CN117040810A - BMS controller encryption device and encryption method thereof - Google Patents
BMS controller encryption device and encryption method thereof Download PDFInfo
- Publication number
- CN117040810A CN117040810A CN202310901771.7A CN202310901771A CN117040810A CN 117040810 A CN117040810 A CN 117040810A CN 202310901771 A CN202310901771 A CN 202310901771A CN 117040810 A CN117040810 A CN 117040810A
- Authority
- CN
- China
- Prior art keywords
- bms controller
- module
- power
- decryption
- encryption
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 17
- 238000012545 processing Methods 0.000 claims abstract description 25
- 238000012795 verification Methods 0.000 claims abstract description 9
- 238000006243 chemical reaction Methods 0.000 claims abstract description 8
- 230000007246 mechanism Effects 0.000 claims description 6
- 230000006854 communication Effects 0.000 claims description 5
- 230000008569 process Effects 0.000 claims description 5
- 238000004891 communication Methods 0.000 claims description 4
- 230000009471 action Effects 0.000 claims description 3
- 238000005336 cracking Methods 0.000 abstract description 3
- 238000004519 manufacturing process Methods 0.000 abstract description 3
- 206010068065 Burning mouth syndrome Diseases 0.000 abstract 7
- 230000009286 beneficial effect Effects 0.000 description 2
- 206010063385 Intellectualisation Diseases 0.000 description 1
- 230000002159 abnormal effect Effects 0.000 description 1
- 230000007547 defect Effects 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 238000004146 energy storage Methods 0.000 description 1
- 230000003137 locomotive effect Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000012544 monitoring process Methods 0.000 description 1
- 230000001681 protective effect Effects 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H01—ELECTRIC ELEMENTS
- H01M—PROCESSES OR MEANS, e.g. BATTERIES, FOR THE DIRECT CONVERSION OF CHEMICAL ENERGY INTO ELECTRICAL ENERGY
- H01M10/00—Secondary cells; Manufacture thereof
- H01M10/42—Methods or arrangements for servicing or maintenance of secondary cells or secondary half-cells
- H01M10/425—Structural combination with electronic components, e.g. electronic circuits integrated to the outside of the casing
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
-
- H—ELECTRICITY
- H01—ELECTRIC ELEMENTS
- H01M—PROCESSES OR MEANS, e.g. BATTERIES, FOR THE DIRECT CONVERSION OF CHEMICAL ENERGY INTO ELECTRICAL ENERGY
- H01M10/00—Secondary cells; Manufacture thereof
- H01M10/42—Methods or arrangements for servicing or maintenance of secondary cells or secondary half-cells
- H01M10/425—Structural combination with electronic components, e.g. electronic circuits integrated to the outside of the casing
- H01M2010/4271—Battery management systems including electronic circuits, e.g. control of current or voltage to keep battery in healthy state, cell balancing
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2463/00—Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00
- H04L2463/062—Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00 applying encryption of the keys
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- General Chemical & Material Sciences (AREA)
- Chemical & Material Sciences (AREA)
- Chemical Kinetics & Catalysis (AREA)
- Electrochemistry (AREA)
- Manufacturing & Machinery (AREA)
- Microelectronics & Electronic Packaging (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Charge And Discharge Circuits For Batteries Or The Like (AREA)
Abstract
The application discloses a BMS controller encryption device, which comprises a master BMS controller and at least one slave BMS controller, wherein the master BMS controller is respectively communicated with each slave BMS controller; the secondary BMS controller comprises a battery management module, a decryption module, a high-side driving circuit module, a power on-off control module and a power conversion module, wherein the decryption module receives encrypted message data transferred by the battery management module and carries out decryption verification processing on the encrypted message data, a power control signal is generated according to a decryption verification processing result, the high-side driving circuit module generates the power driving control signal according to the power control signal, and the power on-off control module controls the power on-off of the battery management module according to the power driving control signal. Also disclosed is an encryption method of the encryption device of the BMS controller. The application has the advantages of low manufacturing cost, high cracking difficulty, and guaranteeing the validity and the data security of the equipment.
Description
Technical Field
The application relates to the technical field of battery management systems, in particular to a BMS controller encryption device and an encryption method thereof.
Background
In an electric automobile or a battery energy storage system, a BMS controller is responsible for monitoring the working state of a battery pack and protecting the safety of the battery, so that the battery can play a role to the greatest extent. The BMS controls the equalization and charge-discharge processes of the battery pack, reads data such as battery voltage, current and temperature, and once abnormal operation of the battery is detected, the BMS can timely take protective measures to ensure the safety of the battery and the vehicle.
However, with the intellectualization of electric vehicles, BMS is also faced with more serious information security threats. If the BMS system is destroyed or controlled, the battery pack is charged, discharged, balanced or the protection function is closed maliciously through the BMS, the running safety of the vehicle is directly influenced, and serious safety accidents are easily caused. In order to ensure the safety of the BMS controller and data, information such as key acquisition, control and the like of the BMS system needs to be encrypted so as to prevent unauthorized access.
The existing slave BMS controller generally adopts a battery management IC which does not need to be programmed locally to collect and balance data such as battery power, temperature and current, and the like, and in the communication process, the data are not encrypted, and the hardware protection of the slave BMS controller is not realized, so that the BMS system has serious information security threat.
To this end, the present inventors have found a method for solving the above-mentioned problems through beneficial studies and studies, and the technical solutions to be described below are made in this context.
Disclosure of Invention
One of the technical problems to be solved by the application is as follows: aiming at the defects of the prior art, the BMS controller encryption device is low in manufacturing cost, high in cracking difficulty and capable of guaranteeing the running safety of the BMS and the locomotive.
The second technical problem to be solved by the application is that: an encryption method of the encryption device of the BMS controller is provided.
A BMS controller encryption device as a first aspect of the present application includes a master BMS controller and at least one slave BMS controller, the master BMS controller communicating with each slave BMS controller, respectively;
the slave BMS controller includes:
the battery management module is used for collecting data such as battery voltage, current and temperature and executing battery unit balancing actions on one hand and receiving encrypted message data sent by the master BMS controller on the other hand;
the decryption module is connected with the battery management module and is used for receiving the encrypted message data transferred by the battery management module, carrying out decryption verification processing on the encrypted message data and generating a power supply control signal according to a decryption verification processing result;
the signal input end of the high-side driving circuit module is connected with the decryption module and is used for receiving a power supply control signal generated by the decryption module and generating a power supply driving control signal according to the power supply control signal;
the power on-off control module is connected with the signal output end of the high-side driving circuit module, and is used for receiving a power driving control signal generated by the high-side driving circuit module and controlling the power on-off of the battery management module according to the power driving control signal; and
the power conversion module is respectively connected with the decryption module, the high-side driving circuit module and the power on-off control module and is used for providing working voltage for the power management module, the decryption module and the high-side driving circuit module.
In a preferred embodiment of the present application, the master BMS controller communicates with each slave BMS controller via a communication bus, respectively.
In a preferred embodiment of the present application, the decryption module is connected to the battery management module through an IIC/SPI internal bus.
In a preferred embodiment of the present application, the power on-off control module is an NMOS transistor, a gate of the NMOS transistor is connected to the signal output terminal of the high-side driving circuit module, a source of the NMOS transistor is connected to the power input terminal of the power management module, and a drain of the NMOS transistor is connected to the power output terminal of the power conversion module.
An encryption method of the encryption device of the BMS controller as a second aspect of the present application includes the steps of:
step S10, the master BMS controller generates a random number seed by using ADC random noise, performs first encryption operation processing on the random number seed to generate a group of secret keys, performs second encryption operation processing on the random number seed and the secret keys, and sends ciphertext data to the slave BMS controller;
step S20, the master BMS controller starts a receiving overtime timing mechanism, judges whether the message is received overtime, if yes, the step S90 is entered, and if not, the step S70 is entered;
step S30, a decryption module of the slave BMS controller monitors whether data is input or not at regular time, and starts a receiving timeout timing mechanism;
step S40, the decryption module of the slave BMS controller judges overtime of message reception, if the message reception overtime, the step S110 is entered, and if the message reception is not overtime, the step S50 is entered;
step S50, the decryption module of the slave BMS controller carries out first decryption processing on the received ciphertext data to obtain a random number seed and a secret key, and carries out second decryption processing on the obtained random number seed and the secret key;
step S60, judging whether the key pairing is successful, simultaneously carrying out encryption processing on the key pairing information, and sending the key pairing information to a master BMS controller, if the key pairing is successful, entering step S70 and step S100, and if the key pairing is failed, entering step S70 and step S110;
step S70, the master BMS controller receives the key pairing message and judges whether the key pairing is successful according to the key pairing message, if the key pairing is successful, the step S80 is entered, and if the key pairing is unsuccessful, the step S90 is entered;
step S80, the master BMS controller reads the data of the battery voltage, the current, the temperature and the like acquired by the slave BMS controller for a single time and reckons;
step S90, the master BMS controller stops reading the battery data acquired by the slave BMS controller;
step S100, allowing the master BMS controller to collect data and re-time by the slave BMS controller;
step S110, the decryption module of the slave BMS controller controls the high-side driving circuit module to drive the power on-off control module to disconnect the power supply of the battery management module, so that the battery management module stops working and sensitive information such as battery voltage, current, temperature and balance is prevented from being stolen.
In a preferred embodiment of the present application, in step S10, the encryption algorithm employed by the first encryption operation process and the second encryption operation process is different.
Due to the adoption of the technical scheme, the application has the beneficial effects that:
1. the master BMS controller can identify an illegal slave BMS controller, and the slave BMS controller is prevented from acquiring battery data;
2. the slave BMS controller can reject illegal data access operation and prevent battery data from being stolen;
3. according to the application, the verification message between the master BMS controller and the slave BMS controller is encrypted twice, so that the cracking difficulty is greatly improved, and the safety performance is improved;
4. the present application also has the advantages of low manufacturing cost and capability of effectively guaranteeing the device legitimacy and data security of the BMS system.
Drawings
In order to more clearly illustrate the embodiments of the application or the technical solutions in the prior art, the drawings that are required in the embodiments or the description of the prior art will be briefly described, it being obvious that the drawings in the following description are only some embodiments of the application, and that other drawings may be obtained according to these drawings without inventive effort for a person skilled in the art.
Fig. 1 is a schematic structure view of an encryption device of a BMS controller of the present application.
Fig. 2 is a flowchart of an encryption method of the BMS controller encryption device of the present application.
Detailed Description
The application is further described with reference to the following detailed drawings in order to make the technical means, the creation characteristics, the achievement of the purpose and the effect of the implementation of the application easy to understand.
Referring to fig. 1, a BMS controller encryption device is shown, which includes a master BMS controller 100 and a slave BMS controller 200, and the master BMS controller 100 communicates with the slave BMS controller 200 through a communication bus. Of course, the number of slave BMS controllers 200 is not limited to the number in the present embodiment, and should be set according to the BMS system, and may be set in several numbers.
The slave BMS controller 200 includes a battery management module 210, a decryption module 220, a high-side driving circuit module 230, a power on-off control module 240, and a power conversion module 250.
The battery management module 210 is used for collecting data of battery voltage, current, temperature, etc., and performing a cell balancing action, on the one hand, and for receiving encrypted message data transmitted from the master BMS controller 100, on the other hand.
The decryption module 220 is connected to the battery management module 210 through the IIC/SPI internal bus, and is configured to receive the encrypted message data forwarded by the battery management module 210, perform decryption verification processing on the encrypted message data, and generate a power control signal according to a decryption verification processing result. The decryption module 220 may also monitor for data input periodically via the IIC/SPI internal bus.
The signal input end of the high-side driving circuit module 230 is connected to the decryption module 220, and is configured to receive the power control signal generated by the decryption module 220, and generate a power driving control signal according to the power control signal.
The power on-off control module 240 is connected to the signal output end of the high-side driving circuit module 230, and is configured to receive the power driving control signal generated by the high-side driving circuit module 230, and control the on-off of the power supply of the battery management module 210 according to the power driving control signal.
The power conversion module 250 is connected to the decryption module 220, the high-side driving circuit module 230, and the power on-off control module 240, respectively, and is configured to provide operating voltages for the battery management module 210, the decryption module 220, and the high-side driving circuit module 230.
In this embodiment, the power on-off control module 240 is an NMOS transistor, the gate G of which is connected to the signal output terminal of the high-side driving circuit module 230, the source S of which is connected to the power input terminal of the power management module 210, and the drain D of which is connected to the power output terminal of the power conversion module 250. The NMOS transistor may control the power on/off of the battery management module 210 according to the power driving control signal generated by the high-side driving circuit module 230.
Referring to fig. 2 in combination with fig. 1, there is provided an encryption method of an encryption device of a BMS controller, comprising the steps of:
step S10, the master BMS controller generates a random number seed by using ADC random noise, performs first encryption operation processing on the random number seed to generate a group of secret keys, performs second encryption operation processing on the random number seed and the secret keys, and sends ciphertext data to the slave BMS controller; wherein the encryption algorithm adopted by the first encryption operation processing and the second encryption operation processing is different;
step S20, the master BMS controller starts a receiving overtime timing mechanism, judges whether the message is received overtime, if yes, the step S90 is entered, and if not, the step S70 is entered;
step S30, a decryption module of the slave BMS controller monitors whether data is input or not at regular time, and starts a receiving timeout timing mechanism;
step S40, the decryption module of the slave BMS controller judges overtime of message reception, if the message reception overtime, the step S110 is entered, and if the message reception is not overtime, the step S50 is entered;
step S50, the decryption module of the slave BMS controller carries out first decryption processing on the received ciphertext data to obtain a random number seed and a secret key, and carries out second decryption processing on the obtained random number seed and the secret key;
step S60, judging whether the key pairing is successful, simultaneously carrying out encryption processing on the key pairing information, and sending the key pairing information to a master BMS controller, if the key pairing is successful, entering step S70 and step S100, and if the key pairing is failed, entering step S70 and step S110;
step S70, the master BMS controller receives the key pairing message and judges whether the key pairing is successful according to the key pairing message, if the key pairing is successful, the step S80 is entered, and if the key pairing is unsuccessful, the step S90 is entered;
step S80, the master BMS controller reads the data of the battery voltage, the current, the temperature and the like acquired by the slave BMS controller for a single time, completes a cycle and reckons;
step S90, the master BMS controller stops reading the battery data acquired by the slave BMS controller;
step S100, allowing the master BMS controller to collect data, completing a cycle, and re-timing;
step S110, the decryption module of the slave BMS controller controls the high-side driving circuit module to drive the power on-off control module to disconnect the power supply of the battery management module, so that the battery management module stops working and sensitive information such as battery voltage, current, temperature and balance is prevented from being stolen.
The foregoing has shown and described the basic principles and main features of the present application and the advantages of the present application. It will be understood by those skilled in the art that the present application is not limited to the embodiments described above, and that the above embodiments and descriptions are merely illustrative of the principles of the present application, and various changes and modifications may be made without departing from the spirit and scope of the application, which is defined in the appended claims. The scope of the application is defined by the appended claims and equivalents thereof.
Claims (6)
1. A BMS controller encryption device comprising a master BMS controller and at least one slave BMS controller, the master BMS controller in communication with each slave BMS controller, respectively; it is characterized in that the method comprises the steps of,
the slave BMS controller includes:
the battery management module is used for collecting data such as battery voltage, current and temperature and executing battery unit balancing actions on one hand and receiving encrypted message data sent by the master BMS controller on the other hand;
the decryption module is connected with the battery management module and is used for receiving the encrypted message data transferred by the battery management module, carrying out decryption verification processing on the encrypted message data and generating a power supply control signal according to a decryption verification processing result;
the signal input end of the high-side driving circuit module is connected with the decryption module and is used for receiving a power supply control signal generated by the decryption module and generating a power supply driving control signal according to the power supply control signal;
the power on-off control module is connected with the signal output end of the high-side driving circuit module, and is used for receiving a power driving control signal generated by the high-side driving circuit module and controlling the power on-off of the battery management module according to the power driving control signal; and
the power conversion module is respectively connected with the decryption module, the high-side driving circuit module and the power on-off control module and is used for providing working voltage for the power management module, the decryption module and the high-side driving circuit module.
2. The BMS controller encryption device of claim 1, wherein the master BMS controller communicates with each slave BMS controller via a communication bus, respectively.
3. The BMS controller encryption device of claim 1, wherein the decryption module is connected with the battery management module through an IIC/SPI internal bus.
4. The encryption device of the BMS controller according to claim 1, wherein the power on-off control module is an NMOS transistor, a gate of the NMOS transistor is connected to the signal output terminal of the high-side driving circuit module, a source thereof is connected to the power input terminal of the power management module, and a drain thereof is connected to the power output terminal of the power conversion module.
5. A method of encrypting the BMS controller encryption device according to any one of claims 1 to 4, comprising the steps of:
step S10, the master BMS controller generates a random number seed by using ADC random noise, performs first encryption operation processing on the random number seed to generate a group of secret keys, performs second encryption operation processing on the random number seed and the secret keys, and sends ciphertext data to the slave BMS controller;
step S20, the master BMS controller starts a receiving overtime timing mechanism, judges whether the message is received overtime, if yes, the step S90 is entered, and if not, the step S70 is entered;
step S30, a decryption module of the slave BMS controller monitors whether data is input or not at regular time, and starts a receiving timeout timing mechanism;
step S40, the decryption module of the slave BMS controller judges overtime of message reception, if the message reception overtime, the step S110 is entered, and if the message reception is not overtime, the step S50 is entered;
step S50, the decryption module of the slave BMS controller carries out first decryption processing on the received ciphertext data to obtain a random number seed and a secret key, and carries out second decryption processing on the obtained random number seed and the secret key;
step S60, judging whether the key pairing is successful, simultaneously carrying out encryption processing on the key pairing information, and sending the key pairing information to a master BMS controller, if the key pairing is successful, entering step S70 and step S100, and if the key pairing is failed, entering step S70 and step S110;
step S70, the master BMS controller receives the key pairing message and judges whether the key pairing is successful according to the key pairing message, if the key pairing is successful, the step S80 is entered, and if the key pairing is unsuccessful, the step S90 is entered;
step S80, the master BMS controller reads the data of the battery voltage, the current, the temperature and the like acquired by the slave BMS controller for a single time and reckons;
step S90, the master BMS controller stops reading the battery data acquired by the slave BMS controller;
step S100, allowing the master BMS controller to collect data and re-time by the slave BMS controller;
step S110, the decryption module of the slave BMS controller controls the high-side driving circuit module to drive the power on-off control module to disconnect the power supply of the battery management module, so that the battery management module stops working and sensitive information such as battery voltage, current, temperature and balance is prevented from being stolen.
6. The encryption method according to claim 5, wherein in step S10, the encryption algorithm used for the first encryption operation process and the second encryption operation process are different.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310901771.7A CN117040810A (en) | 2023-07-21 | 2023-07-21 | BMS controller encryption device and encryption method thereof |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310901771.7A CN117040810A (en) | 2023-07-21 | 2023-07-21 | BMS controller encryption device and encryption method thereof |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN117040810A true CN117040810A (en) | 2023-11-10 |
Family
ID=88636383
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202310901771.7A Pending CN117040810A (en) | 2023-07-21 | 2023-07-21 | BMS controller encryption device and encryption method thereof |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN117040810A (en) |
-
2023
- 2023-07-21 CN CN202310901771.7A patent/CN117040810A/en active Pending
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN103529823B (en) | A kind of safety access control method for automotive diagnostic system | |
| WO2013122177A1 (en) | Vehicle-mounted network system | |
| US8536826B2 (en) | Data processing system, electronic vehicle and maintenance service system | |
| CN106357681A (en) | Security access and secret communication method of vehicle-mounted remote diagnostic services | |
| KR101377570B1 (en) | Apparatus and method for communication security for charging of electric vehicle | |
| CN105320034A (en) | Securely providing diagnostic data from a vehicle to a remote server using a diagnostic tool | |
| CN111865922B (en) | Communication method, device, equipment and storage medium | |
| KR20080112284A (en) | Random number generator in a battery pack | |
| AU2017100661A4 (en) | An information security method of distributed electric vehicle controllers | |
| Chaudhry et al. | Security concerns of a plug-in vehicle | |
| US20200274892A1 (en) | Method and System for Providing Security on In-Vehicle Network | |
| CN104753962A (en) | OBD (On-board diagnostics) safety management method and system | |
| Dadam et al. | Onboard Cybersecurity Diagnostic System for Connected Vehicles | |
| CN109905869A (en) | Data transmission method between a kind of charging equipment and smart machine | |
| CN114257388B (en) | Information safety protection method and device of Internet of vehicles system and electric automobile | |
| WO2021220306A1 (en) | Wireless communication in a battery pack | |
| CN112937478A (en) | Method and system for controlling electric automobile to run by mobile intelligent equipment | |
| CN107554481B (en) | A kind of long-range locking system of pure electric vehicle and its control method | |
| CN103392248A (en) | Method for monitoring a battery pack, battery with a monitoring module and a motor vehicle with a corresponding battery | |
| KR20050085798A (en) | Antitheft system | |
| CN113839782B (en) | Light-weight safe communication method for CAN (controller area network) bus in vehicle based on PUF (physical unclonable function) | |
| CN111475865A (en) | Automobile data verification method and verification device | |
| Brighente et al. | Electric Vehicles Security and Privacy: Challenges, Solutions, and Future Needs | |
| Paez et al. | Towards a robust computer security layer for the LIN bus | |
| EP3901639B1 (en) | Power supply peak current detecting circuit and method |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |