CN115442064A - Vehicle controller diagnosis method, device, equipment and medium - Google Patents
Vehicle controller diagnosis method, device, equipment and medium Download PDFInfo
- Publication number
- CN115442064A CN115442064A CN202210346806.0A CN202210346806A CN115442064A CN 115442064 A CN115442064 A CN 115442064A CN 202210346806 A CN202210346806 A CN 202210346806A CN 115442064 A CN115442064 A CN 115442064A
- Authority
- CN
- China
- Prior art keywords
- controller
- authentication
- diagnostic
- vehicle
- equipment
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
-
- G—PHYSICS
- G07—CHECKING-DEVICES
- G07C—TIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
- G07C5/00—Registering or indicating the working of vehicles
- G07C5/08—Registering or indicating performance data other than driving, working, idle, or waiting time, with or without registering driving, working, idle or waiting time
- G07C5/0808—Diagnosing performance data
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2209/00—Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
- H04L2209/84—Vehicles
Abstract
The present disclosure relates to a vehicle controller diagnostic method, apparatus, device and medium, comprising: responding to an identity authentication request sent by the diagnostic equipment, and performing mutual authentication with the diagnostic equipment; after the mutual authentication is passed, the controller with the access right of the diagnostic equipment is authorized in response to the access request sent by the diagnostic equipment, so that before the diagnostic equipment diagnoses the controller, the identities of the diagnostic equipment and the vehicle are authenticated through a mutual authentication mechanism, and further the safety of the subsequent diagnostic equipment in diagnosing the controller is ensured.
Description
Technical Field
The present disclosure relates to the field of vehicle communication technologies, and in particular, to a vehicle controller diagnosis method, apparatus, device, and medium.
Background
With the rapid development of the electronics, intelligence and networking of vehicles, the size and complexity of the electronic systems in the vehicles are increasing. The vehicle Ethernet technology is expected to become a backbone network of future intelligent vehicles.
In the prior art, access and diagnosis can be performed On each controller in the ethernet of a vehicle based On an open OBD (On Board Diagnostics) network interface or other interfaces. Specifically, the after-market Diagnostic device (PC, client program, etc.) can perform operations of specified services On the vehicle by connecting to the interface, such as reading version information, modifying vehicle configuration, reading fault codes, etc., using a specific protocol (e.g., doIP protocol (Diagnostic On IP)).
In the prior art, in the process of implementing access diagnosis on each controller in the vehicle ethernet based on the OBD network interface, there may be a problem of vehicle information security risk, for example, the OBD interface is vulnerable to hacking, the vehicle bus network is subject to hacking, and the like.
Therefore, how to guarantee the safety of diagnosing each controller in the vehicle ethernet technology becomes a problem to be solved.
Disclosure of Invention
To address the above technical problems or at least partially solve the above technical problems, the present disclosure provides a vehicle controller diagnostic method, apparatus, device, and medium.
In a first aspect, an embodiment of the present disclosure provides a vehicle controller diagnostic method, including:
responding to an identity authentication request sent by diagnostic equipment, and performing mutual authentication with the diagnostic equipment;
and after the mutual authentication is passed, responding to an access request sent by the diagnostic equipment, and authorizing the controller with the access right of the diagnostic equipment.
Optionally, the mutually authenticating with the diagnostic device includes:
responding to an identity authentication request sent by the diagnostic equipment, generating a first authentication message and sending the first authentication message to the diagnostic equipment;
receiving a second authentication message sent by the diagnosis equipment after the first authentication message passes authentication, and authenticating the second authentication message;
and when the second authentication message passes the authentication, confirming that the mutual authentication passes.
Optionally, the generating a first authentication packet and sending the first authentication packet to the diagnostic device in response to the identity authentication request sent by the diagnostic device includes:
responding to an identity authentication request sent by the diagnosis equipment, and acquiring identification information;
and after the identification information is signed based on a first private key, generating a first authentication message and sending the first authentication message to the diagnostic equipment so that the diagnostic equipment authenticates the first authentication message through a first public key, wherein the first public key and the first private key are a pair of keys.
Optionally, the authenticating the second authentication packet includes:
and authenticating the second authentication message through a second public key, wherein the second authentication message is generated after the diagnostic device signs the identification information based on a second private key, and the second public key and the second private key form a pair of keys.
Optionally, the access request includes authorization controller identification information;
the authorizing the controller with the access right of the diagnostic device in response to the access request sent by the diagnostic device comprises:
and in response to the access request sent by the diagnostic equipment, determining a controller corresponding to the authorized controller identification information, and sending an authorization request to an authorization module so that the authorization module authorizes the controller based on the authorization request.
Optionally, the access request includes user identification information;
the authorizing the controller with the access right of the diagnostic device in response to the access request sent by the diagnostic device comprises:
and in response to the access request sent by the diagnosis equipment, determining a target controller with access authority of the diagnosis equipment based on the user identification information, and authorizing the target controller with access authority of the diagnosis equipment.
Optionally, the access request includes authorization controller identification information and user identification information;
the authorizing the controller with the access right of the diagnostic device in response to the access request sent by the diagnostic device comprises:
determining a target controller based on the authorized controller identification information in response to an access request sent by the diagnostic device;
and determining the access authority of the diagnostic equipment to the target controller from the target controller based on the user identification information so as to enable an authorization module to authorize the target controller within the access authority based on an authorization request.
Optionally, after the authenticating the diagnostic device is passed, and after the authorizing is performed on the controller having the access right to the diagnostic device in response to the access request sent by the diagnostic device, the method further includes:
in response to a closing request sent by the diagnosis equipment, deleting the access right issued to the controller; or the like, or a combination thereof,
and deleting the access right issued to the controller when the state of the diagnostic equipment is detected to be an off-line state.
In a second aspect, embodiments of the present disclosure provide a vehicle controller diagnostic apparatus, including:
the identity authentication module is used for responding to an identity authentication request sent by the diagnostic equipment and performing mutual authentication with the diagnostic equipment;
and the authorization module is used for responding to the access request sent by the diagnostic equipment and authorizing the controller with the access right of the diagnostic equipment.
In a third aspect, an embodiment of the present disclosure provides an electronic device, including:
one or more processors;
a storage device to store one or more programs,
when executed by the one or more processors, cause the one or more processors to implement a method as in any one of the first aspects.
In a fourth aspect, embodiments of the present disclosure provide a computer-readable storage medium, on which a computer program is stored, which when executed by a processor, implements the method according to any one of the first aspects.
Compared with the prior art, the technical scheme provided by the embodiment of the disclosure has the following advantages:
the vehicle controller diagnosis method, the vehicle controller diagnosis device, the vehicle controller diagnosis equipment and the vehicle controller diagnosis medium respond to the identity authentication request sent by the diagnosis equipment and perform mutual authentication with the diagnosis equipment; and after the mutual authentication is passed, responding to an access request sent by the diagnostic equipment, and authorizing the controller with the access right of the diagnostic equipment, wherein the identity authentication request is a request for mutual authentication with the diagnostic equipment, namely mutual authentication of identities between the vehicle and the diagnostic equipment, so that before the diagnostic equipment diagnoses the controller, the identities of the diagnostic equipment and the vehicle are authenticated through a mutual authentication mechanism, and further the safety of subsequent diagnostic equipment for diagnosing the controller is ensured.
Drawings
The accompanying drawings, which are incorporated in and constitute a part of this specification, illustrate embodiments consistent with the present disclosure and together with the description, serve to explain the principles of the disclosure.
In order to more clearly illustrate the embodiments or technical solutions in the prior art of the present disclosure, the drawings used in the description of the embodiments or prior art will be briefly described below, and it is obvious for those skilled in the art that other drawings can be obtained according to the drawings without inventive exercise.
FIG. 1 is a schematic flow chart diagram of a vehicle controller diagnostic method provided by an embodiment of the present disclosure;
FIG. 2 is a schematic flow chart diagram of another vehicle controller diagnostic method provided by an embodiment of the present disclosure;
FIG. 3 is an interactive schematic diagram of a vehicle controller diagnostic provided by an embodiment of the present disclosure;
FIG. 4 is a schematic flow chart diagram of yet another vehicle controller diagnostic method provided by an embodiment of the present disclosure;
FIG. 5 is an interactive schematic diagram of another vehicle controller diagnostic provided by an embodiment of the present disclosure;
FIG. 6 is an interactive schematic diagram of yet another vehicle controller diagnostic provided by an embodiment of the present disclosure;
fig. 7 is a schematic structural diagram of a vehicle controller diagnostic device provided by an embodiment of the present disclosure;
fig. 8 is a schematic structural diagram of an electronic device according to an embodiment of the present disclosure.
Detailed Description
In order that the above objects, features and advantages of the present disclosure may be more clearly understood, aspects of the present disclosure will be further described below. It should be noted that the embodiments and features of the embodiments of the present disclosure may be combined with each other without conflict.
In the following description, numerous specific details are set forth in order to provide a thorough understanding of the present disclosure, but the present disclosure may be practiced in other ways than those described herein; it is to be understood that the embodiments disclosed in the specification are only a few embodiments of the present disclosure, and not all embodiments.
The vehicle controller diagnosis method provided by the embodiment of the disclosure is applied to the intelligent vehicle, and the method provided by the embodiment of the disclosure can be executed by the intelligent vehicle.
Fig. 1 is a schematic flowchart of a vehicle controller diagnosis method provided in an embodiment of the present disclosure, and as shown in fig. 1, the vehicle controller diagnosis method specifically includes the following steps:
and S10, responding to the identity authentication request sent by the diagnosis equipment, and performing mutual authentication with the diagnosis equipment.
The mutual authentication refers to the identity authentication of the vehicle diagnosis equipment and the authentication of the diagnosis equipment to the identity of the vehicle.
The diagnostic device in the embodiment of the present application may be a device capable of performing ethernet communication with an intelligent vehicle, such as an intelligent diagnostic device/a personal computer/a personal handheld terminal/an OBD device.
And S20, after the mutual authentication is passed, responding to an access request sent by the diagnostic equipment, and authorizing the controller with the access right of the diagnostic equipment.
In a specific example, the access request in the embodiment of the present application includes: request read operations, request write operations, request read and write operations, etc. Of course, in the embodiments of the present application, the request permission for the controller may be divided into more different partitions, and for clarity and conciseness of the description, the embodiments of the present application are not listed one by one. It should be understood that the specific expressions in the embodiments of the present application for the scope of the claims are only examples. The authorization includes authorization operation of read authority, authorization operation of write authority, authorization operation of read-write authority, and the like.
Specifically, authorizing the controller having the access right of the diagnostic device includes:
the vehicle issues an authorization request to an authorization module in the vehicle so as to authorize the controller with the access right of the diagnostic device through the authorization module.
It should be noted that, in a specific embodiment, a controller of a vehicle ethernet network includes a domain control unit and an electronic control unit, where one domain control unit is in communication connection with one or more electronic control units, and the domain control unit may acquire message information corresponding to the one or more electronic control units in communication connection with the domain control unit.
Optionally, as an implementation manner, in response to the access request sent by the diagnostic device, the controller corresponding to the authorized controller identification information is determined, and the authorization request is sent to the authorization module, so that the authorization module authorizes the controller based on the authorization request.
Specifically, the access request sent by the diagnostic device includes authorization controller identification information, for example, the authorization controller identification information included in the access request is controller 1, controller 3, and controller 5, at this time, after the vehicle receives the access request sent by the diagnostic device, based on the authorization controller identification information included in the access request, the controller corresponding to the authorization controller identification information is selected, and after the vehicle determines the controller corresponding to the authorization identification information, the authorization module authorizes the controller corresponding to the authorization identification information by issuing the authorization request to the authorization module of the vehicle.
Optionally, as another possible implementation manner, in response to the access request sent by the diagnostic device, the target controller to which the diagnostic device has the access right is determined based on the user identification information, and the target controller to which the diagnostic device has the access right is authorized.
Specifically, the access request sent by the diagnostic device includes user identification information, the vehicle selects a target controller having access authority for the diagnostic device based on the user identification information included in the access request after receiving the access request sent by the diagnostic device, and the vehicle, after determining the target controller, issues the access request to an authorization module of the vehicle so that the authorization module authorizes the target controller.
Illustratively, authorizing the target controller includes: and (4) opening rules and other operations of the specified service, and allowing read or write related function operations to be carried out on the specified controller.
Optionally, as another possible implementation, in response to the access request sent by the diagnostic device, determining the target controller based on the authorized controller identification information; and determining the access authority of the diagnostic equipment to the target controller from the target controller based on the user identification information so that the authorization module authorizes the target controller within the access authority based on the authorization request.
Specifically, the access request sent by the diagnostic device includes authorized controller identification information and user identification information, for example, the authorized controller identification information included in the access request is controller 1, controller 3 and controller 5, at this time, after the vehicle receives the access request sent by the diagnostic device, based on the authorized controller identification information included in the access request, a target controller corresponding to the authorized controller identification information is selected, then based on the user identification information included in the access request, the access authority of the diagnostic device to the target controller is determined from the determined target controller, for example, it is determined that the controller 5 has access authority corresponding to the user identification information, and then the authorization module authorizes the target controller, that is, the controller 5, by issuing the authorization request to the authorization module of the vehicle.
The vehicle controller diagnosis method provided by the embodiment of the disclosure responds to an identity authentication request sent by a diagnosis device, and performs mutual authentication with the diagnosis device; and after the mutual authentication is passed, responding to an access request sent by the diagnostic equipment, and authorizing the controller with the access right of the diagnostic equipment, wherein the identity authentication request is a request for mutual authentication with the diagnostic equipment, namely mutual authentication of identities between the vehicle and the diagnostic equipment, so that before the diagnostic equipment diagnoses the controller, the identities of the diagnostic equipment and the vehicle are authenticated through a mutual authentication mechanism, and further the safety of subsequent diagnostic equipment for diagnosing the controller is ensured.
Fig. 2 is a schematic flowchart of another vehicle controller diagnosis method provided in an embodiment of the present disclosure, fig. 3 is an interactive schematic diagram of vehicle controller diagnosis provided in an embodiment of the present disclosure, and the embodiment of the present disclosure is based on the foregoing embodiments, and with reference to fig. 2 and fig. 3, one implementable manner of step S10 includes:
s11, responding to the identity authentication request sent by the diagnosis equipment, generating a first authentication message and sending the first authentication message to the diagnosis equipment.
With reference to fig. 3, firstly, the diagnostic device sends an identity authentication request to the vehicle, and after receiving the identity authentication request sent by the diagnostic device, the vehicle generates a first authentication message based on the identity authentication request and sends the first authentication message to the diagnostic device, so that the diagnostic device authenticates the first authentication message.
That is, the vehicle sends a first authentication message including vehicle information to the diagnostic device, so that the diagnostic device authenticates the identity of the vehicle based on the first authentication message sent by the vehicle.
S12, receiving a second authentication message sent by the diagnosis equipment after the first authentication message passes the authentication, and authenticating the second authentication message.
Continuing to refer to fig. 3, after the vehicle sends the first authentication message to the diagnostic device, the diagnostic device authenticates the first authentication message sent by the vehicle, and when the diagnostic device authenticates the first authentication message, the diagnostic device sends the second authentication message to the vehicle, so that the vehicle authenticates the identity of the diagnostic device based on the second authentication message sent by the diagnostic device.
And S13, confirming that the mutual authentication is passed when the second authentication message passes the authentication.
When the vehicle passes the authentication of the second authentication message, it can be determined that the diagnostic device and the vehicle both pass the authentication, and when receiving the access request sent by the diagnostic device, the vehicle authorizes the controller having the access right of the diagnostic device.
Fig. 4 is a schematic flowchart of another vehicle controller diagnosis method provided in an embodiment of the present disclosure, fig. 5 is an interactive schematic diagram of another vehicle controller diagnosis provided in an embodiment of the present disclosure, and based on the foregoing embodiment, as shown in fig. 4, a specific implementable manner of step S11 includes:
and S110, responding to the identity authentication request sent by the diagnosis equipment, and acquiring the identification information.
The identification information is used for identifying the identity of the vehicle, and specifically, the identification information is used for identifying the ID of the vehicle.
The diagnostic equipment sends an identity authentication request to the vehicle, and after the vehicle receives the identity authentication request sent by the diagnostic equipment, the vehicle firstly generates identification information of the vehicle based on the identity authentication request.
S111, after the identification information is signed based on the first private key, a first authentication message is generated and sent to the diagnosis device, so that the diagnosis device authenticates the first authentication message through the first public key.
The first public key and the first private key are a pair of keys.
After the vehicle acquires the identity authentication request and generates the identification information, the identification information generated by the vehicle is signed by the first private key to generate a first authentication message and the first authentication message is sent to the diagnosis device, and at the moment, the diagnosis device receives the first authentication message and verifies the first authentication message.
Specifically, the vehicle responds to an identity authentication request sent by the diagnostic equipment, randomly generates identification information, signs the generated identification information by using a first private key, generates a first authentication message, and sends the first authentication message to the diagnostic equipment. Since the first private key is private and the first public key is public, when the diagnostic device can authenticate the first authentication message by using the first public key, it indicates that the diagnostic device passes the authentication of the vehicle.
When an implementation of step S11 of the vehicle controller diagnostic method includes steps S110 and S111, one implementation of step S12 includes:
and S120, authenticating the second authentication message sent by the diagnostic equipment through the second public key.
The second authentication message is generated after the diagnostic device signs the identification information based on the second private key, and the second public key and the second private key are a pair of keys.
When the diagnosis device passes the authentication of the first authentication message, the diagnosis device sends a second authentication message to the vehicle, the second authentication message is generated by the diagnosis device through signing the identification information by a second private key, and if the vehicle comprises a second public key corresponding to the second private key, the vehicle can decrypt the second authentication message through the second public key after receiving the second authentication message, so that the vehicle can authenticate the diagnosis device.
It should be noted that, in the vehicle controller diagnosis method provided in the foregoing embodiment, in the process of signing the identification information based on the first private key and authenticating the second authentication message sent by the diagnostic device through the second public key, the act of signing the identification information or the act of authenticating the second authentication message may be performed based on the vehicle, and specifically, may be an identity authentication module in the vehicle.
According to the vehicle controller diagnosis method provided by the embodiment of the disclosure, after a vehicle receives an identity authentication request, identification information is generated, after the identification information is signed based on a first private key, a first authentication message is generated and sent to a diagnosis device, so that the diagnosis device authenticates the first authentication message through a first public key, namely, the diagnosis device decrypts the first authentication message through the first public key, and further realizes the vehicle authentication of the diagnosis device, after the diagnosis device authenticates the first authentication message, the diagnosis device signs the identification information through a second private key to generate a second authentication message, and then sends the second authentication message to the vehicle, so that the vehicle authenticates the second authentication message based on a second public key, namely, the vehicle decrypts the second authentication message through the second public key, further the authentication of the vehicle on the diagnosis device is completed, a bidirectional authentication mechanism is realized, and the safety of the diagnosis device for diagnosing a controller is ensured.
As an implementable manner, the vehicle controller diagnosis method provided by the embodiment of the present disclosure further includes:
and deleting the access right issued to the controller in response to a closing request sent by the diagnostic equipment.
As shown in fig. 6, when the vehicle receives the shutdown request sent by the diagnostic device, the vehicle deletes the access right issued to the controller, so that the right of the diagnostic device to access the vehicle is shut down.
As another possible implementation manner, with continued reference to fig. 6, when it is detected that the state of the diagnostic device is an offline state, the access right issued to the controller is deleted.
In addition, if the diagnostic equipment does not send a closing request after the diagnostic equipment completes the diagnosis of the controller, the diagnostic equipment is directly closed, at the moment, the corresponding diagnostic equipment is not in an off-line state, and when the vehicle detects that the diagnostic equipment is in the off-line state, the vehicle closes the access right issued to the controller.
In the above embodiments, the vehicle end is exemplarily illustrated as the execution subject, and the diagnosis device side is specifically described as the execution subject by the following description of specific embodiments.
Specifically, the method comprises the following steps: the vehicle controller diagnostic method includes:
and sending an identity authentication request to the vehicle so that the vehicle can mutually authenticate with the diagnostic equipment based on the access request.
Firstly, diagnostic equipment sends an identity authentication request to a vehicle, and after the vehicle receives the identity authentication request sent by the diagnostic equipment, the vehicle performs identity authentication with the diagnostic equipment based on the identity authentication request.
After the vehicle passes the authentication, an access request is sent to the vehicle, so that the vehicle authorizes the controller with the access right of the diagnostic device based on the access request.
When the diagnostic equipment and the vehicle identity pass the mutual authentication, the bidirectional authentication between the vehicle and the diagnostic equipment is completed, and at the moment, the diagnostic equipment sends an access request to the vehicle, so that the vehicle authorizes a controller with access authority of the diagnostic equipment based on the access request.
As an implementation manner, after the identity authentication request is sent to the vehicle, the first authentication message sent by the vehicle is received, and the first authentication message is authenticated.
The method comprises the steps that firstly, an identity authentication request is sent to a vehicle by a diagnosis device, and after the vehicle receives the identity authentication request sent by the diagnosis device, a first authentication message is generated based on the identity authentication request and sent to the diagnosis device, so that the diagnosis device authenticates the first authentication message. That is, the vehicle sends a first authentication message including vehicle information to the diagnostic device, so that the diagnostic device authenticates the identity of the vehicle based on the first authentication message sent by the vehicle.
Optionally, a first authentication message sent by the vehicle is received, and the first authentication message is authenticated through the first public key.
The first authentication message is generated after the vehicle signs the identification information based on the first private key, the first public key and the first private key are a pair of keys, and the identification information is generated when the vehicle receives the identity authentication request.
The diagnostic equipment sends an identity authentication request to the vehicle, and after the vehicle receives the identity authentication request sent by the diagnostic equipment, the vehicle firstly generates identification information of the vehicle based on the identity authentication request. After the vehicle acquires the identity authentication request and generates the identification information, the identification information generated by the vehicle is signed by the first private key to generate a first authentication message and the first authentication message is sent to the diagnosis device, and at the moment, the diagnosis device verifies the first authentication message through the first public key.
As an implementation manner, after the first authentication message passes the authentication, the vehicle is confirmed to pass the authentication.
After the vehicle sends the first authentication message to the diagnosis device, the diagnosis device authenticates the first authentication message sent by the vehicle, when the diagnosis device passes the authentication of the first authentication message, the vehicle is confirmed to pass the authentication, and the diagnosis device sends the second authentication message to the vehicle, so that the vehicle verifies the identity of the diagnosis device based on the second authentication message sent by the diagnosis device.
And after the vehicle passes the authentication, sending a second authentication message to the vehicle so that the vehicle authenticates the second authentication message.
Specifically, after the vehicle passes the authentication, the identification information is signed based on the second private key, and then the second authentication message is sent to the vehicle, so that the vehicle authenticates the second authentication message, wherein the second public key and the second private key are a pair of keys.
When the diagnosis device passes the authentication of the first authentication message, the diagnosis device sends a second authentication message to the vehicle, the second authentication message is generated by the diagnosis device through signing the identification information by a second private key, and if the vehicle comprises a second public key corresponding to the second private key, the vehicle can decrypt the second authentication message through the second public key after receiving the second authentication message, so that the vehicle can authenticate the diagnosis device.
According to the vehicle Ethernet diagnosis method provided by the embodiment of the disclosure, the diagnosis device authenticates the first authentication message through the first public key, namely, the diagnosis device decrypts the first authentication message through the first public key, so as to realize the vehicle authentication of the diagnosis device, and after the diagnosis device authenticates the first authentication message, the diagnosis device signs the identification information through the second private key to generate the second authentication message, and then sends the second authentication message to the vehicle, so that the vehicle authenticates the second authentication message based on the second public key, namely, the vehicle decrypts the second authentication message through the second public key, so as to finish the vehicle authentication of the diagnosis device, and the first two key pairs realize a bidirectional authentication mechanism, so as to ensure the diagnosis security of the diagnosis device on the controller.
As an implementation, the vehicle ethernet diagnosis method further comprises:
and sending a closing request to the vehicle so that the vehicle deletes the access right issued to the controller based on the closing request.
When the vehicle passes the authentication of the second authentication message, it can be determined that the diagnostic device and the authentication requests at the two ends of the vehicle both pass, and when the access request sent by the diagnostic device is received, the vehicle authorizes the controller with the access right of the diagnostic device, so that the diagnostic device can diagnose the controller.
Fig. 7 is a schematic structural diagram of a vehicle controller diagnosis device provided in an embodiment of the present disclosure, and as shown in fig. 7, the vehicle controller diagnosis device includes:
the identity authentication module 710 is configured to perform mutual authentication with the diagnostic device in response to an identity authentication request sent by the diagnostic device;
and an authorization module 720, configured to authorize the controller to which the diagnostic device has access rights, in response to the access request sent by the diagnostic device.
The vehicle controller device provided by the embodiment of the disclosure responds to an identity authentication request sent by a diagnostic device and performs mutual authentication with the diagnostic device; and after the mutual authentication is passed, responding to an access request sent by the diagnostic equipment, and authorizing the controller with the access right of the diagnostic equipment, wherein the identity authentication request is a request for mutual authentication with the diagnostic equipment, namely mutual authentication of identities between the vehicle and the diagnostic equipment, so that before the diagnostic equipment diagnoses the controller, the identities of the diagnostic equipment and the vehicle are authenticated through a mutual authentication mechanism, and further, the safety of subsequent diagnostic equipment for diagnosing the controller is ensured.
Optionally, the identity authentication module includes:
the first authentication message sending module is used for responding to an identity authentication request sent by the diagnostic equipment, generating a first authentication message and sending the first authentication message to the diagnostic equipment;
the message authentication module is used for receiving a second authentication message sent by the diagnostic equipment after the first authentication message passes authentication and authenticating the second authentication message;
and the first judgment module is used for confirming that the mutual authentication is passed when the second authentication message passes the authentication.
Optionally, the first authentication packet sending module is specifically configured to:
responding to an identity authentication request sent by the diagnostic equipment, and acquiring identification information;
after signing the identification information based on the first private key, generating a first authentication message and sending the first authentication message to the diagnostic equipment, so that the diagnostic equipment authenticates the first authentication message through the first public key, wherein the first public key and the first private key are a key pair.
Optionally, the message authentication module is specifically configured to:
and authenticating a second authentication message sent by the diagnostic equipment through a second public key, wherein the second authentication message is generated after the diagnostic equipment signs the identification information based on a second private key, and the second public key and the second private key are a pair of keys.
Optionally, a specific implementation manner of the authorization module includes:
the access request includes authorization controller identification information;
and in response to the access request sent by the diagnosis equipment, determining the controller corresponding to the authorized controller identification information, and sending an authorization request to the authorization module so that the authorization module authorizes the controller based on the authorization request.
Optionally, another specific implementation manner of the authorization module includes:
the access request includes user identification information;
and in response to the access request sent by the diagnosis equipment, determining a target controller with access authority of the diagnosis equipment based on the user identification information, and authorizing the target controller with access authority of the diagnosis equipment.
Optionally, another specific implementation manner of the authorization module includes:
the access request comprises authorization controller identification information and user identification information;
determining a target controller based on the authorized controller identification information in response to an access request sent by the diagnostic device;
and determining the access authority of the diagnostic equipment to the target controller from the target controller based on the user identification information, so that the authorization module authorizes the target controller within the access authority based on the authorization request.
Optionally, the method further includes:
and the first access right deleting module is used for responding to a closing request sent by the diagnostic equipment and deleting the access right issued to the controller.
And the second access right deleting module is used for deleting the access right issued to the controller when the state of the diagnostic equipment is detected to be an offline state.
The device provided by the embodiment of the invention can execute the method provided by any embodiment of the invention, and has the corresponding functional modules and beneficial effects of the execution method.
It should be noted that, in the embodiment of the apparatus, the included units and modules are merely divided according to functional logic, but are not limited to the above division as long as the corresponding functions can be implemented; in addition, specific names of the functional units are only for convenience of distinguishing from each other, and are not used for limiting the protection scope of the present invention.
Fig. 8 is a schematic structural diagram of an electronic device according to an embodiment of the present disclosure, as shown in fig. 8, the electronic device includes a processor 810, a memory 820, an input device 830, and an output device 840; the number of the processors 810 in the computer device may be one or more, and one processor 810 is taken as an example in fig. 8; the processor 810, the memory 820, the input device 830 and the output device 840 in the electronic apparatus may be connected by a bus or other means, and the connection by the bus is exemplified in fig. 8.
The memory 820 is a computer-readable storage medium for storing software programs, computer-executable programs, and modules, such as program instructions/modules corresponding to the methods in the embodiments of the present invention. The processor 810 executes various functional applications and data processing of the computer device by executing software programs, instructions and modules stored in the memory 820, namely, the method provided by the embodiment of the present invention is realized.
The memory 820 may mainly include a program storage area and a data storage area, wherein the program storage area may store an operating system, an application program required for at least one function; the storage data area may store data created according to the use of the terminal, and the like. Further, the memory 820 may include high speed random access memory, and may also include non-volatile memory, such as at least one magnetic disk storage device, flash memory device, or other non-volatile solid state storage device. In some examples, the memory 820 may further include memory located remotely from the processor 810, which may be connected to a computer device through a network. Examples of such networks include, but are not limited to, the internet, intranets, local area networks, mobile communication networks, and combinations thereof.
The input device 830 may be used to receive input numeric or character information and generate key signal inputs related to user settings and function control of the electronic apparatus, and may include a keyboard, a mouse, and the like. The output device 840 may include a display device such as a display screen.
The embodiment of the disclosure also provides a vehicle, which comprises the electronic equipment provided by the embodiment.
The disclosed embodiments also provide a storage medium containing computer-executable instructions, which when executed by a computer processor, are used to implement the methods provided by the embodiments of the present invention.
Of course, the storage medium provided by the embodiment of the present invention contains computer-executable instructions, and the computer-executable instructions are not limited to the method operations described above, and may also perform related operations in the method provided by any embodiment of the present invention.
From the above description of the embodiments, it is obvious for those skilled in the art that the present invention can be implemented by software and necessary general hardware, and certainly, can also be implemented by hardware, but the former is a better embodiment in many cases. Based on such understanding, the technical solutions of the present invention may be embodied in the form of a software product, which can be stored in a computer-readable storage medium, such as a floppy disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a FLASH Memory (FLASH), a hard disk or an optical disk of a computer, and includes several instructions for enabling a computer device (which may be a personal computer, a server, or a network device) to execute the methods according to the embodiments of the present invention.
It is noted that, in this document, relational terms such as "first" and "second," and the like, are used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Also, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrases "comprising a," "8230," "8230," or "comprising" does not exclude the presence of additional like elements in a process, method, article, or apparatus that comprises the element.
The foregoing are merely exemplary embodiments of the present disclosure, which enable those skilled in the art to understand or practice the present disclosure. Various modifications to these embodiments will be readily apparent to those skilled in the art, and the generic principles defined herein may be applied to other embodiments without departing from the spirit or scope of the disclosure. Thus, the present disclosure is not intended to be limited to the embodiments shown herein but is to be accorded the widest scope consistent with the principles and novel features disclosed herein.
Claims (11)
1. A vehicle controller diagnostic method, comprising:
responding to an identity authentication request sent by diagnostic equipment, and performing mutual authentication with the diagnostic equipment;
and after the mutual authentication is passed, responding to an access request sent by the diagnosis equipment, and authorizing the controller with the access right of the diagnosis equipment.
2. The method of claim 1, wherein the mutually authenticating with the diagnostic device comprises:
responding to an identity authentication request sent by the diagnostic equipment, generating a first authentication message and sending the first authentication message to the diagnostic equipment;
receiving a second authentication message sent by the diagnosis equipment after the first authentication message passes authentication, and authenticating the second authentication message;
and when the second authentication message passes the authentication, confirming that the mutual authentication passes.
3. The method according to claim 2, wherein generating and sending a first authentication message to a diagnostic device in response to an identity authentication request sent by the diagnostic device comprises:
responding to an identity authentication request sent by the diagnosis equipment, and acquiring identification information;
and after signing the identification information based on a first private key, generating a first authentication message and sending the first authentication message to the diagnostic equipment so that the diagnostic equipment authenticates the first authentication message through a first public key, wherein the first public key and the first private key are a key pair.
4. The method of claim 3, wherein authenticating the second authentication message comprises:
and authenticating the second authentication message through a second public key, wherein the second authentication message is generated by the diagnostic device after signing the identification information based on a second private key, and the second public key and the second private key form a key pair.
5. The method of claim 1, wherein the access request includes authorization controller identification information;
the authorizing the controller with the access right of the diagnostic device in response to the access request sent by the diagnostic device comprises:
and in response to the access request sent by the diagnostic equipment, determining a controller corresponding to the authorized controller identification information, and sending an authorization request to an authorization module so that the authorization module authorizes the controller based on the authorization request.
6. The method of claim 1, wherein the access request includes user identification information;
the authorizing the controller with the access right of the diagnostic device in response to the access request sent by the diagnostic device comprises:
and in response to the access request sent by the diagnosis equipment, determining a target controller with access authority of the diagnosis equipment based on the user identification information, and authorizing the target controller with access authority of the diagnosis equipment.
7. The method of claim 1, wherein the access request includes authorization controller identification information and user identification information;
the authorizing the controller with the access right of the diagnostic device in response to the access request sent by the diagnostic device comprises:
determining a target controller based on the authorized controller identification information in response to an access request sent by the diagnostic device;
and determining the access authority of the diagnostic equipment to the target controller from the target controller based on the user identification information so as to enable an authorization module to authorize the target controller within the access authority based on an authorization request.
8. The method according to any one of claims 5 to 7, wherein after the authenticating the diagnostic device and the authorizing the controller having the access right of the diagnostic device in response to the access request sent by the diagnostic device, further comprising:
in response to a closing request sent by the diagnosis equipment, deleting the access right issued to the controller; or the like, or, alternatively,
and deleting the access right issued to the controller when the state of the diagnostic equipment is detected to be an off-line state.
9. A vehicle controller diagnostic device characterized by comprising:
the identity authentication module is used for responding to an identity authentication request sent by the diagnostic equipment and performing mutual authentication with the diagnostic equipment;
and the authorization module is used for responding to the access request sent by the diagnosis equipment and authorizing the controller with the access right of the diagnosis equipment.
10. An electronic device, comprising:
one or more processors;
a storage device to store one or more programs,
the one or more programs, when executed by the one or more processors, cause the one or more processors to perform the method recited in any one of claims 1-8.
11. A computer-readable storage medium, on which a computer program is stored, which program, when being executed by a processor, is adapted to carry out the method of any one of claims 1 to 8.
Priority Applications (2)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210346806.0A CN115442064A (en) | 2022-03-31 | 2022-03-31 | Vehicle controller diagnosis method, device, equipment and medium |
| PCT/CN2023/081904 WO2023185492A1 (en) | 2022-03-31 | 2023-03-16 | Diagnostic method and apparatus for a vehicle controller, device, and medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210346806.0A CN115442064A (en) | 2022-03-31 | 2022-03-31 | Vehicle controller diagnosis method, device, equipment and medium |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN115442064A true CN115442064A (en) | 2022-12-06 |
Family
ID=84240763
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202210346806.0A Pending CN115442064A (en) | 2022-03-31 | 2022-03-31 | Vehicle controller diagnosis method, device, equipment and medium |
Country Status (2)
| Country | Link |
|---|---|
| CN (1) | CN115442064A (en) |
| WO (1) | WO2023185492A1 (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2023174217A1 (en) * | 2022-03-18 | 2023-09-21 | 北京罗克维尔斯科技有限公司 | Vehicle ethernet diagnosis method and apparatus, and device and medium |
| WO2023185492A1 (en) * | 2022-03-31 | 2023-10-05 | 北京罗克维尔斯科技有限公司 | Diagnostic method and apparatus for a vehicle controller, device, and medium |
Family Cites Families (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| DE102013202064A1 (en) * | 2013-02-08 | 2014-08-14 | Bayerische Motoren Werke Aktiengesellschaft | Method and device for connecting a diagnostic device to a control device in a motor vehicle |
| EP3902012A4 (en) * | 2020-02-29 | 2022-02-23 | Huawei Technologies Co., Ltd. | Fault diagnostic method and apparatus, and vehicle |
| CN112327796B (en) * | 2020-10-21 | 2022-05-06 | 诚迈科技(南京)股份有限公司 | Control method and electronic control unit for automobile diagnosis service |
| CN113960978A (en) * | 2021-09-29 | 2022-01-21 | 岚图汽车科技有限公司 | Vehicle diagnosis method, device and storage medium |
| CN113759883A (en) * | 2021-10-26 | 2021-12-07 | 深圳市元征科技股份有限公司 | Vehicle diagnosis method, vehicle gateway device, server, and storage medium |
| CN115437341A (en) * | 2022-03-18 | 2022-12-06 | 北京罗克维尔斯科技有限公司 | Vehicle Ethernet diagnosis method, device, equipment and medium |
| CN115442064A (en) * | 2022-03-31 | 2022-12-06 | 北京罗克维尔斯科技有限公司 | Vehicle controller diagnosis method, device, equipment and medium |
-
2022
- 2022-03-31 CN CN202210346806.0A patent/CN115442064A/en active Pending
-
2023
- 2023-03-16 WO PCT/CN2023/081904 patent/WO2023185492A1/en unknown
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2023174217A1 (en) * | 2022-03-18 | 2023-09-21 | 北京罗克维尔斯科技有限公司 | Vehicle ethernet diagnosis method and apparatus, and device and medium |
| WO2023185492A1 (en) * | 2022-03-31 | 2023-10-05 | 北京罗克维尔斯科技有限公司 | Diagnostic method and apparatus for a vehicle controller, device, and medium |
Also Published As
| Publication number | Publication date |
|---|---|
| WO2023185492A1 (en) | 2023-10-05 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US20180082050A1 (en) | Method and a system for secure login to a computer, computer network, and computer website using biometrics and a mobile computing wireless electronic communication device | |
| TWI728261B (en) | Query system, method and non-transitory machine-readable medium to determine authentication capabilities | |
| JP6491192B2 (en) | Method and system for distinguishing humans from machines and for controlling access to network services | |
| JP7194847B2 (en) | A method for authenticating the identity of digital keys, terminal devices, and media | |
| US8590024B2 (en) | Method for generating digital fingerprint using pseudo random number code | |
| CN107358419A (en) | Airborne Terminal pays method for authenticating, device and system | |
| CN105427099A (en) | Network authentication method for secure electronic transactions | |
| CN115442064A (en) | Vehicle controller diagnosis method, device, equipment and medium | |
| CN102217277A (en) | Method and system for token-based authentication | |
| CN109981665B (en) | Resource providing method and device, and resource access method, device and system | |
| CN112396735B (en) | Internet automobile digital key safety authentication method and device | |
| WO2016188335A1 (en) | Access control method, apparatus and system for user data | |
| CN111813078B (en) | Safety diagnosis method, device, equipment and medium for vehicle | |
| CN110908357B (en) | Security vulnerability detection method and device, storage medium and intelligent device | |
| GB2554082B (en) | User sign-in and authentication without passwords | |
| CN111031053B (en) | Identity authentication method and device, electronic equipment and readable storage medium | |
| CN113591057A (en) | Biological characteristic off-line identity recognition method and system | |
| CN111508110B (en) | Method and device for realizing remote locking of vehicle | |
| US8176533B1 (en) | Complementary client and user authentication scheme | |
| CN114547586A (en) | Vehicle-mounted bus message authentication key learning method and system and readable storage medium | |
| CN110752917A (en) | Vehicle access control method, device and system | |
| CN109359450A (en) | Safety access method, device, equipment and the storage medium of linux system | |
| JP2004070814A (en) | Server security management method, device and program | |
| CN115037480A (en) | Method, device, equipment and storage medium for equipment authentication and verification | |
| CN108390757A (en) | Processing method of communication data, device, electronic equipment, program and medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |