CN113687848A - High-reliability vehicle OTA (over the air) upgrading method aiming at logistics fleet management scene - Google Patents
High-reliability vehicle OTA (over the air) upgrading method aiming at logistics fleet management scene Download PDFInfo
- Publication number
- CN113687848A CN113687848A CN202110928932.2A CN202110928932A CN113687848A CN 113687848 A CN113687848 A CN 113687848A CN 202110928932 A CN202110928932 A CN 202110928932A CN 113687848 A CN113687848 A CN 113687848A
- Authority
- CN
- China
- Prior art keywords
- upgrade
- vehicle
- ota
- tbox
- upgrading
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F8/00—Arrangements for software engineering
- G06F8/60—Software deployment
- G06F8/65—Updates
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F11/00—Error detection; Error correction; Monitoring
- G06F11/07—Responding to the occurrence of a fault, e.g. fault tolerance
- G06F11/14—Error detection or correction of the data by redundancy in operation
- G06F11/1402—Saving, restoring, recovering or retrying
- G06F11/1415—Saving, restoring, recovering or retrying at system level
- G06F11/1433—Saving, restoring, recovering or retrying at system level during software upgrading
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/51—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems at application loading time, e.g. accepting, rejecting, starting or inhibiting executable software based on integrity or source reliability
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F8/00—Arrangements for software engineering
- G06F8/70—Software maintenance or management
- G06F8/71—Version control; Configuration management
Abstract
The invention relates to the field of vehicle information safety protection, in particular to a communication encryption technology, an identity authentication technology and an off-line upgrading guarantee technology in a high-reliability vehicle OTA upgrading process aiming at a logistics fleet management scene. According to the invention, on the basis of a vehicle management application scene with high reliability required by the logistics industry, the information safety in the OTA upgrading process is ensured by enhancing the communication protocol safety and the identity authentication safety in the OTA upgrading system framework; by adding an OTA upgrading off-line guarantee mechanism, the logistics vehicle can be upgraded and managed smoothly in special emergency scenes (such as remote areas, wireless communication interference areas and the like).
Description
Technical Field
The invention relates to the field of vehicle information safety protection, in particular to a high-reliability vehicle OTA (over the air) upgrading method aiming at a logistics fleet management scene.
Background
With the increasing degree of intellectualization and networking, automobiles become true intelligent terminal equipment in the world of everything interconnection nowadays. The OTA function of the automobile is the standard configuration of the intelligent automobile, and the OTA can enable manufacturers to rapidly deploy the latest functions, services and safety mechanisms in the automobile of a user.
Meanwhile, in the face of increasingly severe safety environment of the internet of vehicles, OTA upgrading is also an important way for guaranteeing the safety of the network of vehicles, and stable and reliable upgrading of software is an important guarantee for the safety of the internet of vehicles.
Therefore, the safety of the OTA becomes the key point of the safety of the Internet of vehicles, and if the safety of the OTA cannot be guaranteed, all the convenience and the safety brought by the OTA become potential safety hazards attacked by hackers.
The intelligent and networked development of the vehicles in the logistics industry is combined with the current networking development direction of the automobiles and the huge vehicle management requirements in the logistics industry, and is a good way for solving the problem of difficult vehicle management in the logistics industry and reducing the vehicle management cost. In the case of remote software management of a vehicle, software system upgrade management of the vehicle is indispensable.
Disclosure of Invention
Aiming at the defects in the prior art, the invention aims to provide a high-reliability OTA (over the air) vehicle upgrading method aiming at a logistics fleet management scene.
In order to achieve the purpose, the invention provides the following technical scheme: a high-reliability vehicle OTA upgrading method aiming at a logistics fleet management scene comprises the following steps:
step 1, judging whether the internet is available, if the internet is available, entering a normal upgrading process, and if the internet is unavailable, entering an abnormal upgrading process;
step 2, upgrading the system through a normal upgrading process or an abnormal upgrading process;
the abnormal upgrading process specifically comprises the following steps:
the method comprises the steps that authenticated user end equipment is used, an upgrade package is obtained through an additional communication mode, then the upgrade package is interacted through a vehicle-mounted HUT unit, the upgrade package is delivered to a TBOX for processing, the TBOX equipment is responsible for centralized scheduling and arrangement of whole vehicle software upgrade, and upgrade of a vehicle OTA system is completed.
As a further improvement of the invention, a private security protocol is used between the user end equipment and the vehicle-mounted HUT unit in the abnormal upgrading process.
As a further improvement of the present invention, the normal upgrade process specifically includes the following steps:
the vehicle-mounted TBOX equipment uses a general internet, service content communication and upgrade package distribution of an automobile end and an OTA service end are completed through bidirectional https authentication, after the TBOX acquires the upgrade package, the integrity and the release source of the data package are verified through a hash function, then the TBOX decrypts the data package, the data package is restored into a software upgrade package which can be used by a vehicle-mounted system, the software upgrade package is distributed to each upgrade unit through vehicle-mounted gateway equipment and an automobile internal protocol for upgrading, the TBOX needs to communicate and confirm with each upgrade unit, software versions of each upgrade unit are guaranteed to be smoothly replaced, and the upgraded functions of the upgrade unit are guaranteed to be normal.
As a further improvement of the invention, the TBOX end encrypts and sends the reliable data packet version combination of the whole vehicle to the user end through the private communication protocol trust mechanism of the user end and the TBOX end.
As a further improvement of the invention, hardware encryption is adopted between the OTA management platform and the TBOX by setting an encryption chip mode.
The method has the advantages that the method emphasizes the security guarantee of communication among the upgrading service components, and comprises the encryption protection of communication contents and the identity authentication of equipment at two ends of communication, so that the confidentiality and the integrity of OTA upgrading service management data flow and an OTA upgrading packet are guaranteed. Thus, confidentiality of vehicle management information of the company level of the logistics operation vehicle is guaranteed.
Meanwhile, in order to ensure high reliability of software upgrading of the logistics vehicles and solve the problem that vehicles in remote areas cannot be upgraded and managed, the method invents a set of off-line automobile software system backup and upgrading repair mechanism. Under extreme conditions, when the general internet has problems, the fault maintenance and the function upgrade of the automobile software system can be completed in an off-line copying mode, a special network (such as a satellite network) mode and the like.
Drawings
FIG. 1 is a diagram of the OTA upgrade system architecture of the present invention;
FIG. 2 shows an upgrade flow under normal network conditions;
fig. 3 shows an upgrade flow in case of network anomaly.
Detailed Description
The invention will be further described in detail with reference to the following examples, which are given in the accompanying drawings.
Referring to fig. 1 to 3, the invention provides a high-reliability vehicle OTA upgrading method for a logistics fleet management scenario. The method mainly strengthens the security guarantee of communication among all the upgrading service components, including encryption protection of communication contents and identity authentication of equipment at two ends of communication, so as to guarantee confidentiality and integrity guarantee of OTA upgrading service management data flow and OTA upgrading packets. Thus, confidentiality of vehicle management information of the company level of the logistics operation vehicle is guaranteed.
Meanwhile, in order to ensure high reliability of software upgrading of the logistics vehicles and solve the problem that vehicles in remote areas cannot be upgraded and managed, the method invents a set of off-line automobile software system backup and upgrading repair mechanism. Under extreme conditions, when the general internet has problems, the fault maintenance and the function upgrade of the automobile software system can be completed in an off-line copying mode, a special network (such as a satellite network) mode and the like.
1. According to the illustration of fig. 1, the overall system comprises: the system comprises an OEM background management system, an OTA management platform, an automobile OTA front-end system and an offline upgraded strong authentication user end 4 functional system components, wherein the communication between the OEM background management system and the OTA management platform, the communication between the strong authentication user end and the automobile OTA front end are classified into an intranet communication category, the communication content is not forwarded through the general Internet, and the external exposure degree is relatively small; the communication between the OTA management platform and the automobile OTA front-end system and the communication between the OTA management platform and the strong authentication user end are classified into the external network communication category, and the external exposure degree is relatively large.
2. The vehicle scale of vehicle management in the logistics operation industry is small, but a strict identity authentication mechanism needs to be adopted for information exchange of internal vehicles, so that the safety of company behaviors is guaranteed. In the communication between the OTA management platform and the automobile OTA front-end system, the OTA management platform and the strong authentication user side, an https bidirectional authentication mechanism is used in a protocol layer to verify the identity of a server side and the identity of a client side at two communication ends, and the identity authenticity of server side resources and client side resources is guaranteed. Meanwhile, the upgrading service implementation layer should adopt a user authentication mechanism based on a user account and a password to ensure the authenticity of the man-machine operation identity authentication.
3. The communication between the OEM background management system and the OTA management platform, the strong authentication user side and the OTA front end of the automobile uses a private secure communication protocol, and because the data communication amount is not large but the security requirement on the data communication is high, the ssh protocol can be adopted to carry out tcp proxy communication, or the vpn technology is used for realizing, and the port exposure between intranet systems can be reduced as much as possible.
4. A self-developed software system framework is used in an OEM background management system, an OTA management platform, a strong authentication user side and an automobile OTA front end, and software interface design among intranet platforms is realized by matching with a private secure network protocol scheme. For example, the intranet communication uses the tcp proxy of ssh, and needs to be implemented cooperatively on the framework of the software upgrading system.
5. When the internet is available, the normal automobile software upgrading process is as follows: the vehicle-mounted TBOX device completes service content communication and upgrade package (signed) issuing of the vehicle end and the OTA service end through bidirectional https authentication by using a general internet. And after the TBOX acquires the upgrade package, verifying the integrity and the release source of the data package through a hash function, then decrypting the data package by the TBOX, restoring the data package into a software upgrade package which can be used by a vehicle-mounted system, and distributing the software upgrade package to each upgrade unit for upgrading through vehicle-mounted gateway equipment and an automobile internal protocol. The TBOX needs to communicate and confirm with each upgrading unit, so that the software version of each upgrading unit is smoothly replaced, and the function of the upgrading unit after upgrading is ensured to be normal.
Meanwhile, the TBOX needs to maintain a complete system software dependent combination that ensures the normal function of the entire vehicle system. And after the system fails to be upgraded, rollback operation for system function repair is carried out. TBOX is used as an arbitration unit for verifying the source of the data packet and verifying the functionality of the upgrading process.
6. In special cases, when the general internet is unavailable (in remote areas, network faults, vehicle-mounted communication device faults and the like), functional upgrading or security vulnerability repair of automobile software is urgently needed. At the moment, authenticated user end equipment can be used, the upgrade package is acquired through an additional communication mode, then the upgrade package is interacted through the vehicle-mounted HUT unit, the upgrade package is finally delivered to the TBOX for processing, and finally the TBOX equipment is also used for being responsible for centralized scheduling and arrangement of whole-vehicle software upgrading.
In the off-line upgrading process, the user equipment and the HUT equipment are easy to cause man-in-the-middle attacks, the identity authentication of the two pieces of intermediate equipment needs to be strengthened by ssh communication (or bidirectional https communication) of key authentication, and the legality of the equipment and equipment operators is guaranteed.
Between equipment and OTA platform, adopt mutual authentication's https protocol, use private security protocol between equipment and car HUT, for example link the back through wifi, use ssh's tcp proxy tunnel, guarantee the safe transmission of upgrading package. Through bidirectional authentication of the external network and the internal network, the credibility from the user side to the OTA management platform and the credibility from the user side to the automobile TBOX device are ensured, so that the credibility from the OTA management platform to the automobile TBOX device is ensured.
7. The user side has a backup function that the automobile available software version depends on, and the TBOX can allow the reliable data packet version of the whole automobile to be encrypted and sent to the user side through a private communication protocol trust mechanism of the user side and the TBOX side. And when the online and offline upgrading fails, the vehicle-mounted software system is upgraded through the offline equipment.
8. The bidirectional https communication of the outer network and the private bidirectional authentication mechanism of the inner network ensure the credibility of the link communication. For automobile upgrading, the credibility of the content of the upgrade package is also guaranteed. The data content credibility is to ensure the reliability of the data encryption and signature algorithm and the credibility of the certificate data transmission process. AES symmetric encryption is carried out on the upgrade package, RSA encryption is carried out on an AES key, and then sha256 complete verification is adopted on the encrypted package and the key data.
Meanwhile, a safe and reliable key distribution mechanism is established by the OTA management platform and the TBOX, and the physical transmission of the authentication key can be guaranteed by adopting a hardware encryption mode through an encryption chip. The secret key is not transmitted through the network, so that the safety of the secret key is ensured.
The above description is only a preferred embodiment of the present invention, and the protection scope of the present invention is not limited to the above embodiments, and all technical solutions belonging to the idea of the present invention belong to the protection scope of the present invention. It should be noted that modifications and embellishments within the scope of the invention may occur to those skilled in the art without departing from the principle of the invention, and are considered to be within the scope of the invention.
Claims (5)
1. A high-reliability vehicle OTA upgrading method aiming at a logistics fleet management scene is characterized in that: the method comprises the following steps:
step 1, judging whether the internet is available, if the internet is available, entering a normal upgrading process, and if the internet is unavailable, entering an abnormal upgrading process;
step 2, upgrading the system through a normal upgrading process or an abnormal upgrading process;
the abnormal upgrading process specifically comprises the following steps:
the method comprises the steps that authenticated user end equipment is used, an upgrade package is obtained through an additional communication mode, then the upgrade package is interacted through a vehicle-mounted HUT unit, the upgrade package is delivered to a TBOX for processing, the TBOX equipment is responsible for centralized scheduling and arrangement of whole vehicle software upgrade, and upgrade of a vehicle OTA system is completed.
2. The OTA upgrade method for high reliability vehicles for logistics fleet management scenario according to claim 1, wherein: and in the abnormal upgrading process, a private safety protocol is used between the user end equipment and the vehicle-mounted HUT unit.
3. The OTA upgrade method for high reliability vehicles for logistics fleet management scenario of claim 2, wherein: the normal upgrade process specifically comprises the following steps:
the vehicle-mounted TBOX equipment uses a general internet, service content communication and upgrade package distribution of an automobile end and an OTA service end are completed through bidirectional https authentication, after the TBOX acquires the upgrade package, the integrity and the release source of the data package are verified through a hash function, then the TBOX decrypts the data package, the data package is restored into a software upgrade package which can be used by a vehicle-mounted system, the software upgrade package is distributed to each upgrade unit through vehicle-mounted gateway equipment and an automobile internal protocol for upgrading, the TBOX needs to communicate and confirm with each upgrade unit, software versions of each upgrade unit are guaranteed to be smoothly replaced, and the upgraded functions of the upgrade unit are guaranteed to be normal.
4. The OTA upgrade method for high reliability vehicles for logistics fleet management scenario according to claim 3, wherein: and the TBOX end encrypts and sends the reliable data packet version combination of the whole vehicle to the user end through the private communication protocol trust mechanism of the user end and the TBOX end.
5. The OTA upgrade method for high reliability vehicles for logistics fleet management scenario according to claim 4, wherein: hardware encryption is adopted between the OTA management platform and the TBOX through setting an encryption chip mode.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110928932.2A CN113687848A (en) | 2021-08-13 | 2021-08-13 | High-reliability vehicle OTA (over the air) upgrading method aiming at logistics fleet management scene |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110928932.2A CN113687848A (en) | 2021-08-13 | 2021-08-13 | High-reliability vehicle OTA (over the air) upgrading method aiming at logistics fleet management scene |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN113687848A true CN113687848A (en) | 2021-11-23 |
Family
ID=78579753
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202110928932.2A Pending CN113687848A (en) | 2021-08-13 | 2021-08-13 | High-reliability vehicle OTA (over the air) upgrading method aiming at logistics fleet management scene |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN113687848A (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2023108618A1 (en) * | 2021-12-17 | 2023-06-22 | 华为技术有限公司 | Upgrading method based on over-the-air (ota) technology, and communication apparatus |
Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110377301A (en) * | 2019-06-27 | 2019-10-25 | 深圳市点嘀互联网络有限公司 | The intelligent interactive system and its upgrade method of the seamless connection vehicle device of sustainable upgrading |
| CN112202903A (en) * | 2020-09-30 | 2021-01-08 | 劢微机器人科技(深圳)有限公司 | AGV trolley system upgrading method, device, equipment and storage medium |
| CN112600876A (en) * | 2020-11-25 | 2021-04-02 | 宝能(广州)汽车研究院有限公司 | OTA upgrade package downloading method, OTA server, electronic device and storage medium |
| KR102239904B1 (en) * | 2019-12-19 | 2021-04-13 | 한국자동차연구원 | Ota master device, system and method for managing update of vehicle ecus |
| CN112913189A (en) * | 2020-12-28 | 2021-06-04 | 华为技术有限公司 | OTA (over the air) upgrading method and device |
| WO2021136258A1 (en) * | 2019-12-30 | 2021-07-08 | 华为技术有限公司 | Method and apparatus for upgrading software |
| CN113176902A (en) * | 2021-04-15 | 2021-07-27 | 常州易控汽车电子股份有限公司 | OTA (over the air) upgrading method of vehicle ECU (electronic control Unit), electronic equipment, vehicle and readable storage medium |
-
2021
- 2021-08-13 CN CN202110928932.2A patent/CN113687848A/en active Pending
Patent Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110377301A (en) * | 2019-06-27 | 2019-10-25 | 深圳市点嘀互联网络有限公司 | The intelligent interactive system and its upgrade method of the seamless connection vehicle device of sustainable upgrading |
| KR102239904B1 (en) * | 2019-12-19 | 2021-04-13 | 한국자동차연구원 | Ota master device, system and method for managing update of vehicle ecus |
| WO2021136258A1 (en) * | 2019-12-30 | 2021-07-08 | 华为技术有限公司 | Method and apparatus for upgrading software |
| CN112202903A (en) * | 2020-09-30 | 2021-01-08 | 劢微机器人科技(深圳)有限公司 | AGV trolley system upgrading method, device, equipment and storage medium |
| CN112600876A (en) * | 2020-11-25 | 2021-04-02 | 宝能(广州)汽车研究院有限公司 | OTA upgrade package downloading method, OTA server, electronic device and storage medium |
| CN112913189A (en) * | 2020-12-28 | 2021-06-04 | 华为技术有限公司 | OTA (over the air) upgrading method and device |
| CN113176902A (en) * | 2021-04-15 | 2021-07-27 | 常州易控汽车电子股份有限公司 | OTA (over the air) upgrading method of vehicle ECU (electronic control Unit), electronic equipment, vehicle and readable storage medium |
Non-Patent Citations (1)
| Title |
|---|
| SUBIR HALDER ET AL.: "Secure over-the-air software updates in connected vehicles: A survey", 《COMPUTER NETWORKS》, pages 1 - 19 * |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2023108618A1 (en) * | 2021-12-17 | 2023-06-22 | 华为技术有限公司 | Upgrading method based on over-the-air (ota) technology, and communication apparatus |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| JP7280396B2 (en) | Secure provisioning and management of equipment | |
| US20180270052A1 (en) | Cryptographic key distribution | |
| CN108965215B (en) | Dynamic security method and system for multi-fusion linkage response | |
| CN110708388B (en) | Vehicle body safety anchor node device, method and network system for providing safety service | |
| US11321074B2 (en) | Vehicle-mounted device upgrade method and related apparatus | |
| CN110891257B (en) | Internet-connected vehicle remote upgrading system and method with anti-attack bidirectional authentication | |
| CN105027493A (en) | Secure mobile app connection bus | |
| EP3148152A1 (en) | Cryptographic key distribution | |
| CN110999223A (en) | Secure encrypted heartbeat protocol | |
| US11245523B2 (en) | Method for implementing client side credential control to authorize access to a protected device | |
| AU2020396746B2 (en) | Provisioning method and terminal device | |
| CN114327532A (en) | Automobile OTA (over the air) upgrade information security implementation method based on digital signature and encryption | |
| Buschlinger et al. | Plug-and-patch: Secure value added services for electric vehicle charging | |
| CN112205018B (en) | Method and device for monitoring encrypted connections in a network | |
| KR20220002455A (en) | Improved transmission of data or messages in the vehicle using the SOME/IP communication protocol | |
| CN113687848A (en) | High-reliability vehicle OTA (over the air) upgrading method aiming at logistics fleet management scene | |
| CN110892695A (en) | Method, device and computer program product for checking connection parameters of a password-protected communication connection during the establishment of a connection | |
| CN117097462A (en) | Vehicle-mounted intelligent software upgrading encryption system based on quantum key system | |
| CN113766450A (en) | Vehicle virtual key sharing method, mobile terminal, server and vehicle | |
| CN116954648A (en) | Whole vehicle ECU upgrading system and method based on OTA upgrading packet encryption | |
| CN109802929B (en) | Client program upgrading method based on dual systems and computer readable storage medium | |
| CN108429732B (en) | Method and system for acquiring resources | |
| CN111464554B (en) | Vehicle information safety control method and system | |
| Wu et al. | Security design of OTA upgrade for intelligent connected vehicle | |
| CN116996879A (en) | Public Key Infrastructure (PKI) -based civil aircraft flash image service (FLS) remote loading security authentication and encryption system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |