>>DID[X2],…,[Seed[Byten]>>DID[Xn]];
wherein, X1,X2.., Xn is a DID parameter of n values, Seed [ Byte1],Seed[Byte2]...,,Seed[Byten]Is a seed of n bytes,>>for the right shift operation, F is a preset calculation formula.
Referring to fig. 3, a general flowchart of a method for secure access to an ECU device of a vehicle according to an embodiment of the present invention is described, in which a DID parameter is written into the ECU device when the ECU device is offline and the DID parameter and a seed are read from the ECU device when the diagnostic device accesses the ECU device. And generating a first key value by using a preset calculation formula according to the read DID parameters and the seed, and sending the first key value to the ECU equipment. And when the ECU equipment receives the first key value sent by the diagnosis equipment, generating a second key value by using a preset calculation formula which is the same as that of the diagnosis equipment according to the locally stored DID parameter and the seed.
The ECU equipment compares the first key value with the second key value, and when the first key value and the second key value are consistent, an access permission instruction is issued to the diagnostic equipment to allow the diagnostic equipment to access the ECU equipment; and if the judgment result is inconsistent with the judgment result, issuing an access refusing instruction to the diagnostic equipment, and refusing the diagnostic equipment to access the ECU equipment.
Fig. 4 is a system for safely accessing an ECU device of a complete vehicle, which includes a diagnostic device and a plurality of ECU devices according to an embodiment of the present invention.
Each ECU device is used for receiving a random number written by factory offline equipment during offline calibration and generating a DID parameter based on the random number; receiving a first key value sent by the diagnostic equipment; the diagnostic equipment is also used for obtaining a second key value by utilizing a preset calculation formula according to the locally stored DID parameters and the seed, comparing the first key value with the second key value, and determining whether the diagnostic equipment is allowed to access the ECU or not according to the comparison result; and the diagnosis device is used for calculating a first key value by using a preset calculation formula according to the DID parameter read from the ECU device and the seed requested from the ECU device.
It can be understood that the complete vehicle ECU device secure access system provided in the embodiment of the present invention corresponds to the complete vehicle ECU device secure access method provided in each of the foregoing embodiments, and the relevant technical features of the complete vehicle ECU device secure access system may refer to the relevant technical features of the complete vehicle ECU device secure access method, and are not described herein again.
According to the method and the system for safely accessing the ECU equipment of the whole vehicle, provided by the embodiment of the invention, the ECU equipment can generate different safety algorithms by combining random parameters generated by offline calibration with a calculation formula, and each ECU can have a specific safety algorithm in a lowest cost mode, so that the safety levels of the ECU and the whole vehicle are improved.
While the preferred embodiments of the present application have been described, additional variations and modifications in those embodiments may occur to those skilled in the art once they learn of the basic inventive concepts. Therefore, it is intended that the appended claims be interpreted as including preferred embodiments and all alterations and modifications as fall within the scope of the application.
It will be apparent to those skilled in the art that various changes and modifications may be made in the present application without departing from the spirit and scope of the application. Thus, if such modifications and variations of the present application fall within the scope of the claims of the present application and their equivalents, the present application is also intended to include such modifications and variations.
Claims (10)
1. A safety access method for ECU equipment of a whole vehicle is characterized by comprising the following steps:
receiving a random number written by factory offline equipment during offline calibration, and generating a data identification DID parameter based on the random number;
receiving a first key value sent by the diagnostic equipment, wherein the first key value is calculated by the diagnostic equipment according to the DID parameter read from the ECU equipment and the seed requested from the ECU equipment by using a preset calculation formula;
calculating by using a preset calculation formula according to the locally stored DID parameters and the seed to obtain a second key value;
and comparing the first key value with the second key value, and determining whether to allow the diagnostic equipment to access the ECU equipment or to deny the diagnostic equipment to access the ECU equipment according to the comparison result.
2. The method of claim 1, wherein the DID parameter comprises n values of 0-8, and the seed comprises n bytes, where n is determined by the requirements of the ECU, and n is a positive integer.
3. The method of claim 1, wherein receiving the first key value transmitted by the diagnostic device further comprises:
receiving a first request sent by a diagnostic device, and issuing DID parameters to the diagnostic device according to the first request;
and receiving a second request sent by the diagnostic equipment, and issuing a seed to the diagnostic equipment according to the second request.
4. The method according to any one of claims 1 to 3, wherein the calculating the second key value according to the locally stored DID parameter and the seed using a preset calculation formula comprises:
Key2=F[[Seed[Byte1]>>DID[X1],[Seed[Byte2]>>DID[X2],…,[Seed[Byten]>>DID[Xn]];
wherein, X1,X2.., Xn is a DID parameter of n values, Seed [ Byte1],Seed[Byte2]...,,Seed[Byten]Is a seed of n bytes,>>for the right shift operation, F is a preset calculation formula.
5. The method according to claim 4, wherein the preset calculation formula is byte left shift, byte right shift, AND operation, OR operation or XOR operation, wherein for different ECU devices in the whole vehicle, the corresponding preset calculation formula can be selected.
6. The method of claim 4, wherein comparing the first key value and the second key value and determining whether to allow the diagnostic device to access the ECU device or deny the diagnostic device access to the ECU device based on the comparison comprises:
and when the first key value is consistent with the second key value, issuing an access permission instruction to the diagnostic equipment, and if the first key value is not consistent with the second key value, issuing an access rejection instruction to the diagnostic equipment.
7. A safety access method for ECU equipment of a whole vehicle is characterized by comprising the following steps:
the diagnostic equipment calculates a first key value by using a preset calculation formula according to the DID parameter read from the ECU equipment and the seed requested from the ECU equipment, and sends the first key value to the ECU equipment;
and receiving an access permission instruction or an access denial instruction issued by the ECU equipment, wherein the access permission instruction or the access denial instruction is determined according to a comparison result of a first key value and a second key value, and the second key value is obtained by the ECU equipment through calculation by using a preset calculation formula according to a locally stored DID parameter and a seed.
8. The method of claim 7, wherein the step of the diagnosis device calculating the first key value according to the DID parameter read from the ECU device and the seed requested from the ECU device by using a preset calculation formula and before sending the first key value to the ECU further comprises:
sending a first request to the ECU equipment, and receiving a DID parameter sent by the ECU equipment according to the first request;
and sending a second request to the ECU equipment, and receiving a seed issued by the ECU equipment according to the second request.
9. The method according to claim 7 or 8, wherein the diagnosis device calculates a first key value according to the DID parameter read from the ECU device and the seed requested from the ECU device using a preset calculation formula and transmits the first key value to the ECU device, including:
Key1=F[[Seed[Byte1]>>DID[X1],[Seed[Byte2]>>DID[X2],…,[Seed[Byten]>>DID[Xn]];
wherein, X1,X2.., Xn is a DID parameter of n values, Seed [ Byte1],Seed[Byte2]...,,Seed[Byten]Is a seed of n bytes,>>for the right shift operation, F is a preset calculation formula.
10. A safety access system for ECU equipment of a whole vehicle is characterized by comprising diagnostic equipment and a plurality of ECU equipment;
each ECU device is used for receiving a random number written by factory offline equipment during offline calibration and generating DID parameters based on the random number; receiving a first key value sent by the diagnostic equipment; the diagnostic equipment is also used for obtaining a second key value by utilizing a preset calculation formula according to the locally stored DID parameters and the seed, comparing the first key value with the second key value, and determining whether the diagnostic equipment is allowed to access the ECU or not according to the comparison result;
and the diagnostic equipment is used for calculating a first key value by using a preset calculation formula according to the DID parameters read from the ECU equipment and the seed seeds requested from the ECU equipment.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202110314293.0A CN113094691A (en) | 2021-03-24 | 2021-03-24 | Whole vehicle ECU device safety access method and system |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202110314293.0A CN113094691A (en) | 2021-03-24 | 2021-03-24 | Whole vehicle ECU device safety access method and system |
Publications (1)
Publication Number | Publication Date |
---|---|
CN113094691A true CN113094691A (en) | 2021-07-09 |
Family
ID=76669953
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202110314293.0A Pending CN113094691A (en) | 2021-03-24 | 2021-03-24 | Whole vehicle ECU device safety access method and system |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN113094691A (en) |
Citations (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102393888A (en) * | 2011-07-21 | 2012-03-28 | 广州汽车集团股份有限公司 | ECU (Electric Control Unit) security access processing method |
CN103763098A (en) * | 2014-01-26 | 2014-04-30 | 安徽江淮汽车股份有限公司 | Security verification method for diagnosis |
CN104134047A (en) * | 2014-07-01 | 2014-11-05 | 潍柴动力股份有限公司 | Safe access method for realizing ECU (Electronic Control Unit), ECU and upper computer |
CN106814675A (en) * | 2016-12-31 | 2017-06-09 | 华晨汽车集团控股有限公司 | Safety access method for verifying automotive diagnostic installation legitimacy |
CN108073156A (en) * | 2017-11-20 | 2018-05-25 | 广州汽车集团股份有限公司 | The security algorithm management method and system of a kind of vehicle electronic control unit |
CN111813461A (en) * | 2020-07-06 | 2020-10-23 | 斑马网络技术有限公司 | Vehicle ECU calibration method, device and equipment |
CN112182663A (en) * | 2020-09-22 | 2021-01-05 | 一汽奔腾轿车有限公司 | Two-stage safety access system of passenger car and access method thereof |
CN112487408A (en) * | 2020-12-24 | 2021-03-12 | 潍柴动力股份有限公司 | Safe access method and system for ECU in vehicle and storage medium |
-
2021
- 2021-03-24 CN CN202110314293.0A patent/CN113094691A/en active Pending
Patent Citations (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102393888A (en) * | 2011-07-21 | 2012-03-28 | 广州汽车集团股份有限公司 | ECU (Electric Control Unit) security access processing method |
CN103763098A (en) * | 2014-01-26 | 2014-04-30 | 安徽江淮汽车股份有限公司 | Security verification method for diagnosis |
CN104134047A (en) * | 2014-07-01 | 2014-11-05 | 潍柴动力股份有限公司 | Safe access method for realizing ECU (Electronic Control Unit), ECU and upper computer |
CN106814675A (en) * | 2016-12-31 | 2017-06-09 | 华晨汽车集团控股有限公司 | Safety access method for verifying automotive diagnostic installation legitimacy |
CN108073156A (en) * | 2017-11-20 | 2018-05-25 | 广州汽车集团股份有限公司 | The security algorithm management method and system of a kind of vehicle electronic control unit |
CN111813461A (en) * | 2020-07-06 | 2020-10-23 | 斑马网络技术有限公司 | Vehicle ECU calibration method, device and equipment |
CN112182663A (en) * | 2020-09-22 | 2021-01-05 | 一汽奔腾轿车有限公司 | Two-stage safety access system of passenger car and access method thereof |
CN112487408A (en) * | 2020-12-24 | 2021-03-12 | 潍柴动力股份有限公司 | Safe access method and system for ECU in vehicle and storage medium |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
KR102639075B1 (en) | Diagnostics device for vehicle and method of managing certificate thereof | |
US7197637B2 (en) | Authorization process using a certificate | |
US6816971B2 (en) | Signature process | |
CN109257374B (en) | Security control method and device and computer equipment | |
CN103529823B (en) | A kind of safety access control method for automotive diagnostic system | |
US9992178B2 (en) | Method, apparatus and system for dynamically controlling secure vehicle communication based on ignition | |
US8035494B2 (en) | Motor vehicle control device data transfer system and process | |
KR102368606B1 (en) | In-vehicle apparatus for efficient reprogramming and method for controlling there of | |
CN105659532A (en) | Safety filter in a vehicle network | |
CN101692017A (en) | Whole-automobile diagnosing method | |
CN202141943U (en) | Vehicle-mounted diagnosis safety verification system | |
CN113094761A (en) | Method for monitoring federated learning data tamper-proofing and related device | |
WO2017065892A1 (en) | Device functionality control | |
CN113094691A (en) | Whole vehicle ECU device safety access method and system | |
CN111193754B (en) | Data access method, system and equipment applied to Internet of things | |
CN112738029A (en) | Hydrogen energy automobile electronic controller diagnosis safety algorithm management system | |
CN109951450B (en) | Server-based information security collection and interaction method and system | |
CN114785557A (en) | Vehicle symmetric key distribution system, method and storage medium | |
JP2023084378A (en) | Authentication system, server, on-vehicle device, authentication method, and authentication program | |
CN111159484B (en) | On-board database for PHM system | |
US20050125655A1 (en) | Process for detecting defective component exchanges | |
CN116488813B (en) | Vehicle, communication security authentication method and device thereof, electronic equipment and storage medium | |
CN117077109A (en) | Secure refreshing method and device for ECU data and electronic equipment | |
JP2007153021A (en) | Communication method | |
US10936532B2 (en) | Electronic device and data transmitting/receiving method |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20210709 |