CN115988488A - Method and device for on-line centralized updating of vehicle-mounted key - Google Patents
Method and device for on-line centralized updating of vehicle-mounted key Download PDFInfo
- Publication number
- CN115988488A CN115988488A CN202310272457.7A CN202310272457A CN115988488A CN 115988488 A CN115988488 A CN 115988488A CN 202310272457 A CN202310272457 A CN 202310272457A CN 115988488 A CN115988488 A CN 115988488A
- Authority
- CN
- China
- Prior art keywords
- key
- ekt
- equipment
- atp
- ekc
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000000034 method Methods 0.000 title claims abstract description 59
- 230000006854 communication Effects 0.000 claims description 16
- 238000004891 communication Methods 0.000 claims description 16
- 230000003993 interaction Effects 0.000 claims description 10
- 230000007175 bidirectional communication Effects 0.000 claims description 6
- 238000004590 computer program Methods 0.000 claims description 6
- 238000012795 verification Methods 0.000 abstract description 12
- 230000008569 process Effects 0.000 description 14
- 230000006870 function Effects 0.000 description 9
- 238000010586 diagram Methods 0.000 description 8
- 238000007726 management method Methods 0.000 description 8
- 230000005540 biological transmission Effects 0.000 description 7
- 238000009434 installation Methods 0.000 description 3
- 230000002457 bidirectional effect Effects 0.000 description 2
- 238000006243 chemical reaction Methods 0.000 description 2
- 230000009286 beneficial effect Effects 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 230000002452 interceptive effect Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
- 230000001360 synchronised effect Effects 0.000 description 1
Images
Landscapes
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
Abstract
The invention relates to the technical field of rail transit and computer security, in particular to a method and a device for updating a vehicle-mounted key on line in a centralized manner under CTCS-3 level. According to the invention, by adding the EKC equipment in the ground motor train garage and adding the EKT equipment capable of interacting the key with the ATP at the vehicle side, the regional automatic online key updating is completed, the interfaces between the ATP and the EKT equipment are unified, so that the EKT can be compatible with a plurality of ATP systems, the key is taken at any time, the ATP manufacturers do not maintain and install the key, the labor cost caused by manual intervention is effectively reduced, and the verification reliability, maintainability and high compatibility of the key updating are improved.
Description
Technical Field
The invention relates to the technical field of rail transit and computer security, in particular to a method and a device for updating a vehicle-mounted key on line in a centralized manner under CTCS-3 level.
Background
The key management center is responsible for generating and managing a transmission protection key KTRANS and an authentication key KMAC of each Radio Block Center (RBC) and a vehicle-mounted device (ATP) cryptographic device in an off-line mode, deriving and distributing the transmission protection key KTRANS and the authentication key KMAC to each Radio Block Center (RBC) and vehicle-mounted device (ATP), and establishing KMAC key matching relation between each Radio Block Center (RBC) and related vehicle-mounted device (ATP).
The existing key distribution is divided into two stages, the one-stage distribution process adopts a non-domestic encryption algorithm 3DES for protection, the encrypted authentication key KMAC and the encrypted transmission key KTRANS are respectively stored by a CD, and decryption is carried out at the front ends of key file generation tools of different signal manufacturers. In the secondary distribution process, each signal manufacturer uses a respective special key file generation tool to convert the key data into a corresponding key format file special for the train control product equipment, and the technical means of the transmission process is special for the equipment. Most of the converted key format files are distributed in a plaintext or a simple conversion mode of the plaintext, and a few of the converted key format files are protected by a non-domestic cryptographic algorithm 3 DES.
And finally, after the key is injected into each ATP/RBC device, the key is updated.
In the prior art, when the train-ground safety signal device of the CTCS train control system establishes safety communication, in order to ensure authenticity and integrity of mutual messages between two parties, it is necessary to perform opposite-end identification verification and identity authentication at the beginning of each session, generate a session key through an authentication key KMAC, and protect the messages of the session by the session key. Because the communication between the train and the ground is carried out in the open network, if the authentication key is not updated for a long time, the risk that the interactive data between the train and the ground is stolen and decoded is increased, thereby causing potential safety hazard. The existing management method is to generate and manage a transmission key KTRANS and an authentication key KMAC used in each Radio Block Center (RBC) and vehicle mounted device (ATP) cryptographic apparatus all over the way in an off-line manner, and encrypt and integrity-protect the KMAC key based on the non-domestic algorithm 3 DES. However, since the location of the train is not fixed relative to the ground device, the off-line operation of updating the key with the ATP is cumbersome and has poor real-time performance.
In the existing key management system, the key update between the key management center and the ground RBC can be performed in an existing manner. Because the number of vehicle-mounted ATP devices is large, and the train runs for a long time, huge labor consumption exists in the process of updating in an off-line mode. The verification means after key update between vehicles and places also needs to call RBC again by artificially triggering ATP to verify, and has the problem of low timeliness.
Disclosure of Invention
Aiming at the problems, the invention provides a method and a device for online centralized updating of a vehicle-mounted key, which are used for solving the problem of online centralized updating of the vehicle-mounted key under CTCS-3 level.
A method for centrally updating an onboard key online, the method comprising:
generating an ATP key file through a key management center system, and deploying the ATP key file into EKC equipment;
after the EKC device analyzes the ATP key file, the vehicle-mounted ATP device needing to update the key and the corresponding EKT device are judged according to the comparison and identification of the new key and the old key, the EKC is connected with the EKT device, the internal key on the EKT device is updated, and the vehicle-mounted ATP device key is updated through the EKT device.
Further, the deploying the ATP key file to the EKC device specifically includes deploying the ATP key file to the EKC device in an offline manner.
Further, the connecting the EKC to the EKT device and updating the internal key on the EKT device specifically includes:
when the motor car is powered on in the garage, the EKT equipment initiates connection with the EKC equipment; the EKC equipment and the EKT equipment carry out both-party internal key consistency check interaction; if the EKC equipment finds that the EKC equipment is inconsistent with the consistency check of the internal key of the EKT equipment, the updating of the internal key of the EKT equipment is initiated; after the updating is finished, the EKC is disconnected from the EKT.
Further, after the EKC device parses the ATP key file, the vehicle-mounted ATP device requiring key update and the EKT device corresponding to the vehicle-mounted ATP device are identified and determined according to the new and old key comparison, which specifically includes:
an EKC is provided in a train so as to manage all vehicle keys in a train garage, and EKT devices are provided in the train, and EKC is used for updating EKT device internal keys on line in a centralized area with the train garage as a range.
Further, the method further comprises:
the interface between ATP and EKT equipment is unified, a unified standardized interface is provided through EKT, and the key required to be used by the EKT is sent to ATP;
the ATP acquires the RBC key required to be connected from the EKT equipment, and establishes connection with the RBC equipment.
Further, the EKC connects to an EKT device and updates an internal key on the EKT device, further comprising:
the EKC is communicated with the EKT equipment in a bidirectional way through the LTE/GSMR network;
the EKC equipment has a unique equipment number; the EKC device obtains a key of the vehicle-mounted ATP distributed by the key management center system, then decrypts and stores the key, verifies the consistency of the EKT internal key connected with the EKC device, and updates the EKT device internal key according to the condition;
the EKT updates the key with the EKC through an interface; and the EKC and the EKT can continuously store the key information after power failure.
Further, the updating the vehicle ATP device key by the EKT device further includes:
the EKC manages the association relationship between each set of EKT and ATP; the EKT device is in bidirectional communication with the ATP device through the LTE/GSMR network;
the EKT equipment is provided with a unique equipment number; the same train can support inquiry of relevant keys from the EKT equipment by single-ended ATP or double-ended ATP.
The device for updating the vehicle-mounted key on line in a centralized way comprises a key generation deployment unit and a key updating unit;
the key generation deployment unit is used for generating an ATP key file through the key management center system and deploying the ATP key file into the EKC equipment;
and the key updating unit is used for judging the vehicle-mounted ATP equipment needing to update the key and the corresponding EKT equipment according to the comparison and identification of the new key and the old key after the EKC equipment analyzes the ATP key file, and the EKC is connected with the EKT equipment, updates the internal key on the EKT equipment and updates the vehicle-mounted ATP equipment key through the EKT equipment.
An electronic device comprises a processor, a communication interface, a memory and a communication bus, wherein the processor, the communication interface and the memory are communicated with each other through the communication bus;
a memory for storing a computer program;
and the processor is used for realizing the method for updating the vehicle-mounted key on line in a centralized manner when executing the program stored in the memory.
A computer-readable storage medium, on which a computer program is stored, which, when being executed by a processor, implements a method of centrally updating a vehicle-mounted key online as described above.
The invention has at least the following beneficial effects:
the invention designs a new secret key replacing process, which updates the secret key at the ATP end in an online mode, has higher real-time performance on the premise of ensuring the safety of an updating task, and simultaneously ensures the synchronous updating of the authentication secret key between vehicles and places.
The invention relates to a method for managing all vehicle keys in a train compartment by arranging EKC in the train compartment, which changes the original method of dispersedly installing ATP keys into a scheme of centralizing the area taking the train compartment as the range by adding EKT equipment on a train. A key interaction process method among EKC, EKT and ATP; providing a uniform standardized interface through the EKT, and sending a key required to be used by the EKT to the ATP; can be compatible with a plurality of different ATP devices. The secret key is taken at any time, and is not maintained and installed by each ATP manufacturer.
The method can reduce the time and labor cost brought by updating the vehicle-mounted key in an off-line mode, and has high timeliness;
according to the invention, by adding the EKC equipment in the ground motor train garage and adding the EKT equipment capable of interacting the key with the ATP at the vehicle side, the regional automatic online key updating is completed, the interfaces between the ATP and the EKT equipment are unified, so that the EKT can be compatible with a plurality of ATP systems, the key is taken at any time, the ATP manufacturers do not maintain and install the key, the labor cost caused by manual intervention is effectively reduced, and the verification reliability, maintainability and high compatibility of the key updating are improved.
Additional features and advantages of the invention will be set forth in the description which follows, and in part will be obvious from the description, or may be learned by practice of the invention. The objectives and other advantages of the invention will be realized and attained by the structure particularly pointed out in the written description and drawings.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, and it is obvious that the drawings in the following description are some embodiments of the present invention, and those skilled in the art can also obtain other drawings according to the drawings without creative efforts.
FIG. 1 is a flowchart of a method for updating a vehicle key according to an embodiment of the present invention;
FIG. 2 is a schematic structural diagram of an apparatus for updating a vehicle-mounted key according to an embodiment of the present invention;
FIG. 3 is a diagram of an existing device association relationship;
FIG. 4 is a diagram of an association relationship of devices according to an embodiment of the present invention;
FIG. 5 is a system association diagram according to an embodiment of the present invention;
fig. 6 is a key task message flow diagram according to an embodiment of the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the embodiments of the present invention clearer, the technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are some, but not all, embodiments of the present invention. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
In the existing key management system, the key update between the key management center and the ground RBC can be performed in an existing manner. Because the number of vehicle-mounted ATP devices is large, and the train runs for a long time, huge labor consumption exists in the process of updating in an off-line mode. The verification means after key updating between vehicles and ground also needs to call RBC again by triggering ATP manually for verification, and has the problem of low timeliness.
Therefore, the invention provides a method and a device for updating a vehicle-mounted key on line in a centralized manner, and the method and the device comprise a method for updating the vehicle-mounted key on line in a centralized manner, a device for updating the vehicle-mounted key on line in a centralized manner, an electronic device and a computer-readable storage medium.
The invention relates to a method for managing all vehicle keys in a train compartment by arranging EKC in the train compartment, which changes the original method of dispersedly installing ATP keys into a scheme of centralizing the area taking the train compartment as the range by adding EKT equipment on a train. A key interaction process method among EKC, EKT and ATP; a unified standardized interface is provided through EKT, and a key required to be used by the EKT is sent to ATP; can be compatible with a plurality of different ATP devices. The secret key is taken at any time, and is not maintained and installed by each ATP manufacturer any more.
In a first aspect, as shown in fig. 1, the present invention provides a method for centrally updating an onboard key online, where the method includes:
generating an ATP key file through a key management center system, and deploying the ATP key file to EKC equipment;
after the EKC device analyzes the ATP key file, the vehicle-mounted ATP device needing to update the key and the corresponding EKT device are judged according to the comparison and identification of the new key and the old key, the EKC is connected with the EKT device, the internal key on the EKT device is updated, and the vehicle-mounted ATP device key is updated through the EKT device.
When the method is specifically implemented, by adding EKC equipment in a ground motor train garage and adding EKT equipment capable of interacting with ATP (automatic train protection) equipment on a vehicle side, the regional automatic online key updating is completed, the interfaces between ATP and EKT equipment are unified, the EKT can be compatible with a plurality of ATP systems, the key is taken at any time, the ATP manufacturers do not maintain and install any more, the labor cost caused by manual intervention is effectively reduced, and the verification reliability, maintainability and high compatibility of key updating are improved.
In this embodiment, the deploying the ATP key file to the EKC device specifically includes deploying the ATP key file to the EKC device in an offline manner.
In this embodiment, the connecting the EKC to the EKT device and updating the internal key on the EKT device specifically includes:
when the motor car is powered on in the garage, the EKT equipment initiates connection with the EKC equipment; performing consistency check interaction of internal keys of both parties by the EKC equipment and the EKT equipment; if the EKC equipment finds that the EKC equipment is inconsistent with the consistency check of the internal key of the EKT equipment, the updating of the internal key of the EKT equipment is initiated; after the updating is finished, the EKC is disconnected from the EKT.
In this embodiment, after the EKC device parses the ATP key file, the on-board ATP device that needs to update the key and the EKT device corresponding to the on-board ATP device are determined according to the new and old key comparison and identification, which specifically includes:
an EKC is provided in a train so as to manage all vehicle keys in a train garage, and EKT devices are provided in the train, and EKC is used for updating EKT device internal keys on line in a centralized area with the train garage as a range.
In the existing CTCS-3 level train control system, the key installation work of each vehicle-mounted device is manually completed, a vehicle-mounted device supplier arranges technical personnel for installation, and a vehicle-mounted device management department supervises the process. Due to the diversity of the vehicle-mounted platforms of different suppliers, the keys distributed by the upper layer can be installed on the respective vehicle-mounted platforms only after being processed by the respective vehicle-mounted manufacturers through corresponding technologies. Meanwhile, due to the particularity of the transportation requirements of the train, the position of a movable garage where the train is finally stored cannot be guaranteed, centralized EKC equipment is arranged in a centralized range by taking the movable garage as a minimum area and is used for receiving the key distributed by uploading, key management of the train in the movable garage is uniformly carried out, the problem of key exchange caused by the problem of uncertainty of the train position is solved, meanwhile, after interfaces are unified, updating and deleting of subsequent keys are carried out, intervention of suppliers is not needed, supervision can be completely carried out through an equipment management department, working links are reduced, and risks and labor cost are reduced.
In this embodiment, the method further includes:
interfaces between the ATP and the EKT equipment are unified, a unified standardized interface is provided through the EKT, and a key required to be used by the EKT is sent to the ATP;
the ATP acquires the RBC key required to be connected from the EKT equipment, and establishes connection with the RBC equipment.
In this embodiment, the connecting the EKC to the EKT device and updating the internal key on the EKT device further includes:
the EKC is communicated with the EKT equipment in a bidirectional way through the LTE/GSMR network;
the EKC equipment has a unique equipment number; the EKC equipment decrypts and stores the key of the vehicle-mounted ATP distributed by the key management center system, verifies the consistency of the EKT internal key connected with the EKC equipment and updates the EKT equipment internal key according to the condition;
the EKT updates the key with the EKC through an interface; and the EKC and the EKT can continuously store the key information after being powered off.
In this embodiment, the updating the key of the vehicle ATP device through the EKT device further includes:
the EKC manages the association relationship between each set of EKT and ATP; the EKT device is in bidirectional communication with the ATP device through the LTE/GSMR network;
the EKT equipment is provided with a unique equipment number; the same train can support inquiry of relevant keys from the EKT equipment by single-ended ATP or double-ended ATP.
In a second aspect, as shown in fig. 2, the present invention provides an apparatus for centrally updating an on-board key online, including a key generation deployment unit and a key updating unit;
the key generation deployment unit is used for generating an ATP key file through the key management center system and deploying the ATP key file into the EKC equipment;
and the key updating unit is used for identifying and judging the vehicle-mounted ATP equipment needing key updating and the corresponding EKT equipment according to the comparison between the new key and the old key after the EKC equipment analyzes the ATP key file, connecting the EKC with the EKT equipment, updating the internal key on the EKT equipment and updating the key of the vehicle-mounted ATP equipment through the EKT equipment.
In specific implementation, the implementation processes of the device for on-line centralized updating of the vehicle-mounted key and the method for on-line centralized updating of the vehicle-mounted key of the invention are in one-to-one correspondence, which is not described herein again.
In a third aspect, the present invention provides an electronic device, including a processor, a communication interface, a memory and a communication bus, wherein the processor, the communication interface and the memory complete mutual communication through the communication bus;
a memory for storing a computer program;
and the processor is used for realizing the method for updating the vehicle-mounted key on line in a centralized manner when executing the program stored in the memory.
In a fourth aspect, the present invention provides a computer-readable storage medium, on which a computer program is stored, which, when being executed by a processor, implements a method for centrally updating a vehicle-mounted key online as described above.
The computer-readable storage medium may be contained in the apparatus/device described in the above embodiments; or may be present alone without being assembled into the device/apparatus. The computer-readable storage medium carries one or more programs which, when executed, implement a method according to an embodiment of the disclosure.
According to embodiments of the present disclosure, the computer-readable storage medium may be a non-volatile computer-readable storage medium, which may include, for example but is not limited to: a portable computer diskette, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing. In the present disclosure, a computer readable storage medium may be any tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device.
In order that those skilled in the art will better understand the present invention, the principles of the invention are illustrated in the accompanying drawings as follows:
the existing key distribution is divided into two stages, the one-stage distribution process adopts a non-domestic encryption algorithm 3DES for protection, the encrypted authentication key KMAC and the encrypted transmission key KTRANS are respectively stored by a CD, and decryption is carried out at the front ends of key file generation tools of different signal manufacturers. In the secondary distribution process, each signal manufacturer uses a respective special key file generation tool to convert the key data into a corresponding key format file special for the train control product equipment, and the technical means of the transmission process is special for the equipment. Most of the converted key format files are distributed in a plaintext or a simple conversion mode of the plaintext, and a few of the converted key format files are protected by a non-domestic cryptographic algorithm 3 DES.
Finally, after the key is injected into each ATP/RBC device, the key update work is completed, as shown in fig. 3.
The invention sets a set of key updating device Exchange Kmac Center, hereinafter called EKC for short, in a motor train garage, and installs a set of Terminal device Exchange Kmac Terminal, hereinafter called EKT for short, on each vehicle, which is in communication interaction with the device.
In the existing key association relationship diagram, as shown in fig. 3, an off-line key deployment channel from an original key management center system to a vehicle-mounted ATP is deleted, and a key of a vehicle-mounted part is not updated in an off-line manner in a manual decentralized manner, and is updated in a centralized and on-line manner by adding an EKC device on the ground side and an EKT device on the vehicle side. The key association relationship diagram of the invention is shown in fig. 4, and the key is centrally updated on line by connecting the EKC and the EKT device with each other by taking the mobile garage as a unit. As shown in fig. 5, the EKT device on the train may be a separate component independent from the vehicle-mounted devices, for example, the EKT device may be disposed in a cab, the EKT device and the vehicle-mounted devices may communicate with each other by using a vehicle network and complete information interaction, and the ATP device is disposed between the vehicle-mounted devices, and the connection between the EKT device and the ATP device is realized through an external interface between the vehicle-mounted devices. The EKT communicates with EKC equipment on the ground through a wireless network LTE/GSMR and completes the task receiving work of related keys.
The EKC equipment at least has the following functions:
the EKC equipment should have a unique equipment number;
the EKC should support decryption of keys for onboard ATP distributed by the key management center system;
the EKC can store the key of the vehicle ATP distributed from the key management center system;
the EKC should be able to update the key of the vehicle ATP distributed from the key management center system;
the EKC should delete the key of the related ATP according to the requirement of the key management center system;
the EKC has the consistency check and check function of the EKT internal key connected with the EKC;
the EKC should manage the association relationship between each set of EKT and ATP;
the EKC should have an interface function for updating the key with the EKT;
the EKC should be provided with bi-directional communication with EKT devices over the LTE/GSMR network.
The EKC should have the function of storing key information after power failure.
The EKT equipment at least has the following functions:
the EKT equipment should have a unique equipment number;
the EKT equipment should be able to support the function of inquiring the related key from the ATP on one end or the ATP on both ends of the same train;
the EKT should be provided with bi-directional communication with EKC devices over the LTE/GSMR network.
The EKT should have an interface function for updating the key with the EKC;
the EKT has the consistency check and check functions of the EKC internal key connected with the EKT;
the EKT should have a key information storage function after power failure.
The key interaction flow is as follows:
an operator generates and distributes an off-line key through a key management center system;
the key installation personnel deploy the ATP key file to the EKC equipment in an off-line mode;
after the EKC equipment analyzes the key, the vehicle-mounted ATP equipment needing to update the key and the corresponding EKT equipment are judged according to the comparison and identification of the new key and the old key;
when the motor car is powered on in the garage, the EKT equipment initiates connection with the EKC equipment;
performing consistency check interaction of internal keys of both parties by the EKC equipment and the EKT equipment;
if the EKC device finds that the EKC device is inconsistent with the EKT device internal key consistency check, the EKT device internal key is initiated to be updated;
after the updating is finished, the EKC is disconnected from the EKT;
the ATP acquires the RBC key required to be connected from the EKT equipment, and establishes connection with the RBC equipment.
The key task message flow diagram is as shown in fig. 6, the key management center sends an ATP offline key task;
after receiving the key, the EKC locally finishes judging the new key and the old key and updates the local key;
after the EKT equipment is powered on, the EKT sends a request to the EKC to establish connection with the EKC;
the EKC sends a key consistency comparison request to the EKT;
if the EKT internal key is not consistent with the key in the EKC, the EKT requests the EKC to update the key;
the EKC updates an EKT internal key to the EKT;
after the EKT internal key is updated successfully, the EKT replies the EKT with successful update;
the EKC is disconnected from the EKT;
the EKC sends a key task archiving to a key management center;
ATP requests the EKT for a KMAC key with a certain RBC;
the EKT sends the KMAC key to the ATP.
In the existing key management system, the key update between the key management center and the ground RBC can be performed in an existing manner. Because the number of vehicle-mounted ATP devices is large, and the train runs for a long time, huge labor consumption exists in the process of updating in an off-line mode. The verification means after key update between vehicles and places also needs to call RBC again by artificially triggering ATP to verify, and has the problem of low timeliness. By adding the EKC equipment in the ground motor train garage and adding the EKT equipment capable of interacting the key with the ATP at the vehicle side, the regional automatic online key updating is completed, the interfaces between the ATP and the EKT equipment are unified, the EKT can be compatible with a plurality of ATP systems, the key can be taken at any time, the ATP manufacturers do not maintain and install the key, the labor cost caused by manual intervention is effectively reduced, and meanwhile, the verification reliability, the maintainability and the high compatibility of the key updating are improved.
The invention relates to a method for managing all vehicle keys in a train compartment by arranging EKC in the train compartment, which changes the original method of dispersedly installing ATP keys into a scheme of centralizing the area taking the train compartment as the range by adding EKT equipment on a train. A key interaction process method among EKC, EKT and ATP; a unified standardized interface is provided through EKT, and a key required to be used by the EKT is sent to ATP; can be compatible with a plurality of different ATP devices. The secret key is taken at any time, and is not maintained and installed by each ATP manufacturer.
The method and the device can reduce the time and labor cost brought by updating the vehicle-mounted key in an off-line mode, and have high timeliness.
In the existing key management system, the key update between the key management center and the ground RBC can be performed in an existing manner. Because the number of vehicle-mounted ATP devices is large, and the train runs for a long time, huge labor consumption exists in the process of updating in an off-line mode. The verification means after key updating between vehicles and ground also needs to call RBC again by triggering ATP manually for verification, and has the problem of low timeliness. By adding the EKC equipment in the ground motor train garage and adding the EKT equipment capable of interacting the key with the ATP at the vehicle side, the regional automatic online key updating is completed, the interfaces between the ATP and the EKT equipment are unified, the EKT can be compatible with a plurality of ATP systems, the key can be taken at any time, the ATP manufacturers do not maintain and install the key, the labor cost caused by manual intervention is effectively reduced, and meanwhile, the verification reliability, the maintainability and the high compatibility of the key updating are improved.
Although the present invention has been described in detail with reference to the foregoing embodiments, it will be understood by those of ordinary skill in the art that: the technical solutions described in the foregoing embodiments may still be modified, or some technical features may be equivalently replaced; and such modifications or substitutions do not depart from the spirit and scope of the corresponding technical solutions of the embodiments of the present invention.
Claims (10)
1. A method for centrally updating a vehicle-mounted key online, the method comprising:
generating an ATP key file through a key management center system, and deploying the ATP key file into EKC equipment;
after the EKC device analyzes the ATP key file, the vehicle-mounted ATP device needing to update the key and the corresponding EKT device are judged according to the comparison and identification of the new key and the old key, the EKC is connected with the EKT device, the internal key on the EKT device is updated, and the vehicle-mounted ATP device key is updated through the EKT device.
2. The method for centrally updating the vehicle key online according to claim 1,
the deploying the ATP key file to the EKC device specifically includes deploying the ATP key file to the EKC device in an offline manner.
3. The method for centrally updating the vehicle key online according to claim 1,
the EKC is connected with an EKT device and updates an internal key on the EKT device, and the EKC comprises:
when the motor car is powered on in the garage, the EKT equipment initiates connection with the EKC equipment; performing consistency check interaction of internal keys of both parties by the EKC equipment and the EKT equipment; if the EKC equipment finds that the EKC equipment is inconsistent with the consistency check of the internal key of the EKT equipment, the updating of the internal key of the EKT equipment is initiated; after the updating is finished, the EKC is disconnected from the EKT.
4. The method for centrally updating the vehicle key online according to claim 1,
after the EKC device analyzes the ATP key file, the vehicle-mounted ATP device needing to update the key and the corresponding EKT device are identified and judged according to the new and old key comparison, the EKC is connected with the EKT device and updates the internal key on the EKT device, and the method specifically includes:
an EKC is provided in a train to manage all vehicle keys in a train garage, and an EKT device is provided in the train to update EKT device internal keys on line through the EKC in a centralized area with the train garage as a scope.
5. The method for centrally updating the vehicle key online according to claim 1,
the updating of the vehicle ATP device key by the EKT device comprises:
interfaces between the ATP and the EKT equipment are unified, a unified standardized interface is provided through the EKT, and a key required to be used by the EKT is sent to the ATP;
and the ATP acquires the RBC key connected with the RBC device from the EKT device and establishes connection with the RBC device.
6. The method for centrally updating the vehicle key online according to claim 3,
the EKC is connected with the EKT equipment and updates the internal key on the EKT equipment, and the method further comprises the following steps:
the EKC is in bidirectional communication with the EKT equipment through the LTE/GSMR network;
the EKC equipment has a unique equipment number; the EKC equipment decrypts and stores the key of the vehicle-mounted ATP distributed by the key management center system, verifies the consistency of the EKT internal key connected with the EKC equipment and updates the EKT equipment internal key according to the condition;
the EKT updates the key with the EKC through an interface; and the EKC and the EKT can continuously store the key information after being powered off.
7. The method for centrally updating the vehicle key online according to claim 5,
the updating of the vehicle ATP device key by the EKT device further comprises:
the EKC manages the association relationship between each set of EKT and ATP; the EKT device is in bidirectional communication with the ATP device through the LTE/GSMR network;
the EKT equipment is provided with a unique equipment number; the same train can support inquiry of relevant keys from the EKT equipment by single-ended ATP or double-ended ATP.
8. The device for updating the vehicle-mounted key on line in a centralized way is characterized by comprising a key generation deployment unit and a key updating unit;
the key generation deployment unit is used for generating an ATP key file through the key management center system and deploying the ATP key file into the EKC equipment;
and the key updating unit is used for identifying and judging the vehicle-mounted ATP equipment needing key updating and the corresponding EKT equipment according to the comparison between the new key and the old key after the EKC equipment analyzes the ATP key file, connecting the EKC with the EKT equipment, updating the internal key on the EKT equipment and updating the key of the vehicle-mounted ATP equipment through the EKT equipment.
9. An electronic device is characterized by comprising a processor, a communication interface, a memory and a communication bus, wherein the processor, the communication interface and the memory are communicated with each other through the communication bus;
a memory for storing a computer program;
a processor for implementing a method for centrally updating the vehicle-mounted key on line according to any one of claims 1 to 7 when executing the program stored in the memory.
10. A computer-readable storage medium, on which a computer program is stored, which, when being executed by a processor, carries out a method for centrally updating a car key online according to any one of claims 1 to 7.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310272457.7A CN115988488B (en) | 2023-03-21 | 2023-03-21 | Method and device for on-line centralized updating of vehicle-mounted secret key |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310272457.7A CN115988488B (en) | 2023-03-21 | 2023-03-21 | Method and device for on-line centralized updating of vehicle-mounted secret key |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN115988488A true CN115988488A (en) | 2023-04-18 |
| CN115988488B CN115988488B (en) | 2023-06-30 |
Family
ID=85970539
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202310272457.7A Active CN115988488B (en) | 2023-03-21 | 2023-03-21 | Method and device for on-line centralized updating of vehicle-mounted secret key |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN115988488B (en) |
Citations (13)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102238004A (en) * | 2011-05-16 | 2011-11-09 | 北京全路通信信号研究设计院有限公司 | Key management system for Chinese train control system-3 (C3) system |
| JP2017192156A (en) * | 2017-07-26 | 2017-10-19 | 住友電気工業株式会社 | Communication system |
| CN107968707A (en) * | 2017-10-20 | 2018-04-27 | 北京全路通信信号研究设计院集团有限公司 | Method and system for classified storage of secret keys |
| CN109327467A (en) * | 2018-11-20 | 2019-02-12 | 北京交通大学 | The management method of RSSP-II secure communication protocols key management mechanism |
| CN109787756A (en) * | 2018-12-24 | 2019-05-21 | 吉林微思智能科技有限公司 | A kind of car-mounted terminal key distribution management method based on whitepack encryption technology |
| CN111148073A (en) * | 2020-04-03 | 2020-05-12 | 北京全路通信信号研究设计院集团有限公司 | Secret key management method and system for train-ground communication transmission information |
| US20210051000A1 (en) * | 2018-04-30 | 2021-02-18 | Huawei International Pte. Ltd. | Vehicle-mounted device upgrade method and related device |
| CN112585905A (en) * | 2019-11-12 | 2021-03-30 | 华为技术有限公司 | Equipment upgrading method and related equipment |
| CN112738122A (en) * | 2021-01-04 | 2021-04-30 | 北京全路通信信号研究设计院集团有限公司 | Online key management system and method in complex scene in rail transit field |
| CN112840683A (en) * | 2021-01-18 | 2021-05-25 | 华为技术有限公司 | Vehicle key management method, device and system |
| CN114173303A (en) * | 2021-12-08 | 2022-03-11 | 中国国家铁路集团有限公司 | Train-ground session key generation method and system for CTCS-3 level train control system |
| CN114554486A (en) * | 2022-01-06 | 2022-05-27 | 北京全路通信信号研究设计院集团有限公司 | Key management method and system for information secure transmission |
| CN115174040A (en) * | 2022-02-22 | 2022-10-11 | 重庆长安汽车股份有限公司 | Method, system, vehicle and medium for injecting and updating secret key of in-vehicle controller |
-
2023
- 2023-03-21 CN CN202310272457.7A patent/CN115988488B/en active Active
Patent Citations (14)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102238004A (en) * | 2011-05-16 | 2011-11-09 | 北京全路通信信号研究设计院有限公司 | Key management system for Chinese train control system-3 (C3) system |
| JP2017192156A (en) * | 2017-07-26 | 2017-10-19 | 住友電気工業株式会社 | Communication system |
| CN107968707A (en) * | 2017-10-20 | 2018-04-27 | 北京全路通信信号研究设计院集团有限公司 | Method and system for classified storage of secret keys |
| WO2019076032A1 (en) * | 2017-10-20 | 2019-04-25 | 北京全路通信信号研究设计院集团有限公司 | Method and system for classified storage of keys |
| US20210051000A1 (en) * | 2018-04-30 | 2021-02-18 | Huawei International Pte. Ltd. | Vehicle-mounted device upgrade method and related device |
| CN109327467A (en) * | 2018-11-20 | 2019-02-12 | 北京交通大学 | The management method of RSSP-II secure communication protocols key management mechanism |
| CN109787756A (en) * | 2018-12-24 | 2019-05-21 | 吉林微思智能科技有限公司 | A kind of car-mounted terminal key distribution management method based on whitepack encryption technology |
| CN112585905A (en) * | 2019-11-12 | 2021-03-30 | 华为技术有限公司 | Equipment upgrading method and related equipment |
| CN111148073A (en) * | 2020-04-03 | 2020-05-12 | 北京全路通信信号研究设计院集团有限公司 | Secret key management method and system for train-ground communication transmission information |
| CN112738122A (en) * | 2021-01-04 | 2021-04-30 | 北京全路通信信号研究设计院集团有限公司 | Online key management system and method in complex scene in rail transit field |
| CN112840683A (en) * | 2021-01-18 | 2021-05-25 | 华为技术有限公司 | Vehicle key management method, device and system |
| CN114173303A (en) * | 2021-12-08 | 2022-03-11 | 中国国家铁路集团有限公司 | Train-ground session key generation method and system for CTCS-3 level train control system |
| CN114554486A (en) * | 2022-01-06 | 2022-05-27 | 北京全路通信信号研究设计院集团有限公司 | Key management method and system for information secure transmission |
| CN115174040A (en) * | 2022-02-22 | 2022-10-11 | 重庆长安汽车股份有限公司 | Method, system, vehicle and medium for injecting and updating secret key of in-vehicle controller |
Non-Patent Citations (2)
| Title |
|---|
| 王鹏;岳林;穆进超;谢俊红;: "CTCS-3级ATP无线通信技术自主化研究", 中国铁路, no. 09, pages 11 - 14 * |
| 郭军强;: "ETCS系统密钥管理体系及安全通信加密技术简介", 铁路通信信号工程技术, no. 08, pages 38 - 42 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN115988488B (en) | 2023-06-30 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN108989024B (en) | Method, device and equipment for controlling communication between ECUs and corresponding vehicle | |
| EP3648396B1 (en) | Maintenance system and maintenance method | |
| WO2018086361A1 (en) | Intelligent control method and system for value added service of car | |
| CN102142974B (en) | Method and system for authorizing management of terminals of internet of things | |
| US9179311B2 (en) | Securing vehicle service tool data communications | |
| CN105046796A (en) | Unlocking control method, device and system for electronic lock | |
| CN105260198A (en) | Vehicle software update verification | |
| CN107273749B (en) | Vehicle ECU file safe flashing method and system | |
| CN112566061B (en) | Internet of vehicles data transmission method and system and vehicle service cloud | |
| US11882213B2 (en) | Method for key generation upon request by a secure access device, using an electronic control unit of a vehicle | |
| CN112396712A (en) | ETC electronic tag secondary issuing method, system and storage medium | |
| CN115220762A (en) | Vehicle-end firmware upgrading method, device, equipment and medium of digital key system | |
| CN104050421A (en) | Method and apparatus for secure data transfer permission handling | |
| US20220227249A1 (en) | Off-line battery swap method, battery charging and swap station, vehicle with battery to be swapped, and readable storage medium | |
| CN115242634A (en) | Software upgrading method, device and storage medium | |
| CN114785557A (en) | Vehicle symmetric key distribution system, method and storage medium | |
| CN104768151A (en) | Access secret key modification method based on train-ground wireless communication system | |
| CN115988488A (en) | Method and device for on-line centralized updating of vehicle-mounted key | |
| CN110830243B (en) | Symmetric key distribution method, device, vehicle and storage medium | |
| CN110716732B (en) | Device and method for upgrading UI and firmware programs of automobile instrument | |
| CN116170204A (en) | PKI certificate filling system and method | |
| EP4412863A1 (en) | Multi-functional computerized charging station for electric vehicles | |
| US20220247567A1 (en) | Securely transmitting commands to vehicle during assembly | |
| CN114884982A (en) | Multi-mine user online management method and system based on cloud service | |
| CN113487770A (en) | System and method for managing multiple vehicle authorizations |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |