CN116954661A - OTA upgrading method and device based on distributed system - Google Patents
OTA upgrading method and device based on distributed system Download PDFInfo
- Publication number
- CN116954661A CN116954661A CN202310936066.0A CN202310936066A CN116954661A CN 116954661 A CN116954661 A CN 116954661A CN 202310936066 A CN202310936066 A CN 202310936066A CN 116954661 A CN116954661 A CN 116954661A
- Authority
- CN
- China
- Prior art keywords
- ecu
- layer message
- message
- inner layer
- outer layer
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 47
- 230000005540 biological transmission Effects 0.000 claims abstract description 94
- 231100000279 safety data Toxicity 0.000 claims description 21
- 238000004590 computer program Methods 0.000 claims description 17
- 238000004806 packaging method and process Methods 0.000 claims description 3
- WXZOXVVKILCOPG-UHFFFAOYSA-N bis(2-ethylhexyl) benzene-1,3-dicarboxylate Chemical compound CCCCC(CC)COC(=O)C1=CC=CC(C(=O)OCC(CC)CCCC)=C1 WXZOXVVKILCOPG-UHFFFAOYSA-N 0.000 description 12
- 230000006870 function Effects 0.000 description 10
- 238000012545 processing Methods 0.000 description 6
- 238000004891 communication Methods 0.000 description 5
- 238000010586 diagram Methods 0.000 description 5
- 238000005516 engineering process Methods 0.000 description 5
- 230000006855 networking Effects 0.000 description 4
- 101100217298 Mus musculus Aspm gene Proteins 0.000 description 3
- 238000001514 detection method Methods 0.000 description 2
- 206010000117 Abnormal behaviour Diseases 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 230000001680 brushing effect Effects 0.000 description 1
- 230000003247 decreasing effect Effects 0.000 description 1
- 230000008030 elimination Effects 0.000 description 1
- 238000003379 elimination reaction Methods 0.000 description 1
- 238000005538 encapsulation Methods 0.000 description 1
- 239000000284 extract Substances 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
- 238000012546 transfer Methods 0.000 description 1
- 238000012795 verification Methods 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F8/00—Arrangements for software engineering
- G06F8/60—Software deployment
- G06F8/65—Updates
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F8/00—Arrangements for software engineering
- G06F8/70—Software maintenance or management
- G06F8/71—Version control; Configuration management
Abstract
The application relates to the field of intelligent network automobiles, and provides an OTA upgrading method and device based on a distributed system. The method comprises the following steps: acquiring an ECU upgrading file; if the target ECU is determined to be the key ECU, a first processor is called to assemble the ECU upgrade file into a first inner layer message, the first inner layer message is assembled into a first outer layer message, and the first outer layer message is transmitted to the target ECU through a first external transmission tunnel; and if the target ECU is determined to be the common ECU according to the identification information, calling a second processor to assemble the ECU upgrade file into a second inner layer message, assembling the second inner layer message into a second outer layer message, transmitting the second outer layer message to the key ECU through the first external transmission tunnel, and transmitting the second outer layer message to the target ECU through the internal transmission channel by the key ECU. The cloud-based OTA upgrading method and system can fully utilize abundant hardware resources in the cloud to realize safe and rapid OTA upgrading.
Description
Technical Field
The application relates to the field of intelligent network automobiles, in particular to an OTA upgrading method and device based on a distributed system.
Background
Under the background of the intelligent age, the popularization of intelligent networking automobiles is more and more widespread, and the functional requirements of people on intelligent networking automobiles are higher and higher, so that the number of ECU (electronic control unit) parts closely related to the functions of intelligent networking automobiles is more and more, upgrade files are larger and larger, the main control function of OTA (Over-the-Air Technology) upgrade is more and more complex, and the requirements on CPU (Central Processing Unit ) resources and hardware storage space are higher and higher.
The conventional main control piece for upgrading the automobile OTA is generally VBOX deployed at the automobile end, so that the requirement on hardware resources of the automobile end is high, some hardware cannot meet the functional requirement of the OTA at all, the price cost is high, the function expansion is inconvenient, and meanwhile, the VBOX is required to download an upgrade file from a cloud server to a local storage for upgrading, so that more storage resources are required to be occupied.
Disclosure of Invention
In view of this, the embodiments of the present application provide an OTA upgrading method and apparatus based on a distributed system, so as to solve the problems that the traditional automobile OTA upgrading method has a high requirement on hardware resources at the vehicle end, cannot fully meet various functional requirements of OTA upgrading, has a high price cost, is inconvenient for function expansion, and needs to occupy more storage resources of VBOX.
In a first aspect of the embodiment of the present application, an OTA upgrade method based on a distributed system is provided, where the distributed system is deployed on a cloud server, and the distributed system includes an upgrade master control, a first processor and a second processor;
the OTA upgrading method is applied to upgrading main control and comprises the following steps:
acquiring an ECU upgrade file, wherein the ECU upgrade file carries identification information of a target ECU;
if the target ECU is determined to be the key ECU according to the identification information, a first processor is called to assemble the ECU upgrade file into a first inner layer message, the first inner layer message is assembled into a first outer layer message, and the first outer layer message is transmitted to the target ECU through a first external transmission tunnel;
and if the target ECU is determined to be the common ECU according to the identification information, calling a second processor to assemble the ECU upgrade file into a second inner layer message, assembling the second inner layer message into a second outer layer message, transmitting the second outer layer message to the key ECU through the first external transmission tunnel, and transmitting the second outer layer message to the target ECU through the internal transmission channel by the key ECU.
In a second aspect of the embodiment of the present application, an OTA upgrading device is provided, including:
the acquisition module is configured to acquire an ECU upgrade file, wherein the ECU upgrade file carries identification information of a target ECU;
the first calling module is configured to call the first processor to assemble the ECU upgrading file into a first inner layer message, assemble the first inner layer message into a first outer layer message and transmit the first outer layer message to the target ECU through the first external transmission tunnel if the target ECU is determined to be the key ECU according to the identification information;
and the second calling module is configured to call the second processor to assemble the ECU upgrading file into a second inner layer message, then assemble the second inner layer message into a second outer layer message, transmit the second outer layer message to the key ECU through the first external transmission tunnel, and transmit the second outer layer message to the target ECU through the internal transmission channel by the key ECU if the target ECU is determined to be the common ECU according to the identification information.
In a third aspect of the embodiments of the present application, there is provided an electronic device comprising a memory, a processor and a computer program stored in the memory and executable on the processor, the processor implementing the steps of the above method when executing the computer program.
In a fourth aspect of the embodiments of the present application, there is provided a computer readable storage medium storing a computer program which, when executed by a processor, implements the steps of the above method.
Compared with the prior art, the embodiment of the application has the beneficial effects that: on the one hand, the distributed system is deployed on the cloud server, so that abundant hardware resources in the cloud server can be fully utilized, various functional requirements of OTA upgrading can be fully met, the function expansion is convenient, the problems of resources and cost pressure caused by the fact that an OTA main control part is deployed on the VBOX of a vehicle end in the prior art can be well solved, in addition, the ECU upgrading file can be directly downloaded and upgraded to each target ECU through the cloud server, the ECU upgrading file is not required to be downloaded to the VBOX for local storage and then is upgraded, and the occupation pressure of storage resources of the VBOX can be effectively relieved. On the other hand, the application adopts a distributed system to realize OTA upgrade, and the distributed system comprises an upgrade master control, a first processor and a second processor; the upgrade master control can distinguish whether the target ECU is a key ECU or a common ECU according to the identification information carried by the ECU upgrade file, and if the target ECU is the key ECU, a first processor is called to package the ECU upgrade file to obtain a first outer layer message, and the first outer layer message is transmitted to the target ECU through a first external transmission tunnel; if the target ECU is a common ECU, a second processor is called to encapsulate the ECU upgrading file to obtain a second outer layer message, the second outer layer message is transmitted to the key ECU through the first external transmission tunnel, and the second outer layer message is transmitted to the target ECU through the internal transmission channel through the key ECU, so that the data transmission safety in the OTA upgrading process can be improved, and the OTA upgrading efficiency can be improved.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present application, the drawings used in the embodiments or the description of the prior art will be briefly described below, and it is obvious that the drawings in the following description are only some embodiments of the present application, and other drawings may be obtained according to these drawings without inventive effort for a person skilled in the art.
Fig. 1 is a schematic view of an application scenario according to an embodiment of the present application;
fig. 2 is a schematic flow chart of an OTA upgrading method based on a distributed system according to an embodiment of the present application;
fig. 3 is a schematic diagram of a message assembly mode in an OTA upgrading method based on a distributed system according to an embodiment of the present application;
fig. 4 is a schematic flow chart of another OTA upgrading method based on a distributed system according to an embodiment of the present application;
fig. 5 is a schematic diagram of an OTA upgrading device according to an embodiment of the present application;
fig. 6 is a schematic structural diagram of an electronic device according to an embodiment of the present application.
Detailed Description
In the following description, for purposes of explanation and not limitation, specific details are set forth such as the particular system architecture, techniques, etc., in order to provide a thorough understanding of the embodiments of the present application. It will be apparent, however, to one skilled in the art that the present application may be practiced in other embodiments that depart from these specific details. In other instances, detailed descriptions of well-known systems, devices, circuits, and methods are omitted so as not to obscure the description of the present application with unnecessary detail.
An OTA upgrading method and device based on a distributed system according to an embodiment of the present application will be described in detail below with reference to the accompanying drawings.
Fig. 1 is a schematic view of an application scenario according to an embodiment of the present application. The application scenario may include a cloud server (Telematics Service Provider, abbreviated as "TSP", automotive remote service provider) 101 and a vehicle end 102.
The cloud server 101 carries a distributed system, which includes an upgrade master, a first processor and a second processor connected to the upgrade master, respectively. The upgrade master may also be referred to as an OTA upgrade master (abbreviated as "UMC"). The first processor and the second processor may be a CPU (Central Processing Unit ), a single chip microcomputer, or the like.
The vehicle end 102 carries VBOX, VGW. VBOX (Vehicle BOX) may be a TBOX (telematics unit) of an automobile. VGW (Vehicle GateWay), namely a vehicle gateway. One or more ECU components may be hooked up under VGW. The VBOX and VGW may carry an OTA Upgrade Agent (UA) and an OTA Upgrade Slave (US). An OTA upgrade slave (abbreviated as "US") may be carried in the ECU.
The VBOX and VGW can be connected through an internal transmission channel (such as 100M/1000M Ethernet cable); VGW CAN be coupled to each ECU component thereunder through an internal transmission channel (e.g., 100M/1000M Ethernet cable or CAN bus). VBOX may be connected to a cloud server (TSP) 101 through a first external transport tunnel (e.g., ethernet tunnel), a second external transport tunnel (e.g., HTTPS channel), and the transmission medium may be a 4G/5G signal.
Fig. 2 is a schematic flow chart of an OTA upgrading method based on a distributed system according to an embodiment of the present application. The distributed system-based OTA upgrade method of fig. 2 may be performed by an upgrade master in the distributed system in the cloud server 101 of fig. 1. As shown in fig. 2, the OTA upgrading method based on the distributed system includes the following steps:
step S201, an ECU upgrade file is acquired, wherein the ECU upgrade file carries identification information of a target ECU.
The ECU upgrade file may be a firmware upgrade file of the ECU or a software upgrade file of the ECU.
The identification information may be a unique identification code of the target ECU.
The target ECU may be VBOX, VGW, or one or more ECU components that are hooked under VGW.
In an embodiment, VBOX, VGW or each ECU component may negotiate an OTA upgrade mode with an upgrade master through Service-oriented (Service-Oriented Architecture, abbreviated as "SOA") technology in advance, for example, VBOX, VGW, each ECU component may authorize the upgrade master through SOA technology to download and upgrade the ECU upgrade file to VBOX, VGW, each ECU component directly when the cloud server 101 issues the ECU upgrade file related to them. For another example, when the VBOX, VGW, and each ECU element have an upgrade requirement, an upgrade request is sent to the upgrade master control, and at this time, the upgrade master control searches a corresponding ECU upgrade file from the ECU upgrade files already issued by the cloud server 101 based on the upgrade request, and downloads the upgrade to the VBOX, VGW, and each ECU element.
Through the mode, the upgrade master control can directly download and acquire the ECU upgrade file from the cloud server, the ECU upgrade file is not required to be downloaded to the VBOX of the vehicle end for local storage and then is upgraded, and the storage resource occupancy rate of the VBOX of the vehicle end can be greatly reduced.
Step S202, if the target ECU is determined to be the key ECU according to the identification information, a first processor is called to assemble the ECU upgrade file into a first inner layer message, the first inner layer message is assembled into a first outer layer message, and the first outer layer message is transmitted to the target ECU through a first external transmission tunnel.
The key ECU generally refers to components with relatively high security risk, such as VBOX and VGW at the vehicle end, which are vulnerable to hacking.
The first inner layer message consists of an intranet IP header field, a digital signature field, DOIP data and an FCS field.
The first outer layer message consists of an outer network IP header field, an ESP header field, an IP data encryption ciphertext and an ESP abstract field.
The intranet IP header field is the header of a local area network (Local Area Network, LAN) and comprises an internal source IP address and an internal destination IP address, wherein the internal source IP address is the intranet IP address of VBOX, and the internal destination IP address is the IP address of VGW. The intranet IP is mainly used for realizing communication between VBOX and VGW in the vehicle end.
The external network IP header field is a header of the wide area network (Wide Area Network, WAN), and includes an external source IP address and an external destination address, where the external source IP address is a cloud server (TSP) address and the external destination address is an external IP address of VBOX.
The first external transport tunnel may be a connection channel (e.g., an ethernet tunnel/ethernet channel) between the cloud server 101 and the VBOX of the vehicle end 102.
Step S203, if the target ECU is determined to be the common ECU according to the identification information, a second processor is called to assemble the ECU upgrade file into a second inner layer message, the second inner layer message is assembled into a second outer layer message, the second outer layer message is transmitted to the key ECU through the first external transmission tunnel, and the second outer layer message is transmitted to the target ECU through the key ECU through the internal transmission channel.
The general ECU generally refers to an ECU member that is hung under VGW. These ECU components are less vulnerable to hacking and have a relatively lower security risk than VBOX, VGW.
The second inner layer message consists of an intranet IP header field, a digital signature field, DOIP data and FCS. The second inner layer message is mainly used for implementing communication between VBOX and VGW of the vehicle end 102.
The second outer layer message consists of an outer network IP header field, an ESP header field, an IP data encryption ciphertext and an ESP abstract field. The second external layer message is mainly used for implementing tunnel communication between the cloud server 101 and the VBOX of the vehicle end 102.
The internal transmission channel refers to a connection channel between VBOX and VGW at the vehicle end and a connection channel between VGW and each ECU (electronic control unit) part connected with the VGW in a hanging way. Illustratively, the connection channel between VBOX and VGW may be a 100M/1000M ethernet cable, and the connection channel between VGW and each ECU component hooked thereunder may be a 100M/1000M ethernet cable or a CAN bus.
According to the technical scheme provided by the embodiment of the application, on one hand, the distributed system is deployed on the cloud server, so that abundant hardware resources in the cloud server can be fully utilized, various functional requirements of OTA upgrade can be fully met, the function expansion is convenient, the problems of resources and cost pressure caused by the conventional VBOX for deploying the OTA main control part on the vehicle end can be well solved, in addition, the ECU upgrade file can be directly downloaded and upgraded to each target ECU through the cloud server, the ECU upgrade file is not required to be downloaded to the VBOX for local storage and then is upgraded, and the occupation pressure of the storage resources of the VBOX can be effectively relieved. On the other hand, the application adopts a distributed system to realize OTA upgrade, and the distributed system comprises an upgrade master control, a first processor and a second processor; the upgrade master control can distinguish whether the target ECU is a key ECU or a common ECU according to the identification information carried by the ECU upgrade file, and if the target ECU is the key ECU, a first processor is called to package the ECU upgrade file to obtain a first outer layer message, and the first outer layer message is transmitted to the target ECU through a first external transmission tunnel; if the target ECU is a common ECU, a second processor is called to encapsulate the ECU upgrading file to obtain a second outer layer message, the second outer layer message is transmitted to the key ECU through the first external transmission tunnel, and the second outer layer message is transmitted to the target ECU through the internal transmission channel through the key ECU, so that the data transmission safety in the OTA upgrading process can be improved, and the OTA upgrading efficiency can be improved.
In some embodiments, the method for assembling the ECU upgrade file into the first inner layer message specifically includes:
packaging the ECU upgrade file into a first data message;
and carrying out digital signature on the data part of the first data message, and adding a digital signature field and an intranet header field into the first data message to obtain a first inner layer message.
Referring to fig. 3, assuming that the key ECU is VGW, the first inner layer packet is assembled as follows: firstly, filling an ECU upgrade file into a DOIP data part in a DOIP message; and then filling the complete DOIP message header field and assembling the full DOIP message header field into a first data message. And then, carrying out digital signature on the DOIP data part in the first data message, and adding a digital signature field and an intranet header field (namely an intranet IP header field) to obtain a first inner layer message. The intranet header field includes an internal source IP address and an internal destination IP address, where the internal source IP address is an intranet IP address of VBOX and the internal destination IP address is an IP address of VGW.
As another example, assuming that the key ECU is VBOX, the assembly steps of the first inner layer message are substantially the same as described above, except that: the internal source IP address and the internal destination IP address in the intranet IP header field are both the intranet IP address of VBOX.
In some embodiments, assembling the first inner layer packet into the first outer layer packet specifically includes: encrypting the first inner layer message to obtain a first inner layer encrypted message; and assembling the first inner layer encrypted message into a first outer layer message.
Referring to fig. 3, first, a target encryption algorithm (for example, at least one of DES, 3DES, AES, etc. encryption algorithms) may be selected according to actual needs, and then, the first inner layer packet is encrypted according to the target encryption algorithm to obtain an IP data encrypted ciphertext; and then, adding an ESP header field of an ESP (Encapsulated Security Payload, security encapsulation) protocol which is widely used to obtain a first inner layer encrypted message. That is, the first inner layer encrypted message is composed of an ESP header field and an IP data encrypted ciphertext.
Next, the first inner layer encrypted message is assembled into a first outer layer message, and specifically, the first inner layer encrypted message is encrypted again to generate a summary field; and assembling the first outer layer message according to the outer network header field, the first inner layer encrypted message and the abstract field.
In one example, the data integrity identification may be implemented using either the MD5 algorithm or the SHA1 algorithm, and then re-encrypted by a "digest algorithm" to form a digest field (e.g., an ESP digest); and filling the ESP abstract into an ESP abstract field part of the first outer layer message, filling the first inner layer encrypted message into an ESP header field part and an IP data encrypted ciphertext part of the first outer layer message, filling an outer network header field (namely an outer network IP header field) in an outer network IP header field part of the first outer layer message, and assembling to obtain the first outer layer message.
In the embodiment of the application, in the process of assembling the first inner layer message into the first outer layer message, encryption of the first inner layer message is realized by adopting an ESP protocol and using encryption algorithms such as DES, 3DES, AES and the like to obtain a first inner layer encrypted message, then an MD5 algorithm or an SHA1 algorithm is used to realize data integrity identification, and the first inner layer encrypted message is encrypted again by a summary algorithm (such as the SHA1 algorithm, the MD5 algorithm and the like) to form an ESP summary, and finally all parts of contents are filled according to the format of the first outer layer message to obtain the first outer layer message. By the method, when the receiver (such as VBOX) receives the first outer layer message, whether the received file is complete or not is verified and tampered or not through the reverse operation flow of the encryption operation flow, so that the integrity and the safety of the upgrade data are ensured, and the safety of a vehicle end is guaranteed.
Similarly, the assembly manners of the second inner layer message and the second outer layer message may be obtained by referring to the assembly manners of the first inner layer message and the first outer layer message, which are not described herein.
In some embodiments, the transmitting the first external layer packet to the target ECU through the first external transmission tunnel specifically includes:
sending a vehicle end safety state inquiry request to a target ECU through a second external transmission tunnel;
in the second external transmission tunnel, if the security state information returned by the target ECU aiming at the vehicle end security state query request is received and the vehicle end is determined to be in the security state currently, the first external message is transmitted to the target ECU through the first external transmission tunnel.
The second external transport tunnel may be a HTTPS (Hypertext Transfer Protocol Secure) channel established between the cloud server 101 and the VBOX of the vehicle end 102. HTTPS is an HTTP channel with security as a target, and ensures security of a transmission process by transmission encryption and identity authentication on the basis of HTTP.
The safety state information includes safety state information of the vehicle internal network and safety state information of the key ECU.
By way of example, the security status information of the vehicle interior network may be used to characterize the vehicle interior network security using a "1" and a "0" to characterize the vehicle interior network as having a security threat. The safety state information of the key ECU can be used for representing the safety of the key ECU by using a '1', and a '0' represents that the key ECU has safety threat.
The vehicle end 102 may determine whether the network is normal by collecting network messages and analyzing the network messages using a preset intrusion detection algorithm. The network message is analyzed by collecting the state information of the key ECU and using a preset intrusion detection algorithm to determine whether the key ECU is attacked.
As an example, when the upgrade master determines that the network inside the vehicle is safe according to the security status information returned by the VBOX of the vehicle end 102, and the key ECU is not attacked, it may be confirmed that the vehicle end is currently in a safe state. At this time, the upgrade master control may transmit the first external layer packet to the target ECU through the first external transmission tunnel.
The vehicle networking eliminates the limitation of the region and the distance of the hacking vehicle, and provides convenience for the hacker to remotely attack the vehicle in batches, so that the information security risk of the vehicle is obviously increased. In the embodiment of the application, before the first external layer message or the second external layer message is transmitted to the VBOX of the vehicle end 102, the upgrade master control sends the vehicle end security state query request to the target ECU through the second external transmission tunnel so as to learn the current security state of the vehicle end, ensure that data transmission is performed again in the security state of the vehicle end, and further reduce the risk of data leakage or tampering, thereby improving the security of data transmission.
In some embodiments, the method further comprises the steps of:
receiving a message to be diagnosed transmitted by the key ECU through a second external transmission tunnel;
if the message to be diagnosed is inconsistent with the first outer layer message or the second outer layer message, sending a security data acquisition request to the key ECU through a second outer transmission tunnel;
in the second external transmission tunnel, if the vehicle end safety data returned by the key ECU aiming at the safety data acquisition request is received, and the vehicle end where the key ECU is located is determined to be in a safety state currently based on the vehicle end safety data, the first external message or the second external message is sent to the key ECU again through the first external transmission tunnel.
The message to be diagnosed is a first external layer message or a second external layer message obtained by the key ECU from the upgrade master control through a first external transmission channel.
The vehicle-end safety data comprises safety state information of a vehicle internal network and safety state information of a key ECU.
As an example, the vehicle end 102 collects network messages and key ECU status information in real time, and determines the security of the vehicle interior network and the key ECU by analyzing the network messages and the key ECU status information. When the vehicle end 102 finds that the vehicle internal network and/or the key ECU are/is under attack and has security threat (for example, network attack event and abnormal behavior are found), the first external layer file or the second external layer file currently being downloaded can be immediately paused, or the upgrade by using the first external layer file or the second external layer file can be paused, and meanwhile, a message to be diagnosed can be sent to the cloud server (TSP) 101 through a second transmission tunnel (such as an HTTP channel).
The cloud server (TSP) 101 receives the vehicle end security data transmitted by the VBOX in the second external transmission tunnel, and confirms that the network security inside the vehicle is not attacked, that is, the security threat of the vehicle end has been relieved, at this time, the first external layer message or the second external layer message may be sent to the key ECU again through the first external transmission tunnel.
In some embodiments, after sending the secure data acquisition request to the critical ECU through the second external transport tunnel, further comprising:
in the second external transmission tunnel, if the vehicle end safety data returned by the key ECU aiming at the safety data acquisition request is not received within a preset time period, or the vehicle end where the key ECU is located is determined to currently have safety threat based on the vehicle end safety data, cutting off the first external transmission tunnel connected with the key ECU;
after waiting for the preset time, if a security threat removal signal sent by the key ECU is monitored in the second external transmission tunnel, reestablishing a first external transmission tunnel with the key ECU, and sending a first external message or a second external message to the key ECU through the first external transmission tunnel again.
The preset duration can be flexibly set according to practical situations, and can be 90 seconds, 120 seconds and the like.
If the cloud server (TSP) 101 confirms that the vehicle internal network of the vehicle end is unsafe and/or the key ECU is attacked according to the vehicle end safety data returned by the key ECU for the safety data acquisition request, the vehicle end where the key ECU is located is considered to have a safety threat at present, that is, the safety threat of the vehicle end is not relieved yet. To ensure the security of data transmission, the upgrade master of the cloud server (TSP) 101 may first cut off the first external transmission tunnel between itself and VBOX. And after the security threat elimination signal sent by the key ECU is monitored in the second external transmission tunnel, reestablishing a first external transmission tunnel between the key ECU and the key ECU, and sending a first external message or a second external message to the key ECU through the first external transmission tunnel again.
According to the technical scheme provided by the embodiment of the application, the upgrade master control is deployed on the cloud server, so that abundant hardware resources of the cloud server can be fully utilized, the functional requirements of various OTA upgrades can be fully met, the processing capacity is high, and the functional expansion is easy; meanwhile, the upgrade master control is deployed on the cloud server, so that the upgrade master control is not influenced by specific vehicle types, upgrade and refreshing of a plurality of vehicle type ECU parts can be realized, and the efficiency of OTA refreshing is improved; in addition, the distributed system is adopted to carry out OTA upgrading and refreshing, and in the data transmission process, the tunnel technology and the encryption transmission technology are adopted, so that the safety of data transmission can be greatly improved, and meanwhile, the OTA upgrading efficiency can be further improved; meanwhile, the ECU upgrade files can be directly downloaded and upgraded to each target ECU through the cloud server, the ECU upgrade files are not required to be downloaded to the VBOX for local storage and then are upgraded, and the occupation pressure of the VBOX storage resources can be effectively relieved.
Any combination of the above optional solutions may be adopted to form an optional embodiment of the present application, which is not described herein.
Fig. 4 is a flowchart of another OTA upgrading method based on a distributed system according to an embodiment of the present application.
As shown in fig. 4, an Upgrade Master Control (UMC) in the cloud server 101 may first obtain an ECU upgrade file of an ECU to be upgraded from the cloud server 101, and assemble and encrypt the first external message according to the description of the above steps. Assuming that the cloud server IP address is 10.0.0.100, the vbox extranet IP address is: 10.0.0.128, an ethernet tunnel between the cloud end server and VBOX can be established for data transmission. When the VBOX receives the first outer layer message, the first outer layer message is unpacked, and then the message is subjected to integrity verification and decryption to obtain a first inner layer message (Ethernet IP message) of a plaintext. After that, UA of VBOX is taken as DOIP client side, UA of VGW is taken as DOIP server side, VBOX and VGW pass throughDOIP message communication is carried out according to the relation, communication complies with the ISO13400 standard, and OTA data flow is carried outThe DOIP messages are interacted, and upgrade and brushing are carried out. The UA of VGW analyzes the received upgrade data, extracts the target logic address of ECU from the field of the data message 'ECU destination address', then determines whether the ECU supports DOIP protocol according to the destination address of the ECU, if so, directly sends the data to the ECU according to the destination address; if not, DOIP-DOCAN operation is needed, the target address of the ECU is converted into the request ID of the CAN, and the request ID is sent to the ECU for updating and refreshing. Therefore, the TSP is transmitted through the Ethernet tunnel and then analyzes the data message to the VBOX, and then upgrade and brush are carried out on each ECU through DOIP upgrade and brush between the VBOX and the VGW.
The following are examples of the apparatus of the present application that may be used to perform the method embodiments of the present application. For details not disclosed in the embodiments of the apparatus of the present application, please refer to the embodiments of the method of the present application.
Fig. 5 is a schematic diagram of an OTA upgrading device according to an embodiment of the present application. As shown in fig. 5, the OTA upgrading device includes:
an obtaining module 501 configured to obtain an ECU upgrade file, where the ECU upgrade file carries identification information of a target ECU;
the first calling module 502 is configured to call the first processor to assemble the ECU upgrade file into a first inner layer message, then assemble the first inner layer message into a first outer layer message, and transmit the first outer layer message to the target ECU through the first external transmission tunnel if the target ECU is determined to be the key ECU according to the identification information;
and the second calling module 503 is configured to, if the target ECU is determined to be a common ECU according to the identification information, call the second processor to assemble the ECU upgrade file into a second inner layer message, then assemble the second inner layer message into a second outer layer message, transmit the second outer layer message to the key ECU through the first external transmission tunnel, and transmit the second outer layer message to the target ECU through the internal transmission channel via the key ECU.
According to the technical scheme provided by the embodiment of the application, on one hand, the distributed system is deployed on the cloud server, so that abundant hardware resources in the cloud server can be fully utilized, various functional requirements of OTA upgrade can be fully met, the function expansion is convenient, the problems of resources and cost pressure caused by the conventional VBOX for deploying the OTA main control part on the vehicle end can be well solved, in addition, the ECU upgrade file can be directly downloaded and upgraded to each target ECU through the cloud server, the ECU upgrade file is not required to be downloaded to the VBOX for local storage and then is upgraded, and the occupation pressure of the storage resources of the VBOX can be effectively relieved. On the other hand, the application adopts a distributed system to realize OTA upgrade, and the distributed system comprises an upgrade master control, a first processor and a second processor; the upgrade master control can distinguish whether the target ECU is a key ECU or a common ECU according to the identification information carried by the ECU upgrade file, and if the target ECU is the key ECU, a first processor is called to package the ECU upgrade file to obtain a first outer layer message, and the first outer layer message is transmitted to the target ECU through a first external transmission tunnel; if the target ECU is a common ECU, a second processor is called to encapsulate the ECU upgrading file to obtain a second outer layer message, the second outer layer message is transmitted to the key ECU through the first external transmission tunnel, and the second outer layer message is transmitted to the target ECU through the internal transmission channel through the key ECU, so that the data transmission safety in the OTA upgrading process can be improved, and the OTA upgrading efficiency can be improved.
In some embodiments, the first calling module 502 includes:
the inquiring unit is configured to send a vehicle-end safety state inquiring request to the target ECU through the second external transmission tunnel;
and the transmission unit is configured to transmit the first external message to the target ECU through the first external transmission tunnel if the safety state information returned by the target ECU for the vehicle end safety state query request is received and the vehicle end is determined to be in the safety state currently in the second external transmission tunnel.
In some embodiments, the first calling module includes:
the packaging unit is configured to package the ECU upgrade file into a first data message;
the first assembly unit is configured to digitally sign the data part of the first data message, and add a digital signature field and an intranet header field into the first data message to obtain a first inner layer message.
In some embodiments, the first calling module further includes:
the first encryption unit is configured to encrypt the first inner layer message to obtain a first inner layer encrypted message;
and the second assembly unit is configured to assemble the first inner layer encrypted message into the first outer layer message.
In some embodiments, the first calling module further includes:
the second encryption unit is configured to encrypt the first inner layer encrypted message again to generate a summary field;
and the third assembling unit is configured to assemble and obtain the first outer layer message according to the outer network header field, the first inner layer encrypted message and the abstract field.
In some embodiments, the OTA upgrading device further includes:
the receiving module is configured to receive a message to be diagnosed, which is transmitted by the key ECU through a second external transmission tunnel;
the request module is configured to send a security data acquisition request to the key ECU through the second external transmission tunnel if the message to be diagnosed is inconsistent with the first external message or the second external message;
and the retransmission module is configured to, in the second external transmission tunnel, if the vehicle end safety data returned by the key ECU aiming at the safety data acquisition request is received and the vehicle end where the key ECU is located is determined to be in the safety state currently based on the vehicle end safety data, retransmit the first external message or the second external message to the key ECU through the first external transmission tunnel.
In some embodiments, the OTA upgrading device further includes:
the cut-off module is configured to cut off a first external transmission tunnel connected with the key ECU if the vehicle end safety data returned by the key ECU aiming at the safety data acquisition request is not received within a preset time period or the vehicle end where the key ECU is located is determined to have safety threat currently based on the vehicle end safety data;
and the retransmission module is configured to reestablish a first external transmission tunnel with the key ECU and resend a first external message or a second external message to the key ECU through the first external transmission tunnel if a security threat release signal sent by the key ECU is monitored in the second external transmission tunnel after waiting for the preset time period.
It should be understood that the sequence number of each step in the foregoing embodiment does not mean that the execution sequence of each process should be determined by the function and the internal logic, and should not limit the implementation process of the embodiment of the present application.
Fig. 6 is a schematic diagram of an electronic device 6 according to an embodiment of the present application. As shown in fig. 6, the electronic device 6 of this embodiment includes: a processor 601, a memory 602 and a computer program 603 stored in the memory 602 and executable on the processor 601. The steps of the various method embodiments described above are implemented by the processor 601 when executing the computer program 603. Alternatively, the processor 601, when executing the computer program 603, performs the functions of the modules/units of the apparatus embodiments described above.
The electronic device 6 may be a desktop computer, a notebook computer, a palm computer, a cloud server, or the like. The electronic device 6 may include, but is not limited to, a processor 601 and a memory 602. It will be appreciated by those skilled in the art that fig. 6 is merely an example of the electronic device 6 and is not limiting of the electronic device 6 and may include more or fewer components than shown, or different components.
The processor 601 may be a central processing unit (Central Processing Unit, CPU) or other general purpose processor, digital signal processor (Digital Signal Processor, DSP), application specific integrated circuit (Application Specific Integrated Circuit, ASIC), field programmable gate array (Field-Programmable Gate Array, FPGA) or other programmable logic device, discrete gate or transistor logic device, discrete hardware components, or the like.
The memory 602 may be an internal storage unit of the electronic device 6, for example, a hard disk or a memory of the electronic device 6. The memory 602 may also be an external storage device of the electronic device 6, for example, a plug-in hard disk, a Smart Media Card (SMC), a Secure Digital (SD) Card, a Flash Card (Flash Card) or the like, which are provided on the electronic device 6. The memory 602 may also include both internal and external storage units of the electronic device 6. The memory 602 is used to store computer programs and other programs and data required by the electronic device.
It will be apparent to those skilled in the art that, for convenience and brevity of description, only the above-described division of the functional units and modules is illustrated, and in practical application, the above-described functional distribution may be performed by different functional units and modules according to needs, i.e. the internal structure of the apparatus is divided into different functional units or modules to perform all or part of the above-described functions. The functional units and modules in the embodiment may be integrated in one processing unit, or each unit may exist alone physically, or two or more units may be integrated in one unit, where the integrated units may be implemented in a form of hardware or a form of a software functional unit.
The integrated modules/units, if implemented in the form of software functional units and sold or used as stand-alone products, may be stored in a computer readable storage medium. Based on such understanding, the present application may implement all or part of the flow of the method of the above embodiment, or may be implemented by a computer program to instruct related hardware, and the computer program may be stored in a computer readable storage medium, where the computer program, when executed by a processor, may implement the steps of each of the method embodiments described above. The computer program may comprise computer program code, which may be in source code form, object code form, executable file or in some intermediate form, etc. The computer readable medium may include: any entity or device capable of carrying computer program code, a recording medium, a U disk, a removable hard disk, a magnetic disk, an optical disk, a computer Memory, a Read-Only Memory (ROM), a random access Memory (Random Access Memory, RAM), an electrical carrier signal, a telecommunications signal, a software distribution medium, and so forth. It should be noted that the content of the computer readable medium can be appropriately increased or decreased according to the requirements of the jurisdiction's jurisdiction and the patent practice, for example, in some jurisdictions, the computer readable medium does not include electrical carrier signals and telecommunication signals according to the jurisdiction and the patent practice.
The above embodiments are only for illustrating the technical solution of the present application, and are not limiting; although the application has been described in detail with reference to the foregoing embodiments, it will be understood by those of ordinary skill in the art that: the technical scheme described in the foregoing embodiments can be modified or some technical features thereof can be replaced by equivalents; such modifications and substitutions do not depart from the spirit and scope of the technical solutions of the embodiments of the present application, and are intended to be included in the scope of the present application.
Claims (10)
1. An OTA upgrading method based on a distributed system is characterized in that the distributed system is deployed on a cloud server and comprises an upgrading main control, a first processor and a second processor;
the OTA upgrading method is applied to the upgrading master control and comprises the following steps:
acquiring an ECU upgrade file, wherein the ECU upgrade file carries identification information of a target ECU;
if the target ECU is determined to be a key ECU according to the identification information, the first processor is called to assemble the ECU upgrading file into a first inner layer message, then the first inner layer message is assembled into a first outer layer message, and the first outer layer message is transmitted to the target ECU through a first external transmission tunnel;
and if the target ECU is determined to be the common ECU according to the identification information, calling the second processor to assemble the ECU upgrading file into a second inner layer message, assembling the second inner layer message into a second outer layer message, transmitting the second outer layer message to a key ECU through a first external transmission tunnel, and transmitting the second outer layer message to the target ECU through an internal transmission channel by the key ECU.
2. The method of claim 1, wherein transmitting the first external layer message to the target ECU through a first external transmission tunnel comprises:
sending a vehicle-end safety state query request to the target ECU through a second external transmission tunnel;
and in the second external transmission tunnel, if the safety state information returned by the target ECU aiming at the vehicle end safety state inquiry request is received and the vehicle end is determined to be in the safety state currently, transmitting the first external message to the target ECU through a first external transmission tunnel.
3. The method according to claim 1, characterized in that the method further comprises:
receiving a message to be diagnosed transmitted by the key ECU through a second external transmission tunnel;
if the message to be diagnosed is inconsistent with the first outer layer message or the second outer layer message, sending a security data acquisition request to the key ECU through the second outer transmission tunnel;
in the second external transmission tunnel, if the vehicle end safety data returned by the key ECU aiming at the safety data acquisition request is received, and the vehicle end where the key ECU is located is determined to be in a safety state currently based on the vehicle end safety data, a first external layer message or a second external layer message is sent to the key ECU again through the first external transmission tunnel.
4. The method of claim 3, further comprising, after sending a secure data acquisition request to the critical ECU through the second external transport tunnel:
in the second external transmission tunnel, if the vehicle-end safety data returned by the key ECU for the safety data acquisition request is not received within a preset time period, or the vehicle-end safety data is used for determining that the vehicle-end where the key ECU is located currently has safety threat, cutting off a first external transmission tunnel connected with the key ECU;
after waiting for a preset time period, if a security threat cancellation signal sent by the key ECU is monitored in the second external transmission tunnel, reestablishing a first external transmission tunnel between the key ECU and the key ECU, and resending a first external message or a second external message to the key ECU through the first external transmission tunnel.
5. The method of claim 1, wherein assembling the ECU upgrade file into a first inner layer message comprises:
packaging the ECU upgrade file into a first data message;
and carrying out digital signature on the data part of the first data message, and adding a digital signature field and an intranet header field into the first data message to obtain a first inner layer message.
6. The method according to claim 1 or 5, wherein assembling the first inner layer message into a first outer layer message comprises:
encrypting the first inner layer message to obtain a first inner layer encrypted message;
and assembling the first inner layer encrypted message into a first outer layer message.
7. The method of claim 6, wherein assembling the first inner layer encrypted message into the first outer layer message comprises:
re-encrypting the first inner layer encrypted message to generate a summary field;
and assembling the first inner layer encrypted message and the abstract field according to the outer network header field and the first inner layer encrypted message to obtain a first outer layer message.
8. An OTA upgrading device, comprising:
the system comprises an acquisition module, a control unit and a control unit, wherein the acquisition module is configured to acquire an ECU upgrade file, and the ECU upgrade file carries identification information of a target ECU;
the first calling module is configured to call a first processor to assemble the ECU upgrade file into a first inner layer message, assemble the first inner layer message into a first outer layer message, and transmit the first outer layer message to the target ECU through a first external transmission tunnel if the target ECU is determined to be a key ECU according to the identification information;
and the second calling module is configured to call a second processor to assemble the ECU upgrade file into a second inner layer message, assemble the second inner layer message into a second outer layer message, transmit the second outer layer message to a key ECU through a first external transmission tunnel, and transmit the second outer layer message to the target ECU through an internal transmission channel by the key ECU if the target ECU is determined to be a common ECU according to the identification information.
9. An electronic device comprising a memory, a processor and a computer program stored in the memory and executable on the processor, characterized in that the processor implements the steps of the method according to any of claims 1 to 7 when the computer program is executed.
10. A computer readable storage medium storing a computer program, characterized in that the computer program when executed by a processor implements the steps of the method according to any one of claims 1 to 7.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310936066.0A CN116954661A (en) | 2023-07-27 | 2023-07-27 | OTA upgrading method and device based on distributed system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310936066.0A CN116954661A (en) | 2023-07-27 | 2023-07-27 | OTA upgrading method and device based on distributed system |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN116954661A true CN116954661A (en) | 2023-10-27 |
Family
ID=88445995
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202310936066.0A Pending CN116954661A (en) | 2023-07-27 | 2023-07-27 | OTA upgrading method and device based on distributed system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN116954661A (en) |
-
2023
- 2023-07-27 CN CN202310936066.0A patent/CN116954661A/en active Pending
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US10965450B2 (en) | In-vehicle networking | |
| US20220276855A1 (en) | Method and apparatus for processing upgrade package of vehicle | |
| CN108701039B (en) | Method and device for wirelessly updating software of vehicle | |
| CN111132138B (en) | Transparent communication protection method and device for mobile application program | |
| EP3780481A1 (en) | Method for upgrading vehicle-mounted device, and related device | |
| US11321074B2 (en) | Vehicle-mounted device upgrade method and related apparatus | |
| EP3506553A1 (en) | Vehicle information collection system, vehicle-mounted computer, vehicle information collection device, vehicle information collection method, and computer program | |
| US11303453B2 (en) | Method for securing communication without management of states | |
| CN113094062A (en) | Upgrading method and device | |
| Bella et al. | CINNAMON: A module for AUTOSAR secure onboard communication | |
| CN114142995B (en) | Key security distribution method and device for block chain relay communication network | |
| CN115277219A (en) | Message encryption method, message decryption method, message encryption device, message decryption device, and storage medium | |
| CN113056759A (en) | Method and system for network devices to obtain a trusted status representation of the status of a distributed ledger technology network | |
| Carsten et al. | A system to recognize intruders in controller area network (can) | |
| CN116954661A (en) | OTA upgrading method and device based on distributed system | |
| CN115834210A (en) | Quantum secure network data transmitting and receiving method and communication system | |
| CN114978726A (en) | Backbone network safety communication method based on vehicle-mounted Ethernet | |
| CN114980083A (en) | Secure communication method based on self-adaptive application and server | |
| Castiglione et al. | Lightweight ciphers in automotive networks: a preliminary approach | |
| CN109194490B (en) | Power distribution network communication security authentication system and method | |
| CN113794729A (en) | Communication processing method and device for AVP (Audio video tape Audio video protocol) equipment, electronic equipment and medium | |
| CN110881176A (en) | Method for improving the utilization of a vehicle-to-X communication device and vehicle-to-X communication device | |
| US20220311747A1 (en) | Method and system for securing connections to iot devices | |
| Helmy et al. | Enhanced Multi-Level Secure Over-the-Air Update System using Adaptive AUTOSAR | |
| CN114124378B (en) | AUTBUS bus-based communication method, system, equipment and medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |