CN115988488B - Method and device for on-line centralized updating of vehicle-mounted secret key - Google Patents
Method and device for on-line centralized updating of vehicle-mounted secret key Download PDFInfo
- Publication number
- CN115988488B CN115988488B CN202310272457.7A CN202310272457A CN115988488B CN 115988488 B CN115988488 B CN 115988488B CN 202310272457 A CN202310272457 A CN 202310272457A CN 115988488 B CN115988488 B CN 115988488B
- Authority
- CN
- China
- Prior art keywords
- key
- equipment
- ekt
- atp
- ekc
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 40
- 238000012795 verification Methods 0.000 claims abstract description 24
- 230000006854 communication Effects 0.000 claims description 18
- 238000004891 communication Methods 0.000 claims description 18
- 230000003993 interaction Effects 0.000 claims description 14
- 238000004590 computer program Methods 0.000 claims description 6
- 230000007175 bidirectional communication Effects 0.000 claims description 5
- 238000009434 installation Methods 0.000 abstract description 7
- 238000012423 maintenance Methods 0.000 abstract description 6
- 230000008569 process Effects 0.000 description 10
- 230000006870 function Effects 0.000 description 9
- 238000010586 diagram Methods 0.000 description 8
- 238000007726 management method Methods 0.000 description 8
- 230000005540 biological transmission Effects 0.000 description 7
- 230000003287 optical effect Effects 0.000 description 3
- 230000009466 transformation Effects 0.000 description 2
- 230000009286 beneficial effect Effects 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 230000002452 interceptive effect Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
- 230000001360 synchronised effect Effects 0.000 description 1
Images
Landscapes
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
Abstract
The invention relates to the technical field of rail transit and computer security, in particular to a method and a device for online centralized updating of a vehicle-mounted key under CTCS-3 level. According to the invention, by adding the EKC equipment in the ground movable garage and adding the EKT equipment capable of interacting with the ATP on the vehicle side, the regional automatic on-line updating of the key is completed, interfaces between the ATP and EKT equipment are unified, so that EKT can be compatible with a plurality of ATP systems, the key can be used and fetched at any time, maintenance and installation by each ATP manufacturer are not performed, the labor cost caused by manual intervention is effectively reduced, and meanwhile, the verification reliability, maintainability and high compatibility of the key updating are improved.
Description
Technical Field
The invention relates to the technical field of rail transit and computer security, in particular to a method and a device for online centralized updating of a vehicle-mounted key under CTCS-3 level.
Background
The key management center is responsible for generating and managing a transmission protection key KTRANS and an authentication key KMAC of all wireless block centers (RBC) and vehicle-mounted equipment (ATP) cipher devices in an offline mode, exporting and distributing the transmission protection key KTRANS and the authentication key KMAC to the wireless block centers (RBC) and the vehicle-mounted equipment (ATP), and establishing a KMAC key matching relation between the wireless block centers (RBC) and the related vehicle-mounted equipment (ATP).
The existing key distribution is divided into two stages, the first-stage distribution process adopts a non-domestic encryption algorithm 3DES for protection, and the encrypted authentication key KMAC and the encrypted transmission key KTRANS are respectively stored by optical discs and are decrypted at the front ends of key file generating tools of different signal manufacturers. In the secondary distribution process, each signal manufacturer uses a respective special key file generating tool to convert key data into a key format file special for corresponding train control product equipment, and the technical means of the section of transmission process is equipment-specific. The converted key format file is mostly distributed in a plaintext or simple transformation mode of the plaintext, and a small number of the key format file is protected by a non-domestic cryptographic algorithm 3 DES.
Finally, after the key is injected into each ATP/RBC device, the updating work of the key is completed.
In the prior art, when CTCS train-ground safety signal equipment establishes safety communication, in order to ensure the authenticity and integrity of the interactive messages of both parties, opposite end identification verification and identity authentication are required to be performed at the beginning of each session, a session key is generated through an authentication key KMAC, and the session key is used for protecting the messages of the session. Because the communication between the vehicles and the places is carried out in the open network, if the authentication key is not updated for a long time, the risk that the interaction data between the vehicles and the places is stolen and deciphered is increased, so that potential safety hazards are caused. The existing management method is to generate and manage a transmission key KTRANS and an authentication key KMAC used in all-way respective Radio Block Centers (RBCs) and in-vehicle equipment (ATP) cryptographic apparatuses in an offline manner, and encrypt and integrity protect KMAC keys based on a non-domestic algorithm 3 DES. However, since the position of the train is not fixed relative to the ground equipment, the off-line operation mode for updating the key to the ATP is complicated and the real-time performance is poor.
In the existing key management system, the key update between the key management center and the ground RBC can be performed in an existing manner. Because the number of the vehicle-mounted ATP devices is large, and the train is in the running process for a long time, huge manpower consumption exists when the train is updated in an off-line mode. The verification means after the key update between the vehicles also needs to trigger the ATP manually to call the RBC again for verification, and has the problem of low timeliness.
Disclosure of Invention
Aiming at the problems, the invention provides a method and a device for on-line centralized updating of a vehicle-mounted key, which are used for solving the problem of on-line centralized updating of the vehicle-mounted key under CTCS-3 level.
A method of online centralized updating of vehicle-mounted keys, the method comprising:
generating an ATP key file through a key management center system, and deploying the ATP key file into EKC equipment;
after analyzing the ATP key file, the EKC equipment judges the vehicle-mounted ATP equipment and corresponding EKT equipment which need to update the key according to the comparison and identification of the new key and the old key, the EKC equipment is connected with EKT equipment and updates the internal key on EKT equipment, and the vehicle-mounted ATP equipment key is updated through EKT equipment.
Further, the disposing the ATP key file in the EKC device specifically includes disposing the ATP key file in the EKC device in an offline manner.
Further, the EKC connects EKT devices and updates EKT the internal key on the devices, specifically including:
when the motor car is electrified in the warehouse, the EKT equipment initiates connection with the EKC equipment; the EKC equipment and EKT equipment perform consistency verification interaction of the internal keys of the two parties; if the EKC equipment finds that the consistency verification of the internal key of the equipment is inconsistent with that of the internal key of the EKT equipment, the update of the internal key of the EKT equipment is initiated; after the update is completed, the EKC is disconnected from EKT.
Further, after analyzing the ATP key file, the EKC device compares and identifies the vehicle-mounted ATP device and the corresponding EKT device, which need to update the key, according to the new and old keys, and specifically includes:
by means of the mode that all vehicle keys in the movable garage are managed by arranging the EKC in the movable garage, EKT equipment is arranged on a train, and the inner keys of the equipment are updated EKT on line through the EKC in a centralized mode by taking the movable garage as a region.
Further, the method further comprises:
the interface between the ATP and EKT equipment is unified, a unified standardized interface is provided through EKT, and a key required to be used is sent to the ATP;
the ATP obtains the RBC key from the EKT device that needs to be connected to establish a connection with the RBC device.
Further, the EKC connects EKT devices and updates EKT the internal key on the device, and further includes:
the EKC is in bidirectional communication with EKT equipment through an LTE/GSMR network;
the EKC device has a unique device number; the EKC equipment obtains the key of the vehicle-mounted ATP distributed by the key management center system, then decrypts and stores the key, verifies the consistency of the internal key of EKT connected with the key, and updates the internal key of EKT equipment according to the situation;
EKT updating the key between the interface and the EKC; both EKC and EKT can continue to store key information after power down.
Further, the updating the vehicle-mounted ATP device key by the EKT device further includes:
the EKC manages the association relation between each set EKT and ATP; EKT device communicates with ATP device via LTE/GSMR network in both directions;
EKT the device is provided with a unique device number; the same train single-ended ATP or double-ended ATP may support querying EKT devices for related keys.
The device for updating the vehicle-mounted key in an online centralized manner comprises a key generation deployment unit and a key updating unit;
the key generation deployment unit is used for generating an ATP key file through the key management center system and deploying the ATP key file into the EKC equipment;
and the key updating unit is used for judging the vehicle-mounted ATP equipment and the corresponding EKT equipment thereof which need to update the key according to the comparison and identification of the new key and the old key after the EKC equipment analyzes the ATP key file, wherein the EKC equipment is connected with the EKT equipment and updates the internal key on the EKT equipment, and the vehicle-mounted ATP equipment key is updated through the EKT equipment.
An electronic device comprises a processor, a communication interface, a memory and a communication bus, wherein the processor, the communication interface and the memory are communicated with each other through the communication bus;
a memory for storing a computer program;
and the processor is used for realizing the method for updating the vehicle-mounted secret key in an online centralized manner when executing the program stored in the memory.
A computer readable storage medium having stored thereon a computer program which when executed by a processor implements a method of online centralized updating of a vehicle-mounted key as described above.
The invention has at least the following beneficial effects:
the invention designs a new key replacement flow, updates the key of the ATP end in an online mode, has higher real-time performance on the premise of ensuring the safety of an update task, and simultaneously ensures the synchronous update of the authentication key between vehicles.
According to the invention, the mode of arranging the EKC in the movable garage to manage all vehicle keys in the movable garage is adopted, EKT equipment is newly added on a train, and the original mode of dispersedly installing the ATP keys is changed into a regional centralized scheme taking the movable garage as a range. EKC, EKT, ATP, a key interaction flow way method; providing a unified standardized interface through EKT, and sending keys required to be used to the ATP; and the device is compatible with a plurality of different ATP devices. The secret key is obtained at any time without maintenance and installation by each ATP manufacturer.
The invention can reduce the time and labor cost brought by updating the vehicle-mounted secret key in an off-line mode, and has high timeliness;
according to the invention, by adding the EKC equipment in the ground movable garage and adding the EKT equipment capable of interacting with the ATP on the vehicle side, the regional automatic on-line updating of the key is completed, interfaces between the ATP and EKT equipment are unified, so that EKT can be compatible with a plurality of ATP systems, the key can be used and fetched at any time, maintenance and installation by each ATP manufacturer are not performed, the labor cost caused by manual intervention is effectively reduced, and meanwhile, the verification reliability, maintainability and high compatibility of the key updating are improved.
Additional features and advantages of the invention will be set forth in the description which follows, and in part will be obvious from the description, or may be learned by practice of the invention. The objectives and other advantages of the invention may be realized and attained by the structure particularly pointed out in the written description and drawings.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions of the prior art, the following description will briefly explain the drawings used in the embodiments or the description of the prior art, and it is obvious that the drawings in the following description are some embodiments of the present invention, and other drawings can be obtained according to these drawings without inventive effort for a person skilled in the art.
FIG. 1 is a flowchart of a method for updating a vehicle-mounted key according to an embodiment of the present invention;
FIG. 2 is a schematic diagram of a vehicle-mounted key updating device according to an embodiment of the present invention;
FIG. 3 is a diagram of the relationship between existing devices;
FIG. 4 is a diagram of an association relationship between devices according to an embodiment of the present invention;
FIG. 5 is a system association diagram according to an embodiment of the present invention;
fig. 6 is a message flow diagram of a keying task according to an embodiment of the present invention.
Detailed Description
For the purpose of making the objects, technical solutions and advantages of the embodiments of the present invention more apparent, the technical solutions of the embodiments of the present invention will be clearly and completely described below with reference to the accompanying drawings in the embodiments of the present invention, and it is apparent that the described embodiments are some embodiments of the present invention, but not all embodiments of the present invention. All other embodiments, which can be made by those skilled in the art based on the embodiments of the invention without making any inventive effort, are intended to be within the scope of the invention.
In the existing key management system, the key update between the key management center and the ground RBC can be performed in an existing manner. Because the number of the vehicle-mounted ATP devices is large, and the train is in the running process for a long time, huge manpower consumption exists when the train is updated in an off-line mode. The verification means after the key update between the vehicles also needs to trigger the ATP manually to call the RBC again for verification, and has the problem of low timeliness.
To this end, the invention provides a method and a device for on-line centralized updating of a vehicle-mounted key, comprising a method for on-line centralized updating of a vehicle-mounted key, a device for on-line centralized updating of a vehicle-mounted key, an electronic device and a computer readable storage medium.
According to the invention, the mode of arranging the EKC in the movable garage to manage all vehicle keys in the movable garage is adopted, EKT equipment is newly added on a train, and the original mode of dispersedly installing the ATP keys is changed into a regional centralized scheme taking the movable garage as a range. EKC, EKT, ATP, a key interaction flow way method; providing a unified standardized interface through EKT, and sending keys required to be used to the ATP; and the device is compatible with a plurality of different ATP devices. The secret key is obtained at any time without maintenance and installation by each ATP manufacturer.
In a first aspect, as shown in fig. 1, the present invention provides a method for online centralized updating of a vehicle-mounted key, where the method includes:
generating an ATP key file through a key management center system, and deploying the ATP key file into EKC equipment;
after analyzing the ATP key file, the EKC equipment judges the vehicle-mounted ATP equipment and corresponding EKT equipment which need to update the key according to the comparison and identification of the new key and the old key, the EKC equipment is connected with EKT equipment and updates the internal key on EKT equipment, and the vehicle-mounted ATP equipment key is updated through EKT equipment.
In the specific implementation, through adding EKC equipment in a ground movable garage and adding EKT equipment capable of interacting with ATP on the vehicle side, regional automatic on-line key updating is completed, interfaces between ATP and EKT equipment are unified, EKT can be compatible with multiple ATP systems, the keys are used and taken at any time, maintenance and installation by ATP factories are not performed, labor cost caused by manual intervention is effectively reduced, and meanwhile verification reliability, maintainability and high compatibility of key updating are improved.
In this embodiment, the disposing the ATP key file in the EKC device specifically includes disposing the ATP key file in the EKC device in an offline manner.
In this embodiment, the EKC connects EKT devices and updates the internal key on EKT devices, which specifically includes:
when the motor car is electrified in the warehouse, the EKT equipment initiates connection with the EKC equipment; the EKC equipment and EKT equipment perform consistency verification interaction of the internal keys of the two parties; if the EKC equipment finds that the consistency verification of the internal key of the equipment is inconsistent with that of the internal key of the EKT equipment, the update of the internal key of the EKT equipment is initiated; after the update is completed, the EKC is disconnected from EKT.
In this embodiment, after the EKC device analyzes the ATP key file, the on-board ATP device and the EKT device corresponding thereto that need to update the key are identified according to the comparison between the new key and the old key, which specifically includes:
by means of the mode that all vehicle keys in the movable garage are managed by arranging the EKC in the movable garage, EKT equipment is arranged on a train, and the inner keys of the equipment are updated EKT on line through the EKC in a centralized mode by taking the movable garage as a region.
In the specific implementation, in the existing CTCS-3 level train control system, the key installation work of each vehicle-mounted device is completed manually, technicians are arranged by a vehicle-mounted device provider to install the key, and a vehicle-mounted device management department carries out process supervision. Because of the diversity of the vehicle-mounted platforms of different suppliers, the keys distributed by the upper layers can be installed on the respective vehicle-mounted platforms only after being processed by the respective vehicle-mounted manufacturers through corresponding technologies. Meanwhile, due to the specificity of the transportation requirement of the train, the final storage and reliability of the train cannot be guaranteed, the centralized EKC equipment is arranged in the movable garage serving as the minimum area centralized range for bearing the key after uploading and distributing, key management of the train in the movable garage is uniformly carried out, the problem of key replacement caused by the problem of uncertainty of the train position is solved, meanwhile, after the interface is uniformly carried out, the follow-up key is updated and deleted, the intervention of suppliers is not needed, the supervision can be carried out through an equipment management department completely, the working links are reduced, and the risk and the labor cost are reduced.
In this embodiment, the method further includes:
the interface between the ATP and EKT equipment is unified, a unified standardized interface is provided through EKT, and a key required to be used is sent to the ATP;
the ATP obtains the RBC key from the EKT device that needs to be connected to establish a connection with the RBC device.
In this embodiment, the EKC connects EKT devices and updates EKT the internal key on the device, and further includes:
the EKC is in bidirectional communication with EKT equipment through an LTE/GSMR network;
the EKC device has a unique device number; the EKC equipment obtains the key of the vehicle-mounted ATP distributed by the key management center system, then decrypts and stores the key, verifies the consistency of the internal key of EKT connected with the key, and updates the internal key of EKT equipment according to the situation;
EKT updating the key between the interface and the EKC; both EKC and EKT can continue to store key information after power down.
In this embodiment, the updating the vehicle-mounted ATP device key by the EKT device further includes:
the EKC manages the association relation between each set EKT and ATP; EKT device communicates with ATP device via LTE/GSMR network in both directions;
EKT the device is provided with a unique device number; the same train single-ended ATP or double-ended ATP may support querying EKT devices for related keys.
In a second aspect, as shown in fig. 2, the present invention provides an apparatus for online centralized updating of a vehicle-mounted key, including a key generation deployment unit and a key updating unit;
the key generation deployment unit is used for generating an ATP key file through the key management center system and deploying the ATP key file into the EKC equipment;
and the key updating unit is used for judging the vehicle-mounted ATP equipment and the corresponding EKT equipment thereof which need to update the key according to the comparison and identification of the new key and the old key after the EKC equipment analyzes the ATP key file, wherein the EKC equipment is connected with the EKT equipment and updates the internal key on the EKT equipment, and the vehicle-mounted ATP equipment key is updated through the EKT equipment.
In specific implementation, the implementation process of the device for on-line centralized updating of the vehicle-mounted secret key and the method for on-line centralized updating of the vehicle-mounted secret key in the invention are in one-to-one correspondence, and are not described in detail herein.
In a third aspect, the present invention provides an electronic device, including a processor, a communication interface, a memory, and a communication bus, where the processor, the communication interface, and the memory complete communication with each other through the communication bus;
a memory for storing a computer program;
and the processor is used for realizing the method for updating the vehicle-mounted secret key in an online centralized manner when executing the program stored in the memory.
In a fourth aspect, the present invention provides a computer readable storage medium having stored thereon a computer program which, when executed by a processor, implements a method of online centralized updating of a vehicle-mounted key as described above.
The computer-readable storage medium may be embodied in the apparatus/means described in the above embodiments; or may exist alone without being assembled into the apparatus/device. The computer-readable storage medium carries one or more programs which, when executed, implement methods in accordance with embodiments of the present disclosure.
According to embodiments of the present disclosure, the computer-readable storage medium may be a non-volatile computer-readable storage medium, which may include, for example, but is not limited to: a portable computer diskette, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing. In the context of this disclosure, a computer-readable storage medium may be any tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device.
In order for those skilled in the art to better understand the present invention, the principles of the present invention are described below with reference to the accompanying drawings:
the existing key distribution is divided into two stages, the first-stage distribution process adopts a non-domestic encryption algorithm 3DES for protection, and the encrypted authentication key KMAC and the encrypted transmission key KTRANS are respectively stored by optical discs and are decrypted at the front ends of key file generating tools of different signal manufacturers. In the secondary distribution process, each signal manufacturer uses a respective special key file generating tool to convert key data into a key format file special for corresponding train control product equipment, and the technical means of the section of transmission process is equipment-specific. The converted key format file is mostly distributed in a plaintext or simple transformation mode of the plaintext, and a small number of the key format file is protected by a non-domestic cryptographic algorithm 3 DES.
Finally, after the key is injected, each ATP/RBC device completes the updating work of the key, as shown in fig. 3.
The invention sets a set of key updating equipment Exchange Kmac Center, which is called EKC for short, and installs a set of terminal equipment Exchange Kmac Terminal, which is called EKT for short, on each vehicle, wherein the terminal equipment Exchange Kmac Terminal is in communication interaction with the equipment.
In the existing key association relation diagram, as shown in fig. 3, an off-line key deployment channel from an original key management center system to a vehicle-mounted ATP is deleted, and the key of the vehicle-mounted part is not updated in an off-line mode in a manual decentralized manner, and the on-line key is updated in a centralized manner by adding EKC equipment on the ground side and EKT equipment on the vehicle side. The key association relation diagram of the invention is shown in fig. 4, and the key is updated in a centralized manner on line by connecting EKC with EKT equipment by taking a movable garage as a unit. As shown in fig. 5, the EKT equipment on the train can be used as a separate component independent from the vehicle-mounted equipment, for example, EKT equipment can be arranged in a cab, the EKT equipment and the vehicle-mounted equipment can communicate by adopting a vehicle network and complete information interaction, the ATP equipment is arranged between the vehicle-mounted equipment, and the EKT equipment and the ATP equipment are connected through an external interface between the vehicle-mounted equipment. EKT communicates with ground EKC devices via wireless network LTE/GSMR and performs the associated key task receiving work.
The EKC device has at least the following functions:
the EKC device should have a unique device number;
the EKC should support keys to decrypt the on-board ATP distributed by the key management center system;
the EKC should be able to store keys for the on-board ATP distributed from the key management center system;
the EKC should be able to update the keys of the on-board ATP distributed from the key management center system;
the EKC should be able to delete the key of the associated ATP according to the requirements of the key management center system;
the EKC should have a consistency check and check function of the EKT internal key connected to it;
the EKC can manage the association relation between each set EKT and ATP;
the EKC should have an interface function with EKT regarding key updates;
the EKC should be provided with bi-directional communication with EKT devices over the LTE/GSMR network.
The EKC should have a key information storage function after power failure.
EKT the device has at least the following functions:
EKT the device should have a unique device number;
EKT equipment should be capable of supporting the function of inquiring related keys from single-ended ATP or double-ended ATP of the same train;
EKT should be provided with bi-directional communication with EKC devices over the LTE/GSMR network.
EKT should have an interface function with EKC regarding key updates;
EKT should have a consistency check and check function of the EKC internal key connected to it;
EKT should have key information storage function after power-off.
The key interaction flow is as follows:
an operator generates and distributes an offline key through a key management center system;
the key installer deploys the ATP key file to the EKC equipment in an offline mode;
after the EKC equipment is analyzed, the vehicle-mounted ATP equipment and corresponding EKT equipment which need to update the key are judged according to the comparison and identification of the new key and the old key;
when the motor car is electrified in the warehouse, the EKT equipment initiates connection with the EKC equipment;
the EKC equipment and EKT equipment perform consistency verification interaction of the internal keys of the two parties;
if the EKC equipment finds that the consistency verification of the internal key of the equipment is inconsistent with that of the internal key of the EKT equipment, the update of the internal key of the EKT equipment is initiated;
after updating, the EKC is disconnected with EKT;
the ATP obtains the RBC key from the EKT device that needs to be connected to establish a connection with the RBC device.
The message flow diagram of the key task is shown in fig. 6, and the key management center sends an ATP offline key task;
after receiving the key, the EKC locally completes the judgment of the new key and the old key and updates the local key;
EKT after the equipment is powered on, EKT sends a request to the EKC to establish connection with the EKC;
the EKC sends a key consistency comparison request to EKT;
if EKT the internal key is inconsistent with the key in the EKC, EKT requests an update key from the EKC;
the EKC updates EKT the internal key to EKT;
after the update EKT internal key is successful, EKT replies to EKT that the update was successful;
EKC disconnect EKT;
the EKC sends key task archiving to a key management center;
ATP requests EKT KMAC keys with a certain RBC;
EKT sends the KMAC key to the ATP.
In the existing key management system, the key update between the key management center and the ground RBC can be performed in an existing manner. Because the number of the vehicle-mounted ATP devices is large, and the train is in the running process for a long time, huge manpower consumption exists when the train is updated in an off-line mode. The verification means after the key update between the vehicles also needs to trigger the ATP manually to call the RBC again for verification, and has the problem of low timeliness. Through increasing EKC equipment in ground movable garage and increasing EKT equipment that can exchange the key with ATP at the vehicle side, accomplish regional automatic on-line update key, unify the interface between ATP and EKT equipment, make EKT can compatible many ATP systems, the key is accomplished to take along with the time, no longer maintained and install by each ATP producer, verification reliability and maintainability and high compatibility that the key updated have also been improved when effectively reducing the human cost that the manual intervention brought.
According to the invention, the mode of arranging the EKC in the movable garage to manage all vehicle keys in the movable garage is adopted, EKT equipment is newly added on a train, and the original mode of dispersedly installing the ATP keys is changed into a regional centralized scheme taking the movable garage as a range. EKC, EKT, ATP, a key interaction flow way method; providing a unified standardized interface through EKT, and sending keys required to be used to the ATP; and the device is compatible with a plurality of different ATP devices. The secret key is obtained at any time without maintenance and installation by each ATP manufacturer.
The invention can reduce the time and labor cost brought by updating the vehicle-mounted secret key in an off-line mode, and has high timeliness.
In the existing key management system, the key update between the key management center and the ground RBC can be performed in an existing manner. Because the number of the vehicle-mounted ATP devices is large, and the train is in the running process for a long time, huge manpower consumption exists when the train is updated in an off-line mode. The verification means after the key update between the vehicles also needs to trigger the ATP manually to call the RBC again for verification, and has the problem of low timeliness. Through increasing EKC equipment in ground movable garage and increasing EKT equipment that can exchange the key with ATP at the vehicle side, accomplish regional automatic on-line update key, unify the interface between ATP and EKT equipment, make EKT can compatible many ATP systems, the key is accomplished to take along with the time, no longer maintained and install by each ATP producer, verification reliability and maintainability and high compatibility that the key updated have also been improved when effectively reducing the human cost that the manual intervention brought.
Although the invention has been described in detail with reference to the foregoing embodiments, it will be understood by those of ordinary skill in the art that: the technical scheme described in the foregoing embodiments can be modified or some technical features thereof can be replaced by equivalents; such modifications and substitutions do not depart from the spirit and scope of the technical solutions of the embodiments of the present invention.
Claims (7)
1. A method for online centralized updating of a vehicle-mounted key, the method comprising:
generating an ATP key file of the vehicle-mounted equipment through a key management center system, and deploying the ATP key file into the EKC equipment in an offline mode; the EKC equipment is key updating equipment arranged in the movable garage;
after analyzing the ATP key file, the EKC equipment judges ATP of which the key needs to be updated and corresponding EKT equipment according to the comparison and identification of the new key and the old key, the EKC equipment is connected with EKT equipment and updates the internal key on EKT equipment, and the ATP key is updated through EKT equipment; EKT equipment is terminal equipment which is arranged on a train and performs communication interaction with EKC equipment;
the EKC device connects EKT devices and updates EKT internal keys on the devices, including: when the motor car is electrified in the warehouse, the EKT equipment initiates connection with the EKC equipment; the EKC equipment and EKT equipment perform consistency verification interaction of the internal keys of the two parties; if the EKC equipment finds that the consistency verification of the internal key of the equipment is inconsistent with that of the internal key of the EKT equipment, the update of the internal key of the EKT equipment is initiated; after updating, the EKC equipment is disconnected with EKT equipment;
updating the ATP key by the EKT device includes: the interface between the ATP and EKT equipment is unified, a unified standardized interface is provided by EKT equipment, and a key required to be used is sent to the ATP; the ATP obtains the RBC key from the EKT device that connects to the wireless occlusion center RBC device, establishing a connection with the RBC device.
2. The method for online centralized updating of vehicle keys of claim 1,
after analyzing the ATP key file, the EKC device determines the ATP and the EKT device corresponding to the ATP that need to update the key according to the comparison and identification of the new key and the old key, and the EKC device is connected with the EKT device and updates the internal key on the EKT device, and specifically includes:
through the mode that sets up EKC equipment in the movable garage and manage all vehicle keys in the movable garage, be provided with EKT equipment on the train, the regional centralized inside key of EKT equipment of online update through EKC equipment that uses the movable garage as scope.
3. The method for online centralized updating of vehicle keys of claim 1,
the EKC device connects EKT devices and updates EKT internal keys on the devices, further comprising:
the EKC equipment is in bidirectional communication with EKT equipment through an LTE/GSMR network;
the EKC device has a unique device number; the EKC equipment obtains the key of the vehicle-mounted ATP distributed by the key management center system, then decrypts and stores the key, verifies the consistency of the internal key of EKT equipment connected with the key, and updates the internal key of EKT equipment according to the situation;
the EKT device updates the key with the EKC device through the interface; both EKC devices and EKT devices may continue to store key information after power is turned off.
4. The method for online centralized updating of vehicle keys of claim 1,
the updating the ATP key by the EKT device further comprises:
the EKC equipment manages the association relation between each set of EKT equipment and ATP; EKT device communicates with ATP device via LTE/GSMR network in both directions;
EKT the device is provided with a unique device number; the same train single-ended ATP or double-ended ATP may support querying EKT devices for related keys.
5. The device for updating the vehicle-mounted secret key in an online centralized manner is characterized by comprising a secret key generation deployment unit and a secret key updating unit;
the key generation deployment unit is used for generating an ATP key file of the vehicle-mounted equipment through the key management center system and deploying the ATP key file into the EKC equipment in an offline mode; the EKC equipment is key updating equipment arranged in the movable garage;
the key updating unit is used for judging the ATP of the key to be updated and the corresponding EKT equipment according to the comparison and identification of the new key and the old key after the ATP key file is analyzed by the EKC equipment, the EKC equipment is connected with EKT equipment and updates the internal key on EKT equipment, and the ATP key is updated through EKT equipment; EKT equipment is terminal equipment which is arranged on a train and performs communication interaction with EKC equipment;
the EKC device connects EKT devices and updates EKT internal keys on the devices, including:
when the motor car is electrified in the warehouse, the EKT equipment initiates connection with the EKC equipment; the EKC equipment and EKT equipment perform consistency verification interaction of the internal keys of the two parties; if the EKC equipment finds that the consistency verification of the internal key of the equipment is inconsistent with that of the internal key of the EKT equipment, the update of the internal key of the EKT equipment is initiated; after updating, the EKC equipment is disconnected with EKT equipment;
updating the ATP key by the EKT device includes: the interface between the ATP and EKT equipment is unified, a unified standardized interface is provided by EKT equipment, and a key required to be used is sent to the ATP; the ATP obtains the RBC key from the EKT device that connects to the wireless occlusion center RBC device, establishing a connection with the RBC device.
6. The electronic equipment is characterized by comprising a processor, a communication interface, a memory and a communication bus, wherein the processor, the communication interface and the memory are communicated with each other through the communication bus;
a memory for storing a computer program;
a processor for implementing a method for online centralized updating of vehicle keys according to any one of claims 1-4 when executing a program stored on a memory.
7. A computer readable storage medium having stored thereon a computer program, which when executed by a processor implements a method of online centralized updating of a vehicle key according to any of claims 1-4.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202310272457.7A CN115988488B (en) | 2023-03-21 | 2023-03-21 | Method and device for on-line centralized updating of vehicle-mounted secret key |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202310272457.7A CN115988488B (en) | 2023-03-21 | 2023-03-21 | Method and device for on-line centralized updating of vehicle-mounted secret key |
Publications (2)
Publication Number | Publication Date |
---|---|
CN115988488A CN115988488A (en) | 2023-04-18 |
CN115988488B true CN115988488B (en) | 2023-06-30 |
Family
ID=85970539
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202310272457.7A Active CN115988488B (en) | 2023-03-21 | 2023-03-21 | Method and device for on-line centralized updating of vehicle-mounted secret key |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN115988488B (en) |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2019076032A1 (en) * | 2017-10-20 | 2019-04-25 | 北京全路通信信号研究设计院集团有限公司 | Method and system for classified storage of keys |
CN109787756A (en) * | 2018-12-24 | 2019-05-21 | 吉林微思智能科技有限公司 | A kind of car-mounted terminal key distribution management method based on whitepack encryption technology |
CN114173303A (en) * | 2021-12-08 | 2022-03-11 | 中国国家铁路集团有限公司 | Train-ground session key generation method and system for CTCS-3 level train control system |
Family Cites Families (10)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102238004B (en) * | 2011-05-16 | 2013-09-25 | 北京全路通信信号研究设计院有限公司 | Key management system for Chinese train control system-3 (C3) system |
JP2017192156A (en) * | 2017-07-26 | 2017-10-19 | 住友電気工業株式会社 | Communication system |
WO2019212403A1 (en) * | 2018-04-30 | 2019-11-07 | 华为国际有限公司 | Method for upgrading vehicle-mounted device, and related device |
CN109327467B (en) * | 2018-11-20 | 2020-07-24 | 北京交通大学 | Management method of RSSP-II secure communication protocol key management mechanism |
EP3883212B1 (en) * | 2019-11-12 | 2023-02-22 | Huawei Technologies Co., Ltd. | Device upgrade method and related device |
CN111148073B (en) * | 2020-04-03 | 2020-07-31 | 北京全路通信信号研究设计院集团有限公司 | Secret key management method and system for train-ground communication transmission information |
CN112738122B (en) * | 2021-01-04 | 2023-02-21 | 北京全路通信信号研究设计院集团有限公司 | Online key management system and method in complex scene in rail transit field |
CN112840683B (en) * | 2021-01-18 | 2022-04-22 | 华为技术有限公司 | Vehicle key management method, device and system |
CN114554486B (en) * | 2022-01-06 | 2024-04-30 | 北京全路通信信号研究设计院集团有限公司 | Secret key management method and system for information security transmission |
CN115174040B (en) * | 2022-02-22 | 2024-06-21 | 重庆长安汽车股份有限公司 | Method, system, vehicle and medium for injecting and updating secret key of in-vehicle controller |
-
2023
- 2023-03-21 CN CN202310272457.7A patent/CN115988488B/en active Active
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2019076032A1 (en) * | 2017-10-20 | 2019-04-25 | 北京全路通信信号研究设计院集团有限公司 | Method and system for classified storage of keys |
CN109787756A (en) * | 2018-12-24 | 2019-05-21 | 吉林微思智能科技有限公司 | A kind of car-mounted terminal key distribution management method based on whitepack encryption technology |
CN114173303A (en) * | 2021-12-08 | 2022-03-11 | 中国国家铁路集团有限公司 | Train-ground session key generation method and system for CTCS-3 level train control system |
Also Published As
Publication number | Publication date |
---|---|
CN115988488A (en) | 2023-04-18 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN108989024B (en) | Method, device and equipment for controlling communication between ECUs and corresponding vehicle | |
CN102142974B (en) | Method and system for authorizing management of terminals of internet of things | |
WO2014148003A1 (en) | Program rewrite system for onboard electronic control device and onboard relay device | |
CN104349947A (en) | Authentication system and authentication method | |
CN105260198A (en) | Vehicle software update verification | |
CN105187376A (en) | Safe communication method of internal automobile network in Telematics | |
CN101470411A (en) | System and method for safely updating ECU data | |
CN105046796A (en) | Unlocking control method, device and system for electronic lock | |
CN112328271B (en) | Vehicle-mounted equipment software upgrading method and system | |
CN105471874A (en) | Data transmission method and device | |
US11882213B2 (en) | Method for key generation upon request by a secure access device, using an electronic control unit of a vehicle | |
CN113556710B (en) | Vehicle Bluetooth key method and device and vehicle | |
KR20220133149A (en) | Two way security communication apparatus for electric vehicle | |
CN107968707B (en) | Method and system for classified storage of secret keys | |
CN114785557B (en) | Whole vehicle symmetric key distribution system, method and storage medium | |
CN117220752A (en) | Satellite-ground data transmission link safety transmission system and method | |
CN111935258A (en) | Method and system for performing parameter operation on electric vehicle-mounted terminal | |
CN115988488B (en) | Method and device for on-line centralized updating of vehicle-mounted secret key | |
CN111786987B (en) | Task issuing method, device, system and equipment | |
CN110830243B (en) | Symmetric key distribution method, device, vehicle and storage medium | |
CN101807276B (en) | Security management and supervision system of traffic management software and application method thereof | |
KR20130022688A (en) | Device for updating software of electronic control units in vehicle | |
CN117527262B (en) | Method for constructing automobile security OTA based on chip | |
CN112350900A (en) | Safety switch control method and module based on Bluetooth and WeChat applet | |
CN103818342A (en) | Method and system for vehicle anti-theft matching operation authority authentication |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |