CN113411311A - ECU (electronic control Unit) diagnosis authorization verification method, storage medium and system - Google Patents
ECU (electronic control Unit) diagnosis authorization verification method, storage medium and system Download PDFInfo
- Publication number
- CN113411311A CN113411311A CN202110552425.3A CN202110552425A CN113411311A CN 113411311 A CN113411311 A CN 113411311A CN 202110552425 A CN202110552425 A CN 202110552425A CN 113411311 A CN113411311 A CN 113411311A
- Authority
- CN
- China
- Prior art keywords
- terminal
- request
- authorization verification
- ecu
- cloud
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/083—Network architectures or network communication protocols for network security for authentication of entities using passwords
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F8/00—Arrangements for software engineering
- G06F8/60—Software deployment
- G06F8/65—Updates
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/06—Network architectures or network communication protocols for network security for supporting key management in a packet data network
Abstract
The invention discloses an ECU diagnosis authorization verification method, which comprises the following steps: a unique seed key and the latest synchronization factor are deployed at a terminal and a cloud end; the request terminal sends an authorization verification request to the cloud terminal; the cloud judges whether the request of the request end is legal or not, if so, the seed key and the latest synchronization factor are inquired, and a cloud authentication key is generated through a specified algorithm and fed back to the request end; the request terminal sends an authorization verification request to the terminal and sends a cloud authentication key to the terminal; and the terminal generates a terminal authentication key through a specified algorithm according to the seed key and the latest synchronization factor, and determines whether the terminal authentication key passes the authorization verification of the request terminal according to the consistency of the terminal authentication key and the cloud authentication key. The invention also discloses a computer readable storage medium for executing the steps of the ECU diagnosis authorization verification method and an ECU diagnosis authorization verification system.
Description
Technical Field
The invention relates to the field of automobiles, in particular to an ECU diagnosis authorization verification method. The invention also relates to a computer readable storage medium for executing the steps of the ECU diagnosis authorization verification method, and an ECU diagnosis authorization verification system.
Background
In the field of vehicle after-sale diagnosis refreshing, due to the lack of an authorized authentication mechanism for a diagnosis device in a vehicle enterprise, many unauthorized third-party organizations, such as a vehicle refitting shop, can perform dangerous operations such as refreshing and changing configuration words on a vehicle-mounted ECU. If the written program is an illegal modified version, the method not only brings extremely high potential safety hazard to the car owner, but also can cause the emission certification and the performance index failure of the vehicle and bring legal risk to the car enterprises.
In addition, in the field of OTA remote upgrade and remote diagnosis of automobiles, vehicle-mounted networking equipment (T-BOX or interconnection gateway and the like) and cloud service can finish diagnosis and refresh of vehicle ECU together. In this scenario, the vehicle-mounted networking device plays the role of an after-sales diagnosis device. At the present stage, the diagnosis mode is still in the initial stage of development, the security mechanism is not perfect enough, the vehicle-mounted networking equipment and the vehicle bus controller lack an authorization authentication mechanism, if a network attacker utilizes the vulnerability of the vehicle-mounted networking equipment, the network attacker pretends to OTA or remote diagnosis cloud service, tries to upgrade or diagnose the vehicle, swipes illegal tampered software or modifies the factory configuration of the vehicle, the security of the vehicle owner is seriously affected, and the consequences are unreasonable.
For the above scenario, some simple authorization and authentication mechanisms are also designed and applied to some car enterprises, for example, authentication is performed by way of hash value comparison through a prefabricated symmetric key. However, similar methods are all one-time authorization and permanent use, the use scene of the diagnostic equipment cannot be monitored, if the diagnostic equipment flows out to a third party, abuse of the equipment by the third party cannot be avoided, and the ECU authorization and authentication mechanism in the prior art has a large security hole.
Disclosure of Invention
In this summary, a series of simplified form concepts are introduced that are simplifications of the prior art in this field, which will be described in further detail in the detailed description. This summary of the invention is not intended to identify key features or essential features of the claimed subject matter, nor is it intended to be used as an aid in determining the scope of the claimed subject matter.
The invention aims to provide an ECU diagnosis authorization verification method which can effectively avoid illegal (unauthorized) operation of the ECU compared with the prior art.
Correspondingly, the invention also provides a computer readable storage medium for executing the steps of the ECU diagnosis authorization verification method and an ECU diagnosis authorization verification system.
In order to solve the technical problem, the ECU diagnosis authorization verification method provided by the invention comprises the following steps:
s1, deploying a unique seed key and the latest synchronization factor at the terminal and the cloud end;
s2, the request end sends an authorization verification request to the cloud end;
s3, after receiving the authorization verification request of the request end, the cloud end judges whether the request of the request end is legal, if so, the cloud end inquires the seed key and the latest synchronization factor, and generates a cloud end authentication key through a specified algorithm to feed back the cloud end authentication key to the request end;
s4, the request end sends an authorization verification request to the terminal and sends the cloud authentication key to the terminal;
and S5, the terminal generates a terminal authentication key through a specified algorithm according to the seed key and the latest synchronization factor, and determines whether the authentication passes the authorization verification of the request terminal according to whether the terminal authentication key is consistent with the cloud authentication key.
Optionally, the ECU diagnostic authorization verification method is further improved, wherein the seed key is generated by a specified encryption algorithm and/or an ECU activation tool. The seed key of the terminal can be written by using professional equipment when the vehicle is off-line or the vehicle-mounted controller is off-line. The operation of the online and offline databases should be kept secret in the whole process and cannot be leaked to a third party
Optionally, the ECU diagnosis authorization verification method is further improved, and the seed key has a unique correspondence with the vehicle VIN number.
Optionally, the ECU diagnostic authorization verification method is further improved, wherein the synchronization factor is an event or a combination of events that are uniquely determinable in relation to the ECU. The synchronization factor is an input variable of a seed key algorithm and can be selected according to actual conditions on the premise that the synchronization factor is related to the ECU and is only and determinable; for example, such as the total number of vehicle diagnoses or swipes, the date of the service application, etc., may be a single event or a combination of events.
Optionally, the ECU diagnosis authorization verification method is further improved, and the seed key is deployed at the terminal and the cloud terminal simultaneously during vehicle production and/or offline.
Optionally, the method for verifying the ECU diagnosis authorization is further improved, where the terminal is an intermediate node between the ECU and the cloud and the diagnosis interface, that is, the terminal is used to control data interaction between external data and the ECU, and is a vehicle-mounted bus controller, such as a vehicle-mounted gateway, a vehicle-mounted computer, a vehicle-mounted central processing unit, and the like.
Optionally, the ECU diagnosis authorization verification method is further improved, and the cloud determines whether the request from the request end is legal or not according to the specified conditions of the vehicle and the vehicle enterprise after receiving the authorization verification request from the request end. The specified condition may be a combination of one or more conditions, for example, whether the request from the requesting end is legal is determined according to the scene, for example, whether the vehicle is legal when located in a 4S store, or not. And judging whether the request of the request end is legal or not by the scene and the time, wherein the vehicle is located in a 4S store and the current time is the working time of the 4S store, and otherwise, the vehicle is illegal.
Optionally, the ECU diagnosis authorization verification method is further improved, before the authorization verification is performed, the terminal and the cloud perform time synchronization verification, and if the time synchronization verification fails, the ECU authorization verification is exited. For example, the cloud and the terminal should use the same NTP time synchronization server to ensure that the local time cannot be modified by the vehicle to pass the verification.
Optionally, the ECU diagnosis authorization verification method is further improved, and the terminal authentication key and the cloud authentication key can be used only once and/or only within a specified time.
Optionally, the ECU diagnostic authorization verification method is further improved, which can be used for ECU offline diagnosis and/or refresh, and OTA remote upgrade and/or remote diagnosis of the ECU.
To solve the above technical problem, the present invention provides a computer-readable storage medium for use in any one of the steps of the ECU diagnostic authorization verification method described above.
In order to solve the above technical problem, the present invention provides an ECU diagnosis authorization verification system, including:
the terminal module is deployed with a unique seed key and a latest synchronization factor, generates a terminal authentication key through a specified algorithm by using the seed key and the latest synchronization factor, and determines whether the request end passes the authorization verification according to the consistency of the terminal authentication key and the cloud authentication key;
the cloud module is deployed with the latest synchronization factor of the unique seed key, generates a cloud authentication key through a specified algorithm by using the seed key and the latest synchronization factor, judges whether the request of the request terminal is legal or not, inquires the seed key and the latest synchronization factor if the request of the request terminal is legal, and generates a cloud authentication key through the specified algorithm to feed back the cloud authentication key to the request terminal;
and the request end sends an authorization verification request to the terminal and sends the cloud authentication key to the terminal.
Optionally, the ECU diagnostic authorization verification system is further improved, wherein the seed key is generated by a specified encryption algorithm and/or an ECU activation tool.
Optionally, the ECU diagnosis authorization verification system is further improved, and the seed key has a unique correspondence with the vehicle VIN number.
Optionally, the ECU diagnostic authorization verification system is further improved, wherein the synchronization factor is an event or combination of events that are uniquely determinable in association with the ECU.
Optionally, the ECU diagnosis authorization verification system is further improved, and the seed key is deployed at the terminal and the cloud terminal simultaneously during vehicle production and/or offline.
Optionally, the ECU diagnosis authorization verification system is further improved, and the terminal is an intermediate node between the ECU and the cloud and the diagnosis interface.
Optionally, the ECU diagnosis authorization verification system is further improved, and after receiving the authorization verification request from the request terminal, the cloud module determines whether the request from the request terminal is legal or not according to the specified conditions of the vehicle and the vehicle enterprise.
Optionally, the ECU diagnosis authorization verification system is further improved, before performing authorization verification, the terminal and the cloud perform time synchronization verification, and if the time synchronization verification fails, the ECU authorization verification is exited.
Optionally, the ECU diagnosis authorization verification system is further improved, and the terminal authentication key and the cloud authentication key can be used only once and/or only within a specified time, that is, the terminal authentication key and the cloud authentication key are disposable and temporary and cannot be used for a long time.
Optionally, the ECU diagnostic authorization verification system is further improved and can be used for ECU offline diagnostics and/or refreshment, and OTA remote upgrade and/or remote diagnostics of the ECU.
Optionally, the ECU diagnosis, authorization and verification system is further improved, and the cloud module is deployed on a vehicle-enterprise cloud server and/or a designated third-party server.
The unique seed key and the latest synchronization factor are deployed at the terminal and the cloud terminal, and the authorization verification request of the request terminal is verified to be legal or not by combining the specified conditions (such as scenes). According to the method, through a temporary security authentication scheme authorized according to needs, whether a request end (diagnosis equipment or a vehicle-mounted networking terminal) is authorized or not can be judged according to needs and specified conditions (such as scenes), an attacker can be effectively prevented from diagnosing and rewriting the vehicle ECU by utilizing loopholes of the vehicle-mounted networking terminal or using illegal diagnosis equipment, potential safety hazards and legal risks brought to users and vehicle enterprises are avoided, and the safety of ECU refreshing or diagnosis services is ensured.
Drawings
The accompanying drawings, which are included to provide a further understanding of the invention, are incorporated in and constitute a part of this specification. The drawings are not necessarily to scale, however, and may not be intended to accurately reflect the precise structural or performance characteristics of any given embodiment, and should not be construed as limiting or restricting the scope of values or properties encompassed by exemplary embodiments in accordance with the invention. The invention will be described in further detail with reference to the following detailed description and accompanying drawings:
FIG. 1 is a schematic flow diagram of the present invention.
FIG. 2 is a schematic diagram of the principle of generating an authentication key by using a seed key and a synchronization factor according to the present invention.
FIG. 3 is a schematic diagram of a sixth embodiment of the ECU diagnostic authorization verification system of the present invention.
Fig. 4 is a schematic diagram of a seventh embodiment of the ECU diagnostic authorization verification system of the present invention.
Detailed Description
The embodiments of the present invention are described below with reference to specific embodiments, and other advantages and technical effects of the present invention will be fully apparent to those skilled in the art from the disclosure in the specification. The invention is capable of other embodiments and of being practiced or of being carried out in various ways, and its several details are capable of modification in various respects, all without departing from the general spirit of the invention. It is to be noted that the features in the following embodiments and examples may be combined with each other without conflict. The following exemplary embodiments of the present invention may be embodied in many different forms and should not be construed as limited to the specific embodiments set forth herein. It is to be understood that these embodiments are provided so that this disclosure will be thorough and complete, and will fully convey the technical solutions of these exemplary embodiments to those skilled in the art.
A first embodiment;
as shown in FIG. 1, the present invention provides an ECU diagnostic authorization verification method, comprising the steps of:
s1, deploying a unique seed key and the latest synchronization factor at the terminal and the cloud end;
s2, the request end sends an authorization verification request to the cloud end;
s3, after receiving the authorization verification request of the request end, the cloud end judges whether the request of the request end is legal, if so, the cloud end inquires the seed key and the latest synchronization factor, and generates a cloud end authentication key through a specified algorithm to feed back the cloud end authentication key to the request end;
s4, the request end sends an authorization verification request to the terminal and sends the cloud authentication key to the terminal;
and S5, the terminal generates a terminal authentication key through a specified algorithm according to the seed key and the latest synchronization factor, and determines whether the authentication passes the authorization verification of the request terminal according to whether the terminal authentication key is consistent with the cloud authentication key.
A second embodiment;
continuing to refer to FIG. 1, the present invention provides a method for ECU diagnostic authorization verification comprising the steps of:
s1, deploying a unique seed key and the latest synchronization factor at the terminal and the cloud end; the seed key is generated by a designated encryption algorithm and/or an ECU (electronic control unit) activation tool, the seed key and a vehicle VIN (vehicle identification number) have a unique corresponding relation, and the seed key is deployed at the terminal and the cloud end simultaneously in the vehicle production and/or offline process; the synchronization factor is an event or combination of events that are related to the ECU and uniquely determinable; the terminal is an intermediate node between the ECU and the cloud and the diagnosis interface;
s2, the request end sends an authorization verification request to the cloud end;
s3, after receiving an authorization verification request of a request end by the cloud end, before executing the authorization verification, the terminal and the cloud end perform time synchronization verification, if the time synchronization verification fails, the terminal quits the ECU authorization verification, after receiving the authorization verification request of the request end by the cloud end, the cloud end judges whether the request of the request end is legal or not according to the specified conditions of the vehicle and the enterprise, if the request is legal, the seed key and the latest synchronization factor are inquired, and a cloud end authentication key is generated through a specified algorithm and fed back to the request end;
s4, the request end sends an authorization verification request to the terminal and sends the cloud authentication key to the terminal;
s5, the terminal generates a terminal authentication key through a specified algorithm according to the seed key and the latest synchronization factor, and determines whether the terminal authentication key passes the authorization verification of the request terminal according to whether the terminal authentication key is consistent with the cloud authentication key;
the principle of terminal authentication key and cloud authentication key production is shown in fig. 2.
Alternatively, further refinements of the first or second embodiments described above can be used for ECU offline diagnostics and/or refresh, as well as OTA remote upgrade and/or remote diagnostics of the ECU.
Optionally, in a further improvement of the first embodiment or the second embodiment, the terminal authentication key and the cloud authentication key can be used only once and/or only within a specified time.
A third embodiment;
the present invention provides a computer-readable storage medium for executing the steps of the ECU diagnostic authorization verification method described in the first embodiment or the second embodiment above.
A fourth embodiment;
the invention provides an ECU diagnosis authorization verification system, which comprises:
the terminal module is deployed with a unique seed key and a latest synchronization factor, generates a terminal authentication key through a specified algorithm by using the seed key and the latest synchronization factor, and determines whether the request end passes the authorization verification according to the consistency of the terminal authentication key and the cloud authentication key;
the cloud module is deployed with the latest synchronization factor of the unique seed key, generates a cloud authentication key through a specified algorithm by using the seed key and the latest synchronization factor, judges whether the request of the request terminal is legal or not, inquires the seed key and the latest synchronization factor if the request of the request terminal is legal, and generates a cloud authentication key through the specified algorithm to feed back the cloud authentication key to the request terminal;
and the request end sends an authorization verification request to the terminal and sends the cloud authentication key to the terminal.
A fifth embodiment;
the invention provides an ECU diagnosis authorization verification system, which comprises:
the terminal module is deployed with a unique seed key and a latest synchronization factor, generates a terminal authentication key through a specified algorithm by using the seed key and the latest synchronization factor, and determines whether the request end passes the authorization verification according to the consistency of the terminal authentication key and the cloud authentication key; the seed key is deployed at the terminal and the cloud simultaneously during vehicle production and/or offline, the synchronization factor is an event or a combination of events that are related to the ECU and uniquely determinable, and the terminal module is an intermediate node between the ECU and the cloud and the diagnostic interface.
The cloud module is deployed with the latest synchronization factor of the unique seed key, generates a cloud authentication key through a specified algorithm by using the seed key and the latest synchronization factor, judges whether the request of the request terminal is legal or not, inquires the seed key and the latest synchronization factor if the request of the request terminal is legal, and generates a cloud authentication key through the specified algorithm to feed back the cloud authentication key to the request terminal; after receiving an authorization verification request of a request end, the cloud end module judges whether the request of the request end is legal or not according to the specified conditions of the vehicle and the enterprise;
and the request end sends an authorization verification request to the terminal and sends the cloud authentication key to the terminal.
The seed key is generated by a specified encryption algorithm and/or an ECU activation tool, and the seed key has a unique corresponding relation with the vehicle VIN number.
Before the authorization verification is executed, the terminal and the cloud end carry out time synchronization verification, if the time synchronization verification is not passed, the ECU authorization verification is quitted, and the terminal authentication key and the cloud end authentication key can be used only once and/or can be used only within a specified time.
Alternatively, the seventh or eighth embodiments described above can be further modified to enable ECU offline diagnostics and/or refresh, as well as OTA remote upgrade and/or remote diagnostics of the ECU.
Optionally, in a further improvement of the seventh embodiment or the eighth embodiment, the cloud module is deployed on a vehicle-enterprise cloud server and/or a designated third-party server.
A sixth embodiment;
referring to fig. 3, the present invention will be further explained by taking the ECU offline diagnosis condition as an example, as follows:
the method comprises the steps that after-sale diagnosis equipment initiates a diagnosis request to a specific vehicle;
the after-sale diagnosis equipment requests security authentication from the diagnosis cloud service and requests a security authentication key;
the diagnostic cloud service receives the key request of the diagnostic device, and judges whether the maintenance scene of the corresponding vehicle is legal, and the judgment mode can be customized by the vehicle enterprise, for example, the vehicle maintenance state is registered by an after-sale system, and the judgment is carried out based on the state value. If the verification is passed, the diagnosis cloud service inquires a Seed key Seed corresponding to the vehicle, and calculates a security authentication key Auth.Key based on the latest synchronization factor Rolling Count;
the diagnosis cloud service returns a security authentication key to the after-sale diagnosis instrument;
the diagnostic instrument requests refreshing from a vehicle bus controller, such as a vehicle-mounted gateway/a vehicle-mounted computer/a central computing unit, and sends a security authentication key;
the vehicle bus controller calculates a security authentication key by using a locally stored Seed key Seed and a synchronization factor Rolling Count, and compares the security authentication key with a security authentication key sent by a diagnostic instrument;
and the vehicle bus controller feeds the comparison result back to the diagnostic instrument, and if the comparison result passes the authentication, the diagnostic process of the ECU is started.
A seventh embodiment;
referring to fig. 4, by taking OTA remote upgrade as an example, the invention is further explained as follows:
the OTA cloud service issues an upgrade request to a specific vehicle;
the vehicle-mounted OTA master node receives the upgrading request, requests security authentication from the diagnosis cloud service, requests a security authentication key, and only allows the authorized equipment to call an interface related to the security authentication key, wherein the diagnosis cloud service and the FOTA cloud service are independently deployed and follow a strict identity verification mechanism;
the diagnosis cloud service receives the key request of the diagnosis equipment, and firstly judges whether the maintenance scene of the corresponding vehicle is legal or not, wherein the judgment mode can be defined by the vehicle enterprise, for example, the OTA system checks the task state of the vehicle, and the judgment is carried out based on the state value. If the verification is passed, the diagnosis cloud service inquires a Seed key Seed corresponding to the vehicle, and calculates a security authentication key Auth.Key based on the latest synchronization factor Rolling Count;
the diagnosis cloud service returns a security authentication key to the vehicle-mounted OTA main node;
the vehicle-mounted OTA main node requests a vehicle bus controller, such as a vehicle-mounted gateway/a vehicle-mounted computer/a central computing unit, for refreshing and sends a security authentication key;
the vehicle bus controller calculates a security authentication key by using a locally stored Seed key and a synchronization factor Rolling Count, and compares the security authentication key with a security authentication key sent by the vehicle-mounted OTA main node;
the vehicle bus controller feeds back the comparison result to the vehicle-mounted OTA main node;
if the authentication is passed, a refresh flow of the ECU is started.
Unless otherwise defined, all terms (including technical and scientific terms) used herein have the same meaning as commonly understood by one of ordinary skill in the art to which this invention belongs. It will be further understood that terms, such as those defined in commonly used dictionaries, should be interpreted as having a meaning that is consistent with their meaning in the context of the relevant art and will not be interpreted in an idealized or overly formal sense unless expressly so defined herein.
The present invention has been described in detail with reference to the specific embodiments and examples, but these are not intended to limit the present invention. Many variations and modifications may be made by one of ordinary skill in the art without departing from the principles of the present invention, which should also be considered as within the scope of the present invention.
Claims (22)
1. An ECU diagnostic authorization verification method, characterized by comprising the steps of:
s1, deploying a unique seed key and the latest synchronization factor at the terminal and the cloud end;
s2, the request end sends an authorization verification request to the cloud end;
s3, after receiving the authorization verification request of the request end, the cloud end judges whether the request of the request end is legal, if so, the cloud end inquires the seed key and the latest synchronization factor, and generates a cloud end authentication key through a specified algorithm to feed back the cloud end authentication key to the request end;
s4, the request end sends an authorization verification request to the terminal and sends the cloud authentication key to the terminal;
and S5, the terminal generates a terminal authentication key through a specified algorithm according to the seed key and the latest synchronization factor, and determines whether the authentication passes the authorization verification of the request terminal according to whether the terminal authentication key is consistent with the cloud authentication key.
2. The ECU diagnostic authorization verification method according to claim 1, characterized in that: the seed key is generated by a specified encryption algorithm and/or an ECU activation tool.
3. The ECU diagnostic authorization verification method according to claim 1, characterized in that: the seed key and the vehicle VIN number have a unique corresponding relation.
4. The ECU diagnostic authorization verification method according to claim 1, characterized in that: the synchronization factor is an event or combination of events that are related to the ECU and uniquely determinable.
5. The ECU diagnostic authorization verification method according to claim 1, characterized in that: the seed key is deployed at the terminal and the cloud terminal simultaneously in the vehicle production and/or offline process.
6. The ECU diagnostic authorization verification method according to claim 1, characterized in that: the terminal is an intermediate node between the ECU and the cloud and the diagnosis interface.
7. The ECU diagnostic authorization verification method according to claim 1, characterized in that: and after receiving the authorization verification request of the request terminal, the cloud terminal judges whether the request of the request terminal is legal or not according to the specified conditions of the vehicle and the enterprise.
8. The ECU diagnostic authorization verification method according to claim 1, characterized in that: before the authorization verification is executed, the terminal and the cloud end carry out time synchronization verification, and if the time synchronization verification fails, the ECU authorization verification is quitted.
9. The ECU diagnostic authorization verification method according to claim 1, characterized in that: it can be used for ECU offline diagnostics and/or refresh, and OTA remote upgrade and/or remote diagnostics of the ECU.
10. The ECU diagnostic authorization verification method according to claim 1, characterized in that: the terminal authentication key and the cloud authentication key can be used only once and/or can be used only within a specified time.
11. A computer readable storage medium for performing the steps of the ECU diagnostic authorization verification method of any one of claims 1-10.
12. An ECU diagnostic authorization verification system, comprising:
the terminal module is deployed with a unique seed key and a latest synchronization factor, generates a terminal authentication key through a specified algorithm by using the seed key and the latest synchronization factor, and determines whether the request end passes the authorization verification according to the consistency of the terminal authentication key and the cloud authentication key;
the cloud module is deployed with the latest synchronization factor of the unique seed key, generates a cloud authentication key through a specified algorithm by using the seed key and the latest synchronization factor, judges whether the request of the request terminal is legal or not, inquires the seed key and the latest synchronization factor if the request of the request terminal is legal, and generates a cloud authentication key through the specified algorithm to feed back the cloud authentication key to the request terminal;
and the request end sends an authorization verification request to the terminal and sends the cloud authentication key to the terminal.
13. The ECU diagnostic authorization verification system according to claim 12, characterized in that: the seed key is generated by a specified encryption algorithm and/or an ECU activation tool.
14. The ECU diagnostic authorization verification system according to claim 12, characterized in that: the seed key and the vehicle VIN number have a unique corresponding relation.
15. The ECU diagnostic authorization verification system according to claim 12, characterized in that: the synchronization factor is an event or combination of events that are related to the ECU and uniquely determinable.
16. The ECU diagnostic authorization verification system according to claim 12, characterized in that: the seed key is deployed at the terminal and the cloud terminal simultaneously in the vehicle production and/or offline process.
17. The ECU diagnostic authorization verification system according to claim 12, characterized in that: the terminal is an intermediate node between the ECU and the cloud and the diagnosis interface.
18. The ECU diagnostic authorization verification system according to claim 12, characterized in that: and after receiving the authorization verification request of the request terminal, the cloud terminal module judges whether the request of the request terminal is legal or not according to the specified conditions of the vehicle and the enterprise.
19. The ECU diagnostic authorization verification system according to claim 12, characterized in that: before the authorization verification is executed, the terminal and the cloud end carry out time synchronization verification, and if the time synchronization verification fails, the ECU authorization verification is quitted.
20. The ECU diagnostic authorization verification system according to claim 12, characterized in that: the terminal authentication key and the cloud authentication key can be used only once and/or can be used only within a specified time.
21. The ECU diagnostic authorization verification system according to any one of claims 12-20, characterized by: it can be used for ECU offline diagnostics and/or refresh, and OTA remote upgrade and/or remote diagnostics of the ECU.
22. The ECU diagnostic authorization verification system according to any one of claims 12-20, characterized by: the cloud module is deployed on a vehicle-enterprise cloud server and/or a designated third-party server.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110552425.3A CN113411311B (en) | 2021-05-20 | 2021-05-20 | ECU diagnosis authorization verification method, storage medium and system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110552425.3A CN113411311B (en) | 2021-05-20 | 2021-05-20 | ECU diagnosis authorization verification method, storage medium and system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN113411311A true CN113411311A (en) | 2021-09-17 |
| CN113411311B CN113411311B (en) | 2023-05-30 |
Family
ID=77679043
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202110552425.3A Active CN113411311B (en) | 2021-05-20 | 2021-05-20 | ECU diagnosis authorization verification method, storage medium and system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN113411311B (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113946815A (en) * | 2021-10-21 | 2022-01-18 | 深圳致星科技有限公司 | Authorization method for federal learning and privacy calculations |
Citations (14)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106161441A (en) * | 2016-07-05 | 2016-11-23 | 上汽通用汽车有限公司 | The security diagnostics communication means of a kind of LAN in car and system |
| CN106203062A (en) * | 2016-08-29 | 2016-12-07 | 广州汽车集团股份有限公司 | A kind of security authentication systems and method |
| CN106713264A (en) * | 2016-11-18 | 2017-05-24 | 郑州信大捷安信息技术股份有限公司 | Method for vehicle safety remote control and diagnosis and system thereof |
| US20170310674A1 (en) * | 2016-04-26 | 2017-10-26 | Honeywell International Inc. | Approach for securing a vehicle access port |
| US20170305368A1 (en) * | 2016-04-26 | 2017-10-26 | Honeywell International Inc. | Vehicle security module system |
| CN107479525A (en) * | 2016-12-23 | 2017-12-15 | 宝沃汽车(中国)有限公司 | Vehicle remote diagnosis system and its control method |
| US20180151005A1 (en) * | 2016-11-30 | 2018-05-31 | Hyundai Motor Company | Vehicle diagnostic device and method of managing certificate thereof |
| CN109088848A (en) * | 2018-06-04 | 2018-12-25 | 佛吉亚好帮手电子科技有限公司 | A kind of intelligent network connection automobile information method for security protection |
| CN109738025A (en) * | 2019-02-25 | 2019-05-10 | 任翔 | A kind of onboard diagnostic system having authorization function |
| WO2019109727A1 (en) * | 2017-12-08 | 2019-06-13 | 西安中兴新软件有限责任公司 | Identity verification method and apparatus |
| WO2019114578A1 (en) * | 2017-12-15 | 2019-06-20 | 蔚来汽车有限公司 | Method for generating and using virtual key of vehicle, system for same, and user terminal |
| CN110011809A (en) * | 2019-03-29 | 2019-07-12 | 深圳市元征科技股份有限公司 | A kind of communication means and vehicle diagnostic equipment of vehicle diagnostic equipment |
| CN111651748A (en) * | 2020-05-29 | 2020-09-11 | 重庆长安汽车股份有限公司 | Safety access processing system and method for ECU in vehicle |
| CN112327796A (en) * | 2020-10-21 | 2021-02-05 | 诚迈科技(南京)股份有限公司 | Control method and electronic control unit for automobile diagnosis service |
-
2021
- 2021-05-20 CN CN202110552425.3A patent/CN113411311B/en active Active
Patent Citations (14)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20170310674A1 (en) * | 2016-04-26 | 2017-10-26 | Honeywell International Inc. | Approach for securing a vehicle access port |
| US20170305368A1 (en) * | 2016-04-26 | 2017-10-26 | Honeywell International Inc. | Vehicle security module system |
| CN106161441A (en) * | 2016-07-05 | 2016-11-23 | 上汽通用汽车有限公司 | The security diagnostics communication means of a kind of LAN in car and system |
| CN106203062A (en) * | 2016-08-29 | 2016-12-07 | 广州汽车集团股份有限公司 | A kind of security authentication systems and method |
| CN106713264A (en) * | 2016-11-18 | 2017-05-24 | 郑州信大捷安信息技术股份有限公司 | Method for vehicle safety remote control and diagnosis and system thereof |
| US20180151005A1 (en) * | 2016-11-30 | 2018-05-31 | Hyundai Motor Company | Vehicle diagnostic device and method of managing certificate thereof |
| CN107479525A (en) * | 2016-12-23 | 2017-12-15 | 宝沃汽车(中国)有限公司 | Vehicle remote diagnosis system and its control method |
| WO2019109727A1 (en) * | 2017-12-08 | 2019-06-13 | 西安中兴新软件有限责任公司 | Identity verification method and apparatus |
| WO2019114578A1 (en) * | 2017-12-15 | 2019-06-20 | 蔚来汽车有限公司 | Method for generating and using virtual key of vehicle, system for same, and user terminal |
| CN109088848A (en) * | 2018-06-04 | 2018-12-25 | 佛吉亚好帮手电子科技有限公司 | A kind of intelligent network connection automobile information method for security protection |
| CN109738025A (en) * | 2019-02-25 | 2019-05-10 | 任翔 | A kind of onboard diagnostic system having authorization function |
| CN110011809A (en) * | 2019-03-29 | 2019-07-12 | 深圳市元征科技股份有限公司 | A kind of communication means and vehicle diagnostic equipment of vehicle diagnostic equipment |
| CN111651748A (en) * | 2020-05-29 | 2020-09-11 | 重庆长安汽车股份有限公司 | Safety access processing system and method for ECU in vehicle |
| CN112327796A (en) * | 2020-10-21 | 2021-02-05 | 诚迈科技(南京)股份有限公司 | Control method and electronic control unit for automobile diagnosis service |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113946815A (en) * | 2021-10-21 | 2022-01-18 | 深圳致星科技有限公司 | Authorization method for federal learning and privacy calculations |
| CN113946815B (en) * | 2021-10-21 | 2022-08-26 | 深圳致星科技有限公司 | Authorization method for federal learning and privacy computation |
Also Published As
| Publication number | Publication date |
|---|---|
| CN113411311B (en) | 2023-05-30 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| EP3648396B1 (en) | Maintenance system and maintenance method | |
| CN107682334B (en) | OBD interface data safety protection system and data safety protection method | |
| DE102006015212B4 (en) | Method for protecting a movable good, in particular a vehicle, against unauthorized use | |
| US10589719B1 (en) | Method for managing digital key of mobile device for vehicle-sharing and key server using the same | |
| US10931459B2 (en) | Onboard computer system, vehicle, management method, and computer program | |
| CN106030600A (en) | Authentication system and car onboard control device | |
| DE102016218986A1 (en) | Method for access management of a vehicle | |
| DE102013205051A1 (en) | Updating a digital device certificate of an automation device | |
| CN109017676B (en) | Vehicle control method, device and storage medium | |
| DE102019127100A1 (en) | PROCEDURE AND SYSTEM FOR PROVIDING SECURITY OF AN IN-VEHICLE NETWORK | |
| EP2332284A2 (en) | Releasing a service on an electronic appliance | |
| CN109637034B (en) | Vehicle time-sharing leasing method and system based on virtual key | |
| EP3417395A1 (en) | Proving authenticity of a device with the aid of proof of authorization | |
| CN113411311A (en) | ECU (electronic control Unit) diagnosis authorization verification method, storage medium and system | |
| CN107409044B (en) | Digital identification and authorization for machines with replaceable components | |
| CN114372254A (en) | Authentication method, data access control method, server, equipment and system | |
| CN113269931B (en) | Capacity-based shared automobile access method and device | |
| CN112398810B (en) | Identity authentication system and method of OBD (on-Board diagnostics) equipment | |
| US10755504B1 (en) | Method for controlling vehicle based on location information and vehicle-control supporting server using the same | |
| CN111090841A (en) | Authentication method and device for industrial control system | |
| EP3693233B1 (en) | Safety mode in case of replaced engine control units | |
| US20220166637A1 (en) | Systems and methods of managing a certificate associated with a component located at a remote location | |
| EP4115584A1 (en) | Secured and documented key access by an application | |
| CN116204920A (en) | Access authority control method and device for vehicle sensitive resource data and electronic equipment | |
| CN112084507A (en) | Method for secure access to an electronic control unit |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |