CN116232766A - OTA-based data encryption system and method - Google Patents

OTA-based data encryption system and method Download PDF

Info

Publication number
CN116232766A
CN116232766A CN202310498978.4A CN202310498978A CN116232766A CN 116232766 A CN116232766 A CN 116232766A CN 202310498978 A CN202310498978 A CN 202310498978A CN 116232766 A CN116232766 A CN 116232766A
Authority
CN
China
Prior art keywords
upgrade package
node client
key
ota
software
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202310498978.4A
Other languages
Chinese (zh)
Other versions
CN116232766B (en
Inventor
张建平
柳旭
范玲玲
刘闯
王腾
刘禹池
孙小雨
徐晋吉
马骉
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
FAW Group Corp
Original Assignee
FAW Group Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by FAW Group Corp filed Critical FAW Group Corp
Priority to CN202310498978.4A priority Critical patent/CN116232766B/en
Publication of CN116232766A publication Critical patent/CN116232766A/en
Application granted granted Critical
Publication of CN116232766B publication Critical patent/CN116232766B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0823Network architectures or network communication protocols for network security for authentication of entities using certificates
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0869Network architectures or network communication protocols for network security for authentication of entities for achieving mutual authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/06Protocols specially adapted for file transfer, e.g. file transfer protocol [FTP]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/0825Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using asymmetric-key encryption or public key infrastructure [PKI], e.g. key signature or public key certificates
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3263Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/03Protecting confidentiality, e.g. by encryption
    • H04W12/033Protecting confidentiality, e.g. by encryption of the user plane, e.g. user's traffic
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • H04W12/069Authentication using certificates or pre-shared keys
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W92/00Interfaces specially adapted for wireless communication networks
    • H04W92/04Interfaces between hierarchically different network devices
    • H04W92/10Interfaces between hierarchically different network devices between terminal device and access point, i.e. wireless air interface

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Stored Programmes (AREA)
  • Storage Device Security (AREA)

Abstract

The invention discloses a data encryption system and method based on OTA, wherein: the OTA cloud end is used for encrypting the software upgrade package by adopting a first key to obtain an upgrade package ciphertext and sending the upgrade package ciphertext to the CDN; establishing a bidirectional security authentication channel with a master node client through PKI, and performing security authentication on the master node client; the first encryption information associated with the first secret key is sent to a master node client side passing authentication through a bidirectional security authentication channel; the main node client is used for responding to the deployment of the upgrading task, acquiring an upgrading packet ciphertext from the CDN and acquiring first encryption information corresponding to the upgrading packet ciphertext from the bidirectional security authentication channel; encrypting the first encryption information by adopting a second key to obtain second encryption information, and encrypting and storing the second key and the second encryption information by adopting a corresponding safe and reliable module; and controlling each slave node client to carry out software upgrading according to the upgrading task deployment. Secure communications in the OTA process may be implemented.

Description

OTA-based data encryption system and method
Technical Field
The present invention relates to the field of computer technologies, and in particular, to an OTA-based data encryption system and method.
Background
With the development of computer technology and communication technology, the software functions of electronic devices are becoming more and more abundant, and the iteration cycle is becoming faster and faster. In some fields, such as the automotive field, there is still a way to update software using offline brush. The efficiency of offline updating and writing of updated software is low, and consistency of multiple equipment ends in a vehicle cannot be ensured.
To solve the above problems, over-the-Air Technology (OTA) has evolved. The software can be upgraded online by using the OTA technology and the wireless network communication, so that the upgrading efficiency and the upgrading consistency are ensured.
However, the security of the upgrade software cannot be ensured when the upgrade is performed by the OTA technology. Especially in the automotive field, if the software is hacked during the upgrade process, it will bring an unpredictable loss to the user, even threatening the personal safety of the user. Therefore, it is desirable to provide a secure communication scheme that can implement the OTA upgrade process.
Disclosure of Invention
The invention provides a data encryption system and method based on OTA (over the air) to solve the problem of secure communication during software upgrading through OTA.
According to an aspect of the present invention, there is provided an OTA-based data encryption system, the system comprising: OTA cloud, PKI, CDN, master node customer end, at least one slave node customer end, dispose the safe trusted module in every customer end separately; wherein:
the OTA cloud end is used for acquiring a software upgrade package, encrypting the software upgrade package by adopting a first key to obtain an upgrade package ciphertext, and sending the upgrade package ciphertext to the CDN;
the OTA cloud end and the master node client end establish a bidirectional security authentication channel through a PKI facility;
the OTA cloud end is used for carrying out security authentication on the master node client through the bidirectional security authentication channel;
the OTA cloud is used for sending the first encryption information associated with the first key to a master node client side passing authentication through the bidirectional security authentication channel;
the master node client is used for responding to the deployment of the upgrade task, acquiring the upgrade package ciphertext from the CDN, and acquiring first encryption information corresponding to the upgrade package ciphertext from the bidirectional security authentication channel;
the master node client is used for encrypting the first encryption information by adopting a second secret key to obtain second encryption information, and encrypting and storing the second secret key and the second encryption information by adopting a corresponding safe trusted module;
and the master node client is used for controlling each slave node client to carry out software upgrading according to the upgrading task deployment.
Optionally, the PKI facility includes: certificate authority CA, online certificate status protocol OCSP, and digital signature module; wherein:
the CA is used for issuing certificates for the OTA cloud end and the master node client in the bidirectional security authentication channel;
OCSP, is used for carrying on the security authentication to the said master node customer end;
and the digital signature module is used for signing the software upgrading package.
Optionally, the OTA cloud end is specifically configured to obtain a software upgrade package, sign the software upgrade package with a digital signature module, and encrypt the signed software upgrade package with a first key to obtain an upgrade package ciphertext;
the master node client or the slave node client is specifically configured to obtain the second key and the second encryption information through a corresponding secure trusted module; decrypting the second encrypted information through the second secret key to obtain first encrypted information; decrypting the upgrade package ciphertext through the first key in the first encryption information, and performing signature verification to obtain a software upgrade package passing verification; and upgrading by adopting a software upgrading package.
According to another aspect of the present invention, there is provided an OTA-based data encryption method applied to an OTA cloud in an OTA-based data encryption system according to any one of the embodiments of the present invention, the method including:
the method comprises the steps of obtaining a software upgrade package, encrypting the software upgrade package by adopting a first key to obtain an upgrade package ciphertext, and sending the upgrade package ciphertext to a CDN;
establishing a bidirectional security authentication channel with a main node client in the OTA-based data encryption system through PKI equipment;
and sending the first encryption information associated with the first key to the authenticated master node client through the bidirectional security authentication channel.
Optionally, obtaining a software upgrade package, encrypting the software upgrade package by using a first key to obtain an upgrade package ciphertext, including:
and acquiring a software upgrade package, signing the software upgrade package by adopting a digital signature module, and encrypting the signed software upgrade package by adopting a first key to obtain an upgrade package ciphertext.
Optionally, the method further comprises:
and carrying out security authentication on the master node client through an Online Certificate Status Protocol (OCSP) in the PKI facility.
According to another aspect of the present invention, there is provided an OTA-based data encryption method applied to a master node client in an OTA-based data encryption system according to any one of the embodiments of the present invention, the method including:
establishing a bidirectional security authentication channel with an OTA cloud in the OTA-based data encryption system;
responding to the deployment of the upgrade task, acquiring the upgrade package ciphertext from the CDN, and acquiring first encryption information corresponding to the upgrade package ciphertext from the bidirectional security authentication channel;
encrypting the first encryption information by adopting a second key to obtain second encryption information, and encrypting and storing the second key and the second encryption information by adopting a corresponding safe trusted module;
and controlling each slave node client to carry out software upgrading according to the upgrading task deployment.
Optionally, the first encryption information includes: upgrade task basic information, upgrade package download address, the first key and encryption algorithm;
controlling each slave node client to carry out software upgrading according to the upgrading task deployment, including:
notifying a corresponding slave node client to download the upgrade package ciphertext at the master node client or CDN according to the upgrade package download address according to the upgrade task basic information;
and sending the second secret key and the second encryption information to the corresponding slave node client so that the slave node client adopts a corresponding safe and trusted module to encrypt and store the second secret key and the second encryption information, and adopts the encrypted and stored information to carry out software upgrading after downloading the upgrading packet ciphertext.
Optionally, after obtaining the upgrade package ciphertext from the CDN in response to the upgrade task deployment, the method further includes:
decrypting the second encryption information through the second key in the corresponding safe trusted module to obtain first encryption information;
decrypting the upgrade package ciphertext through the first key in the first encryption information, and performing signature verification to obtain a software upgrade package passing verification;
and upgrading by adopting a software upgrading package.
According to another aspect of the present invention, there is provided an OTA-based data encryption method applied to a slave node client in an OTA-based data encryption system according to any one of the embodiments of the present invention, the method including:
receiving a software upgrading notification, a second key and second encryption information sent by a main node client in the OTA-based data encryption system, and encrypting and storing the second key and the second encryption information by adopting a corresponding safe and trusted module;
downloading the upgrade package ciphertext at the main node client or CDN according to the upgrade package download address in the software upgrade notification;
decrypting the second encrypted information through the second key stored in the corresponding safe trusted module in an encrypted manner to obtain first encrypted information;
decrypting the upgrade package ciphertext through the first key in the first encryption information, and performing signature verification to obtain a software upgrade package passing verification;
and upgrading by adopting a software upgrading package.
According to the technical scheme, an OTA cloud end, PKI, CDN, a master node client, at least one slave node client and safe and trusted modules respectively deployed at the clients are arranged in an OTA-based data encryption system; wherein: the OTA cloud end is used for acquiring a software upgrade package, encrypting the software upgrade package by adopting a first key to obtain an upgrade package ciphertext, and sending the upgrade package ciphertext to the CDN; the OTA cloud end and the master node client end establish a bidirectional security authentication channel through a PKI facility; the OTA cloud end is used for carrying out security authentication on the main node client through the bidirectional security authentication channel; the OTA cloud is used for sending the first encryption information associated with the first key to a master node client side passing authentication through a bidirectional security authentication channel; the main node client is used for responding to the deployment of the upgrading task, acquiring an upgrading packet ciphertext from the CDN and acquiring first encryption information corresponding to the upgrading packet ciphertext from the bidirectional security authentication channel; the master node client is used for encrypting the first encryption information by adopting a second key to obtain second encryption information, and encrypting and storing the second key and the second encryption information by adopting a corresponding safe and reliable module; the master node client is used for deploying and controlling each slave node client to carry out software upgrading according to the upgrading task, so that the problem of safety communication when the software is upgraded by the OTA technology is solved, the online upgrading of the software can be realized by the software upgrading by the OTA technology, and the efficiency and consistency of the software upgrading are improved; data distribution can be realized through the CDN, and software package upgrading is accelerated; the security of OTA software upgrading can be ensured by establishing a security channel between the OTA cloud and the client through PKI; software package upgrades of a device may be coordinated by setting a master node client and a slave node client in the device.
It should be understood that the description in this section is not intended to identify key or critical features of the embodiments of the invention or to delineate the scope of the invention. Other features of the present invention will become apparent from the description that follows.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present invention, the drawings required for the description of the embodiments will be briefly described below, and it is apparent that the drawings in the following description are only some embodiments of the present invention, and other drawings may be obtained according to these drawings without inventive effort for a person skilled in the art.
Fig. 1 is a schematic structural diagram of an OTA-based data encryption system according to a first embodiment of the present invention;
fig. 2 is a flowchart of an OTA-based data encryption method according to a second embodiment of the present invention;
fig. 3 is a flowchart of an OTA-based data encryption method according to a third embodiment of the present invention;
fig. 4 is a flowchart of an OTA-based data encryption method according to a fourth embodiment of the present invention;
fig. 5 is a timing diagram of an OTA-based data encryption method according to an embodiment of the present invention.
Detailed Description
In order that those skilled in the art will better understand the present invention, a technical solution in the embodiments of the present invention will be clearly and completely described below with reference to the accompanying drawings in which it is apparent that the described embodiments are only some embodiments of the present invention, not all embodiments. All other embodiments, which can be made by those skilled in the art based on the embodiments of the present invention without making any inventive effort, shall fall within the scope of the present invention.
It should be noted that the terms "first," "second," and the like in the description and the claims of the present invention and the above figures are used for distinguishing between similar objects and not necessarily for describing a particular sequential or chronological order. It is to be understood that the data so used may be interchanged where appropriate such that the embodiments of the invention described herein may be implemented in sequences other than those illustrated or otherwise described herein. Furthermore, the terms "comprises," "comprising," and "having," and any variations thereof, are intended to cover a non-exclusive inclusion, such that a process, method, system, article, or apparatus that comprises a list of steps or elements is not necessarily limited to those steps or elements expressly listed but may include other steps or elements not expressly listed or inherent to such process, method, article, or apparatus.
Example 1
Fig. 1 is a schematic structural diagram of an OTA-based data encryption system according to a first embodiment of the present invention, where the present embodiment is applicable to a case of upgrading software of multiple devices or multiple terminals in an automobile by an OTA technology in an automobile. As shown in fig. 1, the system includes: an OTA cloud 110, a public key infrastructure (Public Key Infrastructure, PKI) 120, a content delivery network (Content Delivery Network, CDN) 130, a master node Client (OTA Client) 140, at least one slave node Client (OTA Agent) 150, and secure trusted modules 160 deployed at each Client, respectively.
As shown in fig. 1, the OTA cloud 110 and the master node client 140 establish a bidirectional secure authentication channel through the PKI facility 120. The bidirectional security authentication channel may be a security channel in which an OTA task is synchronized with a state. The bidirectional secure authenticated channel may be established by a secure transport layer protocol (Transport Layer Security, TLS).
In an alternative implementation of the embodiment of the present invention, a PKI facility includes: certificate authority (Certification Authority, CA), online certificate status protocol (Online Certificate Status Protocol, OCSP), and digital signature system. Wherein: the CA is used for issuing certificates for the OTA cloud end and the master node client in the bidirectional security authentication channel; OCSP, which is used to make security authentication for the master node client; and the digital signature module is used for signing the software upgrading package.
The PKI data may include, among other things, a data certificate, a private key, and a chain of root certificates. And a bidirectional security authentication channel between the OTA cloud and the master node client can be established through PKI data. The data certificate in the PKI data may be issued by the CA.
In the embodiment of the present invention, the OTA cloud 110 is configured to perform security authentication on the master node client 140 through a bidirectional security authentication channel. According to the technical scheme provided by the embodiment of the invention, the security authentication is further carried out on the master node client 140 on the basis of establishing the bidirectional security authentication channel between the OTA cloud and the master node client, so that the information security in the upgrading process can be strictly ensured.
Specifically, when the master node client and the slave node client are set in the automobile, the security authentication of the OTA cloud to the master node client may be to authenticate the certificate status of the automobile. For example, the digital certificate of the vehicle may be verified by OCSP in the PKI facility to prevent the upgrade from being secured when the vehicle is intruded. In addition, the OCSP can also be used for verifying whether the actual vehicle identification code (Vehicle Identification Number, VIN) of the vehicle is consistent with the VIN in the digital certificate, and the validity of the vehicle can be ensured through the consistency verification of the VIN, so that the safety of vehicle software upgrading is improved.
In the embodiment of the invention, the OTA cloud is used for sending the first encryption information associated with the first key to the master node client side passing authentication through the bidirectional security authentication channel. Wherein the first encryption information may include: upgrade task basic information, upgrade package download address, first key and encryption algorithm. Based on the bidirectional security authentication channel and the authentication of the master node client, the security of the first encrypted information can be ensured, so that the security of software upgrading is ensured.
In the embodiment of the invention, according to the deployment of the upgrade task, the main node client can firstly acquire the software upgrade package, or can firstly acquire the first encryption information corresponding to the software upgrade package.
The master node client is illustratively configured to obtain the first encrypted information from the two-way secure authenticated channel in response to the upgrade task deployment. The upgrade task deployment may be a specific deployment situation of an administrator on the software upgrade task. When the software of the vehicle needs to be upgraded, the master node client can acquire first encryption information corresponding to the software upgrading package in the bidirectional security authentication channel.
After the first encryption information is obtained, in order to ensure the security of the OTA software upgrade, the main node client may perform two-stage encryption on the first encryption information. The master node client is used for encrypting the first encryption information by adopting the second key to obtain second encryption information, and encrypting and storing the second key and the second encryption information by adopting the corresponding safe and trusted module. The secure trusted module may be, among other things, a hardware security module (Hardware Security Module, HSM) and/or a trusted execution environment (Trusted execution environment, TEE), as shown in fig. 1. The secure trusted module may encrypt, decrypt, verify, and securely store the data. The data security in the upgrading process can be further ensured by two-stage encryption, namely, the mode that the second secret key encrypts the first encrypted information and the safe and reliable module encrypts and stores the second secret key and the second encrypted information.
In the embodiment of the invention, when the software is required to be upgraded, software upgrade package management can be performed through the OTA cloud. Specifically, the OTA cloud end is configured to obtain a software upgrade package, encrypt the software upgrade package with a first key to obtain an upgrade package ciphertext, and send the upgrade package ciphertext to the CDN.
Wherein one software upgrade package may be encrypted once. The first keys corresponding to different software upgrade packages may be different. A digital signature module may be provided in the PKI facility. Based on the digital signature module, the OTA cloud can sign the software upgrade package, so that the security of the upgrade package is further ensured.
The OTA cloud is specifically configured to obtain a software upgrade package, sign the software upgrade package by using a digital signature module, and encrypt the signed software upgrade package by using a first key to obtain an upgrade package ciphertext.
In the embodiment of the invention, the main node client is used for responding to the deployment of the upgrade task and acquiring the upgrade package ciphertext from the CDN. And the master node client is used for responding to the upgrade task deployment and acquiring first encryption information corresponding to the upgrade package ciphertext from the bidirectional security authentication channel. The OTA cloud adopts the public network CDN to distribute the upgrade package ciphertext, and adopts the bidirectional security authentication channel to send the first encryption information corresponding to the upgrade package ciphertext, so that the security of the upgrade process can be ensured while the software upgrade is accelerated.
And the master node client is used for controlling each slave node client to carry out software upgrading according to the upgrading task deployment.
Specifically, if deployed according to an upgrade task, the primary node client has soft requirements for upgrade. The master node client is specifically configured to obtain a second key and second encryption information through a corresponding secure trusted module; decrypting the second encrypted information through the second key to obtain the first encrypted information; decrypting the upgrade package ciphertext through a first key in the first encryption information, and performing signature verification to obtain a software upgrade package passing verification; and upgrading by adopting a software upgrading package.
In the embodiment of the invention, the deployment of the upgrade task can be the upgrade of equipment in the vehicle, the distribution of an upgrade package, the downloading mode of the upgrade package and the like. The upgrade task deployment can enable the master node client to control the upgrade of the slave node client. For example, according to the upgrade task deployment, the master node client may control the entire OTA flow, download an upgrade package required for the master node client to upgrade, download an upgrade package required for the slave node client to upgrade with a size less than or equal to a preset data package, or inform the slave node client to download an upgrade package required for the slave node client to upgrade with a size greater than the preset data package.
If the slave node client is deployed according to the upgrade task, the slave node client has soft upgrade requirements. The master node client is specifically configured to notify the corresponding slave node client to download the upgrade package ciphertext from the CDN or the master node client; and sending the second key and the second encryption information to the corresponding slave node client. The slave node client is specifically configured to encrypt and store the second key and the second encrypted information by using the corresponding secure and trusted module, and perform software upgrade by using the encrypted and stored information after downloading the ciphertext of the upgrade package.
Specifically, the slave node client is configured to download the upgrade package ciphertext from the CDN or the master node client according to an instruction of the master node client; decrypting the second encrypted information through a second key stored in the corresponding safe trusted module in an encrypted manner to obtain first encrypted information; decrypting the upgrade package ciphertext through a first key in the first encryption information, and performing signature verification to obtain a software upgrade package passing verification; and upgrading by adopting a software upgrading package.
The manner of downloading the upgrade package ciphertext from the CDN by the slave node client may be an independent download scenario. In an independent download scenario, the master node client may not download the upgrade package required for the slave node client to upgrade, but instead notify the slave node client to download the upgrade package at the CDN. The situation that the master node client does not have enough space to store the proxy node upgrade package can be avoided through the independent downloading scene, and the situation that the efficiency of the master node client for downloading the upgrade package needed by the slave node client is too low can also be avoided, so that the upgrading reliability and efficiency of software are ensured.
Wherein the master node client and the slave node client may be deployed in the same vehicle end device in the vehicle. Alternatively, as shown in FIG. 1, the master node client and the slave node client may be deployed in different head-end devices in the vehicle. If the master node client is deployed in the vehicle end equipment A, the slave node client is deployed in the vehicle end equipment B.
According to the technical scheme, an OTA cloud end, PKI, CDN, a master node client, at least one slave node client and safe and trusted modules respectively deployed at the clients are arranged in an OTA-based data encryption system; wherein: the OTA cloud end is used for acquiring a software upgrade package, encrypting the software upgrade package by adopting a first key to obtain an upgrade package ciphertext, and sending the upgrade package ciphertext to the CDN; the OTA cloud end and the master node client end establish a bidirectional security authentication channel through a PKI facility; the OTA cloud end is used for carrying out security authentication on the main node client through the bidirectional security authentication channel; the OTA cloud is used for sending the first encryption information associated with the first key to a master node client side passing authentication through a bidirectional security authentication channel; the main node client is used for responding to the deployment of the upgrading task, acquiring an upgrading packet ciphertext from the CDN and acquiring first encryption information corresponding to the upgrading packet ciphertext from the bidirectional security authentication channel; the master node client is used for encrypting the first encryption information by adopting a second key to obtain second encryption information, and encrypting and storing the second key and the second encryption information by adopting a corresponding safe and reliable module; the master node client is used for deploying and controlling each slave node client to carry out software upgrading according to the upgrading task, so that the problem of safety communication when the software is upgraded by the OTA technology is solved, the online upgrading of the software can be realized by the software upgrading by the OTA technology, and the efficiency and consistency of the software upgrading are improved; data distribution can be realized through the CDN, and software package upgrading is accelerated; the security of OTA software upgrading can be ensured by establishing a security channel between the OTA cloud and the client through PKI; software package upgrades of a device may be coordinated by setting a master node client and a slave node client in the device.
Example two
Fig. 2 is a flowchart of an OTA-based data encryption method according to a second embodiment of the present invention, where the present embodiment is applicable to a case of performing software upgrade on multiple devices or multiple terminals in an automobile through an OTA technology in an automobile. The method may be performed by an OTA cloud in an OTA-based data encryption system as provided in any one of the embodiments of the present invention. As shown in fig. 2, the method includes:
step 210, obtaining a software upgrade package, encrypting the software upgrade package by adopting a first key to obtain an upgrade package ciphertext, and sending the upgrade package ciphertext to the CDN.
In an optional implementation manner of the embodiment of the present invention, obtaining a software upgrade package, encrypting the software upgrade package by using a first key to obtain an upgrade package ciphertext, including: the method comprises the steps of obtaining a software upgrading package, signing the software upgrading package by adopting a digital signature module, and encrypting the signed software upgrading package by adopting a first key to obtain an upgrading package ciphertext.
Step 220, establishing a bidirectional security authentication channel with a master node client in the OTA-based data encryption system through a PKI facility.
In an alternative implementation of the embodiment of the present invention, the method further includes: and carrying out security authentication on the master node client through an Online Certificate Status Protocol (OCSP) in the PKI facility.
Step 230, the first encrypted information associated with the first key is sent to the authenticated master node client through the bidirectional secure authentication channel.
Furthermore, the master node client can encrypt and store the first encryption information, and download the upgrade package ciphertext in the CDN according to the information in the first encryption information so as to upgrade software of the master node client or the slave node client.
According to the technical scheme, the software upgrading package is obtained, the first secret key is adopted to encrypt the software upgrading package, upgrading package ciphertext is obtained, and the upgrading package ciphertext is sent to the CDN; establishing a bidirectional security authentication channel with a master node client in an OTA-based data encryption system through a PKI facility; the first encryption information associated with the first secret key is sent to the authenticated main node client through the bidirectional security authentication channel, so that the problem of encryption of an upgrade package in OTA software upgrade is solved, and the upgrade package can be encrypted and transmitted to the CDN and then to the client; the security of the upgrade package can be ensured by transmitting the first encryption information corresponding to the upgrade package through the bidirectional security authentication channel; by verifying the main node client, the upgrade package and the corresponding first encryption information can be ensured to be transmitted to the authenticated client, so that the upgrade package is prevented from being leaked, the upgrade safety is ensured, and the data safety is ensured.
Example III
Fig. 3 is a flowchart of an OTA-based data encryption method according to a third embodiment of the present invention. The embodiment can be suitable for the situation that software upgrading is carried out on multiple devices or multiple terminals in an automobile through OTA technology in the automobile. The method may be performed by a master node client in an OTA-based data encryption system as provided by any one of the embodiments of the present invention. As shown in fig. 3, the method includes:
step 310, a bidirectional security authentication channel is established with an OTA cloud in the data encryption system based on the OTA.
Step 320, in response to the deployment of the upgrade task, obtaining an upgrade package ciphertext from the CDN, and obtaining first encryption information corresponding to the upgrade package ciphertext from the bidirectional security authentication channel.
And 330, encrypting the first encrypted information by using the second key to obtain second encrypted information, and encrypting and storing the second key and the second encrypted information by using the corresponding safe trusted module.
And 340, controlling each slave node client to upgrade the software according to the upgrade task deployment.
In an alternative implementation manner of the embodiment of the present invention, the first encryption information includes: upgrade task basic information, upgrade package download address, first key and encryption algorithm; controlling each slave node client to carry out software upgrading according to upgrading task deployment, comprising: according to the upgrade task basic information, notifying the corresponding slave node client to download the upgrade package ciphertext at the master node client or CDN according to the upgrade package download address; and sending the second secret key and the second encryption information to the corresponding slave node client side so that the slave node client side adopts the corresponding safe and reliable module to encrypt and store the second secret key and the second encryption information, and adopts the encrypted and stored information to carry out software upgrading after downloading the upgrading packet ciphertext.
On the basis of the above embodiment, optionally, after obtaining the upgrade package ciphertext from the CDN in response to the upgrade task deployment, the method further includes: decrypting the second encryption information through a second key in the corresponding safe trusted module to obtain first encryption information; decrypting the upgrade package ciphertext through a first key in the first encryption information, and performing signature verification to obtain a software upgrade package passing verification; and upgrading by adopting a software upgrading package.
According to the technical scheme, a bidirectional security authentication channel is established through the OTA cloud in the OTA-based data encryption system; responding to the deployment of the upgrade task, acquiring an upgrade package ciphertext from the CDN, and acquiring first encryption information corresponding to the upgrade package ciphertext from the bidirectional security authentication channel; encrypting the first encryption information by adopting a second key to obtain second encryption information, and encrypting and storing the second key and the second encryption information by adopting a corresponding safe and reliable module; according to the upgrade task deployment, each slave node client is controlled to carry out software upgrade, so that the problem of upgrade safety in OTA software upgrade is solved, and an upgrade package can be transmitted to the client in an encrypted and safe manner; the security of the upgrade package can be ensured by transmitting the first encryption information corresponding to the upgrade package through the bidirectional security authentication channel; the security of the upgrade package and the corresponding first encryption information can be ensured by two-stage encryption of the first encryption result, and the upgrade security is ensured; the software upgrade is performed by the master node client to control the slave node client, so that multiple terminals in the device can be upgraded cooperatively.
Example IV
Fig. 4 is a flowchart of an OTA-based data encryption method according to a fourth embodiment of the present invention. The embodiment can be suitable for the situation that software upgrading is carried out on multiple devices or multiple terminals in an automobile through OTA technology in the automobile. The method may be performed by a slave node client in an OTA-based data encryption system as provided by any one of the embodiments of the present invention. As shown in fig. 4, the method includes:
step 410, receiving a software upgrade notification, a second key and second encryption information sent by a master node client in the OTA-based data encryption system, and encrypting and storing the second key and the second encryption information by adopting a corresponding secure trusted module.
Step 420, downloading the ciphertext of the upgrade package at the master node client or the CDN according to the download address of the upgrade package in the software upgrade notification.
And 430, decrypting the second encrypted information through the second key stored in the corresponding safe trusted module in an encrypted manner to obtain the first encrypted information.
Step 440, decrypting the upgrade package ciphertext through a first key in the first encryption information, and performing signature verification to obtain a software upgrade package passing verification.
Step 450, upgrade is performed by using the software upgrade package.
According to the technical scheme, the software upgrading notification, the second key and the second encryption information sent by the main node client in the OTA-based data encryption system are received, and the second key and the second encryption information are encrypted and stored by adopting the corresponding safe trusted module; downloading an upgrade package ciphertext at a main node client or CDN according to the upgrade package download address in the software upgrade notification; decrypting the second encrypted information through a second key stored in the corresponding safe trusted module in an encrypted manner to obtain first encrypted information; decrypting the upgrade package ciphertext through a first key in the first encryption information, and performing signature verification to obtain a software upgrade package passing verification; the software upgrading package is adopted for upgrading, so that the problem of software upgrading of the slave node client in OTA software upgrading is solved, and the slave node client can safely and rapidly upgrade the software.
Fig. 5 is a timing diagram of an OTA-based data encryption method according to an embodiment of the present invention. As shown in fig. 5, the OTA manager may upload the software upgrade package to the OTA cloud; the OTA cloud can sign the software upgrade package by using a private key in PKI, and encrypt the signed software upgrade package by using a first key to obtain an upgrade package ciphertext; the OTA cloud can distribute the upgrade package ciphertext to the CDN; OTA manager can perform upgrade task deployment; the OTA cloud can establish a bidirectional security authentication channel with the master node client through a PKI facility; the OTA cloud can conduct security authentication on the master node client through a bidirectional security authentication channel. Specifically, the OTA cloud may perform security authentication on the master node client through OCSP in the PKI facility. The OTA cloud can acquire the digital certificate of the vehicle and verify the state of the digital certificate when establishing the TLS handshake with the master node client. If the digital certificate is revoked or invalidated, the vehicle connection may be denied. The OTA cloud may compare the VIN in the digital certificate with the VIN code in the application layer protocol communication. If the VIN codes are inconsistent, vehicle connection is refused, so that unsafe upgrade package is avoided when the PKI data of the vehicle is stolen. When the VIN codes are consistent, the OTA cloud can synchronize the upgrading task to the main node client, and the main node client can acquire the first encryption information. The first encryption information may include upgrade task basic information, an upgrade package download address, a first key, and an encryption algorithm. The master node client can encrypt the first encrypted information by using the second key to obtain second encrypted information, and encrypt and store the second key and the second encrypted information by using the corresponding safe and trusted module. The main node client can acquire the upgrade package ciphertext from the CDN and decrypt the second key and the second encryption information; the master node client can decrypt the second encrypted information by adopting the second key to obtain the first encrypted information; the master node client can adopt a first key in the first encryption information to decrypt the upgrade package ciphertext and perform signature verification to obtain a software upgrade package passing verification; the master node client may be upgraded with a software upgrade package.
Through the whole flow of the whole vehicle OTA-based data encryption system, extra OCSP verification and VIN consistency verification are carried out in the TLS authentication process, and the safety of an upgrade package distributed through a CDN network is ensured; the vehicle adopts HSM and/or TEE to carry out two-stage encryption storage on data in the OTA process, and the security of the upgrade package when the upgrade package is independently downloaded can be ensured when the OTA technology is adopted to carry out software upgrade.
It should be appreciated that various forms of the flows shown above may be used to reorder, add, or delete steps. For example, the steps described in the present invention may be performed in parallel, sequentially, or in a different order, so long as the desired results of the technical solution of the present invention are achieved, and the present invention is not limited herein.
The above embodiments do not limit the scope of the present invention. It will be apparent to those skilled in the art that various modifications, combinations, sub-combinations and alternatives are possible, depending on design requirements and other factors. Any modifications, equivalent substitutions and improvements made within the spirit and principles of the present invention should be included in the scope of the present invention.

Claims (10)

1. An OTA-based data encryption system, the system comprising: the over-the-air technology OTA cloud, public key infrastructure PKI, content delivery network CDN, master node client, at least one slave node client and safe and reliable modules respectively deployed at the clients; wherein:
the OTA cloud end is used for acquiring a software upgrade package, encrypting the software upgrade package by adopting a first key to obtain an upgrade package ciphertext, and sending the upgrade package ciphertext to the CDN;
the OTA cloud end and the master node client end establish a bidirectional security authentication channel through a PKI facility;
the OTA cloud end is used for carrying out security authentication on the master node client through the bidirectional security authentication channel;
the OTA cloud is used for sending the first encryption information associated with the first key to a master node client side passing authentication through the bidirectional security authentication channel;
the master node client is used for responding to the deployment of the upgrade task, acquiring the upgrade package ciphertext from the CDN, and acquiring first encryption information corresponding to the upgrade package ciphertext from the bidirectional security authentication channel;
the master node client is used for encrypting the first encryption information by adopting a second secret key to obtain second encryption information, and encrypting and storing the second secret key and the second encryption information by adopting a corresponding safe trusted module;
and the master node client is used for controlling each slave node client to carry out software upgrading according to the upgrading task deployment.
2. The system of claim 1, wherein the PKI facility comprises: certificate authority CA, online certificate status protocol OCSP, and digital signature module; wherein:
the CA is used for issuing certificates for the OTA cloud end and the master node client in the bidirectional security authentication channel;
OCSP, is used for carrying on the security authentication to the said master node customer end;
and the digital signature module is used for signing the software upgrading package.
3. The system of claim 2, wherein the system further comprises a controller configured to control the controller,
the OTA cloud is specifically configured to obtain a software upgrade package, sign the software upgrade package by using a digital signature module, and encrypt the signed software upgrade package by using a first key to obtain an upgrade package ciphertext;
the master node client or the slave node client is specifically configured to obtain the second key and the second encryption information through a corresponding secure trusted module; decrypting the second encrypted information through the second secret key to obtain first encrypted information; decrypting the upgrade package ciphertext through the first key in the first encryption information, and performing signature verification to obtain a software upgrade package passing verification; and upgrading by adopting a software upgrading package.
4. An OTA-based data encryption method, applied to an OTA cloud in an OTA-based data encryption system according to any one of claims 1 to 3, comprising:
the method comprises the steps of obtaining a software upgrade package, encrypting the software upgrade package by adopting a first key to obtain an upgrade package ciphertext, and sending the upgrade package ciphertext to a CDN;
establishing a bidirectional security authentication channel with a main node client in the OTA-based data encryption system through PKI equipment;
and sending the first encryption information associated with the first key to the authenticated master node client through the bidirectional security authentication channel.
5. The method of claim 4, wherein obtaining a software upgrade package, encrypting the software upgrade package with a first key to obtain an upgrade package ciphertext, comprises:
and acquiring a software upgrade package, signing the software upgrade package by adopting a digital signature module, and encrypting the signed software upgrade package by adopting a first key to obtain an upgrade package ciphertext.
6. The method as recited in claim 4, further comprising:
and carrying out security authentication on the master node client through an Online Certificate Status Protocol (OCSP) in the PKI facility.
7. An OTA-based data encryption method applied to a master node client in an OTA-based data encryption system according to any one of claims 1-3, the method comprising:
establishing a bidirectional security authentication channel with an OTA cloud in the OTA-based data encryption system;
responding to the deployment of the upgrade task, acquiring the upgrade package ciphertext from the CDN, and acquiring first encryption information corresponding to the upgrade package ciphertext from the bidirectional security authentication channel;
encrypting the first encryption information by adopting a second key to obtain second encryption information, and encrypting and storing the second key and the second encryption information by adopting a corresponding safe trusted module;
and controlling each slave node client to carry out software upgrading according to the upgrading task deployment.
8. The method of claim 7, wherein the first encryption information comprises: upgrade task basic information, upgrade package download address, the first key and encryption algorithm;
controlling each slave node client to carry out software upgrading according to the upgrading task deployment, including:
notifying a corresponding slave node client to download the upgrade package ciphertext at the master node client or CDN according to the upgrade package download address according to the upgrade task basic information;
and sending the second secret key and the second encryption information to the corresponding slave node client so that the slave node client adopts a corresponding safe and trusted module to encrypt and store the second secret key and the second encryption information, and adopts the encrypted and stored information to carry out software upgrading after downloading the upgrading packet ciphertext.
9. The method of claim 7, further comprising, after obtaining the upgrade package ciphertext from the CDN in response to an upgrade task deployment:
decrypting the second encryption information through the second key in the corresponding safe trusted module to obtain first encryption information;
decrypting the upgrade package ciphertext through the first key in the first encryption information, and performing signature verification to obtain a software upgrade package passing verification;
and upgrading by adopting a software upgrading package.
10. An OTA-based data encryption method applied to a slave node client in an OTA-based data encryption system according to any one of claims 1-3, the method comprising:
receiving a software upgrading notification, a second key and second encryption information sent by a main node client in the OTA-based data encryption system, and encrypting and storing the second key and the second encryption information by adopting a corresponding safe and trusted module;
downloading the upgrade package ciphertext at the main node client or CDN according to the upgrade package download address in the software upgrade notification;
decrypting the second encrypted information through the second key stored in the corresponding safe trusted module in an encrypted manner to obtain first encrypted information;
decrypting the upgrade package ciphertext through the first key in the first encryption information, and performing signature verification to obtain a software upgrade package passing verification;
and upgrading by adopting a software upgrading package.
CN202310498978.4A 2023-05-06 2023-05-06 OTA-based data encryption system and method Active CN116232766B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202310498978.4A CN116232766B (en) 2023-05-06 2023-05-06 OTA-based data encryption system and method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202310498978.4A CN116232766B (en) 2023-05-06 2023-05-06 OTA-based data encryption system and method

Publications (2)

Publication Number Publication Date
CN116232766A true CN116232766A (en) 2023-06-06
CN116232766B CN116232766B (en) 2023-07-18

Family

ID=86571660

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202310498978.4A Active CN116232766B (en) 2023-05-06 2023-05-06 OTA-based data encryption system and method

Country Status (1)

Country Link
CN (1) CN116232766B (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN116419217A (en) * 2023-06-09 2023-07-11 广州万协通信息技术有限公司 OTA data upgrading method, system, equipment and storage medium

Citations (14)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2004234102A (en) * 2003-01-28 2004-08-19 Murata Mach Ltd Communication device, control program providing device, and control program transfer system
CN107040399A (en) * 2016-02-04 2017-08-11 京东方科技集团股份有限公司 A kind of upgrade file method for down loading, equipment and system
CN108241517A (en) * 2018-02-23 2018-07-03 武汉斗鱼网络科技有限公司 A kind of method for upgrading software, client and electronic equipment
CN109597633A (en) * 2017-10-03 2019-04-09 株式会社安川电机 Software management system, software renewing apparatus, Oftware updating method and storage medium
CN111510485A (en) * 2020-04-10 2020-08-07 东风小康汽车有限公司重庆分公司 OTA upgrade package downloading method, device, vehicle end and server
CN111541564A (en) * 2020-04-16 2020-08-14 网经科技(苏州)有限公司 Method for upgrading equipment firmware in Mesh network
CN111901142A (en) * 2020-06-17 2020-11-06 厦门亿联网络技术股份有限公司 Firmware silent upgrading method and device for embedded equipment cluster
CN112130877A (en) * 2020-09-08 2020-12-25 深圳市共进电子股份有限公司 Router firmware upgrading method and device, router and readable storage medium
CN112732293A (en) * 2020-12-31 2021-04-30 青岛海信电子产业控股股份有限公司 Vehicle-mounted system upgrading method and vehicle-mounted terminal
CN113168317A (en) * 2021-03-15 2021-07-23 华为技术有限公司 Communication method and device based on over-the-air technology OTA
CN115119208A (en) * 2022-07-25 2022-09-27 北京汽车研究总院有限公司 Upgrade package encryption and decryption methods and devices
CN115208761A (en) * 2022-06-01 2022-10-18 上海黑眸智能科技有限责任公司 OTA upgrading system
CN115550427A (en) * 2022-09-23 2022-12-30 杭州海康威视系统技术有限公司 Equipment upgrading method, device, equipment and storage medium
CN115665138A (en) * 2022-11-14 2023-01-31 奇瑞新能源汽车股份有限公司 Automobile OTA (over the air) upgrading system and method

Patent Citations (15)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2004234102A (en) * 2003-01-28 2004-08-19 Murata Mach Ltd Communication device, control program providing device, and control program transfer system
CN107040399A (en) * 2016-02-04 2017-08-11 京东方科技集团股份有限公司 A kind of upgrade file method for down loading, equipment and system
CN109597633A (en) * 2017-10-03 2019-04-09 株式会社安川电机 Software management system, software renewing apparatus, Oftware updating method and storage medium
CN108241517A (en) * 2018-02-23 2018-07-03 武汉斗鱼网络科技有限公司 A kind of method for upgrading software, client and electronic equipment
CN111510485A (en) * 2020-04-10 2020-08-07 东风小康汽车有限公司重庆分公司 OTA upgrade package downloading method, device, vehicle end and server
CN111541564A (en) * 2020-04-16 2020-08-14 网经科技(苏州)有限公司 Method for upgrading equipment firmware in Mesh network
CN111901142A (en) * 2020-06-17 2020-11-06 厦门亿联网络技术股份有限公司 Firmware silent upgrading method and device for embedded equipment cluster
CN112130877A (en) * 2020-09-08 2020-12-25 深圳市共进电子股份有限公司 Router firmware upgrading method and device, router and readable storage medium
CN112732293A (en) * 2020-12-31 2021-04-30 青岛海信电子产业控股股份有限公司 Vehicle-mounted system upgrading method and vehicle-mounted terminal
CN113168317A (en) * 2021-03-15 2021-07-23 华为技术有限公司 Communication method and device based on over-the-air technology OTA
WO2022193096A1 (en) * 2021-03-15 2022-09-22 华为技术有限公司 Over-the-air technology (ota)-based communication method and apparatus
CN115208761A (en) * 2022-06-01 2022-10-18 上海黑眸智能科技有限责任公司 OTA upgrading system
CN115119208A (en) * 2022-07-25 2022-09-27 北京汽车研究总院有限公司 Upgrade package encryption and decryption methods and devices
CN115550427A (en) * 2022-09-23 2022-12-30 杭州海康威视系统技术有限公司 Equipment upgrading method, device, equipment and storage medium
CN115665138A (en) * 2022-11-14 2023-01-31 奇瑞新能源汽车股份有限公司 Automobile OTA (over the air) upgrading system and method

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN116419217A (en) * 2023-06-09 2023-07-11 广州万协通信息技术有限公司 OTA data upgrading method, system, equipment and storage medium
CN116419217B (en) * 2023-06-09 2023-09-05 广州万协通信息技术有限公司 OTA data upgrading method, system, equipment and storage medium

Also Published As

Publication number Publication date
CN116232766B (en) 2023-07-18

Similar Documents

Publication Publication Date Title
CN110532735B (en) Firmware upgrading method
EP1151579B1 (en) Self-generation of certificates using a secure microprocessor in a device for transferring digital information
CN109495307A (en) Method for upgrading system, OTA upgrade package encryption method, terminal device and vehicle
EP1976322A1 (en) An authentication method
EP1712992A1 (en) Updating of data instructions
US9124561B2 (en) Method of transferring the control of a security module from a first entity to a second entity
CN109905877B (en) Message verification method of communication network system, communication method and communication network system
CN114327532A (en) Automobile OTA (over the air) upgrade information security implementation method based on digital signature and encryption
CN111181723B (en) Method and device for offline security authentication between Internet of things devices
US10090997B2 (en) Method for changing an authentication key
CN110650478A (en) OTA method, system, device, SE module, program server and medium
CN116232766B (en) OTA-based data encryption system and method
CN117097462A (en) Vehicle-mounted intelligent software upgrading encryption system based on quantum key system
CN109120419B (en) Upgrading method and device for ONU version of optical network unit and storage medium
CN112422289B (en) Method and system for offline security distribution of digital certificate of NB-IoT (NB-IoT) terminal equipment
CN111736868B (en) Automobile remote updating method based on identity identification and bidirectional verification
CN114697039B (en) Identity authentication method and system for quantum cryptography network expansion network equipment
CN115119208A (en) Upgrade package encryption and decryption methods and devices
CN108924828B (en) APN self-adaptation method, server and terminal
CN112184960A (en) Intelligent lock control method and device, intelligent lock system and storage medium
WO2014005534A1 (en) Method and system for transmitting data from data provider to smart card
CN104052756A (en) Method and system for service network elements to have safe access to service controller
CN114598464B (en) Data updating method and controller
KR20190055617A (en) Telematics system with security
CN116761172A (en) Secure network construction method based on SD-WAN

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant