CN116961999A - Vehicle-mounted network control method and system - Google Patents
Vehicle-mounted network control method and system Download PDFInfo
- Publication number
- CN116961999A CN116961999A CN202310671588.2A CN202310671588A CN116961999A CN 116961999 A CN116961999 A CN 116961999A CN 202310671588 A CN202310671588 A CN 202310671588A CN 116961999 A CN116961999 A CN 116961999A
- Authority
- CN
- China
- Prior art keywords
- vehicle
- data
- mounted terminal
- processor
- registration
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 36
- 238000004891 communication Methods 0.000 claims abstract description 51
- 238000012545 processing Methods 0.000 claims abstract description 17
- 230000005540 biological transmission Effects 0.000 claims abstract description 16
- 230000000977 initiatory effect Effects 0.000 claims abstract description 9
- 238000001914 filtration Methods 0.000 claims description 20
- 238000012795 verification Methods 0.000 claims description 14
- 238000012216 screening Methods 0.000 claims description 3
- 238000007726 management method Methods 0.000 description 12
- 238000003745 diagnosis Methods 0.000 description 10
- 230000008901 benefit Effects 0.000 description 8
- 238000004422 calculation algorithm Methods 0.000 description 5
- 238000005516 engineering process Methods 0.000 description 5
- 230000006870 function Effects 0.000 description 5
- 230000004044 response Effects 0.000 description 3
- 230000007958 sleep Effects 0.000 description 3
- KKIMDKMETPPURN-UHFFFAOYSA-N 1-(3-(trifluoromethyl)phenyl)piperazine Chemical compound FC(F)(F)C1=CC=CC(N2CCNCC2)=C1 KKIMDKMETPPURN-UHFFFAOYSA-N 0.000 description 2
- 238000013500 data storage Methods 0.000 description 2
- 238000010586 diagram Methods 0.000 description 2
- 230000005059 dormancy Effects 0.000 description 2
- 230000006872 improvement Effects 0.000 description 2
- 230000003993 interaction Effects 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 238000012544 monitoring process Methods 0.000 description 2
- 238000007639 printing Methods 0.000 description 2
- 230000008569 process Effects 0.000 description 2
- 230000001360 synchronised effect Effects 0.000 description 2
- 230000002159 abnormal effect Effects 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 238000004519 manufacturing process Methods 0.000 description 1
- 230000005055 memory storage Effects 0.000 description 1
- 230000006855 networking Effects 0.000 description 1
- 230000000750 progressive effect Effects 0.000 description 1
- 230000003068 static effect Effects 0.000 description 1
- 238000012546 transfer Methods 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0227—Filtering policies
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/06—Network architectures or network communication protocols for network security for supporting key management in a packet data network
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/12—Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/14—Session management
- H04L67/141—Setup of application sessions
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Security & Cryptography (AREA)
- Computing Systems (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- Health & Medical Sciences (AREA)
- General Health & Medical Sciences (AREA)
- Medical Informatics (AREA)
- Small-Scale Networks (AREA)
Abstract
The application discloses a vehicle-mounted network control method and a vehicle-mounted network control system, which relate to the technical field of vehicle electronics and electrics and mainly aim to solve the technical problem that the existing data exchange and transmission requirements among different networks and the processing requirements of high-grade data cannot be met. Comprising the following steps: initiating a registration request to a vehicle-mounted terminal; receiving a key acquisition path returned by the vehicle-mounted terminal, acquiring a corresponding key according to the key acquisition path, encrypting the registration data based on the key, generating encrypted data and transmitting the encrypted data to the vehicle-mounted terminal; and receiving a registration result fed back by the vehicle-mounted terminal, and carrying out network communication according to the registration result.
Description
Technical Field
The application relates to the technical field of vehicle electronics and electrics, in particular to a vehicle-mounted network control method and a vehicle-mounted network control system.
Background
Along with the continuous development of new commercial vehicle technologies, the intelligent and networking degree of the whole vehicle is higher and higher, the intelligent of the whole vehicle promotes the continuous improvement of the whole vehicle information technology, and meanwhile, along with the continuous evolution of CAN bus technology, ethernet technology and the like, the whole vehicle information interaction is more and more.
At present, a CAN network controller is mainly adopted by a commercial vehicle to exchange and transmit CAN signal data so as to realize subsystem interaction of a CAN network. However, the CAN network controller CAN only exchange and transmit data based on the CAN signal, which cannot meet the data exchange and transmission requirements between different networks, and the CAN network controller has low data computing capability, which cannot meet the processing requirements of high-level data.
Disclosure of Invention
In view of the above, the present application provides a vehicle network control method and system, and is mainly aimed at improving the existing technical problems that the data exchange and transmission requirements between different networks and the processing requirements of high-level data cannot be satisfied.
According to an aspect of the present application, there is provided a vehicle-mounted network control method including:
initiating a registration request to a vehicle-mounted terminal;
receiving a key acquisition path returned by the vehicle-mounted terminal, acquiring a corresponding key according to the key acquisition path, encrypting the registration data based on the key, generating encrypted data and transmitting the encrypted data to the vehicle-mounted terminal;
and receiving a registration result fed back by the vehicle-mounted terminal, and carrying out network communication according to the registration result.
Preferably, the receiving the registration result fed back by the vehicle-mounted terminal and performing network communication according to the registration result specifically includes:
receiving first data to be transmitted;
screening the first data to be transmitted based on a preset data filtering rule to obtain second data to be transmitted meeting the preset data filtering rule;
and carrying out transmission processing on the second data to be transmitted.
Preferably, the method further comprises:
and periodically acquiring network traffic between each system unit in the current vehicle and the Ethernet according to a preset time interval, and sending the network traffic to the cloud control platform.
According to another aspect of the present application, there is provided an in-vehicle network control system including:
an intersubnetwork connector, a first processor, and a second processor;
initiating a registration request to a vehicle-mounted terminal through the gateway connector, acquiring a corresponding secret key according to a secret key acquisition path returned by the vehicle-mounted terminal, encrypting registration data based on the secret key, generating encrypted data, transmitting the encrypted data to the vehicle-mounted terminal, and receiving a registration result fed back by the vehicle-mounted terminal;
the gateway connector is also used for communication connection with the Ethernet after registration so as to perform network communication;
the gateway connector is also in communication connection with the first processor and the second processor respectively so as to transmit data.
Preferably, the first processor is configured to screen a matched target network segment according to received message information, and forward the message information based on the target network segment.
Preferably, the first processor is further in communication with an on-board diagnostic system to perform diagnostic operations on the status of the current vehicle.
Preferably, the first processor is in communication connection with the gateway connector, so as to receive update data of the vehicle-mounted software, and upgrade the vehicle-mounted software according to the update data.
Preferably, the first processor is further in communication connection with a hardware security module to perform a verification operation on the current vehicle.
Preferably, the second processor is in communication connection with the gateway connector and the first processor, respectively, so as to store the received data.
By means of the technical scheme, the technical scheme provided by the embodiment of the application has at least the following advantages:
the application provides a vehicle-mounted network control method and a system, which firstly initiate a registration request to a vehicle-mounted terminal; secondly, receiving a key acquisition path returned by the vehicle-mounted terminal, acquiring a corresponding key according to the key acquisition path, encrypting the registration data based on the key, generating encrypted data and transmitting the encrypted data to the vehicle-mounted terminal; and finally, receiving a registration result fed back by the vehicle-mounted terminal, and carrying out network communication according to the registration result. Compared with the prior art, the method and the device have the advantages that the gateway is added into the vehicle-mounted network control system to establish communication connection with the Ethernet through the gateway, so that data exchange and transmission requirements among different networks and processing requirements of high-level data are realized; before communication is established, a corresponding secret key is acquired according to a secret key acquisition path provided by the vehicle-mounted terminal, registration data are encrypted based on the secret key and sent to the vehicle-mounted terminal for registration, network communication can be carried out between the successful registration party and the Ethernet, and the safety of the whole vehicle system is effectively improved.
The foregoing description is only an overview of the present application, and is intended to be implemented in accordance with the teachings of the present application in order that the same may be more clearly understood and to make the same and other objects, features and advantages of the present application more readily apparent.
Drawings
Various other advantages and benefits will become apparent to those of ordinary skill in the art upon reading the following detailed description of the preferred embodiments. The drawings are only for purposes of illustrating the preferred embodiments and are not to be construed as limiting the application. Also, like reference numerals are used to designate like parts throughout the figures. In the drawings:
fig. 1 shows a flowchart of a vehicle-mounted network control method provided by an embodiment of the present application;
fig. 2 shows a flowchart of a network communication method according to an embodiment of the present application;
fig. 3 shows a block diagram of a vehicle-mounted network control system according to an embodiment of the present application;
fig. 4 shows a block diagram of another vehicle-mounted network control system according to an embodiment of the present application.
Detailed Description
Exemplary embodiments of the present disclosure will be described in more detail below with reference to the accompanying drawings. While exemplary embodiments of the present disclosure are shown in the drawings, it should be understood that the present disclosure may be embodied in various forms and should not be limited to the embodiments set forth herein. Rather, these embodiments are provided so that this disclosure will be thorough and complete, and will fully convey the scope of the disclosure to those skilled in the art.
Meanwhile, it should be understood that the sizes of the respective parts shown in the drawings are not drawn in actual scale for convenience of description.
The following description of at least one exemplary embodiment is merely exemplary in nature and is in no way intended to limit the application, its application, or uses.
Techniques, methods, and apparatus known to one of ordinary skill in the relevant art may not be discussed in detail, but are intended to be part of the specification where appropriate.
It should be noted that: like reference numerals and letters denote like items in the following figures, and thus once an item is defined in one figure, no further discussion thereof is necessary in subsequent figures.
Embodiments of the application are operational with numerous other general purpose or special purpose computing system environments or configurations. Examples of well known computing systems, environments, and/or configurations that may be suitable for use with the computer system/server include, but are not limited to: personal computer systems, server computer systems, thin clients, thick clients, hand-held or laptop devices, microprocessor-based systems, set-top boxes, programmable consumer electronics, network personal computers, small computer systems, mainframe computer systems, and distributed cloud computing technology environments that include any of the foregoing, and the like.
A computer system/server may be described in the general context of computer-system-executable instructions, such as program modules, being executed by a computer system. Generally, program modules may include routines, programs, objects, components, logic, data structures, etc., that perform particular tasks or implement particular abstract data types. The computer system/server may be implemented in a distributed cloud computing environment in which tasks are performed by remote processing devices that are linked through a communications network. In a distributed cloud computing environment, program modules may be located in both local and remote computing system storage media including memory storage devices.
The embodiment of the application provides a vehicle-mounted network control method, as shown in fig. 1, which comprises the following steps:
101. and initiating a registration request to the vehicle-mounted terminal.
The vehicle-mounted terminal is a unit for establishing connection between an in-vehicle system and the outside of the vehicle. In the embodiment of the application, the current execution end can be a vehicle-mounted network control system, and a registration request is firstly initiated to the vehicle-mounted terminal before communication connection is carried out.
102. And receiving a key acquisition path returned by the vehicle-mounted terminal, acquiring a corresponding key according to the key acquisition path, encrypting the registration data based on the key, generating encrypted data and transmitting the encrypted data to the vehicle-mounted terminal.
The key obtaining way may include a data encryption type, a corresponding key ID, an interface manner of obtaining the key, and the like. According to the embodiment of the application, the current execution end can find a path for storing the secret key in an interface mode of the secret key, find the corresponding secret key according to the secret key ID, encrypt the registration data based on the secret key, and send the generated encrypted data to the vehicle-mounted terminal.
103. And receiving a registration result fed back by the vehicle-mounted terminal, and carrying out network communication according to the registration result.
In the embodiment of the application, if the registration result is passed, the current execution end can start the network communication function, for example, data receiving and transmission, network traffic monitoring and statistics and the like.
Compared with the prior art, the method and the device have the advantages that the gateway is added into the vehicle-mounted network control system to establish communication connection with the Ethernet through the gateway, so that data exchange and transmission requirements among different networks and processing requirements of high-level data are realized; before communication is established, a corresponding secret key is acquired according to a secret key acquisition path provided by the vehicle-mounted terminal, registration data are encrypted based on the secret key and sent to the vehicle-mounted terminal for registration, network communication can be carried out between the successful registration party and the Ethernet, and the safety of the whole vehicle system is effectively improved.
In one embodiment of the present application, for further explanation and limitation, as shown in fig. 2, in step 103, a registration result fed back by the vehicle-mounted terminal is received, and network communication is performed according to the registration result, which specifically includes:
201. first data to be transmitted is received.
202. And screening the first data to be transmitted based on the preset data filtering rule to obtain second data to be transmitted meeting the preset data filtering rule.
203. And transmitting the second data to be transmitted.
In the embodiment of the present application, after a network communication function is started at a current executing end, a data filtering rule may be preset through a firewall command (such as an iptables command), where a policy of setting data filtering or processing a data packet in the iptables command is called a data filtering rule, specifically, a plurality of data filtering rules may be combined into one chain to generate a data filtering rule chain, where the data filtering rule chain may be classified according to different positions of processing the data packet, for example, PREROUTING is a data filtering rule that needs to be performed before performing routing judgment; INPUT is a data filtering rule for processing inbound data; OUTPUT is a data filtering rule for processing outbound data; FORWARD is a data filtering rule for processing forwarding; postroute is a data filtering rule to be performed after making a route judgment, and the like. Further, after receiving the first data to be transmitted, the current executing end may perform filtering on the first data to be transmitted based on the preconfigured data filtering rule, obtain filtered second data to be transmitted, and perform transmission processing on the second data to be transmitted.
It should be noted that, before configuring the preset data filtering rule, the current execution end needs to be initialized, so that a subsequent operation can be performed.
In one embodiment of the present application, for further explanation and limitation, the embodiment method further comprises: and periodically acquiring network traffic between each system unit in the current vehicle and the Ethernet according to a preset time interval, and sending the network traffic to the cloud control platform.
The preset time interval may be generally set to 1 minute, or may be longer or shorter, which is not specifically limited in the embodiment of the present application. In the embodiment of the application, the current execution end counts the network flow between the monitored host and the external network in the internal network within the preset time interval, and the fact that the statistical data in the last preset time interval is sent to the background of the internet of vehicles needs to be cleared and the data flow in the current preset time interval is counted again. Specifically, the command serial port of the flow can be counted by calling the iptables counter under the Linux clone system, a shell script is generated, then the shell script is periodically called by periodically executing a command by the crontab, an instantaneous value of the flow statistics (namely, the data flow in a preset time interval) can be generated, the shell script is cleared to zero once after each preset time interval, and meanwhile, the data flow in the next preset time interval is counted again.
The application provides a vehicle-mounted network control method, which comprises the steps of firstly, initiating a registration request to a vehicle-mounted terminal; secondly, receiving a key acquisition path returned by the vehicle-mounted terminal, acquiring a corresponding key according to the key acquisition path, encrypting the registration data based on the key, generating encrypted data and transmitting the encrypted data to the vehicle-mounted terminal; and finally, receiving a registration result fed back by the vehicle-mounted terminal, and carrying out network communication according to the registration result. Compared with the prior art, the method and the device have the advantages that the gateway is added into the vehicle-mounted network control system to establish communication connection with the Ethernet through the gateway, so that data exchange and transmission requirements among different networks and processing requirements of high-level data are realized; before communication is established, a corresponding secret key is acquired according to a secret key acquisition path provided by the vehicle-mounted terminal, registration data are encrypted based on the secret key and sent to the vehicle-mounted terminal for registration, network communication can be carried out between the successful registration party and the Ethernet, and the safety of the whole vehicle system is effectively improved.
Further, as an implementation of the method shown in fig. 1, an embodiment of the present application provides a vehicle-mounted network control system, as shown in fig. 3, where the system includes:
an intersubnetwork connector 31, a first processor 32 and a second processor 33;
initiating a registration request to the vehicle-mounted terminal through the gateway connector 31, acquiring a corresponding secret key according to a secret key acquisition path returned by the vehicle-mounted terminal, encrypting the registration data based on the secret key, generating encrypted data, transmitting the encrypted data to the vehicle-mounted terminal, and receiving a registration result fed back by the vehicle-mounted terminal;
the gateway connector 31 is also used for communication connection with the Ethernet after registration so as to perform network communication;
the gateway 31 is also in communication with the first processor 32 and the second processor 33, respectively, for data transmission.
The gateway connector 31 can adopt an ethernet switching chip Switch supporting 6 hundred megabytes and 2 gigabytes of networks, and the transmission rate needs to be kept between 10Mbit/s and 1Gbit/s, so that the current vehicle-mounted network control system can support industrial ethernet and vehicle-mounted ethernet requirements, meet the states of different parts of the whole vehicle, and can support a vehicle-mounted diagnosis protocol DoIP based on ethernet, thereby realizing vehicle-mounted diagnosis and software flashing.
The first processor 32 is configured to characterize the MCU micro-control processor, CAN be configured as a dual-core 32-bit ARM Cortex-R5, and is connected with the CAN controller local network transceiver to realize the management of a CAN controller local network interface, specifically CAN comprise 8 paths of CAN/FD, and CAN be used for CAN signal routing and OBD vehicle diagnosis; the LIN communication network interface management is realized by connecting with an LIN communication network transceiver, and the LIN communication network interface management system specifically comprises a 2-path LIN interface which can be used for route forwarding; the information security management of the whole vehicle is realized by connecting with the HSM data encryption chip; the hardware reset device is connected with the WDG external door-looking device and can be used for resetting the hardware of the system when the system fails; the integrated power management circuit is connected with the PMIC and can be used for supplying power to the system and managing the power; the CAN/ETH network wake-up function CAN be realized by collecting the input wake-up signals of the whole vehicle ACC/ON and the like.
The second processor 33 is used for representing an MPU micro-processing and memory protection processor, can be configured as a 32-bit/64-bit ARM Cortex-A53, and can be used for debugging fault-free printing by being connected with a serial port management module; the method can be used for linking software upgrading of an SSH secure shell protocol and a TFTP file transfer protocol by being connected with a network port management; the embedded eMMC memory can be used for storing programs, data storage discs, system starting discs and the like; the DDR double rate synchronous dynamic random access memory can be used for saving program data, intermediate results and the like; the SPI Nor FLASH module is adopted to store configuration parameters, system configuration files and the like, and can be selected as a starting disc to start programs from the external FLASH.
In a specific application scenario, the first processor is configured to screen a matched target network segment according to received message information, and forward the message information based on the target network segment.
Specifically, the first processor is connected with the CAN controller local area network transceiver, an interface is initialized, log records are carried out on abnormal CAN messages and error states of the CAN bus, and the log records are reported to the vehicle-mounted terminal for network security management. The CAN message receiving and transmitting management is that two pins of CAN_TX and CAN_RX of each channel CAN controller of a first processor MCU are respectively connected with a CAN transceiver TJA1043, the TJA1043 is a transceiver with dormancy control, when the TJA1043 is not in a dormancy state, the transceiver converts CAN_H and CAN_L signals received on a bus into common logic level signals, the common logic level signals are output to the controller through the CAN_RX, and the messages received by the CAN are stored in an internal mailbox after being matched by a filter; and causes the interrupt to enter an interrupt service function, and the CAN message is stored in an internal RAM for use. Further, when a CAN message is transmitted, the controller transmits a binary code to be transmitted to the transceiver through the can_tx line, and then the transceiver converts the normal logic level signal into a differential signal, and outputs the differential signal to the CAN bus network through the differential lines can_high and can_low. When the first processor MCU receives the CAN message, the message is firstly stored in a buffer memory, a route thread traverses the receiving buffer memory and matches the message ID of the original network segment in the route table with the message length DLC, if the matching is successful, the message is inserted into a target network segment transmitting buffer memory area, and the target network segment transmits the message to the CAN network. In addition, when no message is received in the bus within a certain time, TJA1043 is set to a sleep mode through the sleep control pin, and when the message is received by the bus, TJA is switched from the sleep state to the normal working mode.
It should be noted that, the Bus error types include ACK error, bit error, format error, padding error, CRC error, overflow error, etc., which CAN be determined by the error interrupt of the CAN controller of the first processor MCU, and further include Bus-Off status monitoring. When software detects errors, the error flag bit is cleared, the number of errors is recorded, and the number of errors is stored in a log.
In a specific application scenario, the first processor is further in communication connection with a vehicle-mounted diagnostic system to perform diagnostic operations on the state of the current vehicle.
In the embodiment of the application, before the transmission of the diagnostic data, in order to ensure the safety of the system, the safety check of the receiving module can be performed first, if the safety check is passed, the transmission of the diagnostic data can be performed, and if the safety check is failed, the system automatically exits. In the diagnosis process, different levels of safety verification can be carried out on the diagnosis requirements of different strategies according to the safety strategies formulated by the whole vehicle factory. If the vehicle-mounted diagnostic system is calibrated or software is upgraded, the current execution end can monitor the software upgrading process, log the software upgrading result, upload the log record to the vehicle-mounted terminal and carry out cloud record so as to facilitate background management.
When the vehicle is diagnosed by the vehicle-mounted diagnostic system, the vehicle-mounted diagnostic system interface is physically isolated from the whole vehicle CAN network, so that the network control device is required to automatically forward the diagnostic message from the external device and send the diagnostic information fed back by each controller back to the external device. The diagnosis ID of the diagnosis message is placed in the CAN routing table, and meanwhile, the original address is set to be the network segment where the OBD of the vehicle-mounted diagnosis system is located, and the target address is set to be the network segment where the target ECU is located.
In a specific application scenario, the first processor is in communication connection with the gateway connector to receive update data of the vehicle-mounted software, and upgrades the vehicle-mounted software according to the update data.
In the embodiment of the application, the software upgrading data stored in the TSP cloud platform can be obtained through the vehicle-mounted terminal, the software upgrading instruction issued by the vehicle-mounted terminal is received, whether the software condition is met or not (for example, whether the vehicle is in a static state or not) is judged by the first processor according to the vehicle state, and if so, the UDS request and the response are carried out with the lower ECU; if not, replying to the vehicle-mounted terminal to be temporarily not updated. Further, when the upgrade is completed, the current upgrade state can be fed back to the vehicle-mounted terminal, and then the vehicle-mounted terminal reports the upgrade state to the TSP cloud platform. In addition, the TSP cloud platform can carry out vehicle ECU version inquiry requests and the like through the vehicle-mounted terminal and the vehicle-mounted network control system according to background requirements.
In a specific application scenario, the first processor is further in communication connection with the hardware security module to perform a verification operation on the current vehicle.
In the embodiment of the application, the functions realized by the hardware security module comprise secure startup, secure refreshing, secure access and the like. The method comprises the steps that a hardware security module HSM is used as a trusted root, a trusted root verification system is used for starting a file loss module BootManager, and if verification is successful, the system is operated to start the file loss module BootManager; if the verification fails, restarting the system. Further, verifying the preprogram Bootloader based on the system boot file loss module BootManager, and if verification is successful, enabling the system boot file loss module BootManager to run the verification preprogram Bootloader; if the verification fails, restarting the system. Finally, verifying Application program Application based on the Bootloader verification pre-program, and if verification is successful, verifying that the Bootloader runs Application program Application; if the verification fails, the user stays at the verification preprogram BootLoader to wait for receiving the diagnosis instruction sent by the diagnosis instrument. Secure swiping, specifically, generating a pair of asymmetric Public Key (Public Key) and Private Key (Private Key) in a secure production environment; then, a Hash algorithm is used for calculating a Hash Value (Hash Value) of the firmware (such as Application, flashDriver and the like); the generated private key signs the hash value to generate a Signature value (Signature); and append the signature value to the end of the original Firmware, generating an upgrade package (Signed Firmware) with the signature value; further, the upgrade package is downloaded to a FLASH module of the first processor MCU through a diagnostic tool; when the authentication preprogram Bootloader of the first processor MCU uses the public key stored in the hardware security module HSM to authenticate the upgrade package signature, if the authentication is passed, the software is not tampered. After receiving an access request, the first processor MCU firstly generates Seed by using a random number generation algorithm, and then sends the Seed to the tester; after the seed is received by the tester, KEY2 is calculated based on ECDSA256 or an XOR algorithm, meanwhile, the same algorithm is used by the ECU to calculate KEY1, and the configuration controller can use the XOR algorithm by default; further, the tester sends the KEY2 to the controller; the controller compares whether KEY1 and KEY2 are the same or not, if so, the unlocking service is successful, and positive response is sent to the tester; otherwise, the unlocking service fails and a negative response is sent to the tester.
In a specific application scenario, the second processor is respectively in communication connection with the gateway connector and the first processor, so as to store the received data.
In the embodiment of the application, the second processor MPU can be used for eliminating fault printing and debugging by being connected with the serial port management module; the software upgrade of the TFTP file transmission protocol is used for linking with the SSH secure shell protocol through the management connection with the network port; the embedded eMMC memory is used for storing programs, data storage discs, system starting discs and the like; the DDR double rate synchronous dynamic random access memory is used for storing program data, intermediate results and the like; the SPI Nor FLASH module is adopted to store configuration parameters, system configuration files and the like, and can be selected as a starting disc to start programs from the external FLASH.
In a specific application scenario, the in-vehicle network control system is shown in fig. 4.
The application provides a vehicle-mounted network control system, which comprises the steps of firstly, initiating a registration request to a vehicle-mounted terminal; secondly, receiving a key acquisition path returned by the vehicle-mounted terminal, acquiring a corresponding key according to the key acquisition path, encrypting the registration data based on the key, generating encrypted data and transmitting the encrypted data to the vehicle-mounted terminal; and finally, receiving a registration result fed back by the vehicle-mounted terminal, and carrying out network communication according to the registration result. Compared with the prior art, the method and the device have the advantages that the gateway is added into the vehicle-mounted network control system to establish communication connection with the Ethernet through the gateway, so that data exchange and transmission requirements among different networks and processing requirements of high-level data are realized; before communication is established, a corresponding secret key is acquired according to a secret key acquisition path provided by the vehicle-mounted terminal, registration data are encrypted based on the secret key and sent to the vehicle-mounted terminal for registration, network communication can be carried out between the successful registration party and the Ethernet, and the safety of the whole vehicle system is effectively improved.
In this specification, each embodiment is described in a progressive manner, and each embodiment is mainly described in a different manner from other embodiments, so that the same or similar parts between the embodiments are mutually referred to. For system embodiments, the description is relatively simple as it essentially corresponds to method embodiments, and reference should be made to the description of method embodiments for relevant points.
The method and system of the present application may be implemented in a number of ways. For example, the methods and systems of the present application may be implemented by software, hardware, firmware, or any combination of software, hardware, firmware. The above-described sequence of steps for the method is for illustration only, and the steps of the method of the present application are not limited to the sequence specifically described above unless specifically stated otherwise. Furthermore, in some embodiments, the present application may also be embodied as programs recorded in a recording medium, the programs including machine-readable instructions for implementing the methods according to the present application. Thus, the present application also covers a recording medium storing a program for executing the method according to the present application.
It will be appreciated by those skilled in the art that the modules or steps of the application described above may be implemented in a general purpose computing device, they may be concentrated on a single computing device, or distributed across a network of computing devices, they may alternatively be implemented in program code executable by computing devices, so that they may be stored in a memory device for execution by computing devices, and in some cases, the steps shown or described may be performed in a different order than that shown or described, or they may be separately fabricated into individual integrated circuit modules, or multiple modules or steps within them may be fabricated into a single integrated circuit module for implementation. Thus, the present application is not limited to any specific combination of hardware and software.
The above description is only of the preferred embodiments of the present application and is not intended to limit the present application, but various modifications and variations can be made to the present application by those skilled in the art. Any modification, equivalent replacement, improvement, etc. made within the spirit and principle of the present application should be included in the protection scope of the present application.
Claims (9)
1. A vehicle-mounted network control method, characterized by comprising:
initiating a registration request to a vehicle-mounted terminal;
receiving a key acquisition path returned by the vehicle-mounted terminal, acquiring a corresponding key according to the key acquisition path, encrypting the registration data based on the key, generating encrypted data and transmitting the encrypted data to the vehicle-mounted terminal;
and receiving a registration result fed back by the vehicle-mounted terminal, and carrying out network communication according to the registration result.
2. The method of claim 1, wherein the receiving the registration result fed back by the vehicle-mounted terminal and performing network communication according to the registration result specifically includes:
receiving first data to be transmitted;
screening the first data to be transmitted based on a preset data filtering rule to obtain second data to be transmitted meeting the preset data filtering rule;
and carrying out transmission processing on the second data to be transmitted.
3. The method according to claim 1, wherein the method further comprises:
and periodically acquiring network traffic between each system unit in the current vehicle and the Ethernet according to a preset time interval, and sending the network traffic to the cloud control platform.
4. An in-vehicle network control system, characterized by comprising: an intersubnetwork connector, a first processor, and a second processor;
initiating a registration request to a vehicle-mounted terminal through the gateway connector, acquiring a corresponding secret key according to a secret key acquisition path returned by the vehicle-mounted terminal, encrypting registration data based on the secret key, generating encrypted data, transmitting the encrypted data to the vehicle-mounted terminal, and receiving a registration result fed back by the vehicle-mounted terminal;
the gateway connector is also used for communication connection with the Ethernet after registration so as to perform network communication;
the gateway connector is also in communication connection with the first processor and the second processor respectively so as to transmit data.
5. The on-vehicle network control system according to claim 4, wherein,
the first processor is configured to screen a matched target network segment according to received message information, and forward the message information based on the target network segment.
6. The on-vehicle network control system according to claim 4, wherein,
the first processor is also in communication connection with the vehicle-mounted diagnostic system to perform diagnostic operations on the status of the current vehicle.
7. The on-vehicle network control system according to claim 4, wherein,
the first processor is in communication connection with the gateway connector to receive update data of the vehicle-mounted software and upgrade the vehicle-mounted software according to the update data.
8. The on-vehicle network control system according to claim 4, wherein,
the first processor is also in communication connection with the hardware security module to perform verification operation on the current vehicle.
9. The on-vehicle network control system according to claim 4, wherein,
the second processor is respectively in communication connection with the gateway connector and the first processor so as to store received data.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310671588.2A CN116961999A (en) | 2023-06-07 | 2023-06-07 | Vehicle-mounted network control method and system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310671588.2A CN116961999A (en) | 2023-06-07 | 2023-06-07 | Vehicle-mounted network control method and system |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN116961999A true CN116961999A (en) | 2023-10-27 |
Family
ID=88455518
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202310671588.2A Pending CN116961999A (en) | 2023-06-07 | 2023-06-07 | Vehicle-mounted network control method and system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN116961999A (en) |
-
2023
- 2023-06-07 CN CN202310671588.2A patent/CN116961999A/en active Pending
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US10834207B2 (en) | System and method for updating software in an electronic device | |
| US10382208B2 (en) | Secure communications using organically derived synchronized processes | |
| CN108701039B (en) | Method and device for wirelessly updating software of vehicle | |
| EP3937051B1 (en) | Methods and apparatuses for processing transactions based on blockchain integrated station | |
| US20220276855A1 (en) | Method and apparatus for processing upgrade package of vehicle | |
| US11336660B2 (en) | Methods and apparatuses for identifying replay transaction based on blockchain integrated station | |
| EP3937052B1 (en) | Methods and apparatuses for synchronizing data based on blockchain integrated station | |
| CN112640365B (en) | Controller area network CAN bus secure communication method and device | |
| EP3940575B1 (en) | Methods and apparatuses for identifying to-be-filtered transaction based on blockchain integrated station | |
| EP3937053B1 (en) | Methods and apparatuses for transferring transaction based on blockchain integrated station | |
| CN111355684B (en) | Internet of things data transmission method, device and system, electronic equipment and medium | |
| CN113439425B (en) | Message transmission method and device | |
| CN111651184A (en) | TBOX software upgrading method, TBOX and automobile | |
| CN114270328B (en) | Intelligent controller and sensor network bus and system and method including multi-layered platform security architecture | |
| US20240179137A1 (en) | Control apparatus, in-vehicle communication system, communication control method and program | |
| US20230388148A1 (en) | Data communication method and device | |
| CN110417567B (en) | Configuration method and device of Internet of things equipment | |
| CN111698086A (en) | Method and device for data transmission | |
| CN116961999A (en) | Vehicle-mounted network control method and system | |
| CN114208258B (en) | Intelligent controller and sensor network bus and system and method including message retransmission mechanism | |
| US11436172B2 (en) | Data frame interface network device | |
| US7756975B1 (en) | Methods and systems for automatically discovering information about a domain of a computing device | |
| CN114070636B (en) | Security control method and device, switch, server and network system | |
| CN117294605A (en) | VPN networking method, VPN networking device, computer readable storage medium and server | |
| CN112822196A (en) | Communication method and system for central domain control |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |