CN116980227A - Data transmission method, system, device and vehicle - Google Patents
Data transmission method, system, device and vehicle Download PDFInfo
- Publication number
- CN116980227A CN116980227A CN202311093423.8A CN202311093423A CN116980227A CN 116980227 A CN116980227 A CN 116980227A CN 202311093423 A CN202311093423 A CN 202311093423A CN 116980227 A CN116980227 A CN 116980227A
- Authority
- CN
- China
- Prior art keywords
- data
- verification
- algorithm
- result
- verification result
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 230000005540 biological transmission Effects 0.000 title claims abstract description 83
- 238000000034 method Methods 0.000 title claims abstract description 80
- 238000012795 verification Methods 0.000 claims abstract description 271
- 238000004422 calculation algorithm Methods 0.000 claims abstract description 258
- 238000004590 computer program Methods 0.000 claims description 14
- 230000006870 function Effects 0.000 claims description 11
- 230000000694 effects Effects 0.000 abstract description 6
- 238000013524 data verification Methods 0.000 abstract description 2
- 230000008569 process Effects 0.000 description 16
- 238000004458 analytical method Methods 0.000 description 10
- 238000006243 chemical reaction Methods 0.000 description 7
- 238000004891 communication Methods 0.000 description 7
- 238000010586 diagram Methods 0.000 description 5
- 238000012545 processing Methods 0.000 description 5
- 239000011159 matrix material Substances 0.000 description 4
- 230000008901 benefit Effects 0.000 description 3
- 238000013478 data encryption standard Methods 0.000 description 3
- 238000005538 encapsulation Methods 0.000 description 3
- 230000003287 optical effect Effects 0.000 description 3
- 125000004122 cyclic group Chemical group 0.000 description 2
- 238000003672 processing method Methods 0.000 description 2
- 230000001133 acceleration Effects 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 239000000872 buffer Substances 0.000 description 1
- 238000004364 calculation method Methods 0.000 description 1
- 238000013500 data storage Methods 0.000 description 1
- 238000005265 energy consumption Methods 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- POJGRKZMYVJCST-UHFFFAOYSA-N ethyl 3,3-diethoxyprop-2-enoate Chemical compound CCOC(=O)C=C(OCC)OCC POJGRKZMYVJCST-UHFFFAOYSA-N 0.000 description 1
- 230000006872 improvement Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000004806 packaging method and process Methods 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
- 230000000576 supplementary effect Effects 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H04L63/0478—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload applying multiple layers of encryption, e.g. nested tunnels or encrypting the content with a first key and then with at least a second key
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L12/00—Data switching networks
- H04L12/28—Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
- H04L12/40—Bus networks
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/12—Applying verification of the received information
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/12—Applying verification of the received information
- H04L63/123—Applying verification of the received information received data contents, e.g. message integrity
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/14—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using a plurality of keys or algorithms
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/40—Network security protocols
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L12/00—Data switching networks
- H04L12/28—Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
- H04L12/40—Bus networks
- H04L2012/40208—Bus networks characterized by the use of a particular bus standard
- H04L2012/40215—Controller Area Network CAN
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Small-Scale Networks (AREA)
Abstract
The application relates to a data transmission method, a system, a device and a vehicle, wherein the data transmission method is applied to a first automobile electronic control unit and comprises the following steps: verifying the first CAN data by using at least two verification algorithms to obtain a verification result of the first CAN data; and under the condition that the verification result of the first CAN data represents that the verification is passed, the first CAN data is sent to a second automobile electronic control unit. The application utilizes a plurality of verification algorithms to verify the integrity and the reliability of the data, and can avoid the problem of lower verification coverage rate caused by the limitation of the verification range of a single verification algorithm, thereby further improving the data verification effect and ensuring that the data passing the verification has higher integrity and reliability.
Description
Technical Field
The application relates to the technical field of automobiles, in particular to a data transmission method, a system, a device and a vehicle.
Background
With the improvement of the intelligent level of automobiles, the electronic systems of automobiles are required to process massive data in real time and efficiently. In addition, in order to ensure the accuracy of automobile control, the requirements on the reliability of data processing and transmission are also higher and higher. Therefore, how to improve the reliability of data transmission of automobiles is a problem to be solved.
Disclosure of Invention
One of the purposes of the present application is to provide a data transmission method, so as to solve the problem of low reliability of data transmission of automobiles in the prior art; the second objective is to provide a data transmission system; a third object is to provide a data transmission device; a fourth object is to provide a vehicle.
In order to achieve the above purpose, the technical scheme adopted by the application is as follows:
a data transmission method applied to a first automotive electronic control unit, the method comprising: checking the first CAN data by using a first checking algorithm to obtain a first checking result; determining a verification result of the first CAN data based on the first verification result and a second verification algorithm; and under the condition that the verification result of the first CAN data represents that the verification is passed, the first CAN data is sent to a second automobile electronic control unit.
According to the technical means, the first automobile electric control power supply utilizes at least two verification algorithms to verify the first CAN data and sends the verified data to the second ECU, so that in the data transmission process, the integrity and reliability of the data are verified by utilizing a plurality of verification algorithms, the problem of low verification coverage rate caused by the limitation of the verification range of a single verification algorithm is avoided, the data verification effect is improved, and the verified data have higher integrity and reliability.
In some embodiments, the determining the verification result of the first CAN data based on the first verification result and a second verification algorithm includes:
under the condition that the first verification result representation verification passes, the second verification algorithm is utilized to verify the first CAN data to obtain a second verification result, and the second verification result is used as a verification result of the first CAN data;
and under the condition that the first verification result represents that verification is not passed, taking the first verification result as a verification result of the first CAN data.
According to the technical means, the first CAN data is checked in a sequential execution mode by utilizing at least two checking algorithms, so that the accuracy of checking the first CAN data CAN be further improved, and the integrity and the reliability of the first CAN data are ensured.
In some embodiments, the first CAN data comprises at least two sequences of data packets;
the step of verifying the first CAN data by using a first verification algorithm to obtain a first verification result comprises the following steps:
determining a first CAN data packet sequence in the at least two data packet sequences as a target data packet sequence;
Checking the target data packet sequence by using the first checking algorithm to obtain the first checking result;
the determining the verification result of the first CAN data based on the first verification result and a second verification algorithm includes:
under the condition that the first verification result representation verification passes, verifying the target data packet sequence by utilizing the second verification algorithm to obtain a second verification result, and determining the verification result of the first CAN data based on the second verification result;
and updating the first check times when the first check result represents that the check is not passed, determining the next data packet sequence as a target data packet sequence when the first check times are not greater than a first time number threshold value, and determining the check result of the first CAN data based on the check result of the target data packet sequence.
According to the technical means, the first CAN data is checked in a mode of sequentially executing the two checking algorithms, and when the first checking result corresponding to the first checking algorithm indicates that the checking is not passed, the new data packet sequence is used for rechecking the first CAN data, so that the integrity and the reliability of the first CAN data CAN be determined by utilizing a plurality of data packet sequences included in the first CAN data, the condition that the first CAN data is discarded due to the occurrence of errors in a single data packet sequence is avoided, and the reliability of the transmission of the first CAN data is improved.
In some embodiments, the determining a verification result of the first CAN data based on the second verification result includes:
taking the second verification result as the verification result of the first CAN data under the condition that the second verification result representation verification passes;
and updating the second check times under the condition that the second check result representation check is not passed, determining the next data packet sequence as a target data packet sequence under the condition that the second check times are not greater than a second time threshold, and determining the check result of the first CAN data based on the check result of the target data packet sequence.
According to the technical means, under the condition that the first check result or the second check result indicates that the check of the first CAN data is not passed, the next data packet sequence is determined to be the target data packet sequence, and the check result of the first CAN data is determined based on the check result of the new target data packet sequence, so that the check CAN be performed by utilizing a plurality of data packet sequences sent by the bus for the first CAN data, and the first CAN data is prevented from being discarded due to the packet loss or frame loss of the current checked data packet sequence, thereby improving the accuracy and reliability of the transmission of the first CAN data.
In some embodiments, the sending the first CAN data to a second automotive electronic control unit includes:
encrypting the first CAN data by using a first encryption algorithm to obtain third CAN data; wherein the first encryption algorithm comprises at least one of: a digital signature algorithm, a second encryption algorithm; the second encryption algorithm comprises a symmetric encryption algorithm or an asymmetric encryption algorithm;
and sending the third CAN data to the second automobile electronic control unit.
According to the technical means, the first CAN data is encrypted by utilizing the encryption algorithm to obtain the third CAN data, and the third CAN data is sent to the second automobile electronic control unit, so that the data CAN be prevented from being attacked by tampering, replay, denial of service and the like, and the safety of automobile data transmission is improved.
In some embodiments, encrypting the first CAN data using a first encryption algorithm to obtain third CAN data includes:
encrypting the first CAN data by using a first encryption algorithm to obtain fourth CAN data;
and encrypting the fourth CAN data by using a timestamp encryption algorithm to obtain the third CAN data.
According to the technical means, the time stamp encryption algorithm is used for encrypting the fourth CAN data obtained after the encryption of the first encryption algorithm, so that the safety and reliability of the data are further improved.
In some embodiments, in a case where the first encryption algorithm is the second encryption algorithm, encrypting the first CAN data by using the first encryption algorithm to obtain fourth CAN data includes:
based on the data type of the first CAN data, a symmetric encryption algorithm or an asymmetric encryption algorithm is used as the second encryption algorithm;
and encrypting the first CAN data by using the symmetric encryption algorithm or the asymmetric encryption algorithm to obtain the fourth CAN data.
According to the technical means, different encryption modes are adopted for different types of data, so that the selection of the encryption modes is more targeted and diversified, the complexity of the encryption means is improved, and the safety of data transmission is further improved.
A data transmission system comprises a first automobile electric control unit and a second automobile electric control unit; wherein,,
the first automobile electronic control unit is used for checking the first CAN data by using a first checking algorithm to obtain a first checking result; determining a verification result of the first CAN data based on the first verification result and a second verification algorithm; transmitting the first CAN data to a second automobile electronic control unit under the condition that the verification result of the first CAN data represents that verification is passed;
The second automobile electronic control unit is used for receiving the first CAN data and controlling corresponding functions based on the first CAN data.
A data transmission apparatus comprising:
the first verification module is used for verifying the first CAN data by using a first verification algorithm to obtain a first verification result;
the second checking module is used for determining a checking result of the first CAN data based on the first checking result and a second checking algorithm;
the transmission module is used for transmitting the first CAN data to the second automobile electronic control unit under the condition that the verification result of the first CAN data represents that verification is passed.
A vehicle comprising a memory and a processor, the memory storing a computer program executable on the processor, characterized in that the processor implements some or all of the steps of the data transmission method described above when the program is executed.
The invention has the beneficial effects that:
(1) The first CAN data is checked by using at least two checking methods to obtain a checking result of the first CAN data, and the first CAN data is sent to the second automobile electronic control unit when the checking result of the first CAN data represents the passing of the checking, so that the integrity and the reliability of the data are checked by using a plurality of checking algorithms in the data transmission process, the problem of lower checking coverage rate caused by the limitation of the checking range of a single checking algorithm is avoided, and the integrity and the reliability of the data are improved;
(2) The first CAN data is checked in a sequential execution mode by utilizing at least two check algorithms, and under the condition that any one check is not passed, the next data packet sequence corresponding to the first CAN data is utilized for re-checking, so that a plurality of data packet sequences sent by the same data on a bus CAN be utilized for checking, the data is prevented from being discarded when the packet loss or frame loss condition occurs to a single data packet sequence, and the reliability and the accuracy of data transmission are improved;
(3) The first CAN data passing through the verification is encrypted by using an encryption algorithm, and the encrypted first CAN data is sent to the second automobile electronic control unit, so that the data CAN be prevented from being attacked by tampering, replay, denial of service and the like, and the safety of data transmission is improved;
(4) And the first CAN data is subjected to multi-layer encryption by utilizing a plurality of encryption algorithms, so that the complexity and difficulty of data encryption are increased, and the safety of data transmission is improved.
It is to be understood that both the foregoing general description and the following detailed description are exemplary and explanatory only and are not restrictive of the aspects of the disclosure.
Drawings
The accompanying drawings, which are incorporated in and constitute a part of this specification, illustrate embodiments consistent with the application and together with the description, serve to explain the principles of the application.
Fig. 1 is a schematic implementation flow chart of a data transmission method according to an embodiment of the present application;
fig. 2 is a schematic diagram of an implementation flow of a data encryption transmission process in a data transmission method according to an embodiment of the present application;
fig. 3 is a schematic implementation flow chart of an application embodiment for performing checksum analysis on a CAN packet in the data transmission method according to the embodiment of the present application;
fig. 4 is a schematic implementation flow chart of an application embodiment of encrypting a parsed CAN message in a data transmission method according to an embodiment of the present application;
fig. 5 is a block diagram of a data transmission system according to an embodiment of the present application;
fig. 6 is a schematic diagram of a composition structure of a data transmission device according to an embodiment of the present application.
Detailed Description
Further advantages and effects of the present application will become readily apparent to those skilled in the art from the disclosure herein, by referring to the accompanying drawings and the preferred embodiments. The application may be practiced or carried out in other embodiments that depart from the specific details, and the details of the present description may be modified or varied from the spirit and scope of the present application. It should be understood that the preferred embodiments are presented by way of illustration only and not by way of limitation.
The term "first/second/third" is merely to distinguish similar objects and does not represent a particular ordering of objects, it being understood that the "first/second/third" may be interchanged with a particular order or precedence, as allowed, to enable embodiments of the application described herein to be implemented in other than those illustrated or described herein.
Unless defined otherwise, all technical and scientific terms used herein have the same meaning as commonly understood by one of ordinary skill in the art to which this application belongs. The terminology used herein is for the purpose of describing the application only and is not intended to be limiting of the application.
In the related art, in order to ensure the reliability and integrity of data transmission in automotive communication, an automotive electronic control unit (Electronic Control Unit, abbreviated as ECU) uses a checking algorithm to check a CAN message received from a controller area network bus (Controller Area Network, abbreviated as CAN), for example, uses a cyclic redundancy check algorithm (Cyclic Redundancy Check, abbreviated as CRC) to check the received CAN message. However, since each checking algorithm can only check a specific message problem, for example, the CRC checking algorithm can detect a single-bit error occurring in the transmission process, but cannot accurately check a multi-bit error, which results in that the checked message still has reliability and correctness problems.
Based on the above, the application provides a data transmission method which is applied to an automobile electronic control unit, and the data transmission method utilizes at least two verification algorithms to verify data and transmits the verified data to the next automobile electronic control unit, so that the reliability and the correctness of the data are ensured. Fig. 1 is a schematic implementation flow chart of a data transmission method according to an embodiment of the present application, as shown in fig. 1, the data transmission method includes steps S101 to S102 as follows:
step S101, the first CAN data is checked by using a first check algorithm, and a first check result is obtained.
Here, the verification algorithm is a method for checking data transmission errors or imperfections due to various reasons in the data transmission process.
In practical applications, the check algorithm may include a reserved value check algorithm, an End-to-End communication (E2E) check algorithm, a CRC check algorithm, and an original value check algorithm. Wherein:
the reserved value checking algorithm is executed at the physical layer and is used for checking whether the value of the reserved bit in the first CAN data meets the requirement. In the case of a vehicle data transmission, the reserved bits are data bits reserved for future use in the first CAN data, the value of which is predetermined. In practical applications, the reserved value in the reserved bit may be set based on the vehicle type, the first CAN data type, and the like, for example, the reserved value may be set based on the vehicle speed being a positive number and the vehicle speed range for the first CAN data related to the vehicle speed.
And the E2E checking algorithm is used for checking the end-to-end transmission of the first CAN data so as to ensure the integrity and the correctness of the whole signal. In an automotive data transmission scenario, an E2E check algorithm is used to check the integrity of data transmitted from one ECU to another, i.e. the first ECU performs an E2E check on the first CAN data in order to check whether the number of bits of the received first CAN data is the same as the number of bits in the original signal to which the first CAN data corresponds.
And a CRC check algorithm for checking whether there are erroneous bits in the first CAN data. According to the checking principle of the CRC algorithm, the CRC algorithm CAN detect odd bit errors, double bit errors and burst errors which are not more than the check bit length in the first CAN data.
In some embodiments, the first check algorithm is a reserved value check algorithm.
Step S102, determining a verification result of the first CAN data based on the first verification result and a second verification algorithm.
Here, the second checking algorithm may include at least one of an E2E checking algorithm, a CRC checking algorithm, and an original value checking algorithm.
In some embodiments, before the first CAN data is verified using the first verification algorithm, the data transmission method may include: firstly, determining a first checking algorithm and a second checking algorithm from a plurality of checking algorithms; and then, checking the first CAN data by using the determined first checking algorithm to obtain a first checking result, and determining the checking result of the first CAN data based on the first checking result and the second checking algorithm.
Step S103, when the verification result of the first CAN data represents that the verification is passed, the first CAN data is sent to a second automobile electronic control unit.
The verification result of the first CAN data indicates that the verification is passed, which indicates that the first CAN data is complete and error-free, or that the error existing in the first CAN data is within an error tolerance range.
In the embodiment of the application, the first ECU performs verification on the first CAN data by using at least two verification algorithms, namely a first verification algorithm and a second verification algorithm, so as to obtain a verification result of the first CAN data, and sends the first CAN data to the second ECU under the condition that the verification result of the first CAN data represents that the verification is passed. In this way, in the process of data transmission, the integrity and the reliability of the data are checked by utilizing a plurality of check algorithms, and the problem of low check coverage rate caused by the limit of the check range of a single check algorithm can be avoided, so that the data check effect is further improved, and the checked data have higher integrity and reliability.
In some embodiments, the step S102 may be implemented by the following steps S1021 to S1022:
step S1021, under the condition that the first verification result represents that verification passes, the second verification algorithm is utilized to verify the first CAN data to obtain a second verification result, and the second verification result is used as the verification result of the first CAN data.
Here, the first checking algorithm may be a reserved value checking algorithm, and the second checking algorithm may be at least one of an E2E checking algorithm, a CRC checking algorithm, and an original value checking algorithm.
On the basis that the first CAN data passes through reserved value verification, the E2E verification algorithm is utilized to verify the first CAN data, whether the number of bits in a data frame of the first CAN data is the same as the number of bits in an original signal CAN be further verified, and further the accuracy of the first CAN data CAN be judged from the point of completeness.
Meanwhile, on the basis that the first CAN data passes through reserved value verification, the CRC algorithm is utilized to verify the first CAN data, so that odd bit errors, double bit errors and burst errors which are not more than the length of the check bit in the first CAN data CAN be detected, and the method has a strong supplementary effect on the verification result of the first verification algorithm.
In addition, on the basis that the first CAN data passes the reserved value verification, the original value verification algorithm is utilized to verify the first CAN data, so that the verification accuracy CAN be further improved.
In practical application, a first calibration error threshold may be set for a first calibration algorithm, and a second calibration error threshold may be set for a second calibration algorithm: when the first verification result is not greater than the first verification error threshold value, the first verification result represents that verification is passed; when the first verification result is larger than the first verification error threshold value, the first verification result represents that verification fails; when the second checking result is not more than the second checking error threshold value, the second checking result represents that the checking is passed; and when the second check result is larger than the second check error threshold value, the second check result represents that the check fails.
The first and second calibration error thresholds may be set according to the efficiency and quality requirements of the data transmission.
Thus, the first verification result characterizes verification passing, namely, based on the fact that the first verification result is not larger than a first verification error threshold, the verification result of the first CAN data is determined to be verification passing.
The taking the second check result as the check result of the first CAN data may include: determining that the verification result of the first CAN data is verification passing based on the fact that the second verification result is not greater than a second verification error threshold; and the second checking result is larger than the second checking error threshold value, and the checking result of the first CAN data is determined as that the checking is not passed.
Step S1022, when the first verification result indicates that the verification is not passed, taking the first verification result as the verification result of the first CAN data.
Here, in the case where the first check result is greater than the first check error threshold, it is determined that the first check result characterizes the check as failed, and the check is failed as a check result of the first CAN data.
In this embodiment, by using the first calibration algorithm and the second calibration algorithm to calibrate the first CAN data in a sequential execution manner, accuracy of calibrating the first CAN data may be improved, so as to ensure integrity and reliability of the first CAN data.
In some embodiments, the first CAN data comprises at least two sequences of data packets; the above step S101 may be implemented by the following steps S1011 to S1012:
and step S1011, determining a first CAN data packet sequence in the at least one data packet sequence as a target data packet sequence.
Here, for the first CAN data, there are at least two data packet sequences on the CAN bus to carry the first CAN data, each ECU connected to the CAN bus receives a data packet from the CAN bus, and determines whether the ECU node is a legal recipient of the data packet, if so, performs processes such as checking, repackaging, and transmitting the data packet, and if not, discards the data packet sequence.
After determining that the ECU node is a legal receiver of the data packet, when checking the data packet sequence where the data packet is located, the ECU firstly determines a first data packet sequence from at least two data packet sequences included in the first CAN data as a target data packet sequence, and checks the target data packet sequence.
Step S1012, performing verification on the target data packet sequence by using the first verification algorithm, to obtain a first verification result.
Here, the first checking algorithm may be a reserved value checking algorithm, which is used to check a reserved value of reserved bits in each data packet in the target data packet sequence.
Meanwhile, the above step S102 may be implemented by the following steps S1023 to S1024:
step S1023, under the condition that the first verification result represents verification, the target data packet sequence is verified by utilizing the second verification algorithm to obtain a second verification result, and the verification result of the first CAN data is determined based on the second verification result.
The first verification result characterizes verification passing, namely, based on the fact that the first verification result is not larger than a first verification error threshold, the verification result of the first CAN data is determined to be verification passing.
Determining the verification result of the first CAN data based on the second verification result may include: determining that the verification result of the first CAN data is verification passing based on the fact that the second verification result is not greater than a second verification error threshold; and determining that the verification result of the first CAN data is not passed based on the fact that the second verification result is larger than the second verification error threshold value.
Meanwhile, if the verification result of the first CAN data is that the verification is passed, other data packet sequences included in the first CAN data are not verified.
In practice, the second checking algorithm may comprise at least one of the following: an E2E checking algorithm, a CRC checking algorithm and an original value checking algorithm.
Step S1024, updating the first verification times when the first verification result indicates that the verification is not passed, determining the next data packet sequence as a target data packet sequence when the first verification times are not greater than a first time threshold, and determining the verification result of the first CAN data based on the verification result of the target data packet sequence.
Here, when the first verification result is greater than the first verification error threshold, the first verification result characterizes that the verification is not passed.
The first verification times are times for verifying the first CAN data by using a first verification algorithm. In practical application, a first time threshold corresponding to the first verification times CAN be set according to the efficiency and quality requirements of data transmission, so that when the reserved value verification fails in the range of the first time threshold, the first CAN data CAN be verified again by using a new data packet sequence.
When the first checking algorithm is a reserved value checking algorithm, the first checking result is that the checking is not performed by indicating that the value of the reserved bit in at least one data packet in the target data packet sequence is different from the set reserved value.
Here, the next data packet sequence is determined as a target data packet sequence, and the new target data packet sequence is checked again by using a first checking algorithm and a second checking algorithm to determine a checking result of the first CAN data.
In the above embodiment, the first CAN data is checked by using the first check algorithm and the second check algorithm in a sequential execution manner, and when the first check result corresponding to the first check algorithm indicates that the check is not passed, the first CAN data is rechecked by using the new data packet sequence, so that the integrity and reliability of the first CAN data CAN be determined by using the plurality of data packet sequences included in the first CAN data, the situation that the first CAN data is discarded due to the occurrence of an error in a single data packet sequence is avoided, and the reliability of the transmission of the first CAN data is improved.
In some embodiments, the determining a verification result of the first CAN data based on the second verification result includes:
taking the second verification result as the verification result of the first CAN data under the condition that the second verification result representation verification passes;
and updating the second check times under the condition that the second check result representation check is not passed, determining the next data packet sequence as a target data packet sequence under the condition that the second check times are not greater than a second time threshold, and determining the check result of the first CAN data based on the check result of the target data packet sequence.
When the second check result is not greater than the second check error threshold, determining that the second check result represents the check passing, and meanwhile, determining that the check result of the first CAN data is the check passing; when the second checking result is larger than the second checking error threshold value, determining that the second checking result represents that the checking is not passed, and meanwhile, determining that the checking result of the first CAN data is that the checking is not passed.
The second checking times are times for checking the target data packet sequence by using a second checking algorithm. In practical application, a second time threshold corresponding to the second check number CAN be set according to the efficiency and quality requirements on data transmission, so that when the check by the second check algorithm fails in the second time threshold range, the first CAN data CAN be checked again by using the new data packet sequence.
And when the second checking result is larger than the second checking error threshold value, the second checking result represents that the checking is not passed. And at this time, determining the next data packet sequence in the at least two data packet sequences as a target data packet sequence within a second time threshold range, and re-utilizing the first checking algorithm and the second checking algorithm to check the new target data packet sequence, and determining a checking result of the first CAN data based on the checking result of the new target data packet sequence.
Therefore, under the condition that the first check result or the second check result indicates that the check of the first CAN data is not passed, the next data packet sequence is determined to be the target data packet sequence, and the check result of the first CAN data is determined based on the check result of the new target data packet sequence, so that the plurality of data packet sequences sent by the first CAN data on the CAN bus CAN be utilized for checking, and the first CAN data is prevented from being discarded due to the condition that the current checked data packet sequence has packet loss or frame loss, thereby improving the accuracy and reliability of the transmission of the first CAN data.
In some embodiments, the at least two verification algorithms include a third verification algorithm and a fourth verification algorithm; the above-described step S101 and step S102 may also be realized by the following steps S1025 to S1026:
step S1025, respectively checking the first CAN data by using the third checking algorithm and the fourth checking algorithm to obtain a third checking result and a fourth checking result;
here, the third check algorithm may be a reserved value check algorithm, and the fourth check algorithm may be at least one of an E2E check algorithm, a CRC check algorithm, and an original value check algorithm.
Setting a third calibration error threshold for the third calibration algorithm and setting a second calibration error threshold for the second calibration algorithm: under the condition that the third checking result is not larger than the third checking error threshold value, the third checking result represents that the checking is passed; under the condition that the third checking result is larger than the third checking error threshold value, the third checking result represents that the checking is not passed; under the condition that the fourth checking result is not larger than the fourth checking error threshold value, the fourth checking result represents that the checking is passed; and under the condition that the fourth check result is larger than the fourth check error threshold value, the fourth check result represents that the check is not passed.
Here, the third check error threshold and the fourth check error threshold may be set according to efficiency and quality requirements of data transmission.
Step S1026, determining a verification result of the first CAN data based on the third verification result and the fourth verification result.
Here, the verification passing may be characterized based on both the third verification result and the fourth verification result, and it is determined that the verification result of the first CAN data is the verification passing; and determining that the verification result of the first CAN data is verification passing based on at least one of the third verification result and the fourth verification result. In practical application, different determination schemes can be selected according to different transmission efficiency and precision requirements.
In the embodiment, the third and fourth calibration algorithms are utilized to calibrate the first CAN data in a parallel execution mode, and the calibration result of the first CAN data is flexibly determined according to the calibration results of the calibration algorithms, so that the method has the advantage of simplicity and practicability in calibration procedure.
In the embodiment of the application, the first CAN data is checked according to different checking sequences by utilizing at least two checking algorithms, so that the problem of lower checking precision caused by a single checking mode CAN be effectively avoided, the integrity and the reliability in the process of transmitting the automobile data are improved, and the accuracy of automobile control is further improved.
In addition, in order to improve the data transmission efficiency of the automobile system, in the embodiment of the application, the data transmission is performed based on a data distribution service (Data Distribution Service, abbreviated as DDS) protocol.
The DDS protocol is a distributed real-time communication middleware protocol, adopts a publish/subscribe system architecture, emphasizes the centering of data, provides rich service quality strategies, ensures the real-time, efficient and flexible distribution of data, meets the increasing data processing requirements of an automobile electronic system, and provides a high-efficiency and reliable data transmission mode.
Although the DDS protocol maintains the integrity and confidentiality of data by introducing an encryption service plug-in, a specific data encryption program is not provided, so that when the DDS protocol is applied to data transmission of a whole vehicle, the following risks may still exist:
data tampering: tampering with the data, for example, modifying control signals of vehicle speed, steering, braking and the like, so that a vehicle control system is seriously affected;
data playback: the data packet received by the automobile ECU is sent to achieve the purpose of cheating the system, so that the automobile control system is influenced;
denial of service attack: for example, a large number of invalid data packets are sent to occupy bandwidth and resources, and normal operation of the whole vehicle system is affected.
In the whole vehicle data transmission process of the vehicle, the transmitted data may contain important information of the vehicle, such as vehicle speed, position, acceleration, steering angle, energy consumption and the like, which belong to sensitive information related to vehicle control, and if being attacked, the transmitted data can have serious influence on the vehicle control and even user safety.
Based on this, in the data transmission method provided in the embodiment of the present application, before the data is transmitted to the next ECU in the above step S103, the data is encrypted in a predetermined manner by using a preset encryption algorithm, so as to improve the security and integrity of the data. Next, a data encryption transmission method in the data transmission method according to the embodiment of the present application will be described in detail with reference to fig. 2.
As shown in fig. 2, the above step S103 may be implemented by the following steps S1031 to S1032:
step S1031, encrypting the first CAN data by using a first encryption algorithm to obtain third CAN data; wherein the first encryption algorithm comprises at least one of: a digital signature algorithm, a second encryption algorithm; the second encryption algorithm includes a symmetric encryption algorithm or an asymmetric encryption algorithm.
In the digital signature algorithm, for a sender, a data sender generates a message digest from a message text by utilizing a hash function, then encrypts the digest by using a private key of the sender, and the encrypted digest is sent to a receiver together with the message as a digital signature of the message; for the receiving side, firstly, a digest is calculated from the received original message by using the same hash function as the sending side, then, the digital signature attached to the message is decrypted by using the public key, and if the digest obtained by calculation is identical to the digest obtained by decryption, the receiving side confirms that the message is the message sent by the sending side. It can be seen that the digital signature can help the sender and receiver of the data confirm the integrity of the data, identify whether the data has been tampered with.
In practical applications, the digital signature technique may be implemented based on a hash algorithm (as described above) or may be implemented based on asymmetric key encryption.
The private key of the sender is determined based on the random number. Here, the use of random numbers makes the digital signature scheme non-reusable, and different random numbers are selected at different times, which can produce different results even if the same message is signed.
And the symmetric encryption and the asymmetric encryption are used for encrypting the data and generating ciphertext so as to ensure the confidentiality of the data. Wherein:
symmetric encryption is a traditional encryption method, and the same key is used for encryption and decryption. Common symmetric encryption algorithms include a data encryption standard (Data Encryption Standard, abbreviated as DES) algorithm, a triple data encryption algorithm (Triple Data Encryption Algorithm, abbreviated as EDEA), and an advanced encryption standard (Advanced Encryption Standard, abbreviated as AES);
in asymmetric encryption, the keys are divided into encryption keys and decryption keys, i.e., encryption and decryption in asymmetric encryption use not the same key. A common asymmetric encryption algorithm is the RSA encryption algorithm.
In practical application, encrypting the first CAN data using the first encryption algorithm may include one of: signing the first CAN data by using a digital signature algorithm; encrypting the first CAN data by utilizing a symmetric encryption algorithm or an asymmetric encryption algorithm; and encrypting the first CAN data by using a symmetric encryption algorithm or an asymmetric encryption algorithm, and simultaneously signing the first CAN data by using a digital signature algorithm.
Step S1032, transmitting the third CAN data to the second automobile electronic control unit.
Here, in the scenario of data transmission based on the DDS protocol, first, the first automotive electronic control unit sends the encrypted third CAN data to the virtual global data space of the DDS protocol, and then the second automotive electronic control unit subscribed to the first CAN data may acquire the encrypted third CAN data from the virtual global data space of the DDS.
In the above embodiment, the encryption algorithm is used to encrypt the first CAN data to obtain the third CAN data, and the third CAN data is sent to the second automobile electronic control unit, so that the data is prevented from being attacked by tampering, replay, denial of service and the like, and the safety of automobile data transmission is further improved.
In some embodiments, the step S1031 may be implemented by the following steps S1033 to S1034:
and step S1033, encrypting the first CAN data by using a first encryption algorithm to obtain fourth CAN data.
Here, the first encryption algorithm may include at least one of a digital signature algorithm and a second encryption algorithm, and the second encryption algorithm includes a symmetric encryption algorithm or an asymmetric encryption algorithm.
As described above, encrypting the first CAN data using the first encryption algorithm may include one of: signing the first CAN data by using a digital signature algorithm; encrypting the first CAN data by utilizing a symmetric encryption algorithm or an asymmetric encryption algorithm; and encrypting the first CAN data by using a symmetric encryption algorithm or an asymmetric encryption algorithm, and simultaneously signing the first CAN data by using a digital signature algorithm.
And step S1034, encrypting the fourth CAN data by using a timestamp encryption algorithm to obtain the third CAN data.
Here, the time stamp encryption is implemented on the basis of an encryption algorithm to prove that the original file is already present before encryption.
The time stamp may also be data generated using digital signature techniques, where the signed object includes information such as original file information, signature parameters, signature time, etc. The time stamping system is used for generating and managing time stamps, and digital signature is carried out on the signature object to generate the time stamps so as to prove that the original file exists before the signature time.
In the above embodiment, the time stamp encryption algorithm is used to encrypt the fourth CAN data obtained after the encryption of the first encryption algorithm, which increases the complexity and difficulty of the data, thereby improving the security and reliability of the data.
In some embodiments, in the case that the first encryption algorithm is the second encryption algorithm, the encrypting the first CAN data by using the first encryption algorithm in the step S1033 to obtain the fourth CAN data may be implemented by the following steps S1035 to S1036:
and step S1035, based on the data type of the first CAN data, using a symmetric encryption algorithm or an asymmetric encryption algorithm as the second encryption algorithm.
Here, the data type of the first CAN data may include a digital type and a structure type.
In practical application, when the data type of the first CAN data is a digital type, the symmetric encryption algorithm is used as a second encryption algorithm; and when the data type of the first CAN data is the structure type, using an asymmetric encryption algorithm as a second encryption algorithm.
Step S1036, encrypting the first CAN data by using the symmetric encryption algorithm or the asymmetric encryption algorithm, to obtain the fourth CAN data.
Here, the first CAN data of the digital type is encrypted by using a symmetric encryption algorithm to obtain fourth CAN data; or encrypting the first CAN data of the structure type by using an asymmetric encryption algorithm to obtain fourth CAN data.
In the above embodiment, different encryption modes are adopted for different types of data, so that the selection of the encryption modes is more targeted and diversified, the complexity of the encryption means is improved, and the security of data transmission is further improved.
In practical applications, the selection and use of the first encryption algorithm, the second encryption algorithm, and the timestamp encryption algorithm may be selected based on a desired security level. In some embodiments, first, a security protocol to be used may be determined; then, based on the selected security protocol, determining a digital signature algorithm and/or a data encryption algorithm supported by the security protocol, and determining at least one digital signature algorithm and/or data encryption algorithm from the supported digital signature algorithms and/or data encryption algorithms; finally, a manner of generating the time stamp is determined based on the selected digital signature algorithm and/or the data encryption algorithm.
In some embodiments, before encrypting the first CAN data and sending it to the next node, it is necessary to parse the first CAN data that passes the verification and encapsulate the parsing result into a specific data format.
In some embodiments, the parsing process of the first CAN data may be implemented by the following steps S201 to S203:
step S201, analyzing the first CAN data after verification.
Here, the first CAN data in binary form may be parsed based on the CAN signal communication matrix to obtain an actual value, for example, obtain information of an identifier (Identity document, abbreviated as ID) corresponding to the CAN data, a transmitting node, a name of a bus, a byte of the bus, a signal length, a signal type, an offset, a unit, and the like.
In practical applications, the analysis of CAN data includes conversion of linear signals and conversion of nonlinear signals.
Step S202, performing unit conversion on the value in the analysis result of the first CAN data.
Here, the parsed CAN signal value may be subjected to unit conversion based on the CAN signal communication matrix, for example, the speed unit "km/h" may be converted into "m/s".
Step S203, outputting the analysis result of the first CAN data.
Here, the analysis result of the output first CAN data may include an actual value contained in the first CAN data and a unit thereof, for example, a numerical value of the speed.
And after analyzing the first CAN data and obtaining an actual value corresponding to the first CAN data, packaging the actual value. In some embodiments, the actual value corresponding to the first CAN data may be encapsulated based on a Protocol Buffers (hereinafter referred to as Protobuf) Protocol.
The Protobuf protocol is a lightweight, efficient structured data storage format that can serialize, or serialize, structured data. Because the Protobuf protocol has the characteristics of portability and high efficiency, the embodiment of the application adopts the Protobuf protocol to package the actual value corresponding to the first CAN data, obtains the Protobuf message, and encrypts the Protobuf message on the basis of the Protobuf message.
In some embodiments, the process of encapsulating the actual value corresponding to the first CAN data using the Protobuf protocol may be implemented by the following steps S204 to S206:
step S204, defining a message header based on Protobuf protocol;
here, the message header is determined based on the definition format of the message header and the actual value corresponding to the first CAN data in the Protobuf protocol. The message header may include information such as message ID, message type, data length, etc. of the Protobuf message.
Because the data size of the Protobuf message package is larger, in practical application, the actual values corresponding to the first CAN data are packaged into one structure body, and then the structure bodies are packaged into one Protobuf message. Thus, the data transmission efficiency can be improved by layer-by-layer encapsulation. Wherein the data encapsulated in the same structure may be a set of signal data for implementing the same function or controlling the same hardware.
In this way, when defining the header of the Protobuf message, it CAN be determined based on information such as the type, size, etc. of the plurality of first CAN data encapsulated therein.
Step S205, defining a message body of the Protobuf message based on the Protobuf protocol and an actual value corresponding to the first CAN data;
here, the main information of the message body of the Protobuf message is an actual value corresponding to the first CAN data, and the actual value corresponding to at least one first CAN data may be encapsulated according to a format specified by the Protobuf protocol. In some embodiments, the data of different types can be respectively placed in different message bodies in a message nesting manner, so that subsequent processing is facilitated.
Step S206, other information in the message body is defined based on Protobuf protocol;
Here, the other information may include sender ID and receiver ID of the Protobuf message, time stamp, etc. in order to better track the source and transmission procedure of the Protobuf message.
Through the analysis and encapsulation process, the first CAN data CAN be converted into the actual value with logic significance, then the converted actual value is encapsulated in the message body for transmission according to the preset data encapsulation protocol, the data transmission efficiency CAN be improved, and the message encapsulated based on the Protobuf protocol has the characteristic of portability, and the computing resource CAN be saved.
Next, an application embodiment of the first ECU in the automobile to verify and parse CAN data by using the data transmission method provided by the embodiment of the present application will be described in detail with reference to fig. 3:
step S301, CAN data is received, and a target data packet sequence is determined; after that, step S302 is performed;
here, the first ECU receives at least two packet sequences for one CAN signal from the CAN bus and performs the subsequent steps with the first one of them as a target packet sequence.
Step S302, checking a target data packet sequence; after that, step S303 is performed;
here, it is checked whether the target packet sequence is a CAN packet, whether the first ECU is a legal receiver based on the target sequence, whether the baud rate of the target packet sequence is correct, and the like.
Step S303, judging whether the reserved value is checked; if yes, execute step S306; if not, executing step S304;
step S304, judging whether the times T are larger than a times threshold T_max; if yes, go to step S305; if not, executing step S301;
here, t_max is a preset threshold of the number of times the target packet sequence is returned to be redefined.
Step S305 terminates the verification process for the CAN data.
Step S306, judging whether E2E verification is passed; if yes, go to step S307; if not, executing step S304;
here, after the reserved value check passes, it is explained that the value in the reserved bit in the target packet sequence coincides with the reserved value, but the integrity of the target packet sequence cannot be checked. Thus, after performing the reserved value check, the E2E check is continued, and the integrity of the target data packet sequence may be determined.
Step S307, judging whether the CRC check is passed; if yes, go to step S308; if not, executing step S304;
here, after performing the reserved value check, it may be determined that the value of some bits (i.e., reserved bits) in the target packet sequence is satisfactory, but still other bits are not checked, so the target packet sequence is further checked using a CRC check algorithm to check for burst errors of odd bits, double bits, and not more than the check bit length.
Step S308, judging whether the original value is checked; if yes, go to step S309; if not, executing step S304;
step S309, analyzing CAN data; after that, step S310 is performed;
here, based on the CAN signal communication matrix, binary form CAN data is analyzed to obtain information such as an actual value corresponding to the CAN data.
Step S310, carrying out unit conversion on the analyzed CAN data value; after that, step S311 is performed.
Here, the analyzed CAN data signal values are subjected to unit conversion based on units defined in the CAN signal communication matrix, for example, the unit "km/h" is converted into the unit "m/s", and the like.
Step S311, determining the analysis result of the CAN data.
Here, based on the analysis and unit conversion of the CAN data, a final analysis result of the CAN data is determined, and the final analysis result includes at least an actual value corresponding to the CAN data and the converted unit.
Next, an application embodiment of the data transmission method according to the embodiment of the present application for encrypting the analyzed CAN data will be described in detail with reference to fig. 4.
Step S401, defining a message header based on the actual value and Protobuf protocol analyzed by CAN data; after that, step S402 is performed;
Here, the specific process of defining the message header based on the actual value corresponding to the CAN data and the Protobuf protocol may be referred to the above detailed description of step S204, which is not repeated here.
Step S402, defining a message body based on an actual value corresponding to CAN data and a Protobuf protocol; after that, step S403 is performed;
here, the specific process of defining the message body based on the actual value corresponding to the CAN data and the Protobuf protocol may be referred to the similar description of step S205, and will not be repeated here.
Step S403, defining other information in the Protobuf message body; after that, step S404 is performed;
here, for a specific procedure for defining other information in the Protobuf message body, reference may be made to the above description of step S206, where the step is repeated.
Step S404, signing the Protobuf message by adopting a digital signature technology; after that, step S405 is performed;
here, first, the Protobuf message file is processed by using a hash function to obtain a first digest, and then the first digest is encrypted by using a user private key generated based on a random number to obtain an encrypted first digest.
Step S405, verifying the digital signature, and judging whether the verification is passed; if yes, go to step S407; if not, executing step S406;
Here, the digital signature is verified using a verification algorithm to determine whether the digital signature is legitimate. If the verification result shows that the digital signature is legal, the verification is passed; if the verification result shows that the digital signature is illegal, the verification is not passed.
Step S406, re-signing the Protobuf message by using a new digital signature mode; after that, step S405 is performed;
and S407, adding a time stamp to the digitally signed Protobuf message to obtain an encrypted Protobuf message.
Based on the data transmission method, the embodiment of the application also provides a data transmission system. Fig. 5 is a schematic diagram of a data transmission system 500 according to an embodiment of the present application.
As shown in fig. 5, a data transmission system 500 provided in an embodiment of the present application includes a first automobile electronic control unit 501 and a second automobile electronic control unit 502; wherein,,
the first car electronic control unit 501 is configured to verify the first CAN data by using a first verification algorithm to obtain a first verification result; determining a verification result of the first CAN data based on the first verification result and a second verification algorithm; transmitting the first CAN data to a second automobile electronic control unit under the condition that the verification result of the first CAN data represents that verification is passed;
The second car electronic control unit 502 is configured to receive the first CAN data, and perform control of a corresponding function based on the first CAN data.
Here, the first vehicle electronic control unit 501 and the second vehicle electronic control unit 502 may be any one of vehicle electronic control units for performing various control functions in a vehicle, and may implement some or all of the steps in the above-described data transmission method provided by the embodiment of the present application.
Based on the foregoing embodiments, the embodiments of the present application provide a data processing apparatus, where the apparatus includes units included, and modules included in the units may be implemented by specific logic circuits; in practice, the processor may be a microprocessor (Microprocessor Unit, MPU), digital signal processor (Digital Signal Processor, DSP) or field programmable gate array (Field Programmable Gate Array, FPGA), or the like.
Fig. 6 is a schematic diagram of a composition structure of a data transmission device according to an embodiment of the present application, and as shown in fig. 6, a data transmission device 600 includes: a first verification module 601, a second verification module 602, and a transmission module 603, wherein:
the first verification module 601 is configured to verify the first CAN data by using a first verification algorithm to obtain a first verification result;
A second verification module 602, configured to determine a verification result of the first CAN data based on the first verification result and a second verification algorithm;
and the transmission module 603 is configured to send the first CAN data to the second automobile electronic control unit when the verification result of the first CAN data indicates that the verification passes.
In some embodiments, the second verification module 602 is further configured to:
under the condition that the first verification result representation verification passes, the second verification algorithm is utilized to verify the first CAN data to obtain a second verification result, and the second verification result is used as a verification result of the first CAN data;
and under the condition that the first verification result represents that verification is not passed, taking the first verification result as a verification result of the first CAN data.
In some embodiments, the first CAN data comprises at least two sequences of data packets;
the first verification module 601 is further configured to:
determining a first CAN data packet sequence in the at least two data packet sequences as a target data packet sequence;
checking the target data packet sequence by using the first checking algorithm to obtain the first checking result;
The second checking module 602 is further configured to:
under the condition that the first verification result representation verification passes, verifying the target data packet sequence by utilizing the second verification algorithm to obtain a second verification result, and determining the verification result of the first CAN data based on the second verification result;
and updating the first check times when the first check result represents that the check is not passed, determining the next data packet sequence as a target data packet sequence when the first check times are not greater than a first time number threshold value, and determining the check result of the first CAN data based on the check result of the target data packet sequence.
In some embodiments, the determining a verification result of the first CAN data based on the second verification result includes:
taking the second verification result as the verification result of the first CAN data under the condition that the second verification result representation verification passes;
and updating the second check times under the condition that the second check result representation check is not passed, determining the next data packet sequence as a target data packet sequence under the condition that the second check times are not greater than a second time threshold, and determining the check result of the first CAN data based on the check result of the target data packet sequence.
In some embodiments, the transmission module 603 is further configured to:
encrypting the first CAN data by using a first encryption algorithm to obtain third CAN data; wherein the first encryption algorithm comprises at least one of: a digital signature algorithm, a second encryption algorithm; the second encryption algorithm comprises a symmetric encryption algorithm or an asymmetric encryption algorithm;
and sending the third CAN data to the second automobile electronic control unit.
In some embodiments, encrypting the first CAN data using a first encryption algorithm to obtain third CAN data includes:
encrypting the first CAN data by using a first encryption algorithm to obtain fourth CAN data;
and encrypting the fourth CAN data by using a timestamp encryption algorithm to obtain the third CAN data.
In some embodiments, in a case where the first encryption algorithm is the second encryption algorithm, encrypting the first CAN data by using the first encryption algorithm to obtain fourth CAN data includes:
based on the data type of the first CAN data, a symmetric encryption algorithm or an asymmetric encryption algorithm is used as the second encryption algorithm;
and encrypting the first CAN data by using the symmetric encryption algorithm or the asymmetric encryption algorithm to obtain the fourth CAN data.
The description of the apparatus embodiments above is similar to that of the method embodiments above, with similar advantageous effects as the method embodiments. In some embodiments, the functions or modules included in the apparatus provided by the embodiments of the present disclosure may be used to perform the methods described in the embodiments of the methods, and for technical details that are not disclosed in the embodiments of the apparatus of the present disclosure, please refer to the description of the embodiments of the methods of the present disclosure for understanding.
It should be noted that, in the embodiment of the present application, if the above-mentioned data processing method is implemented in the form of a software functional module, and sold or used as a separate product, the data processing method may also be stored in a computer readable storage medium. Based on such understanding, the technical solutions of the embodiments of the present application may be essentially or partly contributing to the related art, embodied in the form of a software product stored in a storage medium, including several instructions for causing a microprocessor to execute all or part of the methods described in the embodiments of the present application. And the aforementioned storage medium includes: a U-disk, a removable hard disk, a Read Only Memory (ROM), a magnetic disk, an optical disk, or other various media capable of storing program codes. Thus, embodiments of the application are not limited to any specific hardware, software, or firmware, or any combination of hardware, software, and firmware.
An embodiment of the present application provides a vehicle including a memory and a processor, the memory storing a computer program executable on the processor, the processor implementing some or all of the steps of the above method when executing the program.
Embodiments of the present application provide a computer readable storage medium having stored thereon a computer program which, when executed by a processor, performs some or all of the steps of the above-described method. The computer readable storage medium may be transitory or non-transitory.
Embodiments of the present application provide a computer program comprising computer readable code which, when run in a microprocessor, performs some or all of the steps for implementing the above method.
Embodiments of the present application provide a computer program product comprising a non-transitory computer-readable storage medium storing a computer program which, when read and executed by a computer, performs some or all of the steps of the above-described method. The computer program product may be realized in particular by means of hardware, software or a combination thereof. In some embodiments, the computer program product is embodied as a computer storage medium, in other embodiments the computer program product is embodied as a software product, such as a software development kit (Software Development Kit, SDK), or the like.
It should be noted here that: the above description of various embodiments is intended to emphasize the differences between the various embodiments, the same or similar features being referred to each other. The above description of apparatus, storage medium, computer program and computer program product embodiments is similar to that of method embodiments described above, with similar advantageous effects as the method embodiments. For technical details not disclosed in the embodiments of the apparatus, the storage medium, the computer program and the computer program product of the present application, reference should be made to the description of the embodiments of the method of the present application.
It should be appreciated that reference throughout this specification to "one embodiment" or "an embodiment" means that a particular feature, structure or characteristic described in connection with the embodiment is included in at least one embodiment of the present application. Thus, the appearances of the phrases "in one embodiment" or "in an embodiment" in various places throughout this specification are not necessarily all referring to the same embodiment. Furthermore, the particular features, structures, or characteristics may be combined in any suitable manner in one or more embodiments. It should be understood that, in various embodiments of the present application, the sequence number of each step/process described above does not mean that the execution sequence of each step/process should be determined by its functions and inherent logic, and should not constitute any limitation on the implementation process of the embodiments of the present application. The foregoing embodiment numbers of the present application are merely for the purpose of description, and do not represent the advantages or disadvantages of the embodiments.
It should be noted that, in this document, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising one … …" does not exclude the presence of other like elements in a process, method, article, or apparatus that comprises the element.
In the several embodiments provided by the present application, it should be understood that the disclosed apparatus and method may be implemented in other ways. The above described device embodiments are only illustrative, e.g. the division of the units is only one logical function division, and there may be other divisions in practice, such as: multiple units or components may be combined or may be integrated into another system, or some features may be omitted, or not performed. In addition, the various components shown or discussed may be coupled or directly coupled or communicatively coupled to each other via some interface, whether indirectly coupled or communicatively coupled to devices or units, whether electrically, mechanically, or otherwise.
The units described above as separate components may or may not be physically separate, and components shown as units may or may not be physical units; can be located in one place or distributed to a plurality of network units; some or all of the units may be selected according to actual needs to achieve the purpose of the solution of this embodiment.
In addition, each functional unit in each embodiment of the present application may be integrated in one processing unit, or each unit may be separately used as one unit, or two or more units may be integrated in one unit; the integrated units may be implemented in hardware or in hardware plus software functional units.
Those of ordinary skill in the art will appreciate that: all or part of the steps for implementing the above method embodiments may be implemented by hardware related to program instructions, and the foregoing program may be stored in a computer readable storage medium, where the program, when executed, performs steps including the above method embodiments; and the aforementioned storage medium includes: a mobile storage device, a Read Only Memory (ROM), a magnetic disk or an optical disk, or the like, which can store program codes.
Alternatively, the above-described integrated units of the present application may be stored in a computer-readable storage medium if implemented in the form of software functional modules and sold or used as separate products. Based on such understanding, the technical solution of the present application may be embodied essentially or in a part contributing to the related art in the form of a software product stored in a storage medium, comprising several instructions for causing a microprocessor to execute all or part of the methods according to the embodiments of the present application. And the aforementioned storage medium includes: various media capable of storing program codes, such as a removable storage device, a ROM, a magnetic disk, or an optical disk.
The above embodiments are merely preferred embodiments for fully explaining the present application, and the scope of the present application is not limited thereto. Equivalent substitutions and modifications will occur to those skilled in the art based on the present application, and are intended to be within the scope of the present application.
Claims (10)
1. A data transmission method, characterized in that it is applied to a first automotive electronic control unit, said method comprising:
checking the first CAN data by using a first checking algorithm to obtain a first checking result;
Determining a verification result of the first CAN data based on the first verification result and a second verification algorithm;
and under the condition that the verification result of the first CAN data represents that the verification is passed, the first CAN data is sent to a second automobile electronic control unit.
2. The method of claim 1, wherein the determining the verification result of the first CAN data based on the first verification result and a second verification algorithm comprises:
under the condition that the first verification result representation verification passes, the second verification algorithm is utilized to verify the first CAN data to obtain a second verification result, and the second verification result is used as a verification result of the first CAN data;
and under the condition that the first verification result represents that verification is not passed, taking the first verification result as a verification result of the first CAN data.
3. The method of claim 1, wherein the first CAN data comprises at least two sequences of data packets;
the step of verifying the first CAN data by using a first verification algorithm to obtain a first verification result comprises the following steps:
determining a first data packet sequence in the at least two data packet sequences as a target data packet sequence;
Checking the target data packet sequence by using the first checking algorithm to obtain the first checking result;
the determining the verification result of the first CAN data based on the first verification result and a second verification algorithm includes:
under the condition that the first verification result representation verification passes, verifying the target data packet sequence by utilizing the second verification algorithm to obtain a second verification result, and determining the verification result of the first CAN data based on the second verification result;
and updating the first check times when the first check result represents that the check is not passed, determining the next data packet sequence as a target data packet sequence when the first check times are not greater than a first time number threshold value, and determining the check result of the first CAN data based on the check result of the target data packet sequence.
4. The method of claim 3, wherein the determining a verification result of the first CAN data based on the second verification result comprises:
taking the second verification result as the verification result of the first CAN data under the condition that the second verification result representation verification passes;
And updating the second check times under the condition that the second check result representation check is not passed, determining the next data packet sequence as a target data packet sequence under the condition that the second check times are not greater than a second time threshold, and determining the check result of the first CAN data based on the check result of the target data packet sequence.
5. The method of any one of claims 1-4, wherein the sending the first CAN data to a second automotive electronic control unit comprises:
encrypting the first CAN data by using a first encryption algorithm to obtain third CAN data; wherein the first encryption algorithm comprises at least one of: a digital signature algorithm, a second encryption algorithm; the second encryption algorithm comprises a symmetric encryption algorithm or an asymmetric encryption algorithm;
and sending the third CAN data to the second automobile electronic control unit.
6. The method of claim 5, wherein encrypting the first CAN data using a first encryption algorithm to obtain third CAN data comprises:
encrypting the first CAN data by using a first encryption algorithm to obtain fourth CAN data;
And encrypting the fourth CAN data by using a timestamp encryption algorithm to obtain the third CAN data.
7. The method of claim 6, wherein, in the case where the first encryption algorithm is a second encryption algorithm, the encrypting the first CAN data using the first encryption algorithm to obtain fourth CAN data comprises:
based on the data type of the first CAN data, a symmetric encryption algorithm or an asymmetric encryption algorithm is used as the second encryption algorithm;
and encrypting the first CAN data by using the symmetric encryption algorithm or the asymmetric encryption algorithm to obtain the fourth CAN data.
8. The data transmission system is characterized by comprising a first automobile electric control unit and a second automobile electric control unit; wherein,,
the first automobile electronic control unit is used for checking the first CAN data by using a first checking algorithm to obtain a first checking result; determining a verification result of the first CAN data based on the first verification result and a second verification algorithm; transmitting the first CAN data to a second automobile electronic control unit under the condition that the verification result of the first CAN data represents that verification is passed;
The second automobile electronic control unit is used for receiving the first CAN data and controlling corresponding functions based on the first CAN data.
9. A data transmission apparatus, comprising:
the first verification module is used for verifying the first CAN data by using a first verification algorithm to obtain a first verification result;
the second checking module is used for determining a checking result of the first CAN data based on the first checking result and a second checking algorithm;
the transmission module is used for transmitting the first CAN data to the second automobile electronic control unit under the condition that the verification result of the first CAN data represents that verification is passed.
10. A vehicle comprising a memory and a processor, the memory storing a computer program executable on the processor, characterized in that the processor implements the steps of the method of any one of claims 1 to 7 when the program is executed.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202311093423.8A CN116980227A (en) | 2023-08-28 | 2023-08-28 | Data transmission method, system, device and vehicle |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202311093423.8A CN116980227A (en) | 2023-08-28 | 2023-08-28 | Data transmission method, system, device and vehicle |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN116980227A true CN116980227A (en) | 2023-10-31 |
Family
ID=88479704
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202311093423.8A Pending CN116980227A (en) | 2023-08-28 | 2023-08-28 | Data transmission method, system, device and vehicle |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN116980227A (en) |
-
2023
- 2023-08-28 CN CN202311093423.8A patent/CN116980227A/en active Pending
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US11134100B2 (en) | Network device and network system | |
| US10965450B2 (en) | In-vehicle networking | |
| US9252945B2 (en) | Method for recognizing a manipulation of a sensor and/or sensor data of the sensor | |
| EP3154219B1 (en) | Communication network system, transmission node, reception node, message checking method, and computer program | |
| US8520839B2 (en) | Data transmitter with a secure and efficient signature | |
| RU2459369C2 (en) | Method and device for real-time message transfer | |
| CN111049803A (en) | Data encryption and platform security access method based on vehicle-mounted CAN bus communication system | |
| KR20130083619A (en) | Data certification and acquisition method for vehicle | |
| CN116405302B (en) | System and method for in-vehicle safety communication | |
| KR20140116144A (en) | Method and system for secured communication of control information in a wireless network environment | |
| US11758376B2 (en) | Method and system for addition of assurance information to V2X messaging | |
| US20150350241A1 (en) | Data frame for protected data transmissions | |
| Li et al. | Cumulative message authentication codes for resource-constrained networks | |
| KR20220134588A (en) | Functional safety of the battery management system | |
| CN116032495B (en) | Vehicle-cloud cooperative safety transmission data anomaly detection method based on intelligent traffic system | |
| Ansari et al. | IntelliCAN: Attack-resilient controller area network (CAN) for secure automobiles | |
| US20150086015A1 (en) | Cryptographically Protected Redundant Data Packets | |
| CN116980227A (en) | Data transmission method, system, device and vehicle | |
| CN112689260B (en) | Message verification method of vehicle-mounted terminal and terminal | |
| CN113704789A (en) | Vehicle-mounted communication safety processing method, device, equipment and storage medium | |
| CN109194490B (en) | Power distribution network communication security authentication system and method | |
| Qin et al. | Research on secured communication of intelligent connected vehicle based on digital certificate | |
| US20220393856A1 (en) | Securely and reliably transmitting messages between network devices | |
| Shipman et al. | A Zero Trust Architecture for Automotive Networks | |
| Abd El-Gleel et al. | Secure lightweight CAN protocol handling message loss for electric vehicles |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |