CN116346463A - Safety access authentication method and system for diagnostic instrument of automobile detection equipment - Google Patents

Safety access authentication method and system for diagnostic instrument of automobile detection equipment Download PDF

Info

Publication number
CN116346463A
CN116346463A CN202310309510.6A CN202310309510A CN116346463A CN 116346463 A CN116346463 A CN 116346463A CN 202310309510 A CN202310309510 A CN 202310309510A CN 116346463 A CN116346463 A CN 116346463A
Authority
CN
China
Prior art keywords
certificate
equipment
authentication
detection
gateway
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202310309510.6A
Other languages
Chinese (zh)
Inventor
郭飞
汪向阳
张贤
宁廷聪
张科强
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Chongqing Changan Automobile Co Ltd
Original Assignee
Chongqing Changan Automobile Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Chongqing Changan Automobile Co Ltd filed Critical Chongqing Changan Automobile Co Ltd
Priority to CN202310309510.6A priority Critical patent/CN116346463A/en
Publication of CN116346463A publication Critical patent/CN116346463A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0823Network architectures or network communication protocols for network security for authentication of entities using certificates
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0869Network architectures or network communication protocols for network security for authentication of entities for achieving mutual authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/02Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y02TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
    • Y02PCLIMATE CHANGE MITIGATION TECHNOLOGIES IN THE PRODUCTION OR PROCESSING OF GOODS
    • Y02P90/00Enabling technologies with a potential contribution to greenhouse gas [GHG] emissions mitigation
    • Y02P90/30Computing systems specially adapted for manufacturing

Abstract

The invention discloses a safety access authentication method and a system of an automobile detection equipment diagnostic instrument, wherein the method comprises the following steps: the certificate management system of the whole automobile system receives the equipment certificate application and issues and generates an equipment certificate; filling the equipment certificate into a detection equipment diagnostic instrument; the whole automobile system performs two-way authentication with a detection equipment diagnostic instrument filled with equipment certificates, and establishes a safe HTTPS transmission channel; and the whole automobile system manages the authority of the detection equipment diagnostic instrument filled with the equipment certificate through a safe HTTPS transmission channel. The invention controls the time effect of the authentication session, and simultaneously greatly reduces the equipment authentication time.

Description

Safety access authentication method and system for diagnostic instrument of automobile detection equipment
Technical Field
The invention relates to the technical field of information security of a whole vehicle system of an automobile, in particular to a security access authentication method and system of a diagnosis instrument of automobile detection equipment.
Background
Automobiles are increasingly popular in daily life, functions of the automobiles are more and more powerful, the number and quality of the vehicle-mounted ECU (Electronic Control Unit ) system are more and more required, so that the requirements for access and debugging of the detection equipment diagnostic instrument are more and more increased, the traditional electronic architecture system is directly connected with an OBD diagnostic port through the detection equipment diagnostic instrument, and therefore the detection equipment accesses the ECU in the vehicle system in the vehicle research and development stage, the factory assembly stage and the after-sales stage, and the equipment maliciously accesses or falsifies important data in the automobile, privacy data of an automobile owner and related remote control functions are started, so that certain personal injury can be caused.
The existing external equipment access authentication method comprises the steps of initiating an authentication request of an external equipment access gateway, authenticating with test equipment, maintaining session connection after authentication is successful, and authenticating in an authentication mode through a random number, namely, the authentication request carries the random number and generates a random authentication result through a random algorithm, and receiving the request to verify through the random algorithm. However, the method cannot control the authentication session time, cannot control a vehicle which is specifically accessed, only simply provides a device authentication method, is not safe enough, and is not comprehensive in device access control, and meanwhile, when hundreds of ECUs exist in a whole vehicle system, for example, if a cloud server is needed to be accessed and authenticated by directly accessing to some or some tens of ECUs, the consumed time cost is not negligible.
Disclosure of Invention
The primary purpose of the invention is to provide a safety access authentication method of an automobile detection equipment diagnostic instrument, which can effectively control the time period of equipment access and greatly reduce the equipment authentication time.
In order to solve the technical problems, the technical scheme of the invention is as follows:
a safety access authentication method of an automobile detection equipment diagnostic instrument comprises the following steps:
the certificate management system of the whole automobile system receives the equipment certificate application and issues and generates an equipment certificate;
filling the equipment certificate into a detection equipment diagnostic instrument;
the whole automobile system performs two-way authentication with a detection equipment diagnostic instrument filled with equipment certificates, and establishes a safe HTTPS transmission channel;
and the whole automobile system manages the authority of the detection equipment diagnostic instrument filled with the equipment certificate through a safe HTTPS transmission channel.
Preferably, the certificate management system of the whole automobile system receives a device certificate application and issues and generates a device certificate, specifically:
the method comprises the steps that a detection equipment diagnostic equipment manufacturer provides identity information and application certificate filling information, wherein the identity information comprises a user name password or a temporary identity token, and the application certificate filling information comprises a vehicle-mounted terminal mechanical code of detection equipment, an accessed electronic control unit ECU list and a valid period of a certificate;
the automobile manufacturer uses a root certificate to issue and generate a standard certificate according to the submitted application certificate selecting and filling information based on an asymmetric certificate and a private key pair, uses the private key to sign the application certificate selecting and filling information, and encrypts and stores the signed equipment certificate through a white box algorithm;
and distributing the device certificate encrypted by the white box to a manufacturer of the diagnostic equipment of the detection device.
Preferably, the device certificate after the white box encryption is distributed to a manufacturer of the detecting device diagnostic instrument, specifically:
and the device certificate encrypted by the white box is transmitted to a detection device diagnostic instrument manufacturer through HTTPS safety transmission or is distributed to the detection device diagnostic instrument manufacturer through USB device offline.
Preferably, the whole automobile system performs bidirectional authentication with a detection equipment diagnostic instrument filled with equipment certificates, and establishes a safe HTTPS transmission channel, specifically:
the authentication GATEWAY GATEWAY of the whole automobile system is pre-filled with a root certificate, the root certificate is used for verifying the validity of an equipment certificate of a detection equipment diagnostic instrument, the authentication GATEWAY GATEWAY is used for establishing a transmission channel with the detection equipment diagnostic instrument, reading equipment certificate information and communicating with a SWITCH SWITCH, and the SWITCH SWITCH modifies the configuration of a routing table according to the accessed electronic control unit ECU list read by the authentication GATEWAY GATEWAY and connects the detection equipment diagnostic instrument with a corresponding electronic control unit ECU;
after the authentication GATEWAY GATEWAY passes the validity verification of the device certificate by using the root certificate, the authentication GATEWAY GATEWAY generates a communication session key and sends the communication session key to the detection device diagnostic instrument, the detection device diagnostic instrument and the authentication GATEWAY GATEWAY use session key encryption for communication, and a safe HTTPS transmission channel is established based on the TLS protocol.
Preferably, the rights management includes:
the authentication GATEWAY GATEWAY acquires the validity period and the system time of the certificate in the equipment certificate, performs time-dependent authentication of the equipment certificate, if the time-dependent authentication of the equipment certificate is accordant, the equipment connection access authentication is successful, and if the time-dependent authentication of the equipment certificate is not accordant, the equipment connection access authentication is failed.
Preferably, the device certificate further comprises a VIN code or wild card of the vehicle.
In another aspect, the rights management includes:
the authentication GATEWAY GATEWAY acquires the validity period and the system time of the certificate in the equipment certificate, performs timeliness authentication of the equipment certificate, and if timeliness of the equipment certificate accords with the timeliness of the equipment certificate, the authentication GATEWAY GATEWAY acquires the vehicle VIN code, or the vehicle type wildcards or all the vehicle type wildcards in the verification signature information, if the verification passes, the equipment connection access authentication is successful, and if the verification does not pass, the equipment connection access authentication fails; if the timeliness of the device certificate is not consistent, the device connection access authentication fails.
Preferably, after the device connection access authentication is successful, the detection device diagnostic apparatus and the authentication GATEWAY periodically perform heartbeat detection through HTTPS secure transmission, and when the heartbeat detection is stopped, the SWITCH resumes the default route configuration.
A further object of the present invention is to provide a security access authentication system for a diagnostic apparatus of an automobile detection apparatus, the authentication system applying the security access authentication method for a diagnostic apparatus of an automobile detection apparatus described above, the authentication system comprising:
the certificate application module enables a certificate management system of the whole automobile system to receive equipment certificate application and issue and generate equipment certificates;
the filling module is used for filling the equipment certificate into the detection equipment diagnostic instrument;
the authentication module performs bidirectional authentication on the whole automobile system and the detection equipment diagnostic instrument filled with the equipment certificate, and establishes a safe HTTPS transmission channel;
and the permission management module enables the whole automobile system to perform permission management on the detection equipment diagnostic instrument filled with the equipment certificate through a safe HTTPS transmission channel.
A third object of the present invention is to provide a computer storage medium, which when executed by a processor, implements the above-mentioned security access authentication method for a diagnostic apparatus of an automobile detection device.
Compared with the prior art, the technical scheme of the invention has the beneficial effects that:
1. the invention adopts the process of implementing access authentication based on the asymmetric algorithm certificate key pair, and the security strength of the asymmetric algorithm is larger than that of the symmetric algorithm in the aspect of complexity, so the invention is relatively safer.
2. The invention adopts a method of dynamic route configuration rules to configure optional ECU access service, when the whole vehicle system opens access permission outwards, the external equipment has a way for accessing the data in the vehicle system, legal access is allowed, but illegal access has the opportunity of accessing the vehicle system to acquire sensitive information and construct security events, such as modifying key parameters of the ECU by accessing an OBD interface.
3. The invention adopts the certificate timeliness mechanism and the heartbeat detection mechanism, so that the timeliness of the access authentication of the detection equipment is effectively controlled, and when the detection equipment diagnostic instrument can select to issue the certificate with timeliness in the certificate management system under the scenes of testing and the like, the safety pressure is reduced, the once and once can be avoided, the timeliness control of the detection equipment diagnostic instrument is truly realized, the detection equipment has the capacity of long-term or temporary access authentication, and the access authentication of the detection equipment is more flexibly and effectively controlled in time.
4. The invention realizes the control of the detection equipment diagnostic instrument to be connected to the specific vehicle model by combining the vehicle VIN code or the wildcard, avoids the infinite connection of one piece of equipment, and if one vehicle has a safety event, the other vehicles have serious conditions of safety matters, thereby realizing safer equipment access authentication.
5. The invention optimizes the system architecture of the whole vehicle equipment access authentication, and for the traditional equipment access authentication, the equipment access authentication and routing mode is carried out through the authentication GATEWAY GATEWAY, the access efficiency depends on the performance of the authentication GATEWAY GATEWAY.
Drawings
Fig. 1 is a flow chart of a security access authentication method of an automobile detection equipment diagnostic instrument of the invention.
Fig. 2 is a schematic diagram of connection between the whole automobile system and the diagnostic apparatus of the detection device.
Fig. 3 is a flowchart of a detection device diagnostic apparatus with time-dependent access authentication according to an embodiment.
Fig. 4 is a flowchart of a security access to a specific vehicle model of the diagnostic apparatus for a detection apparatus according to an embodiment.
Fig. 5 is a schematic block diagram of a security access authentication system of the diagnostic apparatus for an automobile detection device according to the present invention.
Detailed Description
The drawings are for illustrative purposes only and are not to be construed as limiting the present patent;
for the purpose of better illustrating the embodiments, certain elements of the drawings may be omitted, enlarged or reduced and do not represent the actual product dimensions;
it will be appreciated by those skilled in the art that certain well-known structures in the drawings and descriptions thereof may be omitted.
The technical scheme of the invention is further described below with reference to the accompanying drawings and examples.
Example 1
The embodiment provides a security access authentication method for a diagnostic apparatus of an automobile detection device, as shown in fig. 1, comprising the following steps:
the certificate management system of the whole automobile system receives the equipment certificate application and issues and generates an equipment certificate;
filling the equipment certificate into a detection equipment diagnostic instrument;
the whole automobile system performs two-way authentication with a detection equipment diagnostic instrument filled with equipment certificates, and establishes a safe HTTPS transmission channel;
and the whole automobile system manages the authority of the detection equipment diagnostic instrument filled with the equipment certificate through a safe HTTPS transmission channel.
The certificate management system of the whole automobile system receives equipment certificate application and issues and generates equipment certificates, and specifically comprises the following steps:
the method comprises the steps that a detection equipment diagnostic equipment manufacturer provides identity information and application certificate filling information, wherein the identity information comprises a user name password or a temporary identity token, and the application certificate filling information comprises a vehicle-mounted terminal mechanical code of detection equipment, an accessed electronic control unit ECU list and a valid period of a certificate;
the automobile manufacturer uses a root certificate to issue and generate a standard certificate according to the submitted application certificate selecting and filling information based on an asymmetric certificate and a private key pair, uses the private key to sign the application certificate selecting and filling information, and encrypts and stores the signed equipment certificate through a white box algorithm;
and distributing the device certificate encrypted by the white box to a manufacturer of the diagnostic equipment of the detection device.
The device certificate encrypted by the white box is distributed to a manufacturer of the diagnostic equipment of the detection device, and specifically comprises the following components:
and the device certificate encrypted by the white box is transmitted to a detection device diagnostic instrument manufacturer through HTTPS safety transmission or is distributed to the detection device diagnostic instrument manufacturer through USB device offline.
The whole automobile system performs two-way authentication with a detection equipment diagnostic instrument filled with equipment certificates, and establishes a safe HTTPS transmission channel, as shown in FIG. 2, specifically:
the authentication GATEWAY GATEWAY of the whole automobile system is pre-filled with a root certificate, the root certificate is used for verifying the validity of an equipment certificate of a detection equipment diagnostic instrument, the authentication GATEWAY GATEWAY is used for establishing a transmission channel with the detection equipment diagnostic instrument, reading equipment certificate information and communicating with a SWITCH SWITCH, and the SWITCH SWITCH modifies the configuration of a routing table according to the accessed electronic control unit ECU list read by the authentication GATEWAY GATEWAY and connects the detection equipment diagnostic instrument with a corresponding electronic control unit ECU;
after the authentication GATEWAY GATEWAY passes the validity verification of the device certificate by using the root certificate, the authentication GATEWAY GATEWAY generates a communication session key and sends the communication session key to the detection device diagnostic instrument, the detection device diagnostic instrument and the authentication GATEWAY GATEWAY use session key encryption for communication, and a safe HTTPS transmission channel is established based on the TLS protocol.
Example 2
The present embodiment continues to disclose the following on the basis of embodiment 1:
the rights management includes:
the authentication GATEWAY GATEWAY acquires the validity period and the system time of the certificate in the equipment certificate, performs time-dependent authentication of the equipment certificate, if the time-dependent authentication of the equipment certificate is accordant, the equipment connection access authentication is successful, and if the time-dependent authentication of the equipment certificate is not accordant, the equipment connection access authentication is failed.
After the equipment connection access authentication is successful, the detection equipment diagnostic instrument and the authentication GATEWAY GATEWAY periodically perform heartbeat detection through HTTPS safety transmission, and when the heartbeat detection is stopped, the SWITCH resumes default route configuration.
The flow of the access authentication of the detection device with timeliness is shown in fig. 3, specifically:
step S11: detecting equipment diagnostic equipment manufacturers log in a certificate management system of an automobile manufacturer through identity authentication, and selecting accessible ECU routes and timeliness of certificates on the certificate management system, or submitting application certificate information to a certificate management system administrator;
step S12: the certificate management system issues a device certificate for the detection device diagnostic instrument, encrypts the device certificate through a white box algorithm, sends the device certificate to a detection device diagnostic instrument manufacturer on line through HTTPS safety transmission, or leads the encrypted certificate to be exported from the certificate management system by a certificate management system administrator, distributes the encrypted certificate to the detection device diagnostic instrument manufacturer through USB equipment, and fills the detection device with the white box algorithm on a production line through a filling tool, and integrates the white box algorithm in the detection device.
Step S13: the root certificate is preset in the authentication GATEWAY.
Step S14: the detection equipment diagnostic instrument is connected into the whole vehicle system through the OBD diagnostic interface.
Step S15: the detection equipment diagnostic instrument establishes communication connection with the whole vehicle equipment authentication GATEWAY GATEWAY through the OBD diagnostic interface, the detection equipment diagnostic instrument sends an equipment certificate of the detection equipment diagnostic instrument to the authentication GATEWAY GATEWAY, and the authentication GATEWAY GATEWAY uses a preset root certificate of the authentication GATEWAY GATEWAY to perform validity check on the equipment certificate of the detection equipment diagnostic instrument. After the validity check of the device certificate of the detection device diagnostic apparatus passes, the authentication GATEWAY generates a communication session key and sends the communication session key to the detection device diagnostic apparatus. The detection device diagnostic apparatus and the authentication GATEWAY use session key encryption for communication, up to which both parties establish a secure HTTPS transmission channel based on the TLS protocol.
Step S16: after the certificate of the detecting equipment diagnostic instrument is verified to be legal, the authentication GATEWAY GATEWAY acquires the system time and verifies the timeliness of the certificate of the T1 detecting equipment diagnostic instrument.
Step S17: and if the checking of the equipment diagnostic instrument certificate is illegal or the timeliness of the equipment diagnostic instrument certificate is inconsistent, the equipment access authentication fails.
Step S18: and if the certificate of the detection equipment diagnostic instrument is verified to be legal and the time period of the certificate in the detection equipment diagnostic instrument is valid, the authentication GATEWAY GATEWAY issues to the SWITCH to modify the default route according to the selected route configuration, so that the configuration of dynamic route access is realized.
Step S19: after the connection and the authentication of the detection equipment diagnostic instrument are successful, heartbeat detection is periodically carried out between the detection equipment diagnostic instrument and the authentication GATEWAY GATEWAY through HTTPS safety transmission, and once the detection equipment diagnostic instrument is stopped, the SWITCH resumes default route configuration.
Step S110, if the heartbeat detection is successful, the security access authentication of the diagnostic equipment of the detection equipment is represented.
The security access authentication function of the detection device is realized mainly by relying on the principle of certificates and private keys of an asymmetric algorithm of a certificate management system, and the dynamic route access configuration is realized by a signed route access configuration list.
Example 3
The present embodiment continues to disclose the following on the basis of embodiment 1:
the rights management includes:
the authentication GATEWAY GATEWAY acquires the validity period and the system time of the certificate in the equipment certificate, performs timeliness authentication of the equipment certificate, and if timeliness of the equipment certificate accords with the timeliness of the equipment certificate, the authentication GATEWAY GATEWAY acquires the vehicle VIN code, or the vehicle type wildcards or all the vehicle type wildcards in the verification signature information, if the verification passes, the equipment connection access authentication is successful, and if the verification does not pass, the equipment connection access authentication fails; if the timeliness of the device certificate is not consistent, the device connection access authentication fails.
After the equipment connection access authentication is successful, the detection equipment diagnostic instrument and the authentication GATEWAY GATEWAY periodically perform heartbeat detection through HTTPS safety transmission, and when the heartbeat detection is stopped, the SWITCH resumes default route configuration.
Aiming at the equipment needing temporary access, safety authentication cannot be carried out by issuing a long-term authentication certificate through a certificate management system, the control of equipment access authentication timeliness can be realized through the mode of applying for issuing the temporary certificate, but the management of equipment access authentication timeliness of detection equipment cannot be realized, the requirements of the detection equipment diagnostic instrument only access to corresponding vehicles or vehicle types or all vehicle types are met, a specific vehicle VIN code is added when signature configuration is selected, or the wildcards of the vehicle types or the wildcards of all vehicle types are matched, so that the issued certificate can realize the control of equipment access to a certain vehicle, and a flow chart of the realization of the safety access of the detection equipment diagnostic instrument to the specific vehicle types is shown in fig. 4:
step S21: the detection equipment diagnostic equipment manufacturer logs in a certificate management system of the automobile manufacturer through identity authentication, selects accessible ECU routes and timeliness of certificates on the certificate management system, selects a vehicle VIN or a vehicle model wildcard accessed specifically or wildcards of all vehicle models, or submits application certificate information to a certificate management system administrator.
Step S22: the certificate management system issues a device certificate for the detection device diagnostic instrument, encrypts the device certificate through a white box algorithm, sends the device certificate to a detection device diagnostic instrument manufacturer on line through HTTPS safety transmission, or leads the encrypted certificate to be exported from the certificate management system by a certificate management system administrator, distributes the encrypted certificate to the detection device diagnostic instrument manufacturer through USB equipment, and fills the detection device with the white box algorithm on a production line through a filling tool, and integrates the white box algorithm in the detection device.
Step S23: the root certificate is preset in the authentication GATEWAY.
Step S24: the detection equipment diagnostic instrument is connected into the whole vehicle system through the OBD diagnostic interface.
Step S25: the detection equipment diagnostic instrument establishes communication connection with the whole vehicle equipment authentication GATEWAY GATEWAY through the OBD diagnostic interface, the detection equipment diagnostic instrument sends an equipment certificate of the detection equipment diagnostic instrument to the authentication GATEWAY GATEWAY, and the authentication GATEWAY GATEWAY uses a preset root certificate of the authentication GATEWAY GATEWAY to perform validity check on the equipment certificate of the detection equipment diagnostic instrument. After the validity check of the device certificate of the detection device diagnostic apparatus passes, the authentication GATEWAY generates a communication session key and sends the communication session key to the detection device diagnostic apparatus. The detection device diagnostic apparatus and the gateway communication use session key encryption, up to which both parties establish a secure HTTPS transmission channel based on the TLS protocol
Step S26: after the certificate of the diagnostic instrument of the detection equipment is verified to be legal, the authentication GATEWAY GATEWAY acquires the system time and verifies the timeliness of the certificate of the diagnostic instrument of the detection equipment.
Step S27: and if the checking of the equipment diagnostic instrument certificate is illegal or the timeliness of the equipment diagnostic instrument certificate is inconsistent, the equipment access authentication fails.
Step S28: the authentication GATEWAY GATEWAY obtains the vehicle VIN, and realizes the control of accessing a specific detection equipment diagnostic instrument to a certain equipment by checking the vehicle VIN or the vehicle type wildcards or all the vehicle type wildcards in the signature information, so as to safely carry out equipment access authentication.
Step S29: and if the certificate of the detection equipment diagnostic instrument is legal and the time period of the certificate in the detection equipment diagnostic instrument is effective, the GATEWAY transmits the modification of the default route to the SWITCH according to the selected route configuration, and the configuration of dynamic route access is realized.
Step S210: after the equipment connection access authentication is successful, heartbeat detection is periodically carried out between the detection equipment diagnostic instrument and the authentication GATEWAY GATEWAY through HTTPS safety transmission, and once the equipment connection access authentication is stopped, the T5 SWITCH resumes default route configuration.
Step S211: and if the heartbeat detection is successful, the security access authentication of the diagnostic instrument of the detection equipment is represented.
By utilizing an asymmetric certificate and a private key algorithm, a safe HTTPS transmission channel is directly established through a TLS protocol, and the validity, the integrity and the non-repudiation are ensured through the verification of the validity of the certificate and the signature of important information. By introducing specific vehicle VIN codes, a safer equipment access mechanism is realized, and the situation that the detection equipment diagnostic instrument is accessed to the vehicle without distinction is avoided. The method optimizes the architecture of the whole vehicle equipment access authentication, establishes the authentication of communication and equipment certificates by using a gateway, and performs efficient route configuration route distribution by using a switch, thereby realizing simple, safe, effective and rapid access authentication of detection equipment.
Example 4
The present embodiment discloses a security access authentication system for a diagnostic apparatus of an automobile detection apparatus, as shown in fig. 5, the authentication system applies the security access authentication method for the diagnostic apparatus of the automobile detection apparatus described in embodiments 1 to 3, and the authentication system includes:
the certificate application module enables a certificate management system of the whole automobile system to receive equipment certificate application and issue and generate equipment certificates;
the filling module is used for filling the equipment certificate into the detection equipment diagnostic instrument;
the authentication module performs bidirectional authentication on the whole automobile system and the detection equipment diagnostic instrument filled with the equipment certificate, and establishes a safe HTTPS transmission channel;
and the permission management module enables the whole automobile system to perform permission management on the detection equipment diagnostic instrument filled with the equipment certificate through a safe HTTPS transmission channel.
Example 5
The present embodiment provides a computer storage medium, wherein the computer storage medium, when executed by a processor, implements the security access authentication method of the diagnostic apparatus for an automobile detection apparatus described in embodiments 1 to 3.
The same or similar reference numerals correspond to the same or similar components;
the terms describing the positional relationship in the drawings are merely illustrative, and are not to be construed as limiting the present patent;
it is to be understood that the above examples of the present invention are provided by way of illustration only and not by way of limitation of the embodiments of the present invention. Other variations or modifications of the above teachings will be apparent to those of ordinary skill in the art. It is not necessary here nor is it exhaustive of all embodiments. Any modification, equivalent replacement, improvement, etc. which come within the spirit and principles of the invention are desired to be protected by the following claims.

Claims (10)

1. The safety access authentication method of the automobile detection equipment diagnostic instrument is characterized by comprising the following steps of:
the certificate management system of the whole automobile system receives the equipment certificate application and issues and generates an equipment certificate;
filling the equipment certificate into a detection equipment diagnostic instrument;
the whole automobile system performs two-way authentication with a detection equipment diagnostic instrument filled with equipment certificates, and establishes a safe HTTPS transmission channel;
and the whole automobile system manages the authority of the detection equipment diagnostic instrument filled with the equipment certificate through a safe HTTPS transmission channel.
2. The method for authenticating the security access of the diagnostic apparatus of the automobile inspection device according to claim 1, wherein the certificate management system of the entire automobile system receives the application of the device certificate and issues and generates the device certificate, specifically:
the method comprises the steps that a detection equipment diagnostic equipment manufacturer provides identity information and application certificate filling information, wherein the identity information comprises a user name password or a temporary identity token, and the application certificate filling information comprises a vehicle-mounted terminal mechanical code of detection equipment, an accessed electronic control unit ECU list and a valid period of a certificate;
the automobile manufacturer uses a root certificate to issue and generate a standard certificate according to the submitted application certificate selecting and filling information based on an asymmetric certificate and a private key pair, uses the private key to sign the application certificate selecting and filling information, and encrypts and stores the signed equipment certificate through a white box algorithm;
and distributing the device certificate encrypted by the white box to a manufacturer of the diagnostic equipment of the detection device.
3. The method for authenticating the security access of the diagnostic apparatus of the automobile detection apparatus according to claim 2, wherein the device certificate encrypted by the white box is distributed to the manufacturer of the diagnostic apparatus of the detection apparatus, specifically:
and the device certificate encrypted by the white box is transmitted to a detection device diagnostic instrument manufacturer through HTTPS safety transmission or is distributed to the detection device diagnostic instrument manufacturer through USB device offline.
4. The method for authenticating the security access of the diagnostic apparatus of the automobile detection apparatus according to claim 2, wherein the entire automobile system performs the mutual authentication with the diagnostic apparatus of the detection apparatus filled with the apparatus certificate, and establishes a secure HTTPS transmission channel, specifically:
the authentication GATEWAY GATEWAY of the whole automobile system is pre-filled with a root certificate, the root certificate is used for verifying the validity of an equipment certificate of a detection equipment diagnostic instrument, the authentication GATEWAY GATEWAY is used for establishing a transmission channel with the detection equipment diagnostic instrument, reading equipment certificate information and communicating with a SWITCH SWITCH, and the SWITCH SWITCH modifies the configuration of a routing table according to the accessed electronic control unit ECU list read by the authentication GATEWAY GATEWAY and connects the detection equipment diagnostic instrument with a corresponding electronic control unit ECU;
after the authentication GATEWAY GATEWAY passes the validity verification of the device certificate by using the root certificate, the authentication GATEWAY GATEWAY generates a communication session key and sends the communication session key to the detection device diagnostic instrument, the detection device diagnostic instrument and the authentication GATEWAY GATEWAY use session key encryption for communication, and a safe HTTPS transmission channel is established based on the TLS protocol.
5. The security access authentication method of a diagnostic apparatus for an automotive test device according to claim 2, wherein the rights management includes:
the authentication GATEWAY GATEWAY acquires the validity period and the system time of the certificate in the equipment certificate, performs time-dependent authentication of the equipment certificate, if the time-dependent authentication of the equipment certificate is accordant, the equipment connection access authentication is successful, and if the time-dependent authentication of the equipment certificate is not accordant, the equipment connection access authentication is failed.
6. The method for authenticating a security access to a diagnostic device of an automotive test device according to claim 2, wherein the device certificate further comprises a VIN code or a wildcard of the vehicle.
7. The security access authentication method of a diagnostic apparatus for an automotive test device according to claim 2, wherein the rights management includes:
the authentication GATEWAY GATEWAY acquires the validity period and the system time of the certificate in the equipment certificate, performs timeliness authentication of the equipment certificate, and if timeliness of the equipment certificate accords with the timeliness of the equipment certificate, the authentication GATEWAY GATEWAY acquires the vehicle VIN code, or the vehicle type wildcards or all the vehicle type wildcards in the verification signature information, if the verification passes, the equipment connection access authentication is successful, and if the verification does not pass, the equipment connection access authentication fails; if the timeliness of the device certificate is not consistent, the device connection access authentication fails.
8. The method for authenticating security access to a diagnostic device of an automotive detection device according to claim 5 or 7, wherein after the device connection access authentication is successful, the diagnostic device and the authentication GATEWAY periodically perform heartbeat detection through HTTPS security transmission, and when the heartbeat detection is stopped, the SWITCH resumes a default routing configuration.
9. A security access authentication system of an automobile detection apparatus diagnostic apparatus, characterized in that the authentication system applies the security access authentication method of an automobile detection apparatus diagnostic apparatus according to any one of claims 1 to 8, the authentication system comprising:
the certificate application module enables a certificate management system of the whole automobile system to receive equipment certificate application and issue and generate equipment certificates;
the filling module is used for filling the equipment certificate into the detection equipment diagnostic instrument;
the authentication module performs bidirectional authentication on the whole automobile system and the detection equipment diagnostic instrument filled with the equipment certificate, and establishes a safe HTTPS transmission channel;
and the permission management module enables the whole automobile system to perform permission management on the detection equipment diagnostic instrument filled with the equipment certificate through a safe HTTPS transmission channel.
10. A computer storage medium, wherein the computer storage medium, when executed by a processor, implements the secure access authentication method of the diagnostic apparatus for an automotive detection apparatus according to any one of claims 1 to 8.
CN202310309510.6A 2023-03-27 2023-03-27 Safety access authentication method and system for diagnostic instrument of automobile detection equipment Pending CN116346463A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202310309510.6A CN116346463A (en) 2023-03-27 2023-03-27 Safety access authentication method and system for diagnostic instrument of automobile detection equipment

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202310309510.6A CN116346463A (en) 2023-03-27 2023-03-27 Safety access authentication method and system for diagnostic instrument of automobile detection equipment

Publications (1)

Publication Number Publication Date
CN116346463A true CN116346463A (en) 2023-06-27

Family

ID=86880247

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202310309510.6A Pending CN116346463A (en) 2023-03-27 2023-03-27 Safety access authentication method and system for diagnostic instrument of automobile detection equipment

Country Status (1)

Country Link
CN (1) CN116346463A (en)

Similar Documents

Publication Publication Date Title
US20200177398A1 (en) System, certification authority, vehicle-mounted computer, vehicle, public key certificate issuance method, and program
CN103685267B (en) Data access method and device
EP3648396B1 (en) Maintenance system and maintenance method
WO2021135258A1 (en) Method and apparatus for using vehicle based on smart key
CN110324335B (en) Automobile software upgrading method and system based on electronic mobile certificate
CN109787988A (en) A kind of identity reinforces certification and method for authenticating and device
JP2019521414A (en) Payment authentication method, device and system for on-vehicle terminal
CN109040285B (en) Method and device for safety authentication of vehicle-mounted network, storage medium and vehicle
CN109039654B (en) TBOX identity authentication method and terminal equipment
CN111131313A (en) Safety guarantee method and system for replacing ECU (electronic control Unit) of intelligent networked automobile
RU2011153984A (en) TRUSTED AUTHORITY ADMINISTRATOR (TIM)
CN111080858A (en) Bluetooth key logout method and device
CN112883382B (en) Vehicle writing method, internet of vehicles box, vehicle and storage medium
CN110758321A (en) Control method and device of Bluetooth key
CN112055344A (en) Engineering machinery Bluetooth equipment identity authentication system and method
WO2023185492A1 (en) Diagnostic method and apparatus for a vehicle controller, device, and medium
CN111148075A (en) Bluetooth key configuration method and system for configuring Bluetooth key
CN109858235B (en) Portable equipment and password obtaining method and device thereof
CN111147501A (en) Bluetooth key inquiry method and device
CN111127715A (en) Bluetooth key replacement method and device
CN116346463A (en) Safety access authentication method and system for diagnostic instrument of automobile detection equipment
CN114726606B (en) User authentication method, client, gateway and authentication server
CN113346989B (en) External device access authentication method and device, gateway and electric vehicle
CN114024682A (en) Cross-domain single sign-on method, service equipment and authentication equipment
CN117062079B (en) Digital certificate issuing method, device and storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination