CN116232766B - OTA-based data encryption system and method - Google Patents

OTA-based data encryption system and method Download PDF

Info

Publication number
CN116232766B
CN116232766B CN202310498978.4A CN202310498978A CN116232766B CN 116232766 B CN116232766 B CN 116232766B CN 202310498978 A CN202310498978 A CN 202310498978A CN 116232766 B CN116232766 B CN 116232766B
Authority
CN
China
Prior art keywords
upgrade package
client
key
ota
upgrade
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202310498978.4A
Other languages
Chinese (zh)
Other versions
CN116232766A (en
Inventor
张建平
柳旭
范玲玲
刘闯
王腾
刘禹池
孙小雨
徐晋吉
马骉
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
FAW Group Corp
Original Assignee
FAW Group Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by FAW Group Corp filed Critical FAW Group Corp
Priority to CN202310498978.4A priority Critical patent/CN116232766B/en
Publication of CN116232766A publication Critical patent/CN116232766A/en
Application granted granted Critical
Publication of CN116232766B publication Critical patent/CN116232766B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0823Network architectures or network communication protocols for network security for authentication of entities using certificates
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0869Network architectures or network communication protocols for network security for authentication of entities for achieving mutual authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/06Protocols specially adapted for file transfer, e.g. file transfer protocol [FTP]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/0825Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using asymmetric-key encryption or public key infrastructure [PKI], e.g. key signature or public key certificates
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3263Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/03Protecting confidentiality, e.g. by encryption
    • H04W12/033Protecting confidentiality, e.g. by encryption of the user plane, e.g. user's traffic
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • H04W12/069Authentication using certificates or pre-shared keys
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W92/00Interfaces specially adapted for wireless communication networks
    • H04W92/04Interfaces between hierarchically different network devices
    • H04W92/10Interfaces between hierarchically different network devices between terminal device and access point, i.e. wireless air interface

Abstract

The invention discloses a data encryption system and method based on OTA, wherein: the OTA cloud end is used for encrypting the software upgrade package by adopting a first key to obtain an upgrade package ciphertext and sending the upgrade package ciphertext to the CDN; establishing a bidirectional security authentication channel with a master client through PKI, and performing security authentication on the master client; the first encryption information associated with the first secret key is sent to a master client terminal passing authentication through a bidirectional security authentication channel; the main client is used for responding to the deployment of the upgrading task, acquiring an upgrading packet ciphertext from the CDN and acquiring first encryption information corresponding to the upgrading packet ciphertext from the bidirectional security authentication channel; encrypting the first encryption information by adopting a second key to obtain second encryption information, and encrypting and storing the second key and the second encryption information by adopting a corresponding safe and reliable module; and controlling each slave client to upgrade the software according to the upgrade task deployment. Secure communications in the OTA process may be implemented.

Description

OTA-based data encryption system and method
Technical Field
The present invention relates to the field of computer technologies, and in particular, to an OTA-based data encryption system and method.
Background
With the development of computer technology and communication technology, the software functions of electronic devices are becoming more and more abundant, and the iteration cycle is becoming faster and faster. In some fields, such as the automotive field, there is still a way to update software using offline brush. The efficiency of offline updating and writing of updated software is low, and consistency of multiple equipment ends in a vehicle cannot be ensured.
To solve the above problems, over-the-Air Technology (OTA) has evolved. The software can be upgraded online by using the OTA technology and the wireless network communication, so that the upgrading efficiency and the upgrading consistency are ensured.
However, the security of the upgrade software cannot be ensured when the upgrade is performed by the OTA technology. Especially in the automotive field, if the software is hacked during the upgrade process, it will bring an unpredictable loss to the user, even threatening the personal safety of the user. Therefore, it is desirable to provide a secure communication scheme that can implement the OTA upgrade process.
Disclosure of Invention
The invention provides a data encryption system and method based on OTA (over the air) to solve the problem of secure communication during software upgrading through OTA.
According to an aspect of the present invention, there is provided an OTA-based data encryption system, the system comprising: OTA cloud, PKI, CDN, master client, at least one slave client, and safe and reliable modules respectively deployed at the clients; wherein:
the OTA cloud end is used for acquiring a software upgrade package, encrypting the software upgrade package by adopting a first key to obtain an upgrade package ciphertext, and sending the upgrade package ciphertext to the CDN;
the OTA cloud end and the main client end establish a bidirectional security authentication channel through a PKI facility;
the OTA cloud end is used for carrying out security authentication on the main client through the bidirectional security authentication channel;
the OTA cloud is used for sending the first encryption information associated with the first key to a main client terminal passing authentication through the bidirectional security authentication channel;
the master client is used for responding to the deployment of the upgrade task, acquiring the upgrade package ciphertext from the CDN, and acquiring first encryption information corresponding to the upgrade package ciphertext from the bidirectional security authentication channel;
the master client is used for encrypting the first encryption information by adopting a second secret key to obtain second encryption information, and encrypting and storing the second secret key and the second encryption information by adopting a corresponding safe trusted module;
and the master client is used for controlling each slave client to carry out software upgrading according to the upgrading task deployment.
Optionally, the PKI facility includes: certificate authority CA, online certificate status protocol OCSP, and digital signature module; wherein:
the CA is used for issuing certificates for the OTA cloud end and the master client end in the bidirectional security authentication channel;
OCSP, is used for carrying on the security authentication to the said master customer end;
and the digital signature module is used for signing the software upgrading package.
Optionally, the OTA cloud end is specifically configured to obtain a software upgrade package, sign the software upgrade package with a digital signature module, and encrypt the signed software upgrade package with a first key to obtain an upgrade package ciphertext;
the master client or the slave client is specifically configured to obtain the second key and the second encryption information through a corresponding secure trusted module; decrypting the second encrypted information through the second secret key to obtain first encrypted information; decrypting the upgrade package ciphertext through the first key in the first encryption information, and performing signature verification to obtain a software upgrade package passing verification; and upgrading by adopting a software upgrading package.
According to another aspect of the present invention, there is provided an OTA-based data encryption method applied to an OTA cloud in an OTA-based data encryption system according to any one of the embodiments of the present invention, the method including:
the method comprises the steps of obtaining a software upgrade package, encrypting the software upgrade package by adopting a first key to obtain an upgrade package ciphertext, and sending the upgrade package ciphertext to a CDN;
establishing a bidirectional security authentication channel with a master client in the OTA-based data encryption system through PKI (public key infrastructure);
and sending the first encryption information associated with the first key to the master client passing authentication through the bidirectional security authentication channel.
Optionally, obtaining a software upgrade package, encrypting the software upgrade package by using a first key to obtain an upgrade package ciphertext, including:
and acquiring a software upgrade package, signing the software upgrade package by adopting a digital signature module, and encrypting the signed software upgrade package by adopting a first key to obtain an upgrade package ciphertext.
Optionally, the method further comprises:
and carrying out security authentication on the master client through an Online Certificate Status Protocol (OCSP) in the PKI facility.
According to another aspect of the present invention, there is provided an OTA-based data encryption method applied to a master client in an OTA-based data encryption system according to any one of the embodiments of the present invention, the method including:
establishing a bidirectional security authentication channel with an OTA cloud in the OTA-based data encryption system;
responding to the deployment of the upgrade task, acquiring the upgrade package ciphertext from the CDN, and acquiring first encryption information corresponding to the upgrade package ciphertext from the bidirectional security authentication channel;
encrypting the first encryption information by adopting a second key to obtain second encryption information, and encrypting and storing the second key and the second encryption information by adopting a corresponding safe trusted module;
and controlling each slave client to carry out software upgrading according to the upgrading task deployment.
Optionally, the first encryption information includes: upgrade task basic information, upgrade package download address, the first key and encryption algorithm;
controlling each slave client to carry out software upgrading according to the upgrading task deployment, including:
notifying a corresponding slave client to download the upgrade package ciphertext at the master client or CDN according to the upgrade package download address according to the upgrade task basic information;
and sending the second secret key and the second encryption information to the corresponding slave client so that the slave client adopts the corresponding safe and trusted module to encrypt and store the second secret key and the second encryption information, and adopting the encrypted and stored information to carry out software upgrading after downloading the upgrading packet ciphertext.
Optionally, after obtaining the upgrade package ciphertext from the CDN in response to the upgrade task deployment, the method further includes:
decrypting the second encryption information through the second key in the corresponding safe trusted module to obtain first encryption information;
decrypting the upgrade package ciphertext through the first key in the first encryption information, and performing signature verification to obtain a software upgrade package passing verification;
and upgrading by adopting a software upgrading package.
According to another aspect of the present invention, there is provided an OTA-based data encryption method applied to a slave client in an OTA-based data encryption system according to any one of the embodiments of the present invention, the method including:
receiving a software upgrading notification, a second key and second encryption information sent by a master client in the OTA-based data encryption system, and encrypting and storing the second key and the second encryption information by adopting a corresponding safe and trusted module;
downloading the upgrade package ciphertext at the main client or CDN according to the upgrade package download address in the software upgrade notification;
decrypting the second encrypted information through the second key stored in the corresponding safe trusted module in an encrypted manner to obtain first encrypted information;
decrypting the upgrade package ciphertext through the first key in the first encryption information, and performing signature verification to obtain a software upgrade package passing verification;
and upgrading by adopting a software upgrading package.
According to the technical scheme, an OTA cloud end, PKI, CDN, a master client end, at least one slave client end and safe and trusted modules respectively deployed at all client ends are arranged in an OTA-based data encryption system; wherein: the OTA cloud end is used for acquiring a software upgrade package, encrypting the software upgrade package by adopting a first key to obtain an upgrade package ciphertext, and sending the upgrade package ciphertext to the CDN; the OTA cloud and the main client establish a bidirectional security authentication channel through a PKI facility; the OTA cloud end is used for carrying out security authentication on the main client through the bidirectional security authentication channel; the OTA cloud is used for sending the first encryption information associated with the first key to a main client terminal passing authentication through a bidirectional security authentication channel; the main client is used for responding to the deployment of the upgrading task, acquiring an upgrading packet ciphertext from the CDN and acquiring first encryption information corresponding to the upgrading packet ciphertext from the bidirectional security authentication channel; the main client is used for encrypting the first encryption information by adopting a second key to obtain second encryption information, and encrypting and storing the second key and the second encryption information by adopting a corresponding safe and reliable module; the master client is used for controlling each slave client to carry out software upgrading according to upgrading task deployment, so that the problem of safety communication when software upgrading is carried out through an OTA technology is solved, the online upgrading of the software can be realized through the OTA technology, and the efficiency and consistency of the software upgrading are improved; data distribution can be realized through the CDN, and software package upgrading is accelerated; the security of OTA software upgrading can be ensured by establishing a security channel between the OTA cloud and the client through PKI; software package upgrades for a device may be coordinated by setting a master client and a slave client in the device.
It should be understood that the description in this section is not intended to identify key or critical features of the embodiments of the invention or to delineate the scope of the invention. Other features of the present invention will become apparent from the description that follows.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present invention, the drawings required for the description of the embodiments will be briefly described below, and it is apparent that the drawings in the following description are only some embodiments of the present invention, and other drawings may be obtained according to these drawings without inventive effort for a person skilled in the art.
Fig. 1 is a schematic structural diagram of an OTA-based data encryption system according to a first embodiment of the present invention;
fig. 2 is a flowchart of an OTA-based data encryption method according to a second embodiment of the present invention;
fig. 3 is a flowchart of an OTA-based data encryption method according to a third embodiment of the present invention;
fig. 4 is a flowchart of an OTA-based data encryption method according to a fourth embodiment of the present invention;
fig. 5 is a timing diagram of an OTA-based data encryption method according to an embodiment of the present invention.
Description of the embodiments
In order that those skilled in the art will better understand the present invention, a technical solution in the embodiments of the present invention will be clearly and completely described below with reference to the accompanying drawings in which it is apparent that the described embodiments are only some embodiments of the present invention, not all embodiments. All other embodiments, which can be made by those skilled in the art based on the embodiments of the present invention without making any inventive effort, shall fall within the scope of the present invention.
It should be noted that the terms "first," "second," and the like in the description and the claims of the present invention and the above figures are used for distinguishing between similar objects and not necessarily for describing a particular sequential or chronological order. It is to be understood that the data so used may be interchanged where appropriate such that the embodiments of the invention described herein may be implemented in sequences other than those illustrated or otherwise described herein. Furthermore, the terms "comprises," "comprising," and "having," and any variations thereof, are intended to cover a non-exclusive inclusion, such that a process, method, system, article, or apparatus that comprises a list of steps or elements is not necessarily limited to those steps or elements expressly listed but may include other steps or elements not expressly listed or inherent to such process, method, article, or apparatus.
Examples
Fig. 1 is a schematic structural diagram of an OTA-based data encryption system according to a first embodiment of the present invention, where the present embodiment is applicable to a case of upgrading software of multiple devices or multiple terminals in an automobile by an OTA technology in an automobile. As shown in fig. 1, the system includes: an OTA cloud 110, a public key infrastructure (Public Key Infrastructure, PKI) 120, a content delivery network (Content Delivery Network, CDN) 130, a master Client (OTA Client) 140, at least one slave Client (OTA Agent) 150, and secure trusted modules 160 deployed at each Client, respectively.
As shown in fig. 1, the OTA cloud 110 and the master client 140 establish a bidirectional secure authentication channel through the PKI facility 120. The bidirectional security authentication channel may be a security channel in which an OTA task is synchronized with a state. The bidirectional secure authenticated channel may be established by a secure transport layer protocol (Transport Layer Security, TLS).
In an alternative implementation of the embodiment of the present invention, a PKI facility includes: certificate authority (Certification Authority, CA), online certificate status protocol (Online Certificate Status Protocol, OCSP), and digital signature system. Wherein: the CA is used for issuing certificates for the OTA cloud end and the master client end in the bidirectional security authentication channel; OCSP, which is used to make security authentication for the main client; and the digital signature module is used for signing the software upgrading package.
The PKI data may include, among other things, a data certificate, a private key, and a chain of root certificates. And a bidirectional security authentication channel between the OTA cloud and the host client can be established through PKI data. The data certificate in the PKI data may be issued by the CA.
In the embodiment of the present invention, the OTA cloud 110 is configured to perform security authentication on the main client 140 through a bidirectional security authentication channel. According to the technical scheme provided by the embodiment of the invention, the security authentication is further carried out on the main client 140 on the basis of establishing the bidirectional security authentication channel between the OTA cloud and the main client, so that the information security in the upgrading process can be strictly ensured.
Specifically, when the master client and the slave client are set in the automobile, the security authentication of the OTA cloud to the master client may be to authenticate the certificate status of the automobile. For example, the digital certificate of the vehicle may be verified by OCSP in the PKI facility to prevent the upgrade from being secured when the vehicle is intruded. In addition, the OCSP can also be used for verifying whether the actual vehicle identification code (Vehicle Identification Number, VIN) of the vehicle is consistent with the VIN in the digital certificate, and the validity of the vehicle can be ensured through the consistency verification of the VIN, so that the safety of vehicle software upgrading is improved.
In the embodiment of the invention, the OTA cloud is used for sending the first encryption information associated with the first key to the main client terminal passing authentication through the bidirectional security authentication channel. Wherein the first encryption information may include: upgrade task basic information, upgrade package download address, first key and encryption algorithm. Based on the bidirectional security authentication channel and the authentication of the main client, the security of the first encrypted information can be ensured, thereby ensuring the security of the software upgrade.
According to the embodiment of the invention, according to the deployment of the upgrade task, the main client can firstly acquire the software upgrade package, and can also firstly acquire the first encryption information corresponding to the software upgrade package.
The primary client is illustratively configured to obtain the first encrypted information from the two-way secure authenticated channel in response to the upgrade task deployment. The upgrade task deployment may be a specific deployment situation of an administrator on the software upgrade task. When the software of the vehicle needs to be upgraded, the master client can acquire the first encryption information corresponding to the software upgrading package in the bidirectional security authentication channel.
After the first encryption information is obtained, in order to ensure the security of the OTA software upgrade, the master client may perform two-stage encryption on the first encryption information. The host client is used for encrypting the first encryption information by adopting the second key to obtain second encryption information, and encrypting and storing the second key and the second encryption information by adopting the corresponding safe and trusted module. The secure trusted module may be, among other things, a hardware security module (Hardware Security Module, HSM) and/or a trusted execution environment (Trusted execution environment, TEE), as shown in fig. 1. The secure trusted module may encrypt, decrypt, verify, and securely store the data. The data security in the upgrading process can be further ensured by two-stage encryption, namely, the mode that the second secret key encrypts the first encrypted information and the safe and reliable module encrypts and stores the second secret key and the second encrypted information.
In the embodiment of the invention, when the software is required to be upgraded, software upgrade package management can be performed through the OTA cloud. Specifically, the OTA cloud end is configured to obtain a software upgrade package, encrypt the software upgrade package with a first key to obtain an upgrade package ciphertext, and send the upgrade package ciphertext to the CDN.
Wherein one software upgrade package may be encrypted once. The first keys corresponding to different software upgrade packages may be different. A digital signature module may be provided in the PKI facility. Based on the digital signature module, the OTA cloud can sign the software upgrade package, so that the security of the upgrade package is further ensured.
The OTA cloud is specifically configured to obtain a software upgrade package, sign the software upgrade package by using a digital signature module, and encrypt the signed software upgrade package by using a first key to obtain an upgrade package ciphertext.
In the embodiment of the invention, the main client is used for responding to the deployment of the upgrade task and acquiring the upgrade package ciphertext from the CDN. And the main client is used for responding to the upgrade task deployment and acquiring the first encryption information corresponding to the upgrade package ciphertext from the bidirectional security authentication channel. The OTA cloud adopts the public network CDN to distribute the upgrade package ciphertext, and adopts the bidirectional security authentication channel to send the first encryption information corresponding to the upgrade package ciphertext, so that the security of the upgrade process can be ensured while the software upgrade is accelerated.
And the master client is used for controlling each slave client to carry out software upgrading according to the upgrading task deployment.
Specifically, if deployed according to an upgrade task, the primary client has soft requirements for upgrade. The main client is specifically configured to obtain a second key and second encryption information through a corresponding secure trusted module; decrypting the second encrypted information through the second key to obtain the first encrypted information; decrypting the upgrade package ciphertext through a first key in the first encryption information, and performing signature verification to obtain a software upgrade package passing verification; and upgrading by adopting a software upgrading package.
In the embodiment of the invention, the deployment of the upgrade task can be the upgrade of equipment in the vehicle, the distribution of an upgrade package, the downloading mode of the upgrade package and the like. The upgrade task deployment can enable the master client to control the upgrade of the slave client. For example, according to the deployment of the upgrade task, the master client may control the entire OTA flow, download an upgrade package required for the master client to upgrade, download an upgrade package required for the slave client to upgrade with a size less than or equal to a preset data package, or inform the slave client to download an upgrade package required for the slave client to upgrade with a size greater than the preset data package.
If the soft upgrade is deployed according to the upgrade task, the slave client has soft upgrade requirements. The master client is specifically configured to notify the corresponding slave client to download the upgrade package ciphertext from the CDN or the master client; and sending the second key and the second encryption information to the corresponding slave client. The slave client is specifically configured to encrypt and store the second key and the second encrypted information by using the corresponding secure trusted module, and perform software upgrade by using the encrypted and stored information after downloading the ciphertext of the upgrade package.
Specifically, the slave client is configured to download the upgrade package ciphertext from the CDN or the master client according to an instruction of the master client; decrypting the second encrypted information through a second key stored in the corresponding safe trusted module in an encrypted manner to obtain first encrypted information; decrypting the upgrade package ciphertext through a first key in the first encryption information, and performing signature verification to obtain a software upgrade package passing verification; and upgrading by adopting a software upgrading package.
The manner of downloading the upgrade package ciphertext from the CDN from the client may be an independent download scenario. In an independent download scenario, the master client may not download the upgrade package needed for the upgrade from the client, but instead notify the slave client to download the upgrade package at the CDN. The situation that the main client does not have enough space to store the proxy upgrade package can be avoided through the independent downloading scene, and the situation that the efficiency of the main client for downloading the upgrade package needed by the slave client is too low can also be avoided, so that the upgrading reliability and efficiency of software are ensured.
The master client and the slave client can be deployed in the same vehicle-end equipment in the vehicle. Alternatively, as shown in FIG. 1, the master client and the slave client may be deployed in different head-end devices in the vehicle. If the master client is deployed in the vehicle-end equipment A, the slave client is deployed in the vehicle-end equipment B.
According to the technical scheme, an OTA cloud end, PKI, CDN, a master client end, at least one slave client end and safe and trusted modules respectively deployed at all client ends are arranged in an OTA-based data encryption system; wherein: the OTA cloud end is used for acquiring a software upgrade package, encrypting the software upgrade package by adopting a first key to obtain an upgrade package ciphertext, and sending the upgrade package ciphertext to the CDN; the OTA cloud and the main client establish a bidirectional security authentication channel through a PKI facility; the OTA cloud end is used for carrying out security authentication on the main client through the bidirectional security authentication channel; the OTA cloud is used for sending the first encryption information associated with the first key to a main client terminal passing authentication through a bidirectional security authentication channel; the main client is used for responding to the deployment of the upgrading task, acquiring an upgrading packet ciphertext from the CDN and acquiring first encryption information corresponding to the upgrading packet ciphertext from the bidirectional security authentication channel; the main client is used for encrypting the first encryption information by adopting a second key to obtain second encryption information, and encrypting and storing the second key and the second encryption information by adopting a corresponding safe and reliable module; the master client is used for controlling each slave client to carry out software upgrading according to upgrading task deployment, so that the problem of safety communication when software upgrading is carried out through an OTA technology is solved, the online upgrading of the software can be realized through the OTA technology, and the efficiency and consistency of the software upgrading are improved; data distribution can be realized through the CDN, and software package upgrading is accelerated; the security of OTA software upgrading can be ensured by establishing a security channel between the OTA cloud and the client through PKI; software package upgrades for a device may be coordinated by setting a master client and a slave client in the device.
Examples
Fig. 2 is a flowchart of an OTA-based data encryption method according to a second embodiment of the present invention, where the present embodiment is applicable to a case of performing software upgrade on multiple devices or multiple terminals in an automobile through an OTA technology in an automobile. The method may be performed by an OTA cloud in an OTA-based data encryption system as provided in any one of the embodiments of the present invention. As shown in fig. 2, the method includes:
step 210, obtaining a software upgrade package, encrypting the software upgrade package by adopting a first key to obtain an upgrade package ciphertext, and sending the upgrade package ciphertext to the CDN.
In an optional implementation manner of the embodiment of the present invention, obtaining a software upgrade package, encrypting the software upgrade package by using a first key to obtain an upgrade package ciphertext, including: the method comprises the steps of obtaining a software upgrading package, signing the software upgrading package by adopting a digital signature module, and encrypting the signed software upgrading package by adopting a first key to obtain an upgrading package ciphertext.
Step 220, a bidirectional security authentication channel is established with a master client in the OTA-based data encryption system through a PKI facility.
In an alternative implementation of the embodiment of the present invention, the method further includes: and carrying out security authentication on the master client through an Online Certificate Status Protocol (OCSP) in the PKI facility.
Step 230, the first encrypted information associated with the first key is sent to the authenticated master client through the bidirectional secure authentication channel.
Furthermore, the master client can encrypt and store the first encrypted information, and download the upgrade package ciphertext in the CDN according to the information in the first encrypted information, so as to upgrade the software of the master client or the slave client.
According to the technical scheme, the software upgrading package is obtained, the first secret key is adopted to encrypt the software upgrading package, upgrading package ciphertext is obtained, and the upgrading package ciphertext is sent to the CDN; establishing a bidirectional security authentication channel with a master client in an OTA-based data encryption system through a PKI facility; the first encryption information associated with the first secret key is sent to the authenticated master client through the bidirectional security authentication channel, so that the problem of encryption of an upgrade package in OTA software upgrade is solved, and the upgrade package can be encrypted and transmitted to the CDN and then to the client; the security of the upgrade package can be ensured by transmitting the first encryption information corresponding to the upgrade package through the bidirectional security authentication channel; by verifying the main client, the upgrade package and the corresponding first encryption information can be ensured to be transmitted to the client passing authentication, the upgrade package is prevented from being leaked, the upgrade safety is ensured, and the data safety is ensured.
Examples
Fig. 3 is a flowchart of an OTA-based data encryption method according to a third embodiment of the present invention. The embodiment can be suitable for the situation that software upgrading is carried out on multiple devices or multiple terminals in an automobile through OTA technology in the automobile. The method may be performed by a host client in an OTA-based data encryption system as provided by any one of the embodiments of the present invention. As shown in fig. 3, the method includes:
step 310, a bidirectional security authentication channel is established with an OTA cloud in the data encryption system based on the OTA.
Step 320, in response to the deployment of the upgrade task, obtaining an upgrade package ciphertext from the CDN, and obtaining first encryption information corresponding to the upgrade package ciphertext from the bidirectional security authentication channel.
And 330, encrypting the first encrypted information by using the second key to obtain second encrypted information, and encrypting and storing the second key and the second encrypted information by using the corresponding safe trusted module.
And 340, controlling each slave client to upgrade the software according to the upgrade task deployment.
In an alternative implementation manner of the embodiment of the present invention, the first encryption information includes: upgrade task basic information, upgrade package download address, first key and encryption algorithm; controlling each slave client to upgrade software according to upgrade task deployment, including: according to the upgrade task basic information, informing the corresponding slave client to download the upgrade package ciphertext at the master client or CDN according to the upgrade package download address; and sending the second secret key and the second encryption information to the corresponding slave client so that the slave client adopts the corresponding safe and reliable module to encrypt and store the second secret key and the second encryption information, and adopts the encrypted and stored information to carry out software upgrading after downloading the upgrading packet ciphertext.
On the basis of the above embodiment, optionally, after obtaining the upgrade package ciphertext from the CDN in response to the upgrade task deployment, the method further includes: decrypting the second encryption information through a second key in the corresponding safe trusted module to obtain first encryption information; decrypting the upgrade package ciphertext through a first key in the first encryption information, and performing signature verification to obtain a software upgrade package passing verification; and upgrading by adopting a software upgrading package.
According to the technical scheme, a bidirectional security authentication channel is established through the OTA cloud in the OTA-based data encryption system; responding to the deployment of the upgrade task, acquiring an upgrade package ciphertext from the CDN, and acquiring first encryption information corresponding to the upgrade package ciphertext from the bidirectional security authentication channel; encrypting the first encryption information by adopting a second key to obtain second encryption information, and encrypting and storing the second key and the second encryption information by adopting a corresponding safe and reliable module; according to the upgrade task deployment, each slave client is controlled to carry out software upgrade, so that the problem of upgrade safety in OTA software upgrade is solved, and an upgrade package can be transmitted to the client in an encrypted and safe manner; the security of the upgrade package can be ensured by transmitting the first encryption information corresponding to the upgrade package through the bidirectional security authentication channel; the security of the upgrade package and the corresponding first encryption information can be ensured by two-stage encryption of the first encryption result, and the upgrade security is ensured; the software upgrade is performed by the master client controlling the slave clients, so that multiple terminals in the device can be upgraded cooperatively.
Examples
Fig. 4 is a flowchart of an OTA-based data encryption method according to a fourth embodiment of the present invention. The embodiment can be suitable for the situation that software upgrading is carried out on multiple devices or multiple terminals in an automobile through OTA technology in the automobile. The method may be performed by a slave client in an OTA-based data encryption system as provided by any one of the embodiments of the present invention. As shown in fig. 4, the method includes:
step 410, receiving a software upgrade notification, a second key and second encryption information sent by a master client in the OTA-based data encryption system, and encrypting and storing the second key and the second encryption information by adopting a corresponding secure trusted module.
Step 420, downloading the ciphertext of the upgrade package at the host client or the CDN according to the download address of the upgrade package in the software upgrade notification.
And 430, decrypting the second encrypted information through the second key stored in the corresponding safe trusted module in an encrypted manner to obtain the first encrypted information.
Step 440, decrypting the upgrade package ciphertext through a first key in the first encryption information, and performing signature verification to obtain a software upgrade package passing verification.
Step 450, upgrade is performed by using the software upgrade package.
According to the technical scheme, the software upgrading notification, the second key and the second encryption information sent by the main client in the OTA-based data encryption system are received, and the second key and the second encryption information are encrypted and stored by adopting the corresponding safe trusted module; downloading an upgrade package ciphertext at a host client or CDN according to the upgrade package download address in the software upgrade notification; decrypting the second encrypted information through a second key stored in the corresponding safe trusted module in an encrypted manner to obtain first encrypted information; decrypting the upgrade package ciphertext through a first key in the first encryption information, and performing signature verification to obtain a software upgrade package passing verification; the software upgrading package is adopted for upgrading, so that the problem of software upgrading of the slave client in OTA software upgrading is solved, and the slave client can safely and rapidly upgrade the software.
Fig. 5 is a timing diagram of an OTA-based data encryption method according to an embodiment of the present invention. As shown in fig. 5, the OTA manager may upload the software upgrade package to the OTA cloud; the OTA cloud can sign the software upgrade package by using a private key in PKI, and encrypt the signed software upgrade package by using a first key to obtain an upgrade package ciphertext; the OTA cloud can distribute the upgrade package ciphertext to the CDN; OTA manager can perform upgrade task deployment; the OTA cloud can establish a bidirectional security authentication channel with the main client through PKI facilities; the OTA cloud can conduct security authentication on the main client through a bidirectional security authentication channel. Specifically, the OTA cloud may perform security authentication on the host client through OCSP in the PKI facility. The OTA cloud can acquire the digital certificate of the vehicle and verify the state of the digital certificate when establishing TLS handshake with the master client. If the digital certificate is revoked or invalidated, the vehicle connection may be denied. The OTA cloud may compare the VIN in the digital certificate with the VIN code in the application layer protocol communication. If the VIN codes are inconsistent, vehicle connection is refused, so that unsafe upgrade package is avoided when the PKI data of the vehicle is stolen. When the VIN codes are consistent, the OTA cloud end can synchronize the upgrading task to the main client end, and the main client end can acquire the first encryption information. The first encryption information may include upgrade task basic information, an upgrade package download address, a first key, and an encryption algorithm. The master client can encrypt the first encrypted information by using the second key to obtain second encrypted information, and encrypt and store the second key and the second encrypted information by using the corresponding safe and trusted module. The main client can acquire the upgrade package ciphertext from the CDN and decrypt the second key and the second encryption information; the master client can decrypt the second encrypted information by adopting the second key to obtain the first encrypted information; the master client can adopt a first key in the first encryption information to decrypt the upgrade package ciphertext and perform signature verification to obtain a software upgrade package passing verification; the master client may be upgraded with a software upgrade package.
Through the whole flow of the whole vehicle OTA-based data encryption system, extra OCSP verification and VIN consistency verification are carried out in the TLS authentication process, and the safety of an upgrade package distributed through a CDN network is ensured; the vehicle adopts HSM and/or TEE to carry out two-stage encryption storage on data in the OTA process, and the security of the upgrade package when the upgrade package is independently downloaded can be ensured when the OTA technology is adopted to carry out software upgrade.
It should be appreciated that various forms of the flows shown above may be used to reorder, add, or delete steps. For example, the steps described in the present invention may be performed in parallel, sequentially, or in a different order, so long as the desired results of the technical solution of the present invention are achieved, and the present invention is not limited herein.
The above embodiments do not limit the scope of the present invention. It will be apparent to those skilled in the art that various modifications, combinations, sub-combinations and alternatives are possible, depending on design requirements and other factors. Any modifications, equivalent substitutions and improvements made within the spirit and principles of the present invention should be included in the scope of the present invention.

Claims (9)

1. An OTA-based data encryption system, the system comprising: the over-the-air technology OTA cloud, public key infrastructure PKI, content delivery network CDN, master client, at least one slave client and safe and trusted modules respectively deployed at the clients; wherein:
the OTA cloud end is used for acquiring a software upgrade package, encrypting the software upgrade package by adopting a first key to obtain an upgrade package ciphertext, and sending the upgrade package ciphertext to the CDN;
the OTA cloud end and the main client end establish a bidirectional security authentication channel through a PKI facility;
the OTA cloud end is used for carrying out security authentication on the main client through the bidirectional security authentication channel;
the OTA cloud is used for sending the first encryption information associated with the first key to a main client terminal passing authentication through the bidirectional security authentication channel; wherein the first encryption information includes: upgrade task basic information, upgrade package download address, the first key and encryption algorithm;
the master client is used for responding to the deployment of the upgrade task, acquiring the upgrade package ciphertext from the CDN, and acquiring first encryption information corresponding to the upgrade package ciphertext from the bidirectional security authentication channel;
the master client is used for encrypting the first encryption information by adopting a second secret key to obtain second encryption information, and encrypting and storing the second secret key and the second encryption information by adopting a corresponding safe trusted module;
the master client is used for controlling each slave client to carry out software upgrading according to the upgrading task deployment;
the master client is specifically configured to:
notifying a corresponding slave client to download the upgrade package ciphertext at the master client or CDN according to the upgrade package download address according to the upgrade task basic information;
and sending the second secret key and the second encryption information to the corresponding slave client so that the slave client adopts the corresponding safe and trusted module to encrypt and store the second secret key and the second encryption information, and adopting the encrypted and stored information to carry out software upgrading after downloading the upgrading packet ciphertext.
2. The system of claim 1, wherein the PKI facility comprises: certificate authority CA, online certificate status protocol OCSP, and digital signature module; wherein:
the CA is used for issuing certificates for the OTA cloud end and the master client end in the bidirectional security authentication channel;
OCSP, is used for carrying on the security authentication to the said master customer end;
and the digital signature module is used for signing the software upgrading package.
3. The system of claim 2, wherein the system further comprises a controller configured to control the controller,
the OTA cloud is specifically configured to obtain a software upgrade package, sign the software upgrade package by using a digital signature module, and encrypt the signed software upgrade package by using a first key to obtain an upgrade package ciphertext;
the master client or the slave client is specifically configured to obtain the second key and the second encryption information through a corresponding secure trusted module; decrypting the second encrypted information through the second secret key to obtain first encrypted information; decrypting the upgrade package ciphertext through the first key in the first encryption information, and performing signature verification to obtain a software upgrade package passing verification; and upgrading by adopting a software upgrading package.
4. An OTA-based data encryption method, applied to an OTA cloud in an OTA-based data encryption system according to any one of claims 1 to 3, comprising:
the method comprises the steps of obtaining a software upgrade package, encrypting the software upgrade package by adopting a first key to obtain an upgrade package ciphertext, and sending the upgrade package ciphertext to a CDN;
OTA-based data encryption system with PKI facility establishing a bidirectional security authentication channel by the main client;
transmitting first encryption information associated with the first secret key to a master client passing authentication through the bidirectional security authentication channel; wherein the first encryption information includes: upgrade task basic information, upgrade package download address, the first key and encryption algorithm;
the master client side is used for notifying the corresponding slave client side to download the upgrade package ciphertext at the master client side or CDN according to the upgrade package download address according to the upgrade task basic information; and sending the second secret key and the second encryption information to the corresponding slave client so that the slave client adopts the corresponding safe and trusted module to encrypt and store the second secret key and the second encryption information, and adopting the encrypted and stored information to carry out software upgrading after downloading the upgrading packet ciphertext.
5. The method of claim 4, wherein obtaining a software upgrade package, encrypting the software upgrade package with a first key to obtain an upgrade package ciphertext, comprises:
and acquiring a software upgrade package, signing the software upgrade package by adopting a digital signature module, and encrypting the signed software upgrade package by adopting a first key to obtain an upgrade package ciphertext.
6. The method as recited in claim 4, further comprising:
and carrying out security authentication on the master client through an Online Certificate Status Protocol (OCSP) in the PKI facility.
7. An OTA-based data encryption method applied to a master client in an OTA-based data encryption system according to any one of claims 1 to 3, the method comprising:
establishing a bidirectional security authentication channel with an OTA cloud in the OTA-based data encryption system;
responding to the deployment of the upgrade task, acquiring the upgrade package ciphertext from the CDN, and acquiring first encryption information corresponding to the upgrade package ciphertext from the bidirectional security authentication channel; wherein the first encryption information includes: upgrade task basic information, upgrade package download address, the first key and encryption algorithm;
encrypting the first encryption information by adopting a second key to obtain second encryption information, and encrypting and storing the second key and the second encryption information by adopting a corresponding safe trusted module;
controlling each slave client to carry out software upgrading according to the upgrading task deployment;
controlling each slave client to carry out software upgrading according to the upgrading task deployment, including:
notifying a corresponding slave client to download the upgrade package ciphertext at the master client or CDN according to the upgrade package download address according to the upgrade task basic information;
and sending the second secret key and the second encryption information to the corresponding slave client so that the slave client adopts the corresponding safe and trusted module to encrypt and store the second secret key and the second encryption information, and adopting the encrypted and stored information to carry out software upgrading after downloading the upgrading packet ciphertext.
8. The method of claim 7, further comprising, after obtaining the upgrade package ciphertext from the CDN in response to an upgrade task deployment:
decrypting the second encryption information through the second key in the corresponding safe trusted module to obtain first encryption information;
decrypting the upgrade package ciphertext through the first key in the first encryption information, and performing signature verification to obtain a software upgrade package passing verification;
and upgrading by adopting a software upgrading package.
9. An OTA-based data encryption method applied to a slave client in an OTA-based data encryption system according to any one of claims 1-3, the method comprising:
receiving a software upgrading notification, a second key and second encryption information sent by a master client in the OTA-based data encryption system, and encrypting and storing the second key and the second encryption information by adopting a corresponding safe and trusted module;
downloading the upgrade package ciphertext at the main client or CDN according to the upgrade package download address in the software upgrade notification;
decrypting the second encrypted information through the second key stored in the corresponding safe trusted module in an encrypted manner to obtain first encrypted information; wherein the first encryption information includes: upgrade task basic information, upgrade package download address, the first key and encryption algorithm;
decrypting the upgrade package ciphertext through the first key in the first encryption information, and performing signature verification to obtain a software upgrade package passing verification;
and upgrading by adopting a software upgrading package.
CN202310498978.4A 2023-05-06 2023-05-06 OTA-based data encryption system and method Active CN116232766B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202310498978.4A CN116232766B (en) 2023-05-06 2023-05-06 OTA-based data encryption system and method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202310498978.4A CN116232766B (en) 2023-05-06 2023-05-06 OTA-based data encryption system and method

Publications (2)

Publication Number Publication Date
CN116232766A CN116232766A (en) 2023-06-06
CN116232766B true CN116232766B (en) 2023-07-18

Family

ID=86571660

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202310498978.4A Active CN116232766B (en) 2023-05-06 2023-05-06 OTA-based data encryption system and method

Country Status (1)

Country Link
CN (1) CN116232766B (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN116419217B (en) * 2023-06-09 2023-09-05 广州万协通信息技术有限公司 OTA data upgrading method, system, equipment and storage medium

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108241517A (en) * 2018-02-23 2018-07-03 武汉斗鱼网络科技有限公司 A kind of method for upgrading software, client and electronic equipment
CN115665138A (en) * 2022-11-14 2023-01-31 奇瑞新能源汽车股份有限公司 Automobile OTA (over the air) upgrading system and method

Family Cites Families (12)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2004234102A (en) * 2003-01-28 2004-08-19 Murata Mach Ltd Communication device, control program providing device, and control program transfer system
CN107040399B (en) * 2016-02-04 2022-03-15 京东方科技集团股份有限公司 Method, device and system for downloading upgrade file
JP6610639B2 (en) * 2017-10-03 2019-11-27 株式会社安川電機 Software management system, software update apparatus, software update method, and software update program
CN111510485B (en) * 2020-04-10 2022-09-09 东风小康汽车有限公司重庆分公司 OTA upgrade package downloading method, device, vehicle end and server
CN111541564B (en) * 2020-04-16 2022-08-26 网经科技(苏州)有限公司 Method for upgrading equipment firmware in Mesh network
CN111901142B (en) * 2020-06-17 2023-11-07 厦门亿联网络技术股份有限公司 Firmware silence upgrading method and device for embedded device cluster
CN112130877A (en) * 2020-09-08 2020-12-25 深圳市共进电子股份有限公司 Router firmware upgrading method and device, router and readable storage medium
CN112732293A (en) * 2020-12-31 2021-04-30 青岛海信电子产业控股股份有限公司 Vehicle-mounted system upgrading method and vehicle-mounted terminal
WO2022193096A1 (en) * 2021-03-15 2022-09-22 华为技术有限公司 Over-the-air technology (ota)-based communication method and apparatus
CN115208761A (en) * 2022-06-01 2022-10-18 上海黑眸智能科技有限责任公司 OTA upgrading system
CN115119208A (en) * 2022-07-25 2022-09-27 北京汽车研究总院有限公司 Upgrade package encryption and decryption methods and devices
CN115550427A (en) * 2022-09-23 2022-12-30 杭州海康威视系统技术有限公司 Equipment upgrading method, device, equipment and storage medium

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108241517A (en) * 2018-02-23 2018-07-03 武汉斗鱼网络科技有限公司 A kind of method for upgrading software, client and electronic equipment
CN115665138A (en) * 2022-11-14 2023-01-31 奇瑞新能源汽车股份有限公司 Automobile OTA (over the air) upgrading system and method

Also Published As

Publication number Publication date
CN116232766A (en) 2023-06-06

Similar Documents

Publication Publication Date Title
CN110532735B (en) Firmware upgrading method
CA2359673C (en) Self-generation of certificates using a secure microprocessor in a device for transferring digital information
CN109495307A (en) Method for upgrading system, OTA upgrade package encryption method, terminal device and vehicle
EP1712992A1 (en) Updating of data instructions
US9124561B2 (en) Method of transferring the control of a security module from a first entity to a second entity
CN110650478B (en) OTA method, system, device, SE module, program server and medium
CN111181723B (en) Method and device for offline security authentication between Internet of things devices
CN112534793A (en) Vehicle-mounted equipment upgrading method and related device
CN104683359A (en) Safety channel establishment method, and data protection method and safety channel key updating method thereof
CN116232766B (en) OTA-based data encryption system and method
CN114327532A (en) Automobile OTA (over the air) upgrade information security implementation method based on digital signature and encryption
CN111541716A (en) Data transmission method and related device
CN109120419B (en) Upgrading method and device for ONU version of optical network unit and storage medium
US10090997B2 (en) Method for changing an authentication key
CN114765543A (en) Encryption communication method and system of quantum cryptography network expansion equipment
CN117097462A (en) Vehicle-mounted intelligent software upgrading encryption system based on quantum key system
CN115119208A (en) Upgrade package encryption and decryption methods and devices
CN111736868B (en) Automobile remote updating method based on identity identification and bidirectional verification
CN112422289B (en) Method and system for offline security distribution of digital certificate of NB-IoT (NB-IoT) terminal equipment
CN112184960A (en) Intelligent lock control method and device, intelligent lock system and storage medium
CN104052756A (en) Method and system for service network elements to have safe access to service controller
WO2014005534A1 (en) Method and system for transmitting data from data provider to smart card
CN114598464B (en) Data updating method and controller
KR20190055617A (en) Telematics system with security
CN111130796B (en) Secure online cloud storage method in instant messaging

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant