CN113741393B - Vehicle safety network architecture based on central gateway and diagnosis method thereof - Google Patents
Vehicle safety network architecture based on central gateway and diagnosis method thereof Download PDFInfo
- Publication number
- CN113741393B CN113741393B CN202111031919.3A CN202111031919A CN113741393B CN 113741393 B CN113741393 B CN 113741393B CN 202111031919 A CN202111031919 A CN 202111031919A CN 113741393 B CN113741393 B CN 113741393B
- Authority
- CN
- China
- Prior art keywords
- diagnosis
- central gateway
- backbone
- obd
- tool
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000003745 diagnosis Methods 0.000 title claims abstract description 119
- 238000000034 method Methods 0.000 title claims abstract description 18
- 238000012795 verification Methods 0.000 claims abstract description 12
- 230000036961 partial effect Effects 0.000 claims abstract description 10
- 238000004171 remote diagnosis Methods 0.000 claims description 18
- 230000005669 field effect Effects 0.000 claims description 14
- 230000002452 interceptive effect Effects 0.000 claims description 11
- 239000003990 capacitor Substances 0.000 claims description 8
- 230000005611 electricity Effects 0.000 claims description 5
- 230000000670 limiting effect Effects 0.000 claims description 4
- 230000000087 stabilizing effect Effects 0.000 claims description 4
- HEZMWWAKWCSUCB-PHDIDXHHSA-N (3R,4R)-3,4-dihydroxycyclohexa-1,5-diene-1-carboxylic acid Chemical compound O[C@@H]1C=CC(C(O)=O)=C[C@H]1O HEZMWWAKWCSUCB-PHDIDXHHSA-N 0.000 claims description 3
- 238000001514 detection method Methods 0.000 claims description 3
- 230000002093 peripheral effect Effects 0.000 claims description 3
- 230000003068 static effect Effects 0.000 claims description 3
- 230000003111 delayed effect Effects 0.000 claims description 2
- 238000004891 communication Methods 0.000 abstract description 8
- 230000003993 interaction Effects 0.000 description 10
- 238000010586 diagram Methods 0.000 description 9
- 230000005540 biological transmission Effects 0.000 description 5
- 230000007246 mechanism Effects 0.000 description 5
- 238000013461 design Methods 0.000 description 4
- 230000002829 reductive effect Effects 0.000 description 3
- 238000001914 filtration Methods 0.000 description 2
- 230000008569 process Effects 0.000 description 2
- 230000003213 activating effect Effects 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 238000006243 chemical reaction Methods 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 239000000284 extract Substances 0.000 description 1
- 230000006872 improvement Effects 0.000 description 1
- 238000004519 manufacturing process Methods 0.000 description 1
- 239000011159 matrix material Substances 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 238000012545 processing Methods 0.000 description 1
- 230000004044 response Effects 0.000 description 1
- 238000012360 testing method Methods 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G05—CONTROLLING; REGULATING
- G05B—CONTROL OR REGULATING SYSTEMS IN GENERAL; FUNCTIONAL ELEMENTS OF SUCH SYSTEMS; MONITORING OR TESTING ARRANGEMENTS FOR SUCH SYSTEMS OR ELEMENTS
- G05B23/00—Testing or monitoring of control systems or parts thereof
- G05B23/02—Electric testing or monitoring
- G05B23/0205—Electric testing or monitoring by means of a monitoring system capable of detecting and responding to faults
- G05B23/0259—Electric testing or monitoring by means of a monitoring system capable of detecting and responding to faults characterized by the response to fault detection
- G05B23/0262—Confirmation of fault detection, e.g. extra checks to confirm that a failure has indeed occurred
-
- G—PHYSICS
- G05—CONTROLLING; REGULATING
- G05B—CONTROL OR REGULATING SYSTEMS IN GENERAL; FUNCTIONAL ELEMENTS OF SUCH SYSTEMS; MONITORING OR TESTING ARRANGEMENTS FOR SUCH SYSTEMS OR ELEMENTS
- G05B2219/00—Program-control systems
- G05B2219/20—Pc systems
- G05B2219/24—Pc safety
- G05B2219/24065—Real time diagnostics
Landscapes
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Engineering & Computer Science (AREA)
- Automation & Control Theory (AREA)
- Small-Scale Networks (AREA)
Abstract
The invention discloses a vehicle safety network architecture based on a central gateway and a diagnosis method thereof, belonging to the field of vehicle network safety. When the diagnostic tool is accessed to the OBD diagnostic interface, the internal circuit of the diagnostic tool is accessed to the internal circuit of the central gateway through the OBD diagnostic interface; when the power supply supplies power, the central gateway activates the encryption state matched with the external diagnostic tool, reads a binary key Kx and obtains the corresponding partial pressure Ux inside the central gateway; when the diagnosis tool requests to unlock the central gateway, the central gateway and the diagnosis tool judge whether the diagnosis tool is legal or not according to the algorithm of the Ux and the Kx corresponding to the seeds seed and the key, and the illegal access from the OBD diagnosis interface is isolated in a hardware and software double-check mode. According to the invention, through setting the OBD diagnosis and verification circuit and designing a double verification form of hardware verification and software verification, the diagnosis tool can access the information related to emission removal only after passing the verification, so that the whole vehicle network can be effectively prevented from being attacked, and the safety of network communication is ensured.
Description
Technical Field
The invention belongs to the technical field of vehicle network security, and particularly relates to a vehicle security network architecture based on a central gateway and a diagnosis method thereof.
Background
With the continuous development and progress of the vehicle-mounted bus technology, in order to ensure the reliability of vehicle-mounted network communication and reduce the bus load rate of a backbone network, a vehicle-mounted network topology form based on a central gateway is widely applied. On the other hand, the method undoubtedly puts higher technical requirements on a core central gateway for vehicle network management and information interaction, and therefore how to prevent the vehicle network from being attacked and ensure the safety of network communication becomes a problem to be solved urgently.
Disclosure of Invention
The invention aims to provide a vehicle security network architecture based on a central gateway and a diagnosis method thereof, so as to prevent the whole vehicle network from being attacked and ensure the security of network communication.
The technical scheme adopted by the invention is as follows:
a vehicle safety network architecture based on a central gateway comprises the central gateway and a plurality of trunk subnetworks connected with the central gateway, wherein one trunk subnet Net1 is connected with OBD ECUs related to emission;
the OBD diagnosis interface and the OBD diagnosis check circuit are also included; the OBD diagnosis interface is connected with the backbone sub-network Net1, and can access ECUs information on the backbone sub-network Net1, the central gateway and other backbone sub-networks through the backbone sub-network Net 1; the OBD diagnosis and verification circuit comprises a central gateway internal circuit and a diagnosis tool internal circuit;
the central gateway internal circuit comprises a field effect transistor Q1, a voltage stabilizing diode VD, a current limiting resistor R0, voltage dividing resistors R9 and R10, and filter capacitors C5, C6 and C7; the source electrode of the field effect tube Q1 is connected with a power supply through a current limiting resistor R0, the grid electrode of the field effect tube Q1 is connected with the power supply through R9, the grid electrode of the field effect tube Q1 is also connected with an MCU (microprogrammed control unit) in the central gateway through R10, the MCU acquires the internal partial pressure Ux of the central gateway, and the drain electrode of the field effect tube Q1 is connected with an OBD (on-board diagnostics) interface; the positive electrode and the negative electrode of the voltage stabilizing diode VD are respectively connected with the drain electrode and the source electrode of the field effect tube, C7 is connected with R9 in parallel, one end of C5 and one end of C6 are connected with the drain electrode of the field effect tube Q1, and the other end is grounded;
the internal circuit of the diagnostic tool comprises a control chip and N key circuits; each key circuit comprises a first resistor, a second resistor and a bypass filter capacitor, one end of each of the first resistor and the second resistor is connected with the control chip, the other end of each of the first resistor and the second resistor is connected with the OBD diagnosis interface, and the other end of each of the second resistor is grounded; one end of the bypass filter capacitor is connected with the OBD diagnosis interface, and the other end of the bypass filter capacitor is grounded; each key circuit determines a binary key, and finally determines an N-bit binary key Kx;
when the diagnostic tool is accessed to the OBD diagnostic interface, the internal circuit of the diagnostic tool is accessed to the internal circuit of the central gateway through the OBD diagnostic interface; when the power supply is powered on, the central gateway activates the encryption state matched with the external diagnostic tool, reads a binary key Kx, and acquires the corresponding partial pressure Ux inside the central gateway; when the diagnosis tool requests to unlock the central gateway, the central gateway and the diagnosis tool judge whether the diagnosis tool is legal or not according to the algorithm of the partial pressure Ux and the binary key Kx corresponding to the seed and the key, so that illegal access from the OBD diagnosis interface is isolated in a hardware and software double-check mode.
Further, when the diagnosis tool requests to unlock the central gateway, the central gateway calculates the seed = F (sd) × Ux according to the static security algorithm and the dynamic parameter Ux, and the diagnosis tool gives out Key = F according to the received seed and the Key Kx read in a matching way -1 (seed) × Kx, the check is completed.
Further, if the diagnostic tool is not legitimate, the diagnostic tool can only read information related to emissions on the backbone subnet Net 1; if the diagnosis tool is legal, the diagnosis tool can read the information on the backbone sub-network Net1, the central gateway and other backbone sub-networks through the backbone sub-network Net 1.
Furthermore, the central gateway is provided with two power supply circuits in a power supply redundancy mode, the first circuit supplies power to the MCU in the central gateway and peripheral drivers thereof, and the second circuit supplies power to the Flash/ROM and the delay I/O in the central gateway.
Furthermore, the two power supply lines respectively and independently pass through the DCDC converter and the linear voltage regulator before supplying power.
Further, interactive subnetworks are arranged between the backbone subnetworks, and the backbone subnetworks or the interactive subnetworks are CAN, CANFD or vehicle-mounted Ethernet buses.
Further, the backbone subnet further comprises: a backbone subnet Net 2-whole vehicle network segment, a backbone subnet Net 3-auxiliary driving network segment, a backbone subnet Net 4-vehicle body network segment, a backbone subnet Net 5-entertainment network segment and a backbone subnet Net6-T-Box special network segment; an interactive subnet Net1-2 is arranged between the backbone subnet Net1 and the backbone subnet Net2, and an interactive subnet Net5-6 is arranged between the backbone subnet Net5 and the backbone subnet Net 6.
A method for implementing diagnosis by using the central gateway-based vehicle security network architecture comprises the following steps:
s1, after being electrified, a central gateway enters a default diagnosis state; in a default diagnostic state, the diagnostic tool can only access emission-related information through the OBD diagnostic interface;
s2, the central gateway identifies whether the OBD diagnosis interface is connected with a diagnosis tool at present by providing a normal electricity detection current; if the diagnosis tool is connected, entering an online diagnosis mode, prohibiting remote diagnosis access, and then executing the step S3; if the diagnostic tool is not connected, judging whether to enter a remote diagnosis mode through handshake verification, and if the remote diagnosis mode is entered, executing a step S4;
s3, the central gateway judges whether a diagnostic tool of the OBD diagnostic interface is legal or not; if not, the central gateway keeps the default diagnosis state; if the answer is legal, executing the step S4;
s4, judging whether the diagnosis condition is met; if the diagnosis condition is not met, the central gateway keeps a default diagnosis state; if the diagnosis condition is met, selecting a diagnosis network segment, identifying that a central gateway is in an FIFO mode, namely identifying that a diagnosis message from one network segment is received at the current moment by the central gateway, scheduling routing tasks according to a receiving sequence until all network segments or the diagnosis tasks are completed, and exiting the FIFO mode.
Furthermore, only one backbone subnet can be selected at the same time for online or remote diagnosis.
Further, in an online diagnosis mode, a diagnosis tool accesses other backbone subnets through the backbone subnet Net 1; remote diagnostic mode, by T-Box, other backbone subnets are accessed through backbone subnet Net 6.
The invention has the beneficial effects that:
the invention takes the central gateway as the topological core of the vehicle-mounted network, separates the OBD diagnosis function related to emission from the transmission of the whole vehicle network, and enables a diagnosis tool to access the information related to emission only after passing the verification by setting an OBD diagnosis verification circuit and designing a double verification form of hardware verification and software verification, thereby effectively preventing the whole vehicle network from being attacked and ensuring the safety of network communication.
The method is characterized in that whether the diagnostic tool is a universal/illegal tool or an authorized/legal device is distinguished and distinguished through a double-checking form of hardware checking and software checking, if the universal/illegal tool can only access relevant information of emission regulations through an OBD (on-Board diagnostics) diagnostic interface, the authorized/legal device can further access or read and write other diagnostic information through checking, and further, the vehicle-mounted network is effectively prevented from being attacked through the diagnostic interface, so that the safety of network communication is ensured.
Drawings
Fig. 1 is a diagram of a central gateway based vehicle security network architecture of the present invention.
Fig. 2 is a schematic diagram of an OBD diagnostic check circuit of the present invention.
Fig. 3 is a central gateway routing mechanism and diagnostic flow diagram of the present invention.
Fig. 4 is a schematic diagram of integrated diagnostic network segment selection according to the present invention.
FIG. 5 is a schematic diagram illustrating remote diagnosis network segment selection according to the present invention.
Detailed Description
The invention will be further described with reference to the accompanying drawings in which:
the invention adopts the design of taking the central gateway as the topological core of the vehicle-mounted network, separates the OBD diagnostic function related to emission from the transmission of the whole vehicle network, creatively designs the double-check mode of leading the central gateway to pass through the hardware check and the software check to prevent the network attack from the Diag-DLC end, and cuts off the illegal access from the T-BOX end by using the hardware encryption chip and the handshake mechanism, thereby effectively improving the safety of the vehicle network. The central gateway can work more reliably and timely by distinguishing key messages and setting different working diagnosis modes on software, hardware cost can be effectively reduced, information interaction among network segments can be efficiently completed by using limited hardware resources, and diagnosis and flash of ECUs of the network segments are realized.
The vehicle security network architecture based on the central gateway in the embodiment of the present invention takes the central gateway as a core, and as shown in fig. 1, 6 trunk subnets and 2 interactive subnets are divided, where it should be noted that these trunk subnets or interactive subnets may be a CAN, a CANFD, or a vehicle Ethernet bus. The Diag-DLC standard interface is powered through the central gateway. The MCU and the complex driver, the Flash and the delay I/O are separately and independently powered in the central gateway according to the power supply redundancy design.
And (3) introducing + Bat electricity into the central gateway through two pins, and performing DCDC conversion and linear processing to obtain a stable constant voltage power supply respectively and independently, wherein the electricity from the LDO1 is supplied to a main chip of the MCU and other peripheral drivers, the electricity from the LDO2 is supplied to a Flash/ROM, a delayed operation I/O and the like, the + APC electrical state is detected through one switch, and the + APC electrical state is the power supply state of the IGN ignition switch.
And introducing + Bat power to supply power to the Diag-DLC interface, and activating the encryption state matched with external diagnostic equipment through the central gateway to obtain the corresponding partial pressure. When the diagnosis equipment requests to unlock the central gateway, the central gateway and the diagnosis equipment correspond to the algorithms of the seed and the key according to the magnitude of the partial pressure and the encryption state, and then the connection of legal or illegal diagnosis equipment can be judged, so that the illegal access from the Diag-DLC end can be isolated in a hardware and software double check mode.
Further, fig. 2 is a schematic diagram of online diagnostic hardware. The internal circuit of the central security gateway mainly comprises an encryption output control terminal interface circuit formed by devices such as R0, R9, R10, Q1, C5, C6 and C7. The internal circuit of the diagnostic tool mainly comprises a 4-bit key circuit consisting of R1/R5, R2/R6, R3/R7 and R4/R8, and C1, C2, C3 and C4 play a role in bypass filtering for the key circuit. The values of R0, R1/R5, R2/R6, R3/R7 and R4/R8 are determined to determine the internal partial pressure Ux of the central gateway (namely D1 of the MCU in the gateway). The diagnostic equipment reads the 4-bit binary key Kx according to the matching of different hardware states R1/R5, R2/R6, R3/R7 and R4/R8, so that Ux and Kx have a corresponding relation.
When the diagnosis device unlocks the central gateway to request the seed, the central gateway can calculate seed = F (sd) × according to a static security algorithm and a dynamic parameter Ux, the diagnosis device gives Key = F-1 (seed) × Kx according to the received seed and a matched password Kx, and software verification of the whole process is completed.
Of the 6 trunk subnetworks, trunk subnetwork Net1 is used to connect all emission related OBD ECUs, such as engine controllers, transmission controllers, etc. If the central gateway recognizes that the Diag-DLC connection is legal diagnosis equipment through current characteristics and software handshake, the ECUs information on other backbone subnets can be further accessed through diagnosis instructions, and the information also comprises controller information such as the central gateway, ECUPx and ECUP1 (ECUPx represents an ECU controller on the subnet section Net1, ECUP1 represents an ECUP1 controller on the subnet section Net 1) connected to the Net subnet. Otherwise, the central gateway is set to be in a default diagnosis mode, and at the moment, the illegal diagnosis equipment can only read OBD diagnosis information required by the ECUPx and ECUP1 controller regulations (the OBD diagnosis function is a regulation item and needs to support a universal diagnosis instrument, and the function of the part is separated from the whole vehicle network communication and diagnosis through the gateway, so that the safety of the whole vehicle network is facilitated and the compliance is considered at the same time). Generally, no application message information exists in a network segment of a vehicle Net1 delivered to a user, and only the information related to emission can be read through diagnostic equipment meeting the requirements of regulations.
The method is characterized in that whether the diagnostic tool is a universal/illegal tool or an authorized/legal device is distinguished and distinguished through a double-checking form of hardware checking and software checking, if the universal/illegal tool can only access relevant information of emission regulations through an OBD (on-Board diagnostics) diagnostic interface, the authorized/legal device can further access or read and write other diagnostic information through checking, and further, the vehicle-mounted network is effectively prevented from being attacked through the diagnostic interface, so that the safety of network communication is ensured.
The main subnet Net2 is a whole vehicle network segment and comprises an electric steering auxiliary controller, an airbag controller, an electronic hand brake controller, an ESP system controller, a parking auxiliary controller and the like. The network segment bus information interaction method has the advantages that through the Net1_2 interaction subnet, OBD related controllers such as an engine controller and a transmission controller are connected with a whole vehicle network segment to directly carry out bus information interaction, the working load of a central network segment information route can be effectively reduced under the condition that the whole vehicle network segment bus load is guaranteed, and the real-time performance and the reliability of the whole vehicle network information interaction are improved.
The backbone sub-network Net3 is an auxiliary driving network segment and comprises a front camera controller, a front millimeter wave radar controller, an automatic driving controller and the like.
The backbone sub-network Net4 is a vehicle body network segment and comprises a vehicle body controller, an electric tailgate controller, a seat controller, an air conditioner controller and the like.
The main subnetwork Net5 is an entertainment network segment and comprises a combination instrument, a radio and tape player, an interactive large screen, a power amplifier controller, an atmosphere lamp controller and the like. The T-BOX is directly connected to the entertainment network segment through the Net5_6 interaction subnet, so that the workload of information interaction between the Net6 network segment and the Net5 network segment of the central gateway can be effectively reduced.
The backbone sub-network Net6 is a T-Box private network segment, and is mainly used for isolating the possibility of illegally accessing the information of the whole vehicle network through a T-BOX terminal.
Fig. 3 is a flow chart of the central gateway routing mechanism of the present invention. The left graph is a working mode, according to a vehicle function configuration file and a routing table, a central gateway firstly filters and receives message information needing to be forwarded, then temporarily stores the message information into a source network segment Rx _ Buffer register, then distinguishes key messages according to message information importance and urgency configuration tables, if the key messages are, MPFO adjustment is needed to be carried out on key message routing tasks, rx _ Buffer space is released, the central gateway can preferentially forward the key messages, and key message parameters are counted; if not, the routing is carried out according to a non-key message routing task Repeater mode and Rx _ Buffer space is released. The routing task completes releasing Tx _ Buffer space.
Although the message ID itself has a message information priority attribute, the message period can be used to reflect the urgency of the message information. However, in the network topology architecture based on the central gateway, it is not enough to describe the importance and the urgency of displaying the message information according to the message ID and the message cycle, and as it is difficult for the central gateway to distinguish the important and urgent message information from different backbone subnets at the same time, how to route the message information is a problem. The message information importance and urgency configuration table is to further examine the network matrix and the routing table according to the actual needs of the functions of the whole vehicle, identify important and urgent message information and identify key messages by combining priorities, wherein the priorities of all the key messages are not unique, the higher the priority is, the smaller the identifier word is, if the torque request information is a key message, the identifier word can be set to be 0x03.
Further, the MPFO mode is that the central gateway recognizes that the message received from a certain network segment or a plurality of network segments at the current moment is a key message, immediately sorts the message according to the identifier word of the key message, inserts the key message into the task scheduling arrangement to be routed in the second sequence, and directly schedules the routing task according to the sorting if the routing scheduling task is empty, thereby completing routing forwarding. The key messages received at the next moment are also sorted according to the key message identifier, but if the first order is the key message scheduled by the MPFO, the key messages need to be sorted backwards or are arranged behind a non-key message task, so that the routing task of the key messages can be efficiently and quickly processed, and the influence on the whole vehicle function caused by overlarge routing delay of the non-key messages can be considered.
The Repeater mode is that the central gateway identifies that the message received from a certain network segment or a plurality of network segments at the current moment is a non-key message, then the routing task scheduling is carried out according to the receiving sequence, and if the moment is the same, the routing task scheduling is carried out according to the ID priority of the message.
The right diagram in fig. 3 is a diagnosis mode, and the central gateway can automatically judge whether online diagnosis or remote diagnosis is illegal access or legal access. The central gateway is powered on and then enters a default diagnosis state, the OBD ECUs can be accessed only through a Diag-DLC interface according to the network topology and are limited to the information related to emission regulations, and if the vehicle interior information interaction and other diagnosis information are required to be accessed, the vehicle interior information interaction and other diagnosis information must pass through the central gateway, but the premise is that the central gateway identifies legal diagnosis equipment.
The method comprises the steps that remote diagnosis and online diagnosis are simultaneously carried out on a vehicle, the central gateway can carry out online diagnosis firstly, the central gateway firstly identifies whether diagnosis equipment is connected to a Diag-DLC interface currently or not by providing Diag-DLC constant current detection current, and if the diagnosis equipment is connected, remote diagnosis access is forbidden.
And then the central gateway extracts current characteristics (size/waveform parameters) through filtering, judges whether the Diag-DLC interface connection is legal diagnosis equipment or not through a comparison algorithm, and if not, the central gateway does not respond to the diagnosis request and the flash request of the diagnosis equipment and directly enters a default diagnosis state.
And finally, the central gateway judges whether the diagnosis condition is met or not by acquiring key state information of the whole vehicle, such as vehicle speed, brake signals, ON gear signals, rotating speed and the like, and enters a default diagnosis state if the diagnosis condition is not met. Otherwise, after selecting the diagnosis network segment, the central gateway is in FIFO mode, that is, the central gateway recognizes that the current time when receiving a diagnosis message from one network segment, then the central gateway schedules the routing tasks according to the receiving sequence until all network segments or the diagnosis tasks are completed, and exits from the FIFO mode.
Furthermore, the diagnosis network segment selection is suitable for online diagnosis or remote diagnosis scenes of the user vehicle, including all ECUs flash scenes, and only one path of backbone sub-network can be selected for online or remote diagnosis operation at the same time. Except that a professional engineer sets the central gateway diagnosis network segment to be selected to perform online diagnosis of all the trunk subnets simultaneously, for example, setting the DID 8001 to be 0x00, but this method is prohibited for mass production vehicles and only used by professional engineers in test vehicles.
Fig. 4 is a schematic diagram of the central gateway diagnostic routing mechanism-integrated diagnostic network segment selection in the present invention. And integrating diagnosis network segment selection, namely selecting a network segment to be diagnosed by entering a specific secure session and using 0x2E service and changing the value of DID 8001, and then confirming the network segment to be diagnosed by using 0x22 service. If DID 8001=2 is set, the diagnostic device can only perform online diagnosis or flash program on ECUs on Net 2.
Fig. 5 is a schematic diagram of central gateway diagnostic routing mechanism-remote diagnostic network segment selection in the invention. And (3) remotely diagnosing network segment selection, namely selecting a network segment to be diagnosed by entering a specific secure session, using 0x2E service and changing the value of DID 8002, and then using 0x22 service to confirm the network segment to be diagnosed. If DID 8002=2, the diagnostic device can only perform remote diagnosis or flash program on ECUs on Net 2.
Further, the online diagnostic device supports only DID 8001, and does not need to support DID 8002. Remote diagnostics only support DID 8002, and do not need to support DID 8001. The diagnosis network segment selection can effectively solve the loss of low-priority diagnosis messages, and firstly, the frame loss caused by untimely routing of a central gateway when diagnosis response is carried out in different network segments at the same time is avoided; secondly, a CAN bus arbitration mechanism and a gateway routing mechanism ensure that only one trunk subnet CAN be selected for online or remote diagnosis operation, and the same network segment CAN be ensured to be routed according to time sequence and priority.
The key points of the invention are as follows: 1) The design that the central gateway is used as a topological core of a vehicle-mounted network is adopted, and the OBD diagnosis function related to emission is separated from the transmission of the whole vehicle network. 2) And providing a method flow for preventing the network attack from the Diag-DLC end by a central gateway through a hardware check and software check double check mode, and determining the priority of the integrated diagnosis and the remote diagnosis. 3) By distinguishing the key message and setting different working modes to schedule the routing task, the real-time performance and the reliability of the key message routing can be improved. 4) By integrating diagnosis or remote diagnosis network segment selection, the loss of low-priority diagnosis messages can be effectively solved, and the diagnosis process is more reliable.
It will be understood by those skilled in the art that the foregoing is merely a preferred embodiment of the present invention, and is not intended to limit the invention, and that any modification, equivalent replacement, or improvement made within the spirit and principle of the present invention should be included within the scope of the present invention.
Claims (10)
1. A vehicle safety network architecture based on a central gateway is characterized by comprising the central gateway and a plurality of trunk subnetworks connected with the central gateway, wherein one trunk subnet Net1 is connected with OBD ECUs related to emission;
the OBD diagnosis interface and the OBD diagnosis check circuit are also included; the OBD diagnosis interface is connected with the backbone sub-network Net1, and accesses ECUs information on the backbone sub-network Net1, the central gateway and other backbone sub-networks through the backbone sub-network Net 1; the OBD diagnosis and verification circuit comprises a central gateway internal circuit and a diagnosis tool internal circuit;
the central gateway internal circuit comprises a field effect transistor Q1, a voltage stabilizing diode VD, a current limiting resistor R0, voltage dividing resistors R9 and R10, and filter capacitors C5, C6 and C7; the source electrode of the field effect tube Q1 is connected with a power supply through a current limiting resistor R0, the grid electrode of the field effect tube Q1 is connected with the power supply through R9, the grid electrode of the field effect tube Q1 is also connected with an MCU (microprogrammed control unit) in the central gateway through R10, the MCU acquires the internal partial pressure Ux of the central gateway, and the drain electrode of the field effect tube Q1 is connected with an OBD (on-board diagnostics) interface; the positive electrode and the negative electrode of the voltage stabilizing diode VD are respectively connected with the drain electrode and the source electrode of the field effect tube, C7 is connected with R9 in parallel, one end of C5 and one end of C6 are connected with the drain electrode of the field effect tube Q1, and the other end is grounded;
the internal circuit of the diagnostic tool comprises a control chip and N key circuits; each key circuit comprises a first resistor, a second resistor and a bypass filter capacitor, one end of each first resistor and one end of each second resistor are connected with the control chip, the other end of each first resistor is connected with the OBD diagnosis interface, and the other end of each second resistor is grounded; one end of the bypass filter capacitor is connected with the OBD diagnosis interface, and the other end of the bypass filter capacitor is grounded; each key circuit determines a binary key, and finally determines an N-bit binary key Kx;
when the diagnostic tool is accessed to the OBD diagnostic interface, the internal circuit of the diagnostic tool is accessed to the internal circuit of the central gateway through the OBD diagnostic interface; when the power supply supplies power, the central gateway activates the encryption state matched with the external diagnostic tool, reads a binary key Kx and obtains the corresponding partial pressure Ux inside the central gateway; when the diagnosis tool requests to unlock the central gateway, the central gateway and the diagnosis tool judge whether the diagnosis tool is legal or not according to the algorithm of the partial pressure Ux and the binary key Kx corresponding to the seed and the key, so that illegal access from the OBD diagnosis interface is isolated in a hardware and software double-check mode.
2. The central gateway-based vehicle security network architecture of claim 1, wherein when the diagnostic tool requests to unlock the central gateway, the central gateway calculates seed = F (sd) × according to a static security algorithm in combination with a dynamic parameter Ux, and the diagnostic tool gives Key = F according to the received seed and the Key Kx read by matching -1 (seed) × Kx, the check is completed.
3. The central gateway-based vehicle safety network architecture of claim 1 or 2, wherein if the diagnostic tool is not legitimate, the diagnostic tool can only read emission-related information on the backbone sub-network Net 1; if the diagnostic tool is legal, the diagnostic tool reads information on the backbone sub-network Net1, the central gateway and other backbone sub-networks through the backbone sub-network Net 1.
4. The central gateway-based vehicle security network architecture of claim 1, wherein the central gateway is provided with two power supply lines in a redundant power supply manner, the first power supply line supplies power to the MCU and the peripheral drivers thereof in the central gateway, and the second power supply line supplies power to the Flash/ROM and the delayed I/O in the central gateway.
5. The central gateway-based vehicle security network architecture of claim 4, wherein the two power supply lines each pass through the DCDC converter and the linear regulator independently before being powered.
6. The central gateway-based vehicle security network architecture of claim 1, wherein interactive subnetworks are provided between the backbone subnetworks, and the backbone subnetworks or the interactive subnetworks are CAN, CANFD or vehicle Ethernet buses.
7. The central gateway-based vehicle security network architecture of claim 1 or 6, wherein the backbone subnet further comprises: a backbone subnet Net 2-whole vehicle network segment, a backbone subnet Net 3-auxiliary driving network segment, a backbone subnet Net 4-vehicle body network segment, a backbone subnet Net 5-entertainment network segment and a backbone subnet Net6-T-Box special network segment; an interactive subnet Net1-2 is arranged between the backbone subnet Net1 and the backbone subnet Net2, and an interactive subnet Net5-6 is arranged between the backbone subnet Net5 and the backbone subnet Net 6.
8. A method for implementing diagnostics using the central gateway based vehicle security network architecture of claim 7, comprising the steps of:
s1, after being electrified, a central gateway enters a default diagnosis state; in a default diagnostic state, the diagnostic tool can only access emission-related information through the OBD diagnostic interface;
s2, the central gateway identifies whether the OBD diagnosis interface is connected with a diagnosis tool at present by providing a normal electricity detection current; if the diagnosis tool is connected, entering an online diagnosis mode, prohibiting remote diagnosis access, and then executing the step S3; if the diagnostic tool is not connected, judging whether to enter a remote diagnosis mode through handshake verification, and if the remote diagnosis mode is entered, executing a step S4;
s3, the central gateway judges whether a diagnosis tool of the OBD diagnosis interface is legal or not; if not, the central gateway maintains a default diagnostic state; if the answer is legal, executing the step S4;
s4, judging whether the diagnosis condition is met; if the diagnosis condition is not met, the central gateway keeps a default diagnosis state; if the diagnosis condition is satisfied, selecting a diagnosis network segment, wherein the central gateway is in an FIFO mode, namely the central gateway identifies that a diagnosis message from one network segment is received at the current moment, and then scheduling routing tasks according to the receiving sequence until all network segments or diagnosis tasks are completed, and exiting the FIFO mode.
9. The method of claim 8, wherein only one backbone subnet can be selected at a time for online or remote diagnosis.
10. The method of claim 8, wherein in online diagnostics mode, other backbone subnets are accessed by a diagnostic tool through backbone subnet Net 1; remote diagnostic mode, by T-Box, other backbone subnets are accessed through backbone subnet Net 6.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111031919.3A CN113741393B (en) | 2021-09-03 | 2021-09-03 | Vehicle safety network architecture based on central gateway and diagnosis method thereof |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111031919.3A CN113741393B (en) | 2021-09-03 | 2021-09-03 | Vehicle safety network architecture based on central gateway and diagnosis method thereof |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN113741393A CN113741393A (en) | 2021-12-03 |
| CN113741393B true CN113741393B (en) | 2023-03-24 |
Family
ID=78735269
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202111031919.3A Active CN113741393B (en) | 2021-09-03 | 2021-09-03 | Vehicle safety network architecture based on central gateway and diagnosis method thereof |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN113741393B (en) |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109729056A (en) * | 2017-10-30 | 2019-05-07 | 北京长城华冠汽车科技股份有限公司 | Vehicle network safety protection method and the vehicle network architecture based on car networking |
| CN110109443A (en) * | 2019-05-13 | 2019-08-09 | 上海英恒电子有限公司 | Safety communicating method, device, storage medium and the equipment of vehicle diagnostics |
| CN111327689A (en) * | 2020-01-22 | 2020-06-23 | 大运汽车股份有限公司 | Method for realizing remote upgrading of vehicle ECU (electronic control Unit) based on UDS (Universal data System) communication protocol |
Family Cites Families (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US9460567B2 (en) * | 2014-07-29 | 2016-10-04 | GM Global Technology Operations LLC | Establishing secure communication for vehicle diagnostic data |
| US9380044B2 (en) * | 2014-09-10 | 2016-06-28 | Cisco Technology, Inc. | Supporting differentiated secure communications among heterogeneous electronic devices |
| CN105704102B (en) * | 2014-11-26 | 2019-06-07 | 广州汽车集团股份有限公司 | Vehicle network access control method and device |
| CN106357681A (en) * | 2016-11-02 | 2017-01-25 | 合肥工业大学 | Security access and secret communication method of vehicle-mounted remote diagnostic services |
| CN106990726A (en) * | 2017-04-18 | 2017-07-28 | 上海汽车集团股份有限公司 | A kind of vehicle CAN network data access method |
| CN111130967A (en) * | 2019-12-25 | 2020-05-08 | 宜宾凯翼汽车有限公司 | Automobile diagnosis network topological structure |
| CN113093700B (en) * | 2021-03-30 | 2022-03-18 | 东风汽车集团股份有限公司 | Comprehensive fault diagnosis auxiliary system and method based on central gateway |
-
2021
- 2021-09-03 CN CN202111031919.3A patent/CN113741393B/en active Active
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109729056A (en) * | 2017-10-30 | 2019-05-07 | 北京长城华冠汽车科技股份有限公司 | Vehicle network safety protection method and the vehicle network architecture based on car networking |
| CN110109443A (en) * | 2019-05-13 | 2019-08-09 | 上海英恒电子有限公司 | Safety communicating method, device, storage medium and the equipment of vehicle diagnostics |
| CN111327689A (en) * | 2020-01-22 | 2020-06-23 | 大运汽车股份有限公司 | Method for realizing remote upgrading of vehicle ECU (electronic control Unit) based on UDS (Universal data System) communication protocol |
Also Published As
| Publication number | Publication date |
|---|---|
| CN113741393A (en) | 2021-12-03 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN101417636B (en) | Pure electric motor coach communication system and method based on three CAN bus | |
| JP2019201423A (en) | Method of updating fraud detection rules, fraud detecting electronic control unit, and on-board network system | |
| EP3316524B1 (en) | Protection device from cyber attacks to a vehicle through a diagnostic connector and related method | |
| US8103407B2 (en) | System and methods for controlling vehicular functions | |
| DE102017121073A1 (en) | DIAGNOSTIC METHODS AND APPARATUSES IN VEHICLE NETWORK | |
| WO2017124867A1 (en) | Automobile electrical system and isolation system for automobile electrical system | |
| CN213715751U (en) | Domain controller | |
| US20180103121A1 (en) | Operation method of communication node for selective wake-up in vehicle network | |
| CN108933776A (en) | Using the network monitor ability based on special permission diagnosis link connector in the vehicle for being isolated and protecting the gateway module of In-vehicle networking | |
| JP6643210B2 (en) | Vehicle data reading device and vehicle data reading method | |
| CN108234273A (en) | Vehicle netbios, relay and the method for controlling vehicle netbios | |
| CN108177526A (en) | Pure electric automobile and its control method of finished, device | |
| JP7412506B2 (en) | Fraud detection rule update method, fraud detection electronic control unit and in-vehicle network system | |
| CN114815773A (en) | Vehicle diagnosis response method and device, readable storage medium and vehicle gateway | |
| CN112511396A (en) | Whole vehicle communication monitoring method and device | |
| CN111447589A (en) | Vehicle-mounted Ethernet diagnosis system monitoring and authorized use method based on mobile communication | |
| CN113741393B (en) | Vehicle safety network architecture based on central gateway and diagnosis method thereof | |
| WO2024109535A1 (en) | Communication interaction method and apparatus, device, and storage medium | |
| CN111976630B (en) | Intelligent shared automobile network and remote power supplementing method | |
| EP4062591A2 (en) | Method for monitoring communication on a communication bus, electronic device for connection to a communication bus, and central monitoring device for connection to a communication bus | |
| CN116566905A (en) | CAN data scheduling method, device, equipment and readable storage medium | |
| KR101654720B1 (en) | A method for controlling can by can coordinator | |
| KR100977314B1 (en) | Method and apparatus for managing a data of network | |
| CN115224685B (en) | Power distribution management method, device, vehicle and storage medium | |
| CN108173806A (en) | Distributed network system (DNS), isolating device, message transmitting method and the automobile of automobile |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |