CN114721680A - Vehicle-mounted applet offline updating method and vehicle-mounted applet offline updating system - Google Patents

Vehicle-mounted applet offline updating method and vehicle-mounted applet offline updating system Download PDF

Info

Publication number
CN114721680A
CN114721680A CN202110009731.2A CN202110009731A CN114721680A CN 114721680 A CN114721680 A CN 114721680A CN 202110009731 A CN202110009731 A CN 202110009731A CN 114721680 A CN114721680 A CN 114721680A
Authority
CN
China
Prior art keywords
data packet
applet
vehicle
upper computer
main control
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202110009731.2A
Other languages
Chinese (zh)
Inventor
赵伟
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
BYD Co Ltd
Original Assignee
BYD Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by BYD Co Ltd filed Critical BYD Co Ltd
Priority to CN202110009731.2A priority Critical patent/CN114721680A/en
Publication of CN114721680A publication Critical patent/CN114721680A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F8/00Arrangements for software engineering
    • G06F8/60Software deployment
    • G06F8/65Updates
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F8/00Arrangements for software engineering
    • G06F8/60Software deployment
    • G06F8/61Installation
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F8/00Arrangements for software engineering
    • G06F8/70Software maintenance or management
    • G06F8/71Version control; Configuration management

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Software Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Computer Security & Cryptography (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Computer Hardware Design (AREA)
  • Small-Scale Networks (AREA)

Abstract

The invention discloses a vehicle-mounted applet offline updating method and a vehicle-mounted applet offline updating system, wherein the vehicle-mounted applet offline updating method comprises the following steps: after a secure communication channel between the upper computer and the secure communication channel is established, performing bidirectional authentication with the upper computer based on the secure communication channel, and receiving an encrypted data packet sent by the upper computer after the bidirectional authentication is successful; and decrypting and converting the encrypted data packet to generate a TLV format data packet, encrypting the TLV format data packet and sending the TLV format data packet to the security module so that the applet stored in the security module can update according to the decrypted TLV format data packet. Therefore, the off-line updating method of the vehicle-mounted applet can quickly and conveniently update the vehicle-mounted applet off-line, and cannot cause the failure of updating the vehicle-mounted applet and the loss of the function of the vehicle-mounted applet, so that the loss of the function of the vehicle can be avoided, and meanwhile, the transmission safety in the data transmission process can be ensured.

Description

Vehicle-mounted applet offline updating method and vehicle-mounted applet offline updating system
Technical Field
The invention relates to the field of vehicles, in particular to a vehicle-mounted applet offline updating method and a vehicle-mounted applet offline updating system.
Background
In the related art, the update and failure resolution of the software of the vehicle-end module is based on the operation of the external device, and the software update of the related module can be completed online or offline after the external device is connected, however, based on the existing diagnosis programming specification, the software update of the related module has the problems of long update time and no dual backup of the related module, which can cause the update failure of the application program and the loss of the software function, thereby causing the loss of the vehicle function,
moreover, the updating of the existing vehicle module software is mainly carried out through a CAN network, the safety mechanism of transmission is determined based on the diagnosis programming specification, however, as for the safety levels of the encryption and authentication mechanisms of data transmission in the transmission process, the two sides of data transmission do not have clear related safety levels,
in addition, the software functions of the existing vehicle module are mainly concentrated on the main control MCU side, and the processing function logic and the implementation algorithm are both in the MCU, so that certain risks are brought to the safe storage with higher encryption level requirements.
Disclosure of Invention
The present invention is directed to solving at least one of the problems of the prior art. Therefore, an object of the present invention is to provide an offline update method for a vehicle-mounted applet, which can quickly and conveniently update the vehicle-mounted applet offline, and does not cause failure of updating the vehicle-mounted applet and loss of function of the vehicle-mounted applet, so as to avoid loss of function of the vehicle and ensure safety of transmission during data transmission.
The invention further provides an off-line updating method of the vehicle-mounted applet.
The invention further proposes a computer-readable storage medium.
The invention further provides a master control MCU.
The invention further provides the upper computer.
The invention further provides an off-line updating system for the vehicle-mounted applet.
The off-line updating method of the vehicle-mounted applet comprises the following steps: after a secure communication channel between the upper computer and the secure communication channel is established, performing bidirectional authentication with the upper computer based on the secure communication channel, and receiving an encrypted data packet sent by the upper computer after the bidirectional authentication is successful; and decrypting and converting the encrypted data packet to generate a TLV format data packet, encrypting the TLV format data packet and sending the TLV format data packet to a security module so that the applet stored in the security module can be updated according to the decrypted TLV format data packet.
According to the off-line updating method of the vehicle-mounted applet, the vehicle-mounted applet can be quickly and conveniently updated off line, failure in updating the vehicle-mounted applet and loss of functions of the vehicle-mounted applet are avoided, loss of functions of the vehicle can be avoided, and transmission safety in a data transmission process can be guaranteed.
In some examples of the invention, establishing a secure communication channel with the host computer includes: and receiving a safety operation execution command issued by the upper computer, responding the safety operation execution command according to a preset safety channel standard requirement to generate a response command, and sending the response command to the upper computer to complete the establishment of the safety communication channel.
In some examples of the present invention, the performing bidirectional authentication with the upper computer based on the secure communication channel includes: and receiving a static key sent by the upper computer, calculating a shared negotiation key pair according to the static key, and finishing bidirectional authentication according to the shared negotiation key pair.
In some examples of the present invention, after the mutual authentication is completed, the upper computer is further interacted with the first device to generate a session key according to the shared negotiation key pair, and the encrypted data packet is decrypted according to the session key.
In some examples of the present invention, before receiving the encrypted data packet, the received upper computer request packet is converted into an APDU encryption instruction and sent to the security module, and a response packet fed back by the security module is received, and the response packet is subjected to format conversion and then uploaded to the upper computer.
The off-line updating method of the vehicle-mounted applet comprises the following steps: after a secure communication channel between the master control MCU and the master control MCU is established, performing bidirectional authentication with the master control MCU based on the secure communication channel; after the bidirectional authentication is successful, encrypting a data packet to be updated to generate an encrypted data packet, and sending the encrypted data packet to the master control MCU, so that the master control MCU decrypts and converts the format of the encrypted data packet to generate a TLV format data packet; and encrypting the TLV format data packet through the main control MCU and then sending the TLV format data packet to a security module so as to update the applet stored in the security module according to the decrypted TLV format data packet.
In some examples of the invention, establishing a secure communication channel with the master MCU includes: sending a command for executing the safe operation to the main control MCU, so that the main control MCU responds to the command for executing the safe operation according to the requirement of a preset safe channel specification to generate a response command; and completing the establishment of the secure communication channel after receiving the response command.
In some examples of the present invention, performing bidirectional authentication with the master MCU based on the secure communication channel includes: and sending a static key to the master control MCU, calculating a shared negotiation key pair according to the static key by interacting with the master control MCU, and finishing bidirectional authentication according to the shared negotiation key pair.
In some examples of the present invention, after the bidirectional authentication is completed, the master MCU further interacts with the master MCU to generate a session key according to the shared negotiation key pair, and encrypts the data packet to be updated according to the session key.
In some examples of the present invention, before sending the encrypted data packet to the main control MCU, an upper computer request message is also sent to the main control MCU, so that the main control MCU converts the upper computer request message into an APDU encryption instruction and sends the APDU encryption instruction to the security module, and receives a conversion message uploaded by the main control MCU, where the conversion message is obtained by the main control MCU performing format conversion on a received response message fed back by the security module.
In some examples of the present invention, the data packet to be updated is also obtained from the server side before the secure communication channel with the master MCU is established.
The computer readable storage medium according to the present invention stores thereon a vehicle-mounted applet-based offline updating program, which when executed by a processor implements the vehicle-mounted applet offline updating method described above.
According to the computer readable storage medium, the vehicle-mounted applet can be updated quickly and conveniently in an off-line mode, failure in updating the vehicle-mounted applet and loss of functions of the vehicle-mounted applet can be avoided, loss of functions of a vehicle can be avoided, and meanwhile transmission safety in a data transmission process can be guaranteed.
The main control MCU comprises a memory, a processor and a vehicle-mounted applet off-line updating program which is stored on the memory and can run on the processor, and when the processor executes the vehicle-mounted applet off-line updating program, the vehicle-mounted applet off-line updating method is realized.
The upper computer comprises a memory, a processor and a vehicle-mounted applet offline updating program which is stored on the memory and can run on the processor, wherein the processor realizes the vehicle-mounted applet offline updating method when executing the vehicle-mounted applet offline updating program.
The off-line updating system for the vehicle-mounted applet comprises an upper computer, a main control MCU and a safety module, wherein the applet is arranged in the safety module, the upper computer is used for establishing a safety communication channel with the main control MCU, performing two-way authentication with the main control MCU according to the safety communication channel after the safety communication channel is established, encrypting a data packet to be updated to generate an encrypted data packet after the two-way authentication is successful, and sending the encrypted data packet to the main control MCU; the main control MCU is used for decrypting and converting the encrypted data packet to generate a TLV format data packet, encrypting the TLV format data packet and then sending the TLV format data packet to the security module; and the safety module receives and decrypts the encrypted TLV format data packet, and updates the applet according to the decrypted TLV format data packet.
According to the off-line updating system for the vehicle-mounted applet, the vehicle-mounted applet can be quickly and conveniently updated off line, failure in updating the vehicle-mounted applet and loss of functions of the vehicle-mounted applet are avoided, loss of functions of the vehicle can be avoided, and transmission safety in a data transmission process can be guaranteed.
Additional aspects and advantages of the invention will be set forth in part in the description which follows and, in part, will be obvious from the description, or may be learned by practice of the invention.
Drawings
The above and/or additional aspects and advantages of the present invention will become apparent and readily appreciated from the following description of the embodiments, taken in conjunction with the accompanying drawings of which:
FIG. 1 is a flowchart of an in-vehicle applet offline updating method according to an embodiment of the present invention;
FIG. 2 is a flowchart of another embodiment of an offline update method of an in-vehicle applet, according to an embodiment of the present invention;
FIG. 3 is a block diagram illustrating an in-vehicle applet offline update system in accordance with an embodiment of the present invention;
FIG. 4 is a block diagram of a processor, memory, communication interface, communication bus, according to one embodiment of the invention.
Reference numerals:
the in-vehicle applet offline updating system 100;
an upper computer 10; vehicle end PAD 11; a diagnostic device 12;
a master MCU 20;
a security module 30;
a server side 40; a cloud server 41; a diagnostic server 42;
a processor 1201; a communication interface 1202; a memory 1203; a communication bus 1204.
Detailed Description
Reference will now be made in detail to embodiments of the present invention, examples of which are illustrated in the accompanying drawings, wherein like or similar reference numerals refer to the same or similar elements or elements having the same or similar function throughout. The embodiments described below with reference to the accompanying drawings are illustrative only for the purpose of explaining the present invention, and are not to be construed as limiting the present invention.
An in-vehicle applet offline-updating system 100 and an in-vehicle applet offline-updating method according to an embodiment of the present invention will be described with reference to fig. 1 to 4.
As shown in fig. 3, the in-vehicle applet offline updating system 100 according to the embodiment of the present invention includes: an upper computer 10, a main control MCU (Microcontroller unit-micro control unit) 20 and a security module (SE-Secure Element) 30. The applet is provided in the security module 30. The upper computer 10 is configured to establish a secure communication channel with the main control MCU20, perform bidirectional authentication with the main control MCU20 according to the secure communication channel after the secure communication channel is established, encrypt a to-be-updated data packet after the bidirectional authentication is successful to generate an encrypted data packet, and send the encrypted data packet to the main control MCU 20. It should be noted that, the upper computer 10 can establish a secure communication channel with the main control MCU20, after the secure communication channel is established, the upper computer 10 can perform bidirectional authentication with the main control MCU20 according to the secure communication channel, after the bidirectional authentication between the upper computer 10 and the main control MCU20 is successful, the upper computer 10 can encrypt the data packet to be updated to generate an encrypted data packet, and the upper computer 10 can transmit the encrypted data packet to the main control MCU 20.
The main control MCU20 is configured to decrypt and format-convert the encrypted data packet to generate a TLV (Tag Length Value-data format transmitted between the card and the terminal) format data packet, encrypt the TLV format data packet, and send the encrypted TLV format data packet to the security module 30. It should be explained that the master MCU20 can decrypt the encrypted data packet sent by the upper computer 10, and the master MCU20 can perform format conversion on the decrypted encrypted data packet to convert the format of the decrypted encrypted data packet into a TLV format data packet, and then the master MCU20 can encrypt the TLV format data packet, and the master MCU20 can send the encrypted TLV format data packet to the security module 30.
It should be noted that, after the security module 30 receives the encrypted TLV-format data packet and decrypts the encrypted TLV-format data packet, and updates the applet according to the decrypted TLV-format data packet, the security module 30 may receive the encrypted TLV-format data packet sent by the main control MCU20, after the security module 30 receives the encrypted TLV-format data packet sent by the main control MCU20, the security module 30 may decrypt the TLV-format data packet, and the security module 30 may update the applet set in the security module 30 according to the decrypted TLV-format data packet, so as to complete offline update of the applet.
Specifically, the upper computer 10 may include, but is not limited to, a PAD11 at a vehicle end and the diagnostic device 12, the upper computer 10 and the main control MCU20 may be connected via a CAN (Controller Area network-) bus or a CAN fd (CAN With Flexible Data Rate — serial communication protocol based on CAN 2.0 physical layer) bus, the security module 30 may further include a cos system, the security module 30 needs to meet the requirement of normal functions of the cos system and the applet to ensure that Data packets CAN be completely transmitted in a communication process, the main control MCU20 and the security module 30 may be communicatively connected via an SPI bus (serial interface-synchronous serial interface), so that normal communication between the main control MCU20 and the security module 30 CAN be ensured.
The off-line update system 100 for the vehicle-mounted applet may further include a server 40, where the server 40 may include, but is not limited to, a cloud server 41 and a diagnosis server 42, preferably, the server 40 and the upper computer 10 may transmit a data packet to be updated through a TCP or IP network channel, further, the cloud server 41 and the PAD11 may transmit the data packet to be updated through a TCP or IP network channel, the diagnosis server 42 and the diagnosis device 12 may also transmit the data packet to be updated through a TCP or IP network channel, the upper computer 10 may obtain the data packet to be updated from the server 40 and load the data packet to be updated into a local memory, the upper computer 10 may establish a secure communication channel with the main control MCU20, after the secure communication channel is established, the upper computer 10 may perform bidirectional authentication with the main control MCU20 according to the secure communication channel, and after the bidirectional authentication between the upper computer 10 and the main control MCU20 is successful, the host computer 10 can encrypt a data packet to be updated to generate an encrypted data packet and transmit the encrypted data packet to the main control MCU20, the main control MCU20 can decrypt the encrypted data packet transmitted from the host computer 10 and perform format conversion to convert the format of the decrypted encrypted data packet into a TLV format data packet, then the main control MCU20 can encrypt the TLV format data packet, the main control MCU20 can transmit the encrypted TLV format data packet to the security module 30 through the SPI bus, the security module 30 can decrypt the TLV format data packet after receiving the encrypted TLV format data packet transmitted from the main control MCU20, and the security module 30 can update an applet arranged in the security module 30 according to the decrypted TLV format data packet to complete offline updating of the applet, further, when the MCU20 receives the encrypted data packet transmitted from the host computer 10, the MCU20 can store the encrypted data packet, and software version detection of the applet of the security module 30 can be performed.
From this, host computer 10, master control MCU20 and security module 30 cooperation work, can be fast, convenient carry out the off-line update to on-vehicle applet to can not lead to on-vehicle applet to update failure and on-vehicle applet function disappearance, thereby can avoid the function disappearance of vehicle, simultaneously, can guarantee the transmission safety in the data transmission process.
As some embodiments of the present invention, establishing a secure communication channel with the upper computer 10 may include: receiving a safety operation execution command issued by the upper computer 10, responding to the safety operation execution command according to a preset safety channel specification requirement to generate a response command, and sending the response command to the upper computer 10 to complete the establishment of a safety communication channel. It should be explained that, the upper computer 10 may send an execution safety operation command to the main control MCU20, the main control MCU20 may receive the execution safety operation command issued by the upper computer 10, the main control MCU20 may respond to the execution safety operation command according to a preset safety channel specification requirement after receiving the execution safety operation command issued by the upper computer 10 to generate a response command, and after the MCU20 generates the response command, the MCU20 may send the response command to the upper computer 10 to establish a safety communication channel with the upper computer 10, where the preset safety channel specification requirement may be a safety channel SCP11c (GlobalPlatform card technology safety channel protocol "11") specification requirement.
As some embodiments of the present invention, performing bidirectional authentication with the upper computer 10 based on a secure communication channel may include: and receiving the static key sent by the upper computer 10, calculating a shared negotiation key pair according to the static key, and finishing bidirectional authentication according to the shared negotiation key pair. It should be explained that, after the secure communication channel is established, the MCU20 may receive the static key sent by the upper computer 10, and the MCU20 may calculate a shared negotiation key pair (ECKA) according to the static key sent by the upper computer 10, and then the MCU20 may complete mutual authentication with the upper computer 10 according to the shared negotiation key pair, specifically, the MCU20 may derive a channel session key (AES) according to the shared negotiation key pair, and the MCU20 may generate a response command according to the channel session key and return the response command to the upper computer 10 to complete mutual authentication with the upper computer 10, thereby ensuring transmission security during data transmission.
As some embodiments of the present invention, after the mutual authentication is completed, the upper computer 10 may interact to generate a session key according to the shared negotiation key pair, and decrypt the encrypted data packet according to the session key. It should be noted that, after the MCU20 and the upper computer 10 complete the mutual authentication, the MCU20 may interact with the upper computer 10 to generate the session key according to the shared negotiation key pair, and the MCU20 may decrypt the encrypted data packet transmitted from the upper computer 10 according to the session key, and then the MCU20 may perform format conversion on the data packet to generate the TLV format data packet, encrypt the TLV format data packet, and transmit the encrypted data packet to the security module 30 through the SPI bus, thereby further ensuring the transmission security during the data transmission process.
It should be noted that, the exchange information between the MCU20 and the security module 30 may be protected by SCP03(global platform technology secure channel Protocol "03") security message transmission, and an encrypted Data packet sent to the MCU20 according to the diagnostic specification, in the SCP03 security communication mechanism, the transmitted Data is packed into an APDU (Application Protocol Data Unit) -command for encryption and transmission, the plaintext command Data transmitted by the SCP03 is encrypted by a session key to generate an encrypted command, and then encrypted again to generate a CMAC value, and finally, the encrypted command + CMAC value is filled according to a fixed format, and in the channel transmission process, the fixed format transmission Data is encrypted by a channel session key and transmitted again according to the Data security requirement, so as to ensure the confidentiality and integrity of the Data.
After the data packet is loaded, software version detection of the applet of the security module 30 can be performed, and in addition, according to the requirements of the diagnostic specification, programming upgrade of the main control MCU20 needs to pass through stages of version reading, vehicle silencing, security access, entering a programming diagnostic session mode, data downloading and transmission, and for upgrade of the security module 30, because data packet forwarding of the main control MCU20 needs to be considered, only partial stages need to be adopted.
As some embodiments of the present invention, before receiving the encrypted data packet, the received upper computer request message is converted into an APDU encryption instruction and sent to the security module 30, and a response message fed back by the security module 30 is received, and the response message is subjected to format conversion and then uploaded to the upper computer 10.
It should be explained that, regarding each request of the upper computer 10, that is, the upper computer request message (encrypted data packet) sent by the upper computer 10 to the main control MCU20 each time, the main control MCU20 needs to convert the upper computer request message into an APDU encryption instruction in a corresponding TLV format and send the APDU encryption instruction to the security module 30, the security module 30 needs to set a silent state of a non-programming node, and when entering a programming diagnosis session mode, the security module firstly passes through a security access service, and then directly enters data downloading, data transmission, and request transmission to exit. In the data downloading stage, a data cache area with a size of 256 bytes CAN be set to store downloading contents, that is, an encrypted data packet transmitted by the upper computer 10 through a CAN or CAN fd bus is stored first, then the main control MCU20 successfully responds, in the subsequent data transmission stage, the main control MCU20 adds a header and a trailer to the downloaded encrypted data packet to package the encrypted data packet, an APDU encryption instruction in a TLV format is formed and transmitted to the security module 30, after the security module 30 receives the APDU encryption instruction in the TLV format transmitted by the main control MCU20, the security module 30 transmits a completion response message to the main control MCU20, the main control MCU20 CAN convert the completion response message into a CAN message and transmit the CAN message to the upper computer 10, and for an execution instruction for quitting transmission, the completion of the transmission CAN be performed normally according to the specification, and thus the transmission of the encrypted data packet is completed in a cyclic reciprocating manner.
As some embodiments of the present invention, sequence counters may be simultaneously disposed on the upper computer 10 side and the master MCU20 side to perform counting operation during data transmission, when the count is satisfied to a certain number of times, a memory check is performed to complete self-update of the applet of the security module 30, then the security module 30 performs update status query of the applet, the status reset of the security module 30 is performed after the query is passed, the silent state of the non-programming node is released, then the security module 30 packages a diagnostic response and completes transmission of the response to the master MCU20, and the master MCU20 converts the response into CAN data to return to the upper computer 10.
As some embodiments of the present invention, establishing a secure communication channel with the master MCU20 may include: and sending a command for executing the security operation to the master MCU20, so that the master MCU20 responds to the command for executing the security operation according to the preset security channel specification to generate a response command, and after receiving the response command, completing establishment of the security communication channel. It should be noted that, the upper computer 10 may send an execution safety operation command to the main control MCU20, the main control MCU20 may respond to the execution safety operation command issued by the upper computer 10 according to a preset safety channel specification requirement after receiving the execution safety operation command issued by the upper computer 10 to generate a response command, then the MCU20 may send the response command to the upper computer 10, and after receiving the response command, the upper computer 10 may complete establishment of a safety communication channel with the MCU20, where the preset safety channel specification requirement may be a safety channel SCP11c (GlobalPlatform card technology safety channel protocol "11") specification requirement.
As some embodiments of the present invention, performing bidirectional authentication with the master MCU20 based on a secure communication channel may include: and sending the static key to the master MCU20, and interacting with the master MCU to calculate a shared negotiation key pair according to the static key, and to perform mutual authentication according to the shared negotiation key pair. It should be explained that, after the secure communication channel is established, the upper computer 10 may send the static key to the main control MCU20, and the upper computer 10 may calculate the shared negotiation key pair according to the static key by interacting with the main control MCU, and then the upper computer 10 may complete the mutual authentication with the MCU20 according to the shared negotiation key pair, specifically, the MCU20 may derive the channel session key according to the shared negotiation key pair, and the MCU20 may generate the response command according to the channel session key, and return the response command to the upper computer 10 to complete the mutual authentication with the upper computer 10, thereby ensuring the transmission security in the data transmission process.
As some embodiments of the present invention, after the mutual authentication is completed, the master MCU20 may also interact to generate a session key according to the shared negotiation key pair, and encrypt the data packet to be updated according to the session key. It should be noted that, after the upper computer 10 and the MCU20 complete mutual authentication, the upper computer 10 may interact with the main control MCU20 to generate a session key according to the shared negotiation key pair, and the upper computer 10 may encrypt the data packet to be updated according to the session key to generate an encrypted data packet, and the upper computer 10 may send the encrypted data packet to the main control MCU20, thereby further ensuring transmission security during data transmission.
It should be noted that, the exchange information between the MCU20 and the security module 30 is protected by the SCP03(GlobalPlatform card secure channel protocol "03") security message transmission, and is sent to the encrypted data packet of the MCU20 according to the diagnostic specification, in the SCP03 security communication mechanism, the transmitted data is packaged into an APDU command for encryption and transmission, the plaintext command data transmitted by the SCP03 is first encrypted with a session key to generate an encrypted command, then encrypted again to generate a CMAC value, and finally the encrypted command + CMAC value is filled in a fixed format, and in the channel transmission process, the fixed format transmission data is encrypted and retransmitted with a channel session key according to the data security requirement, so as to ensure the confidentiality and integrity of the data.
After the data packet is loaded, software version detection of the applet of the security module 30 can be performed, and in addition, according to the requirements of diagnostic specifications, the upgrading of the main control MCU20 needs to pass through stages of version reading, vehicle silencing, security access, entering a programming diagnostic session mode, data downloading and transmission, etc., and for the upgrading of the security module 30, because the data packet forwarding of the main control MCU20 needs to be considered, only partial stages need to be adopted.
As some embodiments of the present invention, before sending the encrypted data packet to the main control MCU20, the main control MCU20 further issues an upper computer request message, so that the main control MCU20 converts the upper computer request message into an APDU encryption instruction and sends the APDU encryption instruction to the security module 30, and receives a conversion message uploaded by the main control MCU20, where the conversion message is obtained by performing format conversion on a received response message fed back by the security module 30 by the main control MCU 20.
It should be explained that, regarding each request of the upper computer 10, that is, the upper computer request message (encrypted data packet) sent by the upper computer 10 to the main control MCU20 each time, the main control MCU20 needs to convert the upper computer request message into an APDU encryption instruction in a corresponding TLV format and send the APDU encryption instruction to the security module 30, the security module 30 needs to set a silent state of a non-programming node, and when entering a programming diagnosis session mode, the security module firstly passes through a security access service, and then directly enters data downloading, data transmission, and request transmission to exit. In the data downloading stage, a data cache area with a size of 256 bytes CAN be set to store downloading contents, that is, an encrypted data packet transmitted by the upper computer 10 through a CAN or CAN fd bus is stored first, then the main control MCU20 successfully responds, in the subsequent data transmission stage, the main control MCU20 adds a header and a trailer to the downloaded encrypted data packet to package the encrypted data packet, an APDU encryption instruction in a TLV format is formed and transmitted to the security module 30, after the security module 30 receives the APDU encryption instruction in the TLV format transmitted by the main control MCU20, the security module 30 transmits a completion response message to the main control MCU20, the main control MCU20 CAN convert the completion response message into a CAN message and transmit the CAN message to the upper computer 10, and for an execution instruction for quitting transmission, the completion of the transmission CAN be performed normally according to the specification, and thus the transmission of the encrypted data packet is completed in a cyclic reciprocating manner.
As some embodiments of the present invention, sequence counters may be simultaneously disposed on the upper computer 10 side and the master MCU20 side to perform counting operation during data transmission, when the count is satisfied to a certain number of times, a memory check is performed to complete self-update of the applet of the security module 30, then the security module 30 performs update status query of the applet, the status reset of the security module 30 is performed after the query is passed, the silent state of the non-programming node is released, then the security module 30 packages a diagnostic response and completes transmission of the response to the master MCU20, and the master MCU20 converts the response into CAN data to return to the upper computer 10.
As some embodiments of the present invention, before establishing the secure communication channel with the main control MCU20, the to-be-updated data packet is further obtained from the server 40, and it should be explained that before establishing the secure communication channel with the main control MCU20, the upper computer 10 may obtain the to-be-updated data packet from the server 40 and load the to-be-updated data packet into a local memory, so that the upper computer 10 may obtain the to-be-updated data packet and store the to-be-updated data packet.
Fig. 1 is a flowchart of an offline updating method for a vehicle-mounted applet according to an embodiment of the present invention, where the offline updating system for a vehicle-mounted applet according to the embodiment of the present invention can implement the offline updating method for a vehicle-mounted applet, as shown in fig. 1, the offline updating method for a vehicle-mounted applet includes the following steps:
and S1, after a secure communication channel between the upper computer and the host computer is established, performing bidirectional authentication with the host computer based on the secure communication channel, and receiving the encrypted data packet issued by the host computer after the bidirectional authentication is successful. It should be explained that the in-vehicle applet offline updating system includes: the system comprises an upper computer, a main control MCU (Microcontroller unit-micro control unit) and a security module (SE-Secure Element), wherein the upper computer is used for establishing a security communication channel with the main control MCU, after the security communication channel is established, the upper computer performs bidirectional authentication with the main control MCU according to the security communication channel, encrypts a data packet to be updated after the bidirectional authentication is successful to generate an encrypted data packet, and sends the encrypted data packet to the main control MCU. It should be noted that the upper computer can establish a secure communication channel with the main control MCU, after the secure communication channel is established, the upper computer can perform bidirectional authentication with the main control MCU according to the secure communication channel, and after the bidirectional authentication between the upper computer and the main control MCU is successful, the upper computer can encrypt the data packet to be updated to generate an encrypted data packet, and can transmit the encrypted data packet to the main control MCU.
S2, the encrypted data packet is decrypted and converted to generate a TLV format data packet, and the TLV format data packet is encrypted and then sent to the security module, so that the applet stored in the security module can be updated according to the decrypted TLV format data packet. It should be noted that the master control MCU may decrypt the encrypted data packet sent by the upper computer, and the master control MCU may decrypt the encrypted data packet to perform format conversion so as to convert the format of the decrypted encrypted data packet into a TLV-format data packet, and then the master control MCU may encrypt the TLV-format data packet, and the master control MCU may send the encrypted TLV-format data packet to the security module, and the security module may receive the encrypted TLV-format data packet sent by the master control MCU, and after receiving the encrypted TLV-format data packet sent by the security module, the security module may decrypt the TLV-format data packet, and the security module may update the applet set in the security module according to the decrypted TLV-format data packet, so as to complete the offline update of the applet.
Specifically, the upper computer may include, but is not limited to, a PAD at a vehicle end and a diagnostic device, the upper computer may be connected to the main control MCU through a CAN (Controller Area network-) bus or a CAN fd (CAN With Flexible Data Rate — serial communication protocol based on CAN 2.0 physical layer) bus, the security module may further include a cos system, the security module needs to satisfy that the cos system and the applet function are normal, so as to ensure that the Data packet CAN be transmitted completely in the communication process, the main control MCU and the security module may be connected through an SPI bus (serial peripheral interface — synchronous serial interface), thereby ensuring normal communication between the main control MCU and the security module.
The off-line updating system of the vehicle-mounted applet can further comprise a server side, the server side can comprise but is not limited to a cloud server and a diagnosis server, preferably, the server side and an upper computer can transmit a data packet to be updated through a TCP or IP network channel, further, the cloud server and a vehicle-side PAD can transmit the data packet to be updated through the TCP or IP network channel, the diagnosis server and a diagnosis device can also transmit the data packet to be updated through the TCP or IP network channel, the upper computer can obtain the data packet to be updated from the server side and load the data packet to be updated into a local memory, the upper computer can establish a safe communication channel with a main control MCU, after the safe communication channel is established, the upper computer can perform two-way authentication with the main control MCU according to the safe communication channel, and after the two-way authentication between the upper computer and the MCU main control is successful, the upper computer can encrypt the data packet to be updated, to generate an encrypted data packet and transmit the encrypted data packet to the master control MCU, the master control MCU can decrypt and format-convert the encrypted data packet transmitted by the upper computer, to convert the format of the decrypted encrypted data packet into a TLV format data packet, after which the master MCU may encrypt the TLV format data packet, the master control MCU can send the encrypted TLV format data packet to the security module through the SPI bus, the security module can decrypt the TLV format data packet after receiving the encrypted TLV format data packet sent by the master control MCU, and the security module can update the applet arranged in the security module according to the decrypted TLV format data packet so as to complete off-line updating of the applet, and further, after the MCU receives the encrypted data packet sent by the upper computer, the MCU can store the encrypted data packet and can detect the software version of the applet of the security module.
Therefore, the off-line updating method of the vehicle-mounted applet can quickly and conveniently update the vehicle-mounted applet off-line, can not cause the failure of updating the vehicle-mounted applet and the function loss of the vehicle-mounted applet, can avoid the function loss of a vehicle, and can ensure the transmission safety in the data transmission process.
In some embodiments of the present invention, establishing a secure communication channel with the upper computer may include: and receiving a safety operation execution command sent by the upper computer, responding to the safety operation execution command according to a preset safety channel standard requirement to generate a response command, and sending the response command to the upper computer to complete the establishment of a safety communication channel. It should be explained that, the upper computer can send an execution safety operation command to the main control MCU, the main control MCU can receive the execution safety operation command sent by the upper computer, the main control MCU can respond to the execution safety operation command according to a preset safety channel specification requirement after receiving the execution safety operation command sent by the upper computer to generate a response command, the MCU can send the response command to the upper computer to establish a safety communication channel with the upper computer after generating the response command, wherein the preset safety channel specification requirement can be a safety channel SCP11c (GlobalPlatform card technical safety channel protocol "11") specification requirement.
In some embodiments of the present invention, the performing bidirectional authentication with the upper computer based on the secure communication channel may include: and receiving a static key sent by the upper computer, calculating a shared negotiation key pair according to the static key, and finishing bidirectional authentication according to the shared negotiation key pair. It should be explained that, after the secure communication channel is established, the MCU may receive a static key sent by the upper computer, and the MCU may calculate a shared negotiation key pair (ECKA) according to the static key sent by the upper computer, and then the MCU may complete mutual authentication with the upper computer according to the shared negotiation key pair, specifically, the MCU may derive a channel session key (AES) according to the shared negotiation key pair, and the MCU may generate a response command according to the channel session key and return the response command to the upper computer to complete mutual authentication with the upper computer, thereby ensuring transmission security during data transmission.
In some embodiments of the present invention, after the mutual authentication is completed, the upper computer may further interact to generate a session key according to the shared negotiation key pair, and decrypt the encrypted data packet according to the session key. It should be noted that, after the bidirectional authentication between the MCU and the upper computer is completed, the MCU may interact with the upper computer to generate a session key according to the shared negotiation key pair, and the MCU may decrypt the encrypted data packet transmitted from the upper computer according to the session key, and then the MCU may perform format conversion on the data packet to generate a TLV format data packet, encrypt the TLV format data packet, and transmit the encrypted TLV format data packet to the security module through the SPI bus, thereby further ensuring the transmission security during the data transmission process.
It should be noted that, the exchange information between the MCU and the security module may be protected by the SCP03(GlobalPlatform card technology secure channel Protocol "03") security message transmission, and an encrypted Data packet sent to the MCU according to the diagnostic specification, in the SCP03 security communication mechanism, the transmitted Data is packaged into an APDU (Application Protocol Data Unit) command for encryption processing and transmission, the plaintext command Data transmitted by the SCP03 is first encrypted by a session key to generate an encrypted command, then encrypted again to generate a CMAC value, and finally filled according to a fixed format to form an encrypted command + CMAC value, in the channel transmission process, the fixed format transmission Data is encrypted by a channel session key according to the Data security requirement and then transmitted, so as to ensure the confidentiality and integrity of the Data.
After the data packet is loaded, software version detection of the applet of the safety module can be carried out, in addition, according to the requirements of the diagnosis specification, the programming upgrade of the main control MCU needs to pass through stages of version reading, vehicle silence, safety access, entering a programming diagnosis session mode, data downloading, transmission and the like, and for the upgrade of the safety module, the data packet forwarding of the main control MCU needs to be considered, so that only partial stages need to be adopted.
In some embodiments of the present invention, before receiving the encrypted data packet, the received upper computer request message is converted into an APDU encryption instruction and sent to the security module, and the response message fed back by the security module is received, and the response message is subjected to format conversion and then uploaded to the upper computer.
It should be explained that, regarding each request of the upper computer, that is, the upper computer sends an upper computer request message (encrypted data packet) to the main control MCU each time, the main control MCU needs to convert the upper computer request message into an APDU encryption instruction in a corresponding TLV format and send the APDU encryption instruction to the security module, the security module needs to set a silent state of a non-writeable node, and when entering a programming diagnosis session mode, the security module firstly passes through a security access service and then directly enters data downloading, data transmission, request transmission and exit. In the data downloading stage, a data cache region with the size of 256 bytes CAN be set to store downloading contents, namely, an encrypted data packet transmitted by an upper computer through a CAN or CANFD bus is stored firstly, then a main control MCU successfully responds, in the subsequent data transmission stage, the main control MCU adds a header and a trailer to the downloaded encrypted data packet to package the encrypted data packet to form an APDU encrypted instruction in a TLV format and transmits the APDU encrypted instruction to a security module, after the security module receives the APDU encrypted instruction in the TLV format transmitted by the main control MCU, the security module transmits a completion response message to the main control MCU, the main control MCU CAN convert the completion response message into a CAN message and transmit the CAN message to the upper computer, and for an execution instruction for quitting transmission, the CAN message is normally completed and transmitted according to a specification, and the transmission of the encrypted data packet is completed in a circulating manner.
As some embodiments of the present invention, sequence counters may be simultaneously disposed at the upper computer side and the main control MCU side to perform a counting operation in a data transmission process, when a certain number of times of counting is satisfied, a memory check is performed to complete self-updating of an applet of the security module, then, the security module performs update status query of the applet, after the query is passed, status reset of the security module is performed to remove a silent state of a non-programming node, then, the security module packages a diagnostic response and completes transmission of the response to the main control MCU, and the main control MCU converts the response into CAN data to return to the upper computer.
Fig. 2 is a flowchart of an offline updating method for a vehicle-mounted applet according to another specific embodiment of the present invention, where the offline updating system for a vehicle-mounted applet according to the embodiment can implement the offline updating method for a vehicle-mounted applet, as shown in fig. 2, the offline updating method for a vehicle-mounted applet includes the following steps:
s201, after establishing a secure communication channel with a main control MCU, performing bidirectional authentication with the main control MCU based on the secure communication channel, and explaining that the vehicle-mounted applet offline updating system comprises: the system comprises an upper computer, a main control MCU (Microcontroller unit-micro control unit) and a security module (SE-Secure Element), wherein an applet is arranged in the security module. The upper computer is used for establishing a secure communication channel with the main control MCU and performing bidirectional authentication with the main control MCU according to the secure communication channel after the secure communication channel is established.
S202, after the bidirectional authentication is successful, the data packet to be updated is encrypted to generate an encrypted data packet, and the encrypted data packet is sent to the main control MCU, so that the main control MCU can decrypt and convert the format of the encrypted data packet to generate a TLV format data packet. It should be noted that, after the bidirectional authentication between the upper computer and the main control MCU is successful, the upper computer can encrypt the data packet to be updated to generate an encrypted data packet, and can send the encrypted data packet to the main control MCU, the main control MCU can decrypt the encrypted data packet sent by the upper computer, and the main control MCU can perform format conversion on the decrypted encrypted data packet to convert the format of the decrypted encrypted data packet into a TLV format data packet.
S203, the TLV format data packet is encrypted through the main control MCU and then sent to the security module, so that the applet stored in the security module can be updated according to the decrypted TLV format data packet. It should be noted that the main control MCU may encrypt the TLV format data packet, and the main control MCU may transmit the encrypted TLV format data packet to the security module, and the security module may receive the encrypted TLV format data packet transmitted by the main control MCU, and after the security module receives the encrypted TLV format data packet transmitted by the main control MCU, the security module may decrypt the TLV format data packet, and the security module may update the applet set in the security module according to the decrypted TLV format data packet, so as to complete the offline update of the applet.
Specifically, the upper computer may include, but is not limited to, a PAD at a vehicle end and a diagnostic device, the upper computer may be connected to the main control MCU through a CAN (Controller Area network-) bus or a CAN fd (CAN With Flexible Data Rate — serial communication protocol based on CAN 2.0 physical layer) bus, the security module may further include a cos system, the security module needs to satisfy the normal functions of the cos system and the applet so as to ensure that the Data packets CAN be transmitted completely in the communication process, the main control MCU and the security module may be connected through an SPI bus (serial peripheral interface — synchronous serial interface), thereby ensuring normal communication between the main control MCU and the security module.
The off-line updating system of the vehicle-mounted applet can further comprise a server side, the server side can comprise but is not limited to a cloud server and a diagnosis server, preferably, the server side and an upper computer can transmit a data packet to be updated through a TCP or IP network channel, further, the cloud server and a vehicle-side PAD can transmit the data packet to be updated through the TCP or IP network channel, the diagnosis server and a diagnosis device can also transmit the data packet to be updated through the TCP or IP network channel, the upper computer can obtain the data packet to be updated from the server side and load the data packet to be updated into a local memory, the upper computer can establish a safe communication channel with a main control MCU, after the safe communication channel is established, the upper computer can perform two-way authentication with the main control MCU according to the safe communication channel, and after the two-way authentication between the upper computer and the MCU main control is successful, the upper computer can encrypt the data packet to be updated, to generate an encrypted data packet and transmit the encrypted data packet to the master control MCU, the master control MCU can decrypt and format-convert the encrypted data packet transmitted by the upper computer, to convert the format of the decrypted encrypted data packet into a TLV format data packet, after which the master MCU may encrypt the TLV format data packet, the master control MCU can send the encrypted TLV format data packet to the security module through the SPI bus, the security module can decrypt the TLV format data packet after receiving the encrypted TLV format data packet sent by the master control MCU, and the security module can update the applet arranged in the security module according to the decrypted TLV format data packet so as to complete off-line updating of the applet, and further, after the MCU receives the encrypted data packet sent by the upper computer, the MCU can store the encrypted data packet and can detect the software version of the applet of the security module.
Therefore, the off-line updating method of the vehicle-mounted applet can quickly and conveniently update the vehicle-mounted applet off-line, and cannot cause failure of updating the vehicle-mounted applet and loss of functions of the vehicle-mounted applet, so that loss of functions of the vehicle can be avoided, and meanwhile, transmission safety in a data transmission process can be guaranteed.
In some embodiments of the present invention, establishing a secure communication channel with a master MCU may include: and sending a command for executing the safety operation to the main control MCU so that the main control MCU responds to the command for executing the safety operation according to the preset safety channel specification requirement to generate a response command, and finishing the establishment of the safety communication channel after receiving the response command. It should be noted that the upper computer may send an execution safety operation command to the main control MCU, the main control MCU may respond to the execution safety operation command issued by the upper computer according to a preset safety channel specification after receiving the execution safety operation command issued by the upper computer to generate a response command, then the MCU may send the response command to the upper computer, and the upper computer may complete establishment of a safety communication channel with the MCU after receiving the response command, where the preset safety channel specification requirement may be a safety channel SCP11c (GlobalPlatform card technology safety channel protocol "11") specification requirement.
In some embodiments of the present invention, performing bidirectional authentication with the master MCU based on the secure communication channel may include: and sending the static key to the master control MCU, calculating a shared negotiation key pair according to the static key by interacting with the master control MCU, and finishing bidirectional authentication according to the shared negotiation key pair. It should be explained that, after the secure communication channel is established, the upper computer may send a static key to the main control MCU, and the upper computer may calculate a shared negotiation key pair according to the static key by interacting with the main control MCU, and then the upper computer may complete mutual authentication with the MCU according to the shared negotiation key pair, specifically, the MCU may derive a channel session key according to the shared negotiation key pair, and the MCU may generate a response command according to the channel session key and return the response command to the upper computer to complete mutual authentication with the upper computer, thereby ensuring transmission security in the data transmission process.
In some embodiments of the present invention, after the mutual authentication is completed, the master MCU may further interact with the master MCU to generate a session key according to the shared negotiation key pair, and encrypt the data packet to be updated according to the session key. It should be noted that, after the upper computer and the MCU complete mutual authentication, the upper computer may interact with the main control MCU to generate a session key according to the shared negotiation key pair, and encrypt the data packet to be updated according to the session key to generate an encrypted data packet, and send the encrypted data packet to the main control MCU, thereby further ensuring the transmission security during data transmission.
It should be noted that, the exchange information between the MCU and the security module is protected by the SCP03(GlobalPlatform card technology secure channel protocol "03") security message transmission, and is sent to the encrypted data packet of the MCU according to the diagnostic specification, in the SCP03 security communication mechanism, the transmitted data is packaged into an APDU command for encryption and transmission, the plaintext command data transmitted by the SCP03 is first encrypted by a session key to generate an encrypted command, and then encrypted again to generate a CMAC value, and finally the encrypted command + CMAC value is filled in a fixed format, and in the channel transmission process, the fixed format transmission data is encrypted by a channel session key according to the data security requirement and then transmitted, so as to ensure the confidentiality and integrity of the data.
After the data packet is loaded, software version detection of the applet of the security module can be carried out, in addition, according to the requirements of the diagnostic specification, the upgrading of the main control MCU needs to pass through stages of version reading, vehicle silence, safe access, entering a programming diagnosis session mode, data downloading, transmission and the like, and for the upgrading of the security module, the data packet forwarding of the main control MCU needs to be considered, so that only partial stages need to be adopted.
In some embodiments of the present invention, before sending the encrypted data packet to the main control MCU, the main control MCU further issues an upper computer request message to the main control MCU, so that the main control MCU converts the upper computer request message into an APDU encryption instruction and sends the APDU encryption instruction to the security module, and receives a conversion message uploaded by the main control MCU, wherein the conversion message is obtained by the main control MCU by performing format conversion on a received response message fed back by the security module.
It should be explained that, regarding each request of the upper computer, that is, the upper computer sends an upper computer request message (encrypted data packet) to the main control MCU each time, the main control MCU needs to convert the upper computer request message into an APDU encryption instruction in a corresponding TLV format and send the APDU encryption instruction to the security module, the security module needs to set a silent state of a non-writeable node, and when entering a programming diagnosis session mode, the security module firstly passes through a security access service and then directly enters data downloading, data transmission, request transmission and exit. In the data downloading stage, a data cache region with the size of 256 bytes CAN be set to store downloading contents, namely, an encrypted data packet transmitted by an upper computer through a CAN or CANFD bus is stored firstly, then a main control MCU successfully responds, in the subsequent data transmission stage, the main control MCU adds a header and a trailer to the downloaded encrypted data packet to package the encrypted data packet to form an APDU encrypted instruction in a TLV format and transmits the APDU encrypted instruction to a security module, after the security module receives the APDU encrypted instruction in the TLV format transmitted by the main control MCU, the security module transmits a completion response message to the main control MCU, the main control MCU CAN convert the completion response message into a CAN message and transmit the CAN message to the upper computer, and for an execution instruction for quitting transmission, the CAN message is normally completed and transmitted according to a specification, and the transmission of the encrypted data packet is completed in a circulating manner.
As some embodiments of the present invention, sequence counters may be simultaneously disposed at the upper computer side and the main control MCU side to perform a counting operation in a data transmission process, when a certain number of times of counting is satisfied, a memory check is performed to complete self-updating of an applet of the security module, then, the security module performs update status query of the applet, after the query is passed, status reset of the security module is performed to remove a silent state of a non-programming node, then, the security module packages a diagnostic response and completes transmission of the response to the main control MCU, and the main control MCU converts the response into CAN data to return to the upper computer.
In some embodiments of the present invention, before the secure communication channel between the host MCU and the server is established, the data packet to be updated is further obtained from the server, and it should be explained that before the secure communication channel between the host MCU and the server is established, the host computer may obtain the data packet to be updated from the server and load the data packet to be updated into the local memory, so that the host computer may obtain the data packet to be updated and store the data packet to be updated.
According to the computer-readable storage medium of the embodiment of the present invention, the offline update program based on the vehicle-mounted applet is stored thereon, and when the offline update program based on the vehicle-mounted applet is executed by the processor, the offline update method of the vehicle-mounted applet according to the embodiment can be implemented.
According to the computer-readable storage medium provided by the embodiment of the invention, the vehicle-mounted applet can be quickly and conveniently updated in an off-line manner, and the failure of updating the vehicle-mounted applet and the loss of the function of the vehicle-mounted applet can not be caused, so that the loss of the function of a vehicle can be avoided, and meanwhile, the transmission safety in the data transmission process can be ensured.
In order to implement the foregoing embodiment, the present invention further provides a main control MCU20, where the main control MCU20 includes a memory, a processor, and a vehicle-mounted applet offline updating program stored in the memory and operable on the processor, and when the processor executes the vehicle-mounted applet offline updating program, the vehicle-mounted applet offline updating method of the foregoing embodiment can be implemented.
According to the main control MCU20 of the embodiment of the present invention, the processor executes the vehicle-mounted applet off-line update program stored in the memory, so that the vehicle-mounted applet can be updated quickly and conveniently off-line, and the failure of the update of the vehicle-mounted applet and the loss of the function of the vehicle-mounted applet will not be caused, thereby avoiding the loss of the function of the vehicle and simultaneously ensuring the transmission safety during the data transmission process.
In order to implement the foregoing embodiment, the present invention further provides an upper computer 10, where the upper computer 10 includes a memory, a processor, and a vehicle-mounted applet offline updating program stored in the memory and capable of running on the processor, and when the processor executes the vehicle-mounted applet offline updating program, the vehicle-mounted applet offline updating method of the foregoing embodiment may be implemented.
According to the upper computer provided by the embodiment of the invention, the processor executes the vehicle-mounted applet offline updating program stored in the memory, so that the vehicle-mounted applet can be quickly and conveniently updated offline, and the vehicle-mounted applet updating failure and the vehicle-mounted applet function loss can not be caused, thereby avoiding the function loss of a vehicle and ensuring the transmission safety in the data transmission process.
As shown in fig. 4, each of the upper computer 10 and the master MCU20 may include at least one processor 1201, at least one communication interface 1202, at least one memory 1203 and at least one communication bus 1204. In the embodiment of the present invention, the number of the processor 1201, the communication interface 1202, the memory 1203 and the communication bus 1204 is at least one, and the processor 1201, the communication interface 1202 and the memory 1203 complete communication with each other through the communication bus 1204.
The Memory 1203 may be, but is not limited to, a Random Access Memory (RAM), a Read Only Memory (ROM), a Programmable Read-Only Memory (PROM), an Erasable Read-Only Memory (EPROM), an electrically Erasable Read-Only Memory (EEPROM), and the like. The memory 1203 is configured to store a program, and the processor 1201 executes the program after receiving the execution instruction, so as to implement the steps of the off-line updating method for the vehicle-mounted applet, which are described in the foregoing embodiment.
The processor 1201 may be an integrated circuit chip having signal processing capabilities. The processor may be a general-purpose processor, including a Central Processing Unit (CPU), a Network Processor (NP), and the like; but may also be a Digital Signal Processor (DSP), an Application Specific Integrated Circuit (ASIC), a Field Programmable Gate Array (FPGA) or other programmable logic device, discrete gate or transistor logic device, discrete hardware components. The various methods, steps and logic blocks disclosed in the embodiments of the present invention may be implemented or performed. A general purpose processor may be a microprocessor or the processor may be any conventional processor or the like.
It should be noted that the logic and/or steps represented in the flowcharts or otherwise described herein, such as an ordered listing of executable instructions that can be considered to implement logical functions, can be embodied in any computer-readable medium for use by or in connection with an instruction execution system, apparatus, or device, such as a computer-based system, processor-containing system, or other system that can fetch the instructions from the instruction execution system, apparatus, or device and execute the instructions. For the purposes of this description, a "computer-readable medium" can be any means that can contain, store, communicate, propagate, or transport the program for use by or in connection with the instruction execution system, apparatus, or device. More specific examples (a non-exhaustive list) of the computer-readable medium would include the following: an electrical connection (electronic device) having one or more wires, a portable computer diskette (magnetic device), a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), an optical fiber device, and a portable compact disc read-only memory (CDROM). Further, the computer-readable medium could even be paper or another suitable medium upon which the program is printed, as the program can be electronically captured, via for instance optical scanning of the paper or other medium, then compiled, interpreted or otherwise processed in a suitable manner if necessary, and then stored in a computer memory.
It should be understood that portions of the present invention may be implemented in hardware, software, firmware, or a combination thereof. In the above embodiments, the various steps or methods may be implemented in software or firmware stored in memory and executed by a suitable instruction execution system. For example, if implemented in hardware, as in another embodiment, any one or combination of the following techniques, which are known in the art, may be used: a discrete logic circuit having a logic gate circuit for implementing a logic function on a data signal, an application specific integrated circuit having an appropriate combinational logic gate circuit, a Programmable Gate Array (PGA), a Field Programmable Gate Array (FPGA), or the like.
In the description of the present invention, it is to be understood that the terms "central," "longitudinal," "lateral," "length," "width," "thickness," "upper," "lower," "front," "rear," "left," "right," "vertical," "horizontal," "top," "bottom," "inner," "outer," "clockwise," "counterclockwise," "axial," "radial," "circumferential," and the like are used in the orientations and positional relationships indicated in the drawings for convenience in describing the invention and to simplify the description, and are not intended to indicate or imply that the referenced device or element must have a particular orientation, be constructed and operated in a particular orientation, and are not to be considered limiting of the invention.
In the description of the present invention, "the first feature" and "the second feature" may include one or more of the features.
In the description of the present invention, "a plurality" means two or more.
In the description of the present invention, the first feature being "on" or "under" the second feature may include the first and second features being in direct contact, and may also include the first and second features being in contact with each other not directly but through another feature therebetween.
In the description of the invention, "above", "over" and "above" a first feature in a second feature includes the first feature being directly above and obliquely above the second feature, or simply means that the first feature is higher in level than the second feature.
In the description herein, references to the description of the term "one embodiment," "some embodiments," "an illustrative embodiment," "an example," "a specific example," or "some examples" or the like mean that a particular feature, structure, material, or characteristic described in connection with the embodiment or example is included in at least one embodiment or example of the invention. In this specification, the schematic representations of the terms used above do not necessarily refer to the same embodiment or example. Furthermore, the particular features, structures, materials, or characteristics described may be combined in any suitable manner in any one or more embodiments or examples.
While embodiments of the invention have been shown and described, it will be understood by those of ordinary skill in the art that: various changes, modifications, substitutions and alterations can be made to the embodiments without departing from the principles and spirit of the invention, the scope of which is defined by the claims and their equivalents.

Claims (15)

1. An off-line updating method for a vehicle-mounted applet, comprising:
after a secure communication channel between the host computer and the host computer is established, performing bidirectional authentication with the host computer based on the secure communication channel, and receiving an encrypted data packet issued by the host computer after the bidirectional authentication is successful;
and decrypting and converting the encrypted data packet to generate a TLV format data packet, encrypting the TLV format data packet and sending the TLV format data packet to a security module so that the applet stored in the security module can be updated according to the decrypted TLV format data packet.
2. The method for updating the car-mounted applet off-line as claimed in claim 1, wherein establishing a secure communication channel with the upper computer comprises:
and receiving a safety operation execution command issued by the upper computer, responding the safety operation execution command according to a preset safety channel standard requirement to generate a response command, and sending the response command to the upper computer to complete the establishment of the safety communication channel.
3. The off-line update method of the car-mounted applet according to claim 1 or 2, wherein the bidirectional authentication with the upper computer based on the secure communication channel comprises:
and receiving a static key sent by the upper computer, calculating a shared negotiation key pair according to the static key, and finishing bidirectional authentication according to the shared negotiation key pair.
4. The method for updating the vehicle-mounted applet off-line as claimed in claim 3, characterized in that after the mutual authentication is completed, a session key is generated according to the shared negotiation key pair by interacting with the upper computer, and the encrypted data packet is decrypted according to the session key.
5. The method for updating the vehicle-mounted applet off-line as claimed in claim 1, wherein before receiving the encrypted data packet, the received upper computer request message is converted into an APDU encryption command and sent to the security module, and the response message fed back by the security module is received, and the format of the response message is converted and then uploaded to the upper computer.
6. An off-line updating method for a vehicle-mounted applet, comprising:
after a secure communication channel between the master control MCU and the master control MCU is established, performing bidirectional authentication with the master control MCU based on the secure communication channel;
after the bidirectional authentication is successful, encrypting a data packet to be updated to generate an encrypted data packet, and sending the encrypted data packet to the master control MCU, so that the master control MCU can decrypt and convert the format of the encrypted data packet to generate a TLV format data packet;
and encrypting the TLV format data packet through the main control MCU and then sending the TLV format data packet to a security module so as to update the applet stored in the security module according to the decrypted TLV format data packet.
7. The method for updating the vehicle-mounted applet off-line according to claim 6, wherein establishing a secure communication channel with the master MCU comprises:
sending a command for executing the safe operation to the main control MCU, so that the main control MCU responds to the command for executing the safe operation according to the requirement of a preset safe channel specification to generate a response command;
and completing the establishment of the secure communication channel after receiving the response command.
8. The off-line update method of the vehicle-mounted applet according to claim 6 or 7, wherein the bidirectional authentication with the master MCU based on the secure communication channel comprises:
and sending a static key to the master control MCU, calculating a shared negotiation key pair according to the static key by interacting with the master control MCU, and finishing bidirectional authentication according to the shared negotiation key pair.
9. The off-line updating method of the vehicle-mounted applet according to claim 8, wherein after the mutual authentication is completed, the method further interacts with the main control MCU to generate a session key according to the shared negotiation key pair, and encrypts the data packet to be updated according to the session key.
10. The method for updating the vehicle-mounted applet offline as claimed in claim 6, wherein before sending the encrypted data packet to the main control MCU, an upper computer request message is further sent to the main control MCU, so that the main control MCU converts the upper computer request message into an APDU encryption command and sends the APDU encryption command to the security module, and receives a conversion message uploaded by the main control MCU, wherein the conversion message is obtained by the main control MCU through format conversion of a received response message fed back by the security module.
11. The method for updating the vehicle-mounted applet as claimed in claim 6, wherein before establishing the secure communication channel with the MCU, the data packet to be updated is further obtained from the server.
12. A computer-readable storage medium having stored thereon a vehicle-based applet offline updating program, which when executed by a processor implements the vehicle-based applet offline updating method according to any one of claims 1 to 5 or the vehicle-based applet offline updating method according to any one of claims 6 to 11.
13. A master MCU, comprising a memory, a processor and a vehicle applet offline updating program stored in the memory and operable on the processor, wherein the processor implements the vehicle applet offline updating method according to any one of claims 1 to 5 when executing the vehicle applet offline updating program.
14. A host computer, comprising a memory, a processor and a vehicle-mounted applet offline updating program stored in the memory and operable on the processor, wherein the processor implements the vehicle-mounted applet offline updating method according to any one of claims 6 to 11 when executing the vehicle-mounted applet offline updating program.
15. The off-line updating system of the vehicle-mounted applet is characterized by comprising an upper computer, a main control MCU and a safety module, wherein the applet is arranged in the safety module,
the upper computer is used for establishing a secure communication channel with the main control MCU, performing bidirectional authentication with the main control MCU according to the secure communication channel after the secure communication channel is established, encrypting a data packet to be updated after the bidirectional authentication is successful to generate an encrypted data packet, and sending the encrypted data packet to the main control MCU;
the main control MCU is used for decrypting and converting the encrypted data packet to generate a TLV format data packet, encrypting the TLV format data packet and then sending the TLV format data packet to the security module;
and the safety module receives and decrypts the encrypted TLV format data packet, and updates the applet according to the decrypted TLV format data packet.
CN202110009731.2A 2021-01-05 2021-01-05 Vehicle-mounted applet offline updating method and vehicle-mounted applet offline updating system Pending CN114721680A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202110009731.2A CN114721680A (en) 2021-01-05 2021-01-05 Vehicle-mounted applet offline updating method and vehicle-mounted applet offline updating system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202110009731.2A CN114721680A (en) 2021-01-05 2021-01-05 Vehicle-mounted applet offline updating method and vehicle-mounted applet offline updating system

Publications (1)

Publication Number Publication Date
CN114721680A true CN114721680A (en) 2022-07-08

Family

ID=82233449

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202110009731.2A Pending CN114721680A (en) 2021-01-05 2021-01-05 Vehicle-mounted applet offline updating method and vehicle-mounted applet offline updating system

Country Status (1)

Country Link
CN (1) CN114721680A (en)

Similar Documents

Publication Publication Date Title
EP3690643B1 (en) Vehicle-mounted device upgrading method and related device
US10244394B2 (en) Method and update gateway for updating an embedded control unit
EP3780481B1 (en) Method for upgrading vehicle-mounted device, and related device
CN112543927B (en) Equipment upgrading method and related equipment
CN112585905B (en) Equipment upgrading method and related equipment
US20220276855A1 (en) Method and apparatus for processing upgrade package of vehicle
CN109743176B (en) POS terminal certificate updating method, server and POS terminal
US7840321B2 (en) System of control devices in a motor vehicle with protected diagnostics access points and method of using the system
CN110621014B (en) Vehicle-mounted equipment, program upgrading method thereof and server
US10812261B2 (en) Vehicle system and key distribution method
CN110191415B (en) Vehicle information encryption method, vehicle-mounted equipment and server
CN113439425B (en) Message transmission method and device
CN113452517A (en) Key updating method, device, system, storage medium and terminal
CN113805916A (en) Upgrading method, system, readable storage medium and vehicle
CN114721680A (en) Vehicle-mounted applet offline updating method and vehicle-mounted applet offline updating system
CN109067742B (en) Peripheral equipment authentication method, elevator control equipment and elevator peripheral equipment
JP2018050255A (en) Vehicle information collecting system, data security device, vehicle information collecting method, and computer program
CN113115309B (en) Data processing method and device for Internet of vehicles, storage medium and electronic equipment
CN113783879A (en) Carrier control method, system, carrier, equipment and medium
JPWO2020090418A1 (en) Electronic control device, reprogramming method of electronic control device
CN114946155A (en) Vehicle diagnosis system, method and device
CN217607903U (en) TBOX device, vehicle, and external reading device
CN114785521B (en) Authentication method, authentication device, electronic equipment and storage medium
WO2022241799A1 (en) Key generation method and apparatus
JP6919430B2 (en) Network system

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination